Poly Network Hacker Starts to Return Drained Funds
The hacker sent millions of dollars back.
An address associated with the hacker who drained Poly Network of potentially hundreds of millions of dollars on Tuesday has started to return the funds.
- The hacker's Polygon address sent $10,000 in USDC to a wallet set up by Poly Network at 8:46 UTC on Wednesday, before sending another $1 million 15 minutes later, PolygonScan, a tool that enables searches for transactions on the Polygon blockchain, shows.
- The Poly Network is a computer network that allows users to transfer digital tokens from blockchain to another one.
- The hacker also returned $1.1 million in BTCB on Binance Smart Chain at 9:49 UTC.
- On the Ethereum blockchain, the hacker returned $622,000 in fei at 10:54 UTC and a little over $2 million in shiba inu five minutes later.
- When Poly Network announced the hack and the associated wallet addresses, the accounts held over $600 million in various cryptocurrencies. Less than $400 million remained by the time the hacker said he was ready to return the funds.
- Before starting the return, the hacker embedded a message in a transaction with himself: "ACCEPT DONATIONS TO "THE HIDDEN SIGNER" NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY."
- The hacker has been embedding messages to transactions with his own addresses to communicate with the world. Dozens of people have used the same method to ask for handouts.
- Earlier Wednesday, the hacker used the same approach to say he was ready to return the funds. He then said he was unable to get in touch with Poly Network and asked for multisignature wallets.
- Poly Network, which had been calling for the funds' return, prepared wallets on Ethereum, Binance Smart Chain and Polygon, the three blockchains the hacker has been using.
- O3 Labs, a Tokyo-based blockchain developer associated with Poly Network's affiliate Neo, said the hacker might be a so-called "white-hat" hacker. Returning the funds indicates the hacker wasn't after his own gain, like a so-called "black-hat" hacker, but wanted to expose vulnerabilities to make the project more robust.
- The attack took advantage of a bug within Poly Network's cross-chain smart contract, security company SlowMist said.
UPDATE (AUG 11, 10:24 UTC): Adds details about the hacker's behavior.
UPDATE (AUG 11, 11:20 UTC): Adds funds returned on Ethereum.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.