Hacker behind the $600 million Poly Network crypto heist says the hacking was done “for fun,” returned $342 million of the stolen crypto assets
In what is being described as one of the biggest cryptocurrency heists of all time, a group of hackers stole more than $600 million worth of crypto in a cyberattack that targeted a decentralized finance platform called Poly Network.
Then yesterday, the story took a surprising turn after the alleged hacker (or group of hackers) returned $260 million (more than a third) of the $600 million stolen cryptocurrency. As we also reported yesterday, cybersecurity experts also suggested the heist was perpetrated by a white hat or ethical hackers looking to DeFi security flaws. As it turned out, they were right.
This morning, CNBC reported that the person behind the hack claimed to have carried the hack just “for fun.” Citing a Q&A embedded within a digital currency transaction Wednesday, CNBC said the person claiming to be the anonymous hacker explained the reasoning behind the hack — “for fun.”
“When spotting the bug, I had a mixed feeling,” the person said. “Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!”
“I can trust nobody!” the person continued. “The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.”
That’s not all, the alleged hacker also gave a reason for returning the funds, saying:
“That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”
Tom Robinson, the chief scientist at blockchain analytics firm Elliptic, said the person writing the Q&A was “definitely” the hacker behind the Poly Network attack.
“The messages are embedded in transactions sent from the hacker’s account,” Robinson told CNBC. “Only the holder of the stolen assets could have sent them.”
Update 1:05 PM New York Time: Poly Network said on Twitter that, as of 0818 GMT, hackers had returned $342 million of the currencies stolen. The company added that $269 million worth of tokens are still outstanding.
$342 million (As of 12 Aug 08:18:29 AM +UTC) of assets had been returned:
The remaining is $268M on Ethereum
— Poly Network (@PolyNetwork2) August 12, 2021