The hacker behind one of the largest cryptocurrency heists ever started returning the stolen assets Wednesday. On Tuesday, decentralized-finance platform Poly Network said it had been hacked, with losses estimated around $613 million in various crypto assets, and pleaded with the hacker to contact the company and return the haul.
On Wednesday, the hacker apparently did just that — and at last count had returned about $260 million of cryptocurrencies, tokens and stablecoins from three separate blockchains — Binance Smart Chain, Ethereum and Polygon — Poly Network said. In messages embedded within Ethereum
transactions sent from the account controlled by the hacker, a person claiming to be responsible for the hack said that they had never intended to keep the digital assets, and took them “for fun.” In a lengthy self-Q&A, the person said they had sought to expose a Poly Network vulnerability, and “didn’t want to cause a _real_ panic in the crypto world.” While millions of dollars’ worth of digital assets were still missing as of Wednesday evening, the hacker said they were purposefully being returned slowly so the hacker could protect their identity and occasionally “rest.” “The pains they have suffered is temporary but memorable,” the hacker said of Poly Network, adding that “I would like to give them tips on how to secure their networks.” The hack may not have been so altruistic, though. “I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, co-founder and chief scientist of blockchain analytics company Elliptic Inc., said in an email. “In this case the hacker concluded that the safest option was just to return the stolen assets.”