• e-mail

Hackers behind one of the largest-ever digital coin heists have now returned more than half of the $610 million-plus they stole, the cryptocurrency platform targeted by the hack said on Thursday.

Poly Network, a platform that facilitates peer-to-peer transactions, announced on Twitter that as of 1.20 a.m., hackers had returned $342 million of the currencies stolen.

The sum includes some $4.6 million returned in Ethereum, $252 million returned in Binance Smart Chain and $85 million in Polygon tokens. 

Some $268 million worth of tokens are still outstanding, it said, noting later on Thursday morning that it is still communicating with the hackers, who were gradually transferring back the remaining assets.

As of 1.20am, hackers had returned more than half of the cryptocurrency it stole from Poly Network on Tuesday, the company announced on Twitter

The company later said it is still communicating with at least one hacker to retrieve the rest of the money, calling him a 'white hat' hacker as he has claimed he always intended to return the money it had stolen

The hacked $600 million is roughly made up of about $267m of Ethereum (pictured, stock photo) currency, $252m of Binance coins and roughly $85 million in USDC tokens, according to reports. The remaining $268 million is in Ethereum coins

The hackers started returning some of the stolen tokens on Wednesday, after the Poly Network, a decentralized finance platform that allows users transfer digital tokens across different blockchains, made a public plea to the thieves to 'establish communication and return the hacked assets.'

In a tweet on Tuesday, the company listed the details of digital wallets to which it said the money was being transferred, and urged people and coin traders to blacklist tokens from them.

The value of the tokens in the wallets cited by the platform was just over $600 million at the time of the announcement, crypto trade publication The Block said.

The sum was reportedly made up of about $267m of Ethereum currency, $252m of Binance coins and roughly $85 million in USDC tokens.  

'The amount of money you have hacked is one of the biggest in DeFi history,' Poly Network said in its letter. 

'Law enforcement in any country will regard this as a major economic crime and you will be pursued. The money you stole are [sic] from tens of thousands of crypto community members, hence the people.' 

The platform tweeted it planned to take legal action and urged the hackers to return the stolen funds to several of its digital addresses.

The letter posted online from PolyNetwork announcing the hack on Tuesday, calling it the 'biggest one in DeFi history,' and warning legal action if the hackers do not return the money

In an unexpected twist, hackers started to return some of the stolen tokens on Wednesday following the public plea

Unregulated decentralized finance platforms, like Poly Network, known as DeFis, allow users to conduct transactions, usually in cryptocurrency, without traditional gatekeepers such as banks or exchanges.

Experts say the hackers may have started to return the stolen tokens because they found it too difficult to launder stolen cryptocurrency on such a scale. 

The hackers sent a message to Poly Network embedded in a cryptocurrency transaction, telling the company they were 'ready to return' the funds, according to CNBC, and the platform requested the money be sent to three crypto addresses. 

According to researchers at security company SlowMist, one the hackers stole the currency they initially started to send it to various other crypto addresses.

SlowMist said in a tweet that its researchers had 'grasped the attacker's mailbox, IP, and device fingerprints' and are 'tracking possible identity clues related to the Poly Network attacker.'

The researchers added that the heist was likely to have been planned for a long time, with the hack having the hallmarks of a 'organized and prepared' attack.

In its initial investigation, Poly Network said it had found that the hacker or hackers exploited a 'vulnerability between contract calls'. 

The network operates on Binance Smart Chain, Ethereum and Polygon blockchains -digital ledgers of activities upon which various cryptocurrencies are based. 

The tokens, or different digital 'coins' are swapped between block chains using a smart contract, which contains instructions on when to release the assets to the parties, according to Reuters, and these smart contracts maintain large amounts of liquidity to allow users to efficiently swap tokens.

According to an analysis of the transactions tweeted by Kelvin Fichter, an Ethereum programmer who called the hack 'pretty genius,' the hackers overrode the contract instructions for each of the three blockchains the network operates on and diverted the funds into three wallet addresses.

In total, the hacker or hackers stole more than 12 different cryptocurrencies. 

DeFi refers to peer-to-peer cryptocurrency platforms that allow transactions without traditional gatekeepers such as banks or exchanges. Poly Network allows users to swap tokens across different blockchains. Pictured: A representation of various cryptocurrencies

It remains unclear whether the hack was conducted by a group or an individual, but a digital message shared by the block chain analyst firm Elliptic and Chainalysis revealed the heist was done 'for fun,' and the culprit or culprits wanted to 'expose the vulnerability in Poly Network's system.'

In the message, posted on Twitter, an unidentified hacker explained he had 'a mixed feeling' when he first spotted the security flaw in Poly Network's system, and had always planned on returning the money.

'Ask yourself what to do, had you been facing so much fortune - asking the project team politely so that they can fix it? Anyone could be the traitor given $1 billion! I can trust nobody,' the hacker wrote.

'The only solution I can come up with is saving it in a trusted account while keeping myself anonymous and safe.'

He added: 'I prefer to stay in the dark and save the world.'

Some other cryptocurrency experts, however, are skeptical the hacker or hacker was actually acting with the best intentions.

Gurvais Grigg, chief technology officer at Chainalysis and former FBI veteran, said it was unlikely that 'white hat hackers' would steal such a large sum. 

He said on Wednesday that they had probably returned some of the funds because it had proved too difficult to convert them into cash.

'It's hard to know the motivation,' he said. 'Let's see the if they return the whole amount.' 

Kelvin Fichter, an Ethereum programmer, called the hack 'pretty genius' on Twitter

The theft appeared to be one of the biggest ever in cryptocurrency markets and compares with the $530 million in digital coins stolen from Tokyo-based exchange Coincheck in 2018.

The Mt. Gox exchange, also based in Tokyo, collapsed in 2014 after losing half a billion dollars in bitcoin.

The latest attack comes as losses from theft, hacks and fraud related to decentralized finance hit an all-time high, raising the risk of both investing in the sector and of regulators looking to shake it down.

'It is a massive hack ... as large as Mt. Gox,' said Bobby Ong, co-founder of crypto analytics website CoinGecko, although he noted the fallout had not yet hurt major crypto prices.

'This project is finished in my opinion. (It is) going to take a lot to regain confidence,' Ong said.   

The retrieval of some of the tokens underscored the difficulties of laundering large amounts of stolen crypto, said Tom Robinson, Elliptic co-founder.

'There's so much public attention on this, and exchanges will be on the lookout for customer deposits linked to this theft,' Robinson said.

'This demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions.'

Still, the stolen funds amount to more than the criminal losses registered by the entire DeFi sector from January to July of a record $474 million, according to a report from crypto intelligence company CipherTrace.

Proponents of DeFi say the technology will allow more people and businesses to access financial services. Yet it is mostly unregulated, with tech flaws and weaknesses in the code many platforms use leaving it vulnerable to hacks.

Still, a message embedded in transactions from one of the wallets controlling the missing funds said: 'I need a secured multisig wallet from you,' possibly in an attempt to try and return the loot.

'It's already a legend to win so much fortune,' read a subsequent message.

The chief technology officer of Tether, a stablecoin, also said on Twitter the company had frozen $33 million connected with the hack, and top management at large crypto exchanges responded to Poly on Twitter saying they would try to help. 

Poly Network emailed Reuters a copy of its tweet in response to a request for further details of the latest return.

It did not immediately respond to questions on where it is based, or whether any law enforcement agency was involved. 

According to the crypto website CoinDesk, Poly Network was launched by the founders of the Chinese blockchain project Neo, as a collaboration between Neo, crypto trading platform Switcheo and blockchain company Ontology.