A Hacker Stole and Then Returned $600 Million

poly-network

Image: Jakub Porzycki/NurPhoto via Getty Images

Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

One of the most bizarre hacks in recent memory has reached a happy ending. 

On Monday, the cross-blockchain cryptocurrency platform Poly Network announced that a hacker who had pilfered around $600 million in various cryptocurrencies had returned all of the stolen funds, save for assets frozen in the immediate aftermath of the hack. 

Advertisement

“At this point, all the user assets that were transferred out during the incident have been fully recovered. Thanks to Mr. White Hat’s cooperation, Poly Network has officially entered the fourth phase of our roadmap ‘Asset Recovery.’ We are in the process of returning full asset control to users as swiftly as possible,” the company, which is a decentralized finance (DeFi) platform, wrote in a blog post. “Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners and the multiple security agencies for their assistance.”

On August 10, Poly Network said that an unknown hacker had exploited vulnerabilities in its platform and stole around $600 million in one of the largest cryptocurrency heists in history. In a strange twist, after the company pleaded with the hacker in an open letter in which it addressed them as “Dear Hacker,” the digital burglar announced that they would return all the cryptocurrency. 

The Poly Network then promised the hacker, whom at this point it addressed as “Mr. White Hat”  after they posted missives to the blockchain claiming to be a good actor who simply found a vulnerability, a reward of $500,000. The platform even offered them the position of “Chief Security Advisor.” 

Do you have more information about this hack? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com

It’s unclear if the hacker accepted the job offer. Poly Network did not immediately respond to a request for comment. 

The hacker had stolen funds from the Ethereum blockchain, Binance Smart Chain, and the Polygon blockchain. The only funds that have not been returned yet, according to the Poly Network, are $33 million in Tether stablecoins that were frozen by the company that manages them. 

Advertisement

While the hacker has now returned the proceeds of their heist, it’s possible that the feds will still go after them. An FBI spokesperson said the bureau “is aware of the situation and has no further comment to offer.” 

The hacker announced that they were also returning the $500,000 bounty from the Poly Network.  

“KEEP CALM AND THIS IS THE HAPPY ENDING! I HAVE TO ADMIT THAT MY WILD OR MAD BEHAVIORS HAVE LED CRISES TO YOUR PROJECT, YOUR TEAM AND EVEN YOUR LIVES,” the hacker wrote in a message to the Poly Network. “I’M QUITTING THE SHOW. BELIEVE IT OR NOT, I HAVE NEVER CONSIDERED THE SHARED WALLET AS THE ‘HOSTAGE’ FOR RANSOM. AS YOU MAY HAVE NOTICED, I HAVE POURED YOUR BOUNTY AND MY COMPENSATION FUND FROM DONATIONS INTO THE SHARED MULTISIG WALLET.” 

The hacker signed the message with: “YOUR CHIEF SECURITY ADVISOR.” 

“They certainly seem to be acting like a “white hat” now, regardless of their original intentions,” Tom Robinson, the co-founder of blockchain analysis firm Elliptic, told Motherboard in an email. 

This story has been updated to add the hacker’s message, the FBI’s response, and the comment from Tom Robinson.

Subscribe to our cybersecurity podcast, CYBER.