Hackers that stole roughly $600 million from decentralized finance (DeFi) project Poly Network today started returning the funds. And in yet another strange twist, they then asked for donations and began posting missives to the blockchain expounding on their supposed rationale.
Cross-blockchain cryptocurrency platform Poly Network yesterday announced that hackers (or a hacker) pinched Ethereum, Bitcoin, Tether, and other cryptocurrencies in the heist—which is thought to be the biggest of its kind ever in the emerging DeFi or decentralized finance, space, which is itself already rife with hacks.
Poly Network then urged the hackers in an open letter to return the funds. “Dear Hacker,” the company said in a Twitter post. “The amount of money you hacked is the biggest one in the DeFi history.” It added that law enforcement would pursue the hackers so it was best to get in touch with the cryptocurrency project “to work out a solution.”
It seems to have worked, sort of. At the time of writing, hackers had returned $260 million, about half of the stolen funds, according to the Poly Network. “READY TO RETURN THE FUND!” the hacker said via a message in an Ethereum transaction sent to themselves.
In the wake of the hack, the attacker’s cryptocurrency addresses were immediately flagged, the movements of coins tracked out in the open, and millions of dollars of the hacker’s funds were frozen by Tether. In a series of messages posted to the Ethereum blockchain, however, the hacker claimed that they had always meant to return the funds and were in fact doing the victims a service.
“WHEN SPOTTING THE BUG, I HAD A MIXED FEELING. ASK YOURSELF WHAT TO DO HAD YOU FACING SO MUCH FORTUNE. ASKING THE PROJECT TEAM POLITELY SO THAT THEY CAN FIX IT? ANYONE COULD BE THE TRAITOR GIVEN ONE BILLION!” the hacker wrote in a transaction sent to themselves. “I CAN TRUST NOBODY! THE ONLY SOLUTION I CAN COME UP WITH IS SAVING IT IN A _TRUSTED_ ACCOUNT WHILE KEEPING MYSELF _ANONYMOUS_ AND _SAFE_.”
“NOW EVERYONE SMELLS A SENSE OF CONSPIRACY. INSIDER? NOT ME, BUT WHO KNOWS? I TAKE THE RESPOSIBILITY TO EXPOSE THE VULNERABILITY BEFORE ANY INSIDERS HIDING AND EXPLOITING IT!” the hacker wrote.
The attacker also asked for donations, and posted an address on the blockchain to receive donations “IF YOU SUPPORT MY DECISION,” they wrote.
Poly Network is a cryptocurrency project working to bridge together different blockchains. It was founded by the man behind Neo, a project which calls itself the Chinese answer to Ethereum, and prides itself on “trust” and “security.” It allows its users to swap tokens from different blockchains. As the project works with a number of blockchains—Ethereum, Binance Smart Chain, and Polygon—hackers stole funds from all those networks.
Hacks in the DeFi space are nothing new. Last year, the pseudonymous founder of SushiSwap, a hugely popular decentralized exchange, ran away with $14 million in cryptocurrency. The creator then apologized and returned the tokens to the users of the protocol. “I fucked up,” he said. “And I am sorry."