Poly Network crypto hacker returns US$260mn

Funds were returned following an appeal on social media by Poly Network but $350mn remains unaccounted for

Almost half of the stolen US$600mn taken from the cryptocurrency exchange platform Poly Network, has been returned by the hacker, reports suggest. 

The compromised blockchain platform which lets users swap digital currency tokens, announced late on Wednesday that it had received back three of the stolen cryptocurrencies, namely $256mn of Bifinance Smart Chain (BSC), $1mn of Polygon and $3.3mn of Ethereum. 

However, more than $350mn of the heist, which looks set to be one of the biggest breaches to date, remains unrecovered. The loss consists of $269mn of Ethererum and $84mn of Polygon. 

Poly Network Hacker response

According to Tom Robinson, co-founder of Elliptic, a London-based blockchain analytics and compliance firm, the hacker wrote an extensive Q&A interview session on one of the blockchains.

Although much of the funds are yet to be recovered, the hacker said they had always intended to refund the money, and only carried out the heist to highlight vulnerabilities in the Poly Network platform. 

They wrote, "I know it hurts when people are attacked, but shouldn't they learn something from those hacks?" 

Explaining their actions in hacking the system and stealing $600mn worth of currency, the hacker also said they had looked for the vulnerability, and then had taken the cryptocurrency to prevent Poly Network from covering up the breach by “patching the security flaw.”

Speaking to the BBC, Robinson, who advises law enforcement agencies and governments on crypto crime, told reporters, "Either they just intended to commit theft and steal the assets, or they were acting like a white hat hacker to expose a bug, to help Poly Network make themselves more strong and secure.”

He also said that despite the breach, blockchain technology prevents criminals from profiteering off stolen digital currencies because it provides complete visibility regarding the movement of the funds. 

Poly Network’s flaws

Poly Network's platform operates by managing transactions between several blockchains. It enables users to trade one cryptocurrency for another.

James Chappell, co-founder of London-based cyber-security firm Digital Shadows, explained, "The Poly Network is the thing that facilitates the movement between these chains - ultimately, it's software, it's code, and code always has imperfections and defects in it.”

He said that these imperfections were true of banks, or any financial system. “Unfortunately, what seems to have happened here is a party has spotted a weakness in the implementation and exploited it to fool the network into transferring these tokens incorrectly."

The Poly Network breach is the largest incident of its kind this year. As of the end of April, cryptocurrency hauls totaled $432mn. Recent similar attacks on cryptocurrency exchanges in 2021 include: 

  • February 2021; Yearn Finance, had $11mn stolen by hackers
  • February 2021; Alpha Finance, lost $37mn to cybercriminals
  • March 2021; Meerkat Finance had $32m taken by a cyber breach

Blockchain technology

The funds were reportedly stolen following a hacker discovering a vulnerability between contract calls in Poly Network’s system. 

Blockchain is a decentralised solution to currency transfer and purports to be one of the most secure options currently available. It operates as a ledger, or log, tracking every single transaction made of a cryptocurrency.

The ledger is also distributed to all the users in the network to verify all new transactions when they occur and is not held by any one single authority.

 

Share

Featured Articles

Pay Later: Does Apple's latest offering threaten BNPL?

We ask several industry insiders whether Apple Pay Later, the tech firm's foray into BNPL, threatens the market and risks marginalising smaller players.

Is Launching a Fintech Unicorn Easier than Ever Before?

With new unicorns in the fintech space emerging every week, we take a look at the traits that enable companies to scale at pace

Why BaaS is transforming the financial services space

We look at the latest changes in the BaaS space, taking into consideration new technologies, marketplace demands and changes in the financial landscape

Wealth management trends and the ‘new normal’

Financial Services (FinServ)

Innovation is driving fintech, Shuki Licht, Finastra CEO

Financial Services (FinServ)

SIX SME Banking Trends that are Disrupting the Space

Banking