Token Gesture from Cryptocurrency Hackers
Hackers have now returned more than half of the £517m they stole in one of the biggest ever cryptocurrency heists – Cryptocurrency Group Issues ‘Dear Hacker’ Letter.
Poly Network a platform that facilitates peer-to-peer transactions and allows users to swap tokens across different blockchains, said it has recovered £247m, but that £194m is still missing.
A person claiming to be the hacker says they did it ‘for fun’ and wanted to ‘expose the platform’s vulnerability’ before others could exploit it; according to digital messages shared by Elliptic, a crypto tracking firm, and Chainalysis the hacker said it was ‘always the plan’ to return the tokens and that they are ‘not very interested in money’.
Decentralised finance platform Poly Network posted details of digital wallets to which it said the money was transferred and urged people to blacklist tokens from those addresses.
However, blockchain experts have cast doubt on claims of seemingly innocent motives, suggesting that the hackers may have just found it too difficult to launder such a large amount of stolen cryptocurrency.
Tom Robinson, co-founder of Elliptic, told Sky News: ‘the transparency of the blockchain and the broad use of blockchain analytics by financial institutions’ make it hard to cash out cryptoassets’.
The attackers stole funds in more than 12 different cryptocurrencies, including Binance Smart Chain, Ethereum and Polygon, according to blockchain forensics company Chainalysis.
Poly Network allows users to swap tokens between blockchains using a smart contract that contains instructions on when to release the assets to the counterparties; the hackers exploited a vulnerability in this contract by apparently overriding the contract instructions for each of the blockchains and diverting funds to three digital wallet addresses.
An executive from cryptocurrency firm Tether said on Twitter the company had frozen £23.85m linked to the hack as other crypto exchanges pledged to help.
The Poly Network theft ranks with the £383m stolen from Tokyo-based bitcoin exchange Coincheck in 2018, and Mt Gox, also based in Tokyo, which collapsed in 2014 after losing half a billion dollars in bitcoin.
This heist underscores the ongoing vulnerabilities of the mostly unregulated decentralised finance platforms, which allow users to conduct transactions without using banks or exchanges.
Supporters of decentralised finance say that by offering people and businesses free access to financial services, the technology cuts costs and boosts economic activity.