Poly crypto hacker pleads innocence as loot is returned

I did it for fun, not money, hacker claims

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

In a surprising turn of events, the hacker claiming to be behind the theft of several different cryptocurrenciesworth a staggering $600 millionhas begun returning the loot.

The attacker exploited a “vulnerability between contract calls” in the Poly Network, a decentralized cross-chain protocol and network that helps facilitate swapping tokens across multipleblockchains, to make away with $273 million ofEthereumtokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC on the Polygon network.

But within thirty hours of the heist coming to light, the thief began transferring his ill-gotten cryptos back to Poly Network, and according to thelatest update, has returned over $342 million, with transfers still ongoing.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

To put the heat on the hacker, Poly Network hadpostedthe thief’s wallet addresses, urging exchanges to blacklist the stolen tokens, even as other members in the decentralized finance (Defi) space offered their assistance.

A whitehat hacker?

As he or she was returning the cryptos, the hacker decided to clear the air about his intentions, in the form of a detailed Q&A embedded in the ethereum transactions sent from the hacker’s account,according to Tom Robinson, CEO of blockchain analysis company Elliptic.

The hacker claimed they had always intended to return the funds and took the cryptos in order to expose the vulnerability before it could be exploited by others with malicious intent.

Explaining the reasons behind the slow return the hacker says it is because of the steps they have had to undertake to hide their identity. They say they’ve taken enough steps, such as using disposable email addresses and untraceable temporary IP addresses, to stay anonymous.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Whatever the motivation for the hack, these events have demonstrated how difficult it is [to] profit from theft or any other illicit activity using cryptoassets. The transparency of the blockchains allowed crowd-sourced, real-time collaboration between protocol developers, stablecoin issuers, blockchain analytics companies and the wider community, to ensure the hacker would not be able to disappear with the stolen assets,”wrote Robinsonin a blog post.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics