Hackers Give Back Half Of $600m In Stolen Crypto Currencies

Uploaded on 2021-08-20 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Blockchain

Hackers successfully exploited a vulnerability to steal more than $600 million in crypto currency tokens from blockchain-based platform Poly Network, making this the largest hack in recorded history. 

According to blockchain forensics company Chainalysis, they found a weakness a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains. Now, in an unusual twist the hackers have returned a large amount of the stolen funds. 

This twist came after a slew of crypto-currency experts and businesses pledged to track the hacker’s crypto activity on the blockchain, but the hackers' identity and how exactly funds were stolen, remain unknown.  The hackers were able to change the “keeper role” of a blockchain contract, allowing them to make any transaction, such as a withdrawal. The vulnerability was due to a keeper’s private key being leaked. 

Poly Network, a decentralised finance platform that facilitates peer-to-peer transactions, confirmed that they have “the attacker’s mailbox, IP and device fingerprints through on-chain and off-chain tracking.” The firm confirmed the attack by issuing a statement on Twitter in which they urged the hackers to ‘return the hacked assets’. Surprisingly, the request seems to have worked. Hackers have since been in contact and have returned almost half of the stolen assets. 

The hackers sent a message to Poly Network embedded in a crypto-currency transaction saying they were “ready to return” the funds. Poly Network responded requesting the money be sent to three crypto addresses.

One of the hackers has supposedly claimed that they carried out the attack “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic, a crypto identity tracking firm. It was “always the plan” to return the tokens, the purported hacker wrote, adding: “I am not very interested in money.”

According to a spokesman for Elliptic, the decision to return the money could have been prompted by the difficulties of laundering stolen crypto on such a large scale.

“Even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” said  Elliptic's co-founder, Tom Robinson.

The Poly Network attack comes as losses from theft, hacks and fraud related to decentralised finance (DeFi) hit an all-time high.In the first half of 2021, DeFi-related thefts totaled $361 million, a nearly three-fold increase compared with the entirety of 2020, according to data from crypto currency compliance company CipherTrace.

TEISS:        Forbes:      Al Jazeera:    Sky:      NYPost:   Interesting Engineering:    Yahoo:

You Might Also Read:

Standing On The Cryptocurrency Frontier:

 

« Vaccine Passport Scams
US State Department Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Lakeside Software

Lakeside Software

Lakeside Software is how organizations with large, complex IT environments can finally get visibility across their entire digital estates and see how to do more with less.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

Kintek Group

Kintek Group

Kintek Group provides cybersecurity and managed services to protect organizations from threats that exist inside and outside their networks.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

CYGNVS

CYGNVS

CYGNVS is a guided cyber crisis response platform providing anytime, anyplace access. A SaaS platform for cyber crisis management – a safe way to connect and control your response.

BugProve

BugProve

BugProve offers a firmware analysis tool that speeds up security testing processes and supports compliance needs by automating repetitive tasks and detecting 0-day vulnerabilities.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.