Poly Network hacker returns $258 million and holds an AMA to explain what happened

— 3 minute read

So far, $258 million in stolen crypto assets has been recovered, with the hacker claiming to be keeping the remaining cash secure while negotiating with Poly. permalink

The Poly Network hacker has now restored $258 million to the DeFi cross-chain protocol and held a Q&A session to explain how the initial hack occurred. enter image description here On Aug. 10, the Poly Network was hacked for $612 million, in what is being called the greatest DeFi heist to date. The perpetrator stole assets from Ethereum, Binance Chain, and the Polygon Network.

According to Tom Robinson, the chief scientist at blockchain analytics startup Elliptic, the hacker has returned around $258 million in assets to Poly so far, with $342 million more to be returned

On several occasions, the attacker declared their readiness to refund the stolen funds, leading to speculation that it was a white hat hack intended to teach Poly a costly lesson about its security shortcomings.

Robinson, on the other hand, disagreed, claiming that the restoration of money “demonstrates that even though crypto-assets might be stolen, laundering and cashing out is exceedingly difficult due to the transparency of the blockchain.”

The hacker used embedded messages in Ethereum transactions to conduct an AMA (Ask Me Anything), and while they appear to be a non-native English speaker, their great plan is lost in translation.

When questioned why they were hacking and why the Poly protocol in particular, the hacker says it was "for fun" and "cross-chain hacking is hot." enter image description here Despite these responses, they go on to say that the hack was carried out for good intentions, and that they have since been transferring tokens between addresses simply to keep them safe.

"When spotting the bug, I had a mixed feeling. Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion. I can trust nobody! The only solution I can come up with is saving it in a trusted account.” enter image description here “Now everyone smells a sense of conspiracy. Insider? Not me, but who knows? I take the responsibility to expose the vulnerability before any insiders hiding and exploiting it!” they added.

When asked why they had been selling and swapping some of the stolen stablecoins, the attacker said, "I was upset with the Poly team for their initial response."

Yesterday, the Poly team sent an open letter to the hacker, urging him to return the stolen funds since "legal enforcement in any country will see this as a big economic crime, and you will be followed."