Crypto Hacker Behind $600 Million Theft Returns Funds

The crypto hacker, now being referred to as Mr White hat by Poly Network, has returned the remaining assets, valued at $235 million (except the $33m in USDT frozen by Tether as stated by Elliptic) of the over $600 million stolen, according to the letter tweeted by Poly Network.

Crypto Hacker Behind $600 Million Theft Returns Funds

The letter stated that the repayment had not yet been completed. Poly Network “hope to maintain communication with Mr White Hat and convey accurate communication to the public” to ensure the safe recovery of the rest of the user assets.

The remaining $235 million worth of assets “had been transferred to the multisig wallet controlled by Mr White and the Poly Network team”, the letter stated.

It appears that keys held by the hacker and Poly Network would be needed to release funds. Therefore, it seems it would be possible for the hacker to choose not to move the funds, Elliptic said. The hacker revealed in a message that they would “PROVIDE THE FINAL KEY WHEN_EVERYONE_IS READY”.

According to Tom Robinson, chief scientist and co-founder of Elliptic, the hacker said that they will compensate “unexpected victims” of the hack using donations ($4K at the time of the tweet) they’ve received over the past couple of days.

The hacker also claimed to have turned down an offer of $500,000 to return the stolen money.

What happened?

In the biggest heist in crypto history, hackers stole $600 million by targeting the decentralised finance platform Poly Network.

According to Reuters, Poly Network uses a smart contract that allows tokens to be swapped across blockchains Binance Smart Chain, Ethereum and Polygon. The contract consists of instructions on when to release assets to counterparties.

The crypto intelligence firm Cipher Trace has said that one of the Poly Network’s smart contracts has liquidity, allowing users to swap tokens effectively. Initial investigations by Poly Network revealed that hackers exploited a vulnerability in this smart contract.

On Tuesday, Poly Network urged the hackers to return the money, threatening legal action via a letter released on Twitter.  “The money you stole [sic] are from tens of thousands of crypto community members, hence the people.”

The cyber attacker cooperated with Poly Network and began to return the assets.

On Wednesday, in a Q&A within a digital currency transaction, the person claiming to be the hacker said that they did it “for fun” to “expose the vulnerability” before others can take advantage of it, according to messages shared by Elliptic and Chinanalysis.

Why?

The alleged cyber attacker wrote: “When spotting the bug, I had a mixed feeling. Ask yourself what to do had you facing so much fortune.

“Ask the project team politely so that they can fix it? Anyone could be the traitor given one billion!”

The person claimed to return the funds because “that’s always been the plan”, adding, “I am not very interested in money!”

Commenting on why they were returning the money slowly, the hackers said they needed time to negotiate with the Poly Network team.

The hacker also said that care had been taken to be untraceable. SlowMist announced that they had tracked down information on the perpetrator’s IP and email information.

Some experts speculate that the reason behind returning the money could have been because the amount would be difficult to launder.

Reuters could not verify the messages, and the hacker or hackers have not been identified.