Hackers Give Back Half Of $600m In Stolen Crypto Currencies

Hackers successfully exploited a vulnerability to steal more than $600 million in crypto currency tokens from blockchain-based platform Poly Network, making this the largest hack in recorded history. 

According to blockchain forensics company Chainalysis, they found a weakness a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains. Now, in an unusual twist the hackers have returned a large amount of the stolen funds. 

This twist came after a slew of crypto-currency experts and businesses pledged to track the hacker’s crypto activity on the blockchain, but the hackers' identity and how exactly funds were stolen, remain unknown.  The hackers were able to change the “keeper role” of a blockchain contract, allowing them to make any transaction, such as a withdrawal. The vulnerability was due to a keeper’s private key being leaked. 

Poly Network, a decentralised finance platform that facilitates peer-to-peer transactions, confirmed that they have “the attacker’s mailbox, IP and device fingerprints through on-chain and off-chain tracking.” The firm confirmed the attack by issuing a statement on Twitter in which they urged the hackers to ‘return the hacked assets’. Surprisingly, the request seems to have worked. Hackers have since been in contact and have returned almost half of the stolen assets. 

The hackers sent a message to Poly Network embedded in a crypto-currency transaction saying they were “ready to return” the funds. Poly Network responded requesting the money be sent to three crypto addresses.

One of the hackers has supposedly claimed that they carried out the attack “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic, a crypto identity tracking firm. It was “always the plan” to return the tokens, the purported hacker wrote, adding: “I am not very interested in money.”

According to a spokesman for Elliptic, the decision to return the money could have been prompted by the difficulties of laundering stolen crypto on such a large scale.

“Even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” said  Elliptic's co-founder, Tom Robinson.

The Poly Network attack comes as losses from theft, hacks and fraud related to decentralised finance (DeFi) hit an all-time high.In the first half of 2021, DeFi-related thefts totaled $361 million, a nearly three-fold increase compared with the entirety of 2020, according to data from crypto currency compliance company CipherTrace.

TEISS:        Forbes:      Al Jazeera:    Sky:      NYPost:   Interesting Engineering:    Yahoo:

You Might Also Read:

Standing On The Cryptocurrency Frontier:

 

« Vaccine Passport Scams
US State Department Under Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

Verimuchme

Verimuchme

Verimuchme is a digital wallet and exchange platform to secure, verify and re-use personal information.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

SpectX

SpectX

SpectX is software for parsing and analysing raw logs and any other unstructured data for applications such as Infosec incident investigation and forensics.

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp Fintech & Cybersecurity

Startupbootcamp is the world’s largest network of multi-corporate backed accelerators helping startups scale internationally.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Kasada

Kasada

Kasada provides bot detection and mitigation for enterprise web applications. Stop the bots before they reach your site and web applications.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

Sevco Security

Sevco Security

Sevco Delivers Real-time Asset Intelligence to Identify and Close Unknown Security Gaps.

N-able

N-able

N-Able deliver simple and sophisticated monitoring, security, and business solutions that empower you to solve your toughest IT challenges.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

IBM Security

IBM Security

IBM manufactures and markets computer hardware, middleware and software, and offers hosting and consulting services in areas ranging from mainframe computers to nanotechnology.