Zephyr18 | iStock | Getty Images
The hacker behind the biggest cryptocurrency heist of all time has granted access to the final tranche of the stolen funds.
Poly Network, a platform in the decentralized finance, or “DeFi” space, was hit by a major attack this month in which the hacker (s) stole more than $ 600 million worth of digital tokens. The thief took advantage of a vulnerability in Poly Network’s code that allowed them to transfer the money to their own accounts.
Oddly enough, the Poly Network hacker didn’t run away with the loot. Instead, they opened a dialogue with the organization concerned and promised to return all funds. In fact, the hacker returned almost all of the money last week – with the exception of $ 33 million tether, or USDT, a dollar-pegged coin that was frozen by its issuers.
There was a catch, however. More than $ 200 million in assets were trapped in an account that required passwords from both Poly Network and the hacker. For the past few days, the hacker has refused to reveal their password, saying only that they won’t do so until “everyone is ready”.
Poly Network begged the hacker it calls “Mr. White Hat” to return the remaining money. The platform promised to give the unidentified person a $ 500,000 bounty to identify a bug in their systems and even offered them a position as Chief Security Advisor.
Now the hacker has finally granted Poly Network access to the last tranche of the stolen funds. In a blog post on Monday, the company said that Mr. White Hat had disclosed what is known as the private key, which is needed to regain control of the remaining assets.
“At this point, all user resources that were transferred during the incident are fully restored,” said Poly Network. “We are in the process of returning full control of the assets to users as soon as possible.”
It’s one of the most bizarre stories about cryptocurrencies in recent times. The theft was considered the largest crypto heist of all time, beating the $ 534.8 million stolen from the Japanese digital currency exchange Coincheck in an attack in 2018 and the estimated $ 450 million in Bitcoin that Lost in 2014 by Mt.Gox, based in Tokyo.
Last week, the Japanese cryptocurrency exchange Liquid announced that it had been hit by a cyberattack in which hackers got away with $ 97 million worth of digital coins.
In the case of Poly Network, however, the attacker had a public conversation with his victim and eventually recovered the stolen assets. Security experts said it was likely that the attacker realized that it would be difficult for them to launder money and cash as all transactions are recorded on the blockchain, the public ledger that underlies most of the major digital currencies.
In a message embedded in a digital currency transaction, an anonymous person who claimed to be the hacker said she was “leaving the show.”
“My actions, which may be considered strange, are my efforts to contribute to the safety of the Poly project in my personal style,” the person said.
“Consensus was reached in a painful and opaque way, but it works. Some people even suspect the whole story is a PR stunt.”
Poly Network said its team “confirmed that the private key is real”.
“So far, Poly Network has regained control of the $ 610 million (excluding the frozen $ 33 million) in assets that were affected by this attack. We would like to thank Mr. White Hat once again for keeping his promise and the community, partners and numerous security agencies for their support. “