In one of the biggest cryptocurrency heist ever, a group of hackers on Tuesday, 10 August, allegedly stole $613 million in digital coins from token-swapping platform Poly Network.
Hackers behind the heist have now returned nearly half of the tokens they stole, said Poly Network.
Poly Network, a decentralised platform that facilitates lending, borrowing, or trading cryptocurrencies between users, in a tweet on Tuesday said that a preliminary investigation found the hackers exploited a vulnerability which enabled them to hack millions of dollars worth tokens in just few hours.
What Had Happened?
On Tuesday, around 1 am, a group of hackers identified 'smart contracts' called tokens to trade cryptocurrencies.
These smart contracts had an unidentified vulnerability, which the hacker had used to penetrate through the Poly Network.
Poly Network operates on the Ethereum, Polygon blockchains and Binance Smart Chain. Tokens are swapped between the blockchains using a smart contract which contains a set of addresses on when to release the assets to the counter-parties.
A token is an asset that resides on a blockchain. Unlike a crypto cryptocurrency, a token is associated with a specific blockchain. While a blockchain is a database which serves as a ledger for irreversible transactions.
Kelvin Fichter, an Ethereum programmer, told Reuters that the hacker exploited a security hole called tokens to trade cryptocurrencies and diverted these funds to three different wallet addresses.
The cyber criminals stole funds in more than 12 different cryptocurrencies, including ether and a type of bitcoin.
Why Did They Return The Stolen Cypto Assets?
Soon after Poly network took cognizance of the matter, the platform immediately tweeted an open letter to the hackers and declared it a major economic crime. They also suggested that a solution be worked out to return the hacked assets.
Poly Network also called on exchanges and other entities to blacklist ther hacker if any funds move from the hacker's address to other accounts.
Although, the hacker successfully managed to launder some of the funds, but several of his transactions failed due to the blacklisting of his address on the blockchain.
A report published by SlowMist turned tables, after the cyber security organisation claimed to track the hacker's mailbox, IP, and device fingerprint.
As soon as the report surfaced, the hacker immediately started transferring the stolen crypto assets.
Poly network tweeted that it planned to take legal action and demanded that the attackers return the funds.
In a leaked conversation between the hacker and an anonymous person on reddit, one of the hackers wrote that they hope the Poly team ‘learn something from those hacks’, and want to give them tips on securing their networks, so they ‘can be eligible to manage the billion project’ in the future.
How Much Money is Still Owed?
As of late Thursday, the hackers had returned $342 million of the assets, but $268 million was outstanding. As of now, It is unclear where the remaining assets have gone.
"$342 million: As of 12 Aug 08:18:29 AM +UTC) of assets had been returned: Ethereum: $4.6M ,BSC: $252M , Polygon: $85M. The remaining is $268M on Ethereum," Poly Network tweeted.
"The repayment process has not yet been completed. To ensure the safe recovery of user asset, we hope to maintain communication with Mr White Hat and convey accurate information to the public."Poly Network .
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)