Poly Network Hacker Starts to Return Drained Funds

The hacker sent millions of dollars back.

AccessTimeIconAug 11, 2021 at 9:36 a.m. UTC
Updated Sep 14, 2021 at 1:38 p.m. UTC

An address associated with the hacker who drained Poly Network of potentially hundreds of millions of dollars on Tuesday has started to return the funds.

  • The hacker's Polygon address sent $10,000 in USDC to a wallet set up by Poly Network at 8:46 UTC on Wednesday, before sending another $1 million 15 minutes later, PolygonScan, a tool that enables searches for transactions on the Polygon blockchain, shows.
  • The Poly Network is a computer network that allows users to transfer digital tokens from blockchain to another one.
  • The hacker also returned $1.1 million in BTCB on Binance Smart Chain at 9:49 UTC.
  • On the Ethereum blockchain, the hacker returned $622,000 in fei at 10:54 UTC and a little over $2 million in shiba inu five minutes later.
  • When Poly Network announced the hack and the associated wallet addresses, the accounts held over $600 million in various cryptocurrencies. Less than $400 million remained by the time the hacker said he was ready to return the funds.
  • Before starting the return, the hacker embedded a message in a transaction with himself: "ACCEPT DONATIONS TO "THE HIDDEN SIGNER" NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY."
  • The hacker has been embedding messages to transactions with his own addresses to communicate with the world. Dozens of people have used the same method to ask for handouts.
  • Earlier Wednesday, the hacker used the same approach to say he was ready to return the funds. He then said he was unable to get in touch with Poly Network and asked for multisignature wallets.
  • Poly Network, which had been calling for the funds' return, prepared wallets on Ethereum, Binance Smart Chain and Polygon, the three blockchains the hacker has been using.
  • O3 Labs, a Tokyo-based blockchain developer associated with Poly Network's affiliate Neo, said the hacker might be a so-called "white-hat" hacker. Returning the funds indicates the hacker wasn't after his own gain, like a so-called "black-hat" hacker, but wanted to expose vulnerabilities to make the project more robust.
  • The attack took advantage of a bug within Poly Network's cross-chain smart contract, security company SlowMist said.

UPDATE (AUG 11, 10:24 UTC): Adds details about the hacker's behavior.

UPDATE (AUG 11, 11:20 UTC): Adds funds returned on Ethereum.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.