The hacker behind one of the biggest crypto heists to date has returned nearly half of the $ 600 million (£ 433 million) stolen property. On Tuesday, the affected company, Poly Network, wrote a letter on Twitter asking them to come forward “to find a solution”. The hacker later posted messages promising to return the money and claiming he was “not very interested in the money”.
On Wednesday, Poly Network announced it had received back $ 260 million. The company, a blockchain platform that enables users to trade different types of digital tokens, posted on Twitter that they had returned three cryptocurrencies, including $ 3.3 million in Ethereum, $ 256 million worth Binance Coin and $ 1 million in Polygon. A total of $ 269 million in ether tokens and $ 84 million in polygon tokens still need to be retrieved.
A blockchain is a general ledger or record of every transaction that is made with a cryptocurrency such as Bitcoin. The ledger is distributed to all users on the network to review all new transactions as they occur rather than being held by just one authority.
Software flaws
According to Tom Robinson, co-founder of Elliptic, a London-based blockchain analytics and compliance company, the hacker published a three-way QandA session on one of the blockchains, essentially in the form of a face-to-face interview.
The hacker claimed that he always planned to return the tokens and said the robbery was carried out to reveal vulnerabilities in the Poly Network software. “I know it hurts when people are attacked, but shouldn’t they learn something from those attacks?” wrote the hacker in the notes embedded in the Ethereum blockchain.
The hacker claimed to have spent all night looking for a vulnerability to exploit. They said they were concerned that Poly Network would silently fix the vulnerability without telling anyone, so they decided to take millions of dollars in cryptocurrency tokens to make an argument.
However, they stressed that they didn’t want to create “real panic [in] the crypto world” so they just took “major currencies” and left behind Dogecoin, the cryptocurrency that started as a joke.
“Either they were just trying to rob and steal the assets, or they were acting like a white hat hacker to expose a bug in order to help Poly Network become stronger and safer,” said Robinson, who routinely advises government and law enforcement agencies on Crypto crime, he told the BBC.
He added that the nature of blockchain technology makes it difficult for
cyber criminals to profit from the theft of digital currencies, as anyone can see the money flowing into the hackers’ wallets via the network. “I wonder if this hacker stole the funds, realized how much publicity and attention they were getting, if he realized where the funds were going that would be watched, and decided to return them,” Robinson said.
“The blockchain itself worked here without any problems, but the problem lies in blockchains like Ethereum, you can write your own smart contracts. Various services offer this, including Poly Network.” So every time a person writes code, there is a chance that they will make a mistake.”
How it works
The Poly Network platform works by making it easier to move between different blockchains when people swap one cryptocurrency for another, e.g. B. the exchange of Binance Coin for Ether. “Poly Network ultimately makes it easy to move between these chains, it’s software, it’s just code. There’s always bugs” James Chappell, co-founder of cybersecurity firm Digital Shadows, told the BBC in London.
“This applies to banks or any financial system. Unfortunately, it seems to have happened here that one of the parties discovered a vulnerability in the implementation and exploited it to trick the network into transferring these tokens incorrectly. Similar attacks have occurred on several others “services in the past 12 months, including:
- Yearn Finance, which had $11m stolen by hackers in February;
- Alpha Finance, which had $37m stolen in the same month;
- and Meerkat Finance, which was drained of $32m by hackers in March.
After a 24-hour roller coaster ride for the crypto community, it appears that the hacker intends to return all or most of the stolen money. As the criminal wrote online, “The pain suffered is temporary but memorable”. The claim that everything was an elaborate prank. Forcing Poly Network to fix security vulnerabilities is viewed with skepticism.
Why all the teasing and showing off on the net when the motive was honorable? There is some evidence that the network may have been shut down as a cybersecurity firm was on the verge of discovering a suspect’s identity. It might have been the case that the hacker bit off a lot more than they could chew and became scared, so they gave the money back.
Regardless, the authorities will no doubt continue to work hard to find them, but what this story shows in the first place is how powerful hackers can be and how powerless the decentralized and unregulated cryptocurrency world is when someone steals a huge fortune from under their nose .
Source link