Poly Network Hacker Says he Saved the Project

The hacker who siphoned over $600 million worth of crypto assets on Poly network has begun to return some of the stolen funds, according to available information.

Around 8:46 UTC yesterday, the wallet set up by Poly Network received USDC worth $10,000 from the hackers’ Polygon address. Fifteen minutes later, the hacker sent in another $1 million worth tranche of the stolen asset.

Nearly all of the assets on the Binance Smart Chain have been returned. They sent over 1,000 more BTCB ($46.4 million), 26,629 ETH ($86 million) and $119 million in the stablecoin BUSD. The only assets remaining on this chain are 6,613 BNB ($2.6 million).

The hacker has equally returned $1.1 million in BTCB on Binance Smart Chain at 9:49 UTC. While on Ethereum, they returned $622,000 in fei at 10:54 UTC and a little over $ 2 million in Shiba Inu five minutes later.

From the message included in one of the hacker’s transactions, it would be deduced that the attacker is not interested in the money. It could mean exposing the vulnerability of the Poly Network. The message reads:

It would have been a billion have if I had been a billion hack if I had moved remaining shitcoins! Did I just save the project? Not so interested in money, now considering returning some tokens or just leaving them here.

How the Hacker was Able to Gain Access to Poly Network

Poly Network became the latest DeFi project to experience a hack with over $600 million worth of assets transferred by the attacker into three different wallet addresses. Interestingly, the hack has been labeled the biggest in the history of the burgeoning crypto space.

Per the attack analysis by a China-based blockchain security firm, BlockSec, the attack may be caused by the leak of a private key used to sign the cross-chain message.

Another potential cause could be a bug during Poly’s signing process that may have been “abused” to sign the message.

However, SlowMist, the Blockchain security firm, said it has tracked down the hacker’s identity, knowing his email address, IP information, and device fingerprint. It claimed to have gotten it through its partner, Hoo, the Chinese crypto exchange.

Views and opinions expressed are solely those of the author and not of The DeChained or any affiliated party. Views or opinions expressed in this article (or any article on the website) are not financial advice. Articles are for informational purposes only. The author and The DeChained may hold positions in assets discussed in this or other articles.
Related Posts