Cryptocurrency Group Issues ‘Dear Hacker’ Letter

Cryptocurrency platform Poly Network has written an open letter to hackers whom it claims stole £435m in digital assets asking them to return the funds – writes Christian Leeming

In an open letter addressed ‘Dear Hacker,’ the company said it wanted to establish communication with the thieves, stressing the stolen funds ‘are from tens of thousands of crypto community members, hence the people’; possibly one of the most disturbing comments from the platform is the heist is ‘one of the biggest’ to hit the cryptocurrency world.

Poly Network allows users to swap tokens across different blockchains. The company said vulnerability in its system allowed the attacker to transfer tokens to public blockchain addresses.

The value of the stolen tokens immediately dropped below £290m following the news of the theft highlighting the perils of decentralised finance (DeFi) systems which are less regulated than traditional markets

According to Poly Network tweets, the stolen tokens amounted to more than £196m from the ethereum blockchain, £181m on the Binance Smart Chain, and £61m on the Polygon network.

In monetary terms this theft is comparable to that of 850,000 Bitcoin from the Mt Gox exchange in 2014, worth £326m at the time.

Exchanges across the cryptocurrency community offered to blacklist addresses which the criminals sent the stolen funds to hoping the attackers will simply transfer back the stolen tokens, but as some have already been moved to other accounts this is unlikely.

Poly Network said it had discovered the vulnerability, blaming an issue in a system for contract calls.

How is Stolen Cryptocurrency Recovered?

Amanda Wick, chief of legal affairs at Chainalysis, told Sky News how law enforcement works to recover stolen cryptocurrency: ‘So there’s a famous saying in crypto, and I’m going to paraphrase it, but it goes, whoever controls the private keys controls the coins.

‘And that’s basically the answer to how you ‘seize crypto’’, adding that the term ‘seize’ was ‘somewhat of a misnomer, because you don’t actually obviously take coins but you change the control over who has access to the coins via software’.

When we talk about ‘how does government seize crypto?’, they basically use private keys or recovery seeds to change control from the criminal into a government / law enforcement controlled wallet.

‘Imagine a public block address as the equivalent of a bank account number. And a private key is like having the PIN that would give you access to actually make withdrawals. So when somebody has that PIN, with or without your permission, they could take those funds

‘So having those private keys allows people to effectively take control over the funds, which is why when you read articles about law enforcement ‘seizing crypto’ it’s actually about getting access to that PIN number such that they can take the money.’

Further evidence of the machinations of the new world of cryptocurrencies came as a number of people sent messages to the addresses in receipt of the stolen tokens asking for donations, some seriously;  one user warned the attackers that some of their tokens had been blacklisted, a warning for which the attackers sent them $42,000 in ethereum.

In June, the Metropolitan Police seized about £114m of cryptocurrency as part of a money-laundering investigation in what was the largest confiscation of its kind in the UK, and one of the largest in the world.

Last year, US authorities seized around $1bn (£718m) worth of Bitcoin connected to darknet market place the Silk Road, which was shut down in 2013.