Zephyr18 | iStock | Getty Images
The hacker behind the biggest cryptocurrency theft of all time has granted access to the final stretch of stolen funds.
Poly Network, a decentralized finance platform or “DeFi” space, received a major attack this month that saw hackers or hackers stealing digital tokens worth more than $ 600 million. The thief exploited a vulnerability in the Poly Network code that allowed them to transfer funds to their own accounts.
With a strange twist, the hacker Poly Network did not run away. Instead, they opened a dialogue with the target organization, promising to return all funds. And, for sure, the hacker returned almost all the money, with the exception of the $ 33 million tether, or USDT, a dollar-denominated currency, which was frozen by its issuers last week.
There was a problem, though. More than $ 200 million in assets were trapped in an account that required passwords for both Poly Network and the hacker. For the past few days, the hacker has refused to hand in his password, saying simply that he would only do so once “everyone is ready.”
Poly Network begged the hacker, whom he calls “Mr. White Hat,” to return the remaining funds to him. The platform promised to award the unidentified person a $ 500,000 reward to help them identify a flaw in their systems, and even offered them a job as a “senior security consultant.”
Now, the hacker has finally given access to Poly Network in the final stretch of stolen funds. In a Monday release, the firm said White Hat shared the so-called private key needed to regain control of the remaining assets.
“At this time, all user resources that were transferred during the incident have been fully recovered,” Poly Network said. “We are in the process of returning full control of the assets to users as quickly as possible.”
It’s one of the weirdest stories about cryptocurrencies most recently. The theft was thought to be the largest cryptocurrency theft of all time, surpassing the $ 534.8 million stolen in the Japanese Coincheck digital currency exchange in a 2018 attack and the estimated value of 450 million of dollars in bitcoins that was missing on Mt. Gox, based in Tokyo, in 2014.
Last week, Japanese cryptocurrency exchange Liquid said it was hit by a cyberattack that saw hackers deal with $ 97 million in digital currencies.
In the case of Poly Network, however, the attacker held a public conversation with his victim, eventually restoring the stolen assets. Security experts said the attacker was likely to realize that it would be difficult for them to launder money and cash, as all transactions are recorded in the blockchain, the public records that support most major digital currencies.
In a message embedded in a digital currency transaction, an anonymous person who claimed to be the hacker said he was “leaving the program.”
“My actions, which can be considered strange, are my efforts to contribute to the safety of the Poly project in my personal style,” the person said.
“The consensus was reached in a painful and dark way, but it works. Some people even suspect that the whole story is a public relations trick.”
Poly Network said its team “confirmed that the private key is genuine.”
“By now, Poly Network has regained control of the $ 610 million (excluding the $ 33 million frozen USDT) in assets that were generally affected in this attack. Once again, we would like to thank the Mr. White Hat his pledge, as well as the community, partners and multiple security agencies to help them. “