Returned Funds, Blacklisted Tokens Raise More Questions Than Answers in DeFi's Biggest Hack

The Poly Network attacker has returned $342 million of their $613 million haul. Should token issuers freeze the rest?

AccessTimeIconAug 11, 2021 at 8:46 p.m. UTC
Updated Sep 14, 2021 at 1:39 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Chatter about the largest hack in decentralized finance (DeFi) history has only elevated, after the attacker or attackers returned at least $342 million worth of drained funds back to Poly Network, the DeFi platform that was hacked.

Now the crypto community is raising moral questions about how involved centralized players such as Binance and Circle should be when it comes to limiting monetary damage in the realm of cyberattacks on DeFi platforms. 

Others are asking whether an attacker or attackers like those in Poly Network’s case should be pardoned or even praised as they slowly return funds back to the protocols they preyed upon.

At press time, more than $342 million worth of tokens – including USDC, BUSD, SHIB and FEI – have been returned to Poly Network through the Binance Smart Chain, Ethereum and Polygon blockchains, data show. The attacker or attackers started returning funds at approximately 08:47 UTC on Wednesday, and the latest return came at 19:06 UTC on the same day with roughly $84 million worth of USDC sent back to Poly Network on Polygon.

Centralization vs. decentralization

Despite the fanfare surrounding the attack on Poly Network, some market observers said it showcased the advantage of having at least some degree of centralization in DeFi.

As Tether Chief Technology Officer Paolo Ardoino quickly responded on Twitter that the stablecoin issuer froze about $33 million related to the Poly Network hack, many questioned the inaction from Binance Smart Chain (BSC), which is powered by centralized exchange Binance, and Circle, the company behind dollar-pegged stablecoin USDC.

A BSC spokesperson told CoinDesk that BSC is a “decentralized ecosystem where anyone and everyone can build on,” hinting that BSC cannot do much to roll back DeFi exploits on top of it.

Binance CEO Changpeng Zhao was more philosophical: “Unpopular opinion: nothing is risk free,” he said in a Twitter thread Tuesday, adding:

“While we can't freeze funds on blockchains, if those funds land on our CEX [centralized exchange], we will (try to) freeze them. So, we have a lot of blockchain analysis to do. Nothing is easy. We try.”

The response from Zhao and BSC came in the context of Binance retaining a significant degree of control over BSC. BSC’s security algorithm, known as Proof of Staked Authority (PoSA), is controlled by 21 node operators, who are elected by Binance Coin (BNB) holders. Binance is one of the largest holders of the BNB tokens, and so it still has significant sway over BSC, making the network more centralized than competing blockchains.

Lianfeng Zhang, chief security officer at blockchain security firm SlowMist, told CoinDesk that while BSC has fewer validators, a decision like freezing funds still needs to be voted on by the BSC community and the process can be “troubling and slow.”

Zhang also said that compared with Tether, USDC requires more compliance with little flexibility. Therefore, when an attack like the one on Poly Network occurs, it is almost impossible for Circle to act as fast as Tether did.

Circle didn't respond to CoinDesk’s requests for comment.

Paxos, the company that jointly administers BUSD with Binance, another dollar-pegged stablecoin that is part of the stolen funds, told CoinDesk it is currently "not doing anything" with blacklisting the involved tokens.

White-hat hacker?

As the attacker or attackers started returning the drained funds, it appears they also had time to conduct a question-and-answer on the Ethereum blockchain.

The attacker or attackers allegedly wrote in one message embedded on a transaction on Ethereum that after spotting the bug on Poly Network, they ended up attacking the platform because they “can trust nobody.”

“I take the responsibility to expose the vulnerability before any insiders [are] hiding and exploiting it,” the message continued.

With the attacker or attackers becoming more engaged with the crypto community and having returned at least part of the funds, some members of the crypto world praised them as so-called white-hat hackers, a type of computer expert who ensures the security of a protocol by identifying and attacking its vulnerabilities.

In the Q&A, the attacker or attackers claimed they thought about informing Poly Network's staff about the bug but were afraid of a potential “traitor” who could be lured by the amount of money that was up for grabs.

However, according to Ari Redbord, head of legal and government affairs at blockchain intelligence firm TRM Labs, it is still too early to make a conclusion about the motives of the hacker or hackers.

“If it turns out that these attackers did have benign ambitions and that they were testing the infrastructure or testing the defenses of a DeFi protocol, this was not the way to do it,” Redbord, who previously worked in the U.S. Department of the Treasury as a senior advisor on terrorism and financial intelligence, said. 

“Essentially, what you have here is people who lost their belief … hundreds of millions of dollars and potentially life savings [were taken],” he added.

UPDATE (Aug. 11, 21:27 UTC): Adds comments from Paxos.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.