- Attacker behind the $600 million hack on the Poly network returned $258 million worth of crypto to the cross-chain protocol.
- The hacker started returning funds merely a day after blockchain security firm SlowMist claimed to obtain the attacker’s identity information.
- By embedding messages to transactions with their own address, the hacker started communicating with the world.
Poly Network expects to recover stolen funds after writing a letter asking the hacker to return the funds. Currently, less than 1% of the funds have been recovered.
The largest DeFi hack in history may end in recovery of stolen funds
On August 10, a hacker drained the cross-chain protocol Poly Network of hundreds of millions of dollars. Over $600 million in several cryptocurrencies, Ethereum, Binance smart chain tokens, and stablecoins were stolen.
The heist included $273 million in Ethereum tokens, $253 million in tokens on Binance Smart Chain, and $85 million in USD coin (USDC). In the aftermath of the attack, Poly Network reached out to exchanges and miners on its Twitter handle and requested them to blacklist the stolen funds.
Tether was the swiftest to blacklist stolen USDT worth $33 million. Binance, OKEx and other exchanges extended support to Poly Network in the hours following the hack. Among exchanges and protocols coming out in support of the cross-chain protocol, SlowMist stood out since the blockchain security firm claimed to have the hacker’s identity (ID) information.
2)The SlowMist security team has grasped the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker.
— SlowMist (@SlowMist_Team) August 10, 2021
SlowMist’s initial investigation revealed that the hacker used Hoo, a less popular Chinese cryptocurrency exchange, to gather funds for the attack. From Hoo, the blockchain security firm was able to obtain details of their digital footprint.
Poly Network then reached out to the hacker through an open letter on Twitter, describing the magnitude of the hack and asking them to establish communication and work together to return the stolen funds.
The team behind the Poly Network prepared a multi-sig address controlled by a known Poly address and identified three addresses where the attacker could return funds.
Several hours later, the hacker sent the first transaction returning some funds by creating a token called “The hacker is ready to surrender” and sending it over to the designated Polygon address. Seven minutes hence the hacker’s Polygon address returned $10,000 in a stablecoin USDC to a wallet set up by Poly Network at 8:46 UTC.
Another transaction followed, 15 minutes hence, and $1 million was deposited in Poly Network’s address.
$1 million in USDC recovered from the DeFi hack
Another $1.1 million was returned in Bitcoin Brand (BTCB) on the Binance Smart Chain at 9:49 UTC.
$1.1 million in BTCB recovered on the Binance smart chain
At 10:54 UTC, the attacker returned Shiba Inu coins worth $2 million on the Ethereum network. The cross-chain protocol informed users of the recovery through a tweet:
So far, we have received a total value of $4,772,297.675 assets returned by the hacker.
ETH address: $2,654,946.051 BSC address: $1,107,870.815 Polygon address: $1,009,480.809 pic.twitter.com/bPFAQk4mvS
— Poly Network (@PolyNetwork2) August 11, 2021
The process of obtaining hacked crypto assets has started. However, it will be a long one, given that the attacker has returned less than 1% of the funds.