Hackers Give Back Half Of $600m In Stolen Crypto Currencies

Hackers successfully exploited a vulnerability to steal more than $600 million in crypto currency tokens from blockchain-based platform Poly Network, making this the largest hack in recorded history. 

According to blockchain forensics company Chainalysis, they found a weakness a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains. Now, in an unusual twist the hackers have returned a large amount of the stolen funds. 

This twist came after a slew of crypto-currency experts and businesses pledged to track the hacker’s crypto activity on the blockchain, but the hackers' identity and how exactly funds were stolen, remain unknown.  The hackers were able to change the “keeper role” of a blockchain contract, allowing them to make any transaction, such as a withdrawal. The vulnerability was due to a keeper’s private key being leaked. 

Poly Network, a decentralised finance platform that facilitates peer-to-peer transactions, confirmed that they have “the attacker’s mailbox, IP and device fingerprints through on-chain and off-chain tracking.” The firm confirmed the attack by issuing a statement on Twitter in which they urged the hackers to ‘return the hacked assets’. Surprisingly, the request seems to have worked. Hackers have since been in contact and have returned almost half of the stolen assets. 

The hackers sent a message to Poly Network embedded in a crypto-currency transaction saying they were “ready to return” the funds. Poly Network responded requesting the money be sent to three crypto addresses.

One of the hackers has supposedly claimed that they carried out the attack “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic, a crypto identity tracking firm. It was “always the plan” to return the tokens, the purported hacker wrote, adding: “I am not very interested in money.”

According to a spokesman for Elliptic, the decision to return the money could have been prompted by the difficulties of laundering stolen crypto on such a large scale.

“Even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” said  Elliptic's co-founder, Tom Robinson.

The Poly Network attack comes as losses from theft, hacks and fraud related to decentralised finance (DeFi) hit an all-time high.In the first half of 2021, DeFi-related thefts totaled $361 million, a nearly three-fold increase compared with the entirety of 2020, according to data from crypto currency compliance company CipherTrace.

TEISS:        Forbes:      Al Jazeera:    Sky:      NYPost:   Interesting Engineering:    Yahoo:

You Might Also Read:

Standing On The Cryptocurrency Frontier:

 

« Vaccine Passport Scams
US State Department Under Attack »

Quartz Conference
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Perimeter 81 / Zero Trust Network Access Guide

Perimeter 81 / Zero Trust Network Access Guide

Curious how you can Implement a Zero Trust roadmap with insights from Gartner? Download this free report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

Darktrace

Darktrace

Darktrace’s Enterprise Immune System is capable of detecting and responding to emerging cyber-threats, from within the network.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

Mitchell Sandham

Mitchell Sandham

Mitchell Sandham is an, independent insurance and financial services brokerage. Business products include Cyber/Privacy Liability insurance.

Point3 Security

Point3 Security

Point3 have developed Escalate, a gamified, proven, challenge-based ecosystem for cybersecurity mentoring and training.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

Phosphorous Cybersecurity

Phosphorous Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

Verificient Technologies

Verificient Technologies

Verificient Technologies specializes in biometrics, computer vision, and machine learning to deliver world-class solutions in continuous identity verification and remote monitoring.

Cipher

Cipher

Founded in 2000, Cipher is a global cybersecurity company that delivers a wide range of Managed Security Services.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

ClosingLock

ClosingLock

ClosingLock is the leading provider of wire fraud prevention software for the real estate industry.