Zephyr18 | iStock | Getty Images
The hacker behind the biggest cryptocurrency heist of all time has granted access to the final tranche of the stolen funds.
Poly Network, a platform in the decentralized finance, or “DeFi” space, was hit by a major attack this month in which the hacker (s) stole more than $ 600 million worth of digital tokens. The thief took advantage of a vulnerability in Poly Network’s code that allowed them to transfer the money to their own accounts.
Oddly enough, the Poly Network hacker didn’t run away with the loot. Instead, they opened a dialogue with the organization concerned and promised to return all funds. In fact, the hacker returned almost all of the money – with the exception of $ 33 million in Tether, or USDT, which was frozen by its issuers.
There was a catch, however. More than $ 200 million in assets were trapped in an account that required passwords from both Poly Network and the hacker. The hacker refused to reveal his password for some time, saying only that he would not do so until “everyone is ready”.
Poly Network begged the hacker it calls “Mr. White Hat” to return the remaining money. The platform promised to give the unidentified person a $ 500,000 bounty to identify a bug in their systems and even offered them a position as Chief Security Advisor.
Now the hacker has finally granted Poly Network access to the last tranche of the stolen funds. In a blog post on Monday, the company said that Mr. White Hat had disclosed what is known as the private key, which is needed to regain control of the remaining assets.
“At this point, all user resources that were transferred during the incident are fully restored,” said Poly Network. “We are in the process of returning full control of the assets to users as soon as possible.”
It’s one of the most bizarre cryptocurrency stories in a long time. The theft was considered the largest crypto heist of all time, beating the $ 534.8 million stolen from the Japanese digital currency exchange Coincheck in an attack in 2018 and the estimated $ 450 million in Bitcoin that 2014 from Tokyo-based Mt. Gox were lost.
Last week, the Japanese crypto exchange Liquid announced that it had been hit by a cyber attack in which hackers got away with $ 97 million worth of digital coins.
In the case of Poly Network, however, the attacker had a public conversation with his victim and eventually recovered the stolen assets. Security experts said it was likely that the attacker realized that it would be difficult for them to launder and withdraw the money as all transactions are recorded on the blockchain, the public ledger that underlies most of the major digital currencies.
In a message embedded in a crypto transaction, an anonymous person who claimed to be the hacker said they were “going to (stop) the show”.
“Keep calm and that’s the happy ending!” said the person. “I have to admit that my wild or crazy behavior has led to crises in your project, your team and even your life. Sorry for the inconveniences! It has to be one of the wildest adventures in our life. “
“My actions, which can be considered strange, are my efforts, in my own personal style, to contribute to the safety of the Poly project,” they added. “Consensus was reached in a painful and opaque way, but it works. Some people even suspect the whole story is a PR stunt.”
Poly Network said its team “confirmed that the private key is real”.
“So far, Poly Network has regained control of the $ 610 million (excluding the frozen $ 33 million) in assets that were affected by this attack. We would like to thank Mr. White Hat once again for keeping his promise and the community, partners and numerous security agencies for their support. “