Almost half of the stolen US$600mn taken from the cryptocurrency exchange platform Poly Network, has been returned by the hacker, reports suggest.
The compromised blockchain platform which lets users swap digital currency tokens, announced late on Wednesday that it had received back three of the stolen cryptocurrencies, namely $256mn of Bifinance Smart Chain (BSC), $1mn of Polygon and $3.3mn of Ethereum.
However, more than $350mn of the heist, which looks set to be one of the biggest breaches to date, remains unrecovered. The loss consists of $269mn of Ethererum and $84mn of Polygon.
Poly Network Hacker response
According to Tom Robinson, co-founder of Elliptic, a London-based blockchain analytics and compliance firm, the hacker wrote an extensive Q&A interview session on one of the blockchains.
Although much of the funds are yet to be recovered, the hacker said they had always intended to refund the money, and only carried out the heist to highlight vulnerabilities in the Poly Network platform.
They wrote, "I know it hurts when people are attacked, but shouldn't they learn something from those hacks?"
Explaining their actions in hacking the system and stealing $600mn worth of currency, the hacker also said they had looked for the vulnerability, and then had taken the cryptocurrency to prevent Poly Network from covering up the breach by “patching the security flaw.”
Speaking to the BBC, Robinson, who advises law enforcement agencies and governments on crypto crime, told reporters, "Either they just intended to commit theft and steal the assets, or they were acting like a white hat hacker to expose a bug, to help Poly Network make themselves more strong and secure.”
He also said that despite the breach, blockchain technology prevents criminals from profiteering off stolen digital currencies because it provides complete visibility regarding the movement of the funds.
Poly Network’s flaws
Poly Network's platform operates by managing transactions between several blockchains. It enables users to trade one cryptocurrency for another.
James Chappell, co-founder of London-based cyber-security firm Digital Shadows, explained, "The Poly Network is the thing that facilitates the movement between these chains - ultimately, it's software, it's code, and code always has imperfections and defects in it.”
He said that these imperfections were true of banks, or any financial system. “Unfortunately, what seems to have happened here is a party has spotted a weakness in the implementation and exploited it to fool the network into transferring these tokens incorrectly."
The Poly Network breach is the largest incident of its kind this year. As of the end of April, cryptocurrency hauls totaled $432mn. Recent similar attacks on cryptocurrency exchanges in 2021 include:
- February 2021; Yearn Finance, had $11mn stolen by hackers
- February 2021; Alpha Finance, lost $37mn to cybercriminals
- March 2021; Meerkat Finance had $32m taken by a cyber breach
The funds were reportedly stolen following a hacker discovering a vulnerability between contract calls in Poly Network’s system.
Blockchain is a decentralised solution to currency transfer and purports to be one of the most secure options currently available. It operates as a ledger, or log, tracking every single transaction made of a cryptocurrency.
The ledger is also distributed to all the users in the network to verify all new transactions when they occur and is not held by any one single authority.