Hackers Give Back Half Of $600m In Stolen Crypto Currencies

Uploaded on 2021-08-20 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Blockchain

Hackers successfully exploited a vulnerability to steal more than $600 million in crypto currency tokens from blockchain-based platform Poly Network, making this the largest hack in recorded history. 

According to blockchain forensics company Chainalysis, they found a weakness a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains. Now, in an unusual twist the hackers have returned a large amount of the stolen funds. 

This twist came after a slew of crypto-currency experts and businesses pledged to track the hacker’s crypto activity on the blockchain, but the hackers' identity and how exactly funds were stolen, remain unknown.  The hackers were able to change the “keeper role” of a blockchain contract, allowing them to make any transaction, such as a withdrawal. The vulnerability was due to a keeper’s private key being leaked. 

Poly Network, a decentralised finance platform that facilitates peer-to-peer transactions, confirmed that they have “the attacker’s mailbox, IP and device fingerprints through on-chain and off-chain tracking.” The firm confirmed the attack by issuing a statement on Twitter in which they urged the hackers to ‘return the hacked assets’. Surprisingly, the request seems to have worked. Hackers have since been in contact and have returned almost half of the stolen assets. 

The hackers sent a message to Poly Network embedded in a crypto-currency transaction saying they were “ready to return” the funds. Poly Network responded requesting the money be sent to three crypto addresses.

One of the hackers has supposedly claimed that they carried out the attack “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic, a crypto identity tracking firm. It was “always the plan” to return the tokens, the purported hacker wrote, adding: “I am not very interested in money.”

According to a spokesman for Elliptic, the decision to return the money could have been prompted by the difficulties of laundering stolen crypto on such a large scale.

“Even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” said  Elliptic's co-founder, Tom Robinson.

The Poly Network attack comes as losses from theft, hacks and fraud related to decentralised finance (DeFi) hit an all-time high.In the first half of 2021, DeFi-related thefts totaled $361 million, a nearly three-fold increase compared with the entirety of 2020, according to data from crypto currency compliance company CipherTrace.

TEISS:        Forbes:      Al Jazeera:    Sky:      NYPost:   Interesting Engineering:    Yahoo:

You Might Also Read:

Standing On The Cryptocurrency Frontier:

 

« Vaccine Passport Scams
US State Department Under Attack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Redjack

Redjack

Redjack is a cutting-edge network analytics company focused on enterprise and ISP security and intelligence solutions.

NGS (UK)

NGS (UK)

NGS (UK) Ltd are independent, vendor agnostic, next generation security trusted advisors, providing all-encompassing solutions from the perimeter to the endpoint.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Findings

Findings

Findings (formerly IDRRA) is a scalable AI powered assessment platform that streamlines security compliance across sectors, jurisdictions and regulatory frameworks.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

Sky Republic

Sky Republic

Sky Republic offers a Smart Contract Platform to integrate and synchronize business networks beyond EDI and API.

Condition Zebra

Condition Zebra

Condition Zebra has wide experience in providing IT Security Services, Training, and Certification in the field of cybersecurity.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.

National Protective Security Authority (NPSA) - UK

National Protective Security Authority (NPSA) - UK

NPSA is part of MI5 and is the National Technical Authority for physical and personnel protective security. By making the UK more resilient to national security threats, we help to make the UK safe.