Poly Network, the company affected, sent out a letter on Twitter on Tuesday, urging the individual to contact them “to figure out a solution.”
The hacker then posted remarks claiming to be “not particularly interested in money” and promising to return the payments.
Poly Network said on Wednesday that it has been reimbursed $260 million.
The startup, which operates a blockchain platform that allows users to trade several types of digital tokens, announced on Twitter that it had received three cryptocurrencies: $3.3 million in Ethereum, $256 million in Binance Smart Chain (BSC), and $1 million in Polygon.
A total of $269 million in Ethereum tokens and $84 million in Polygon tokens are still missing.
Bugs in the software
According to Tom Robinson, co-founder of Elliptic, London-based blockchain analytics and compliance startup, the hacker released a three-page-long Q&A session on one of the blockchains in the style of a self-interview.
The hacker stated that he intended to return the tokens all along and that the crime was carried out to draw attention to flaws in Poly Network software.
“I realize it hurts when individuals are assaulted, but shouldn’t those hacks teach them something?” the hacker wrote in the Ethereum blockchain notes.
Hacker Locates Flaws in the Software
The hacker said that he had spent the entire night looking for a flaw to exploit. They expressed concern that Poly Network will secretly patch the security hole without informing anyone, so they planned to take millions of dollars in cryptocurrency tokens to demonstrate their point.
However, because they did not want to cause “genuine panic [in] the crypto-world,” they only grabbed “essential currencies,” leaving Dogecoin, the cryptocurrency that began as a joke, behind.
Mr. Robinson, who regularly advises governments and law enforcement agencies on crypto-related crimes, told the BBC that “either they just intended to commit theft and steal the assets, or they were acting like a white hat hacker to expose a bug, to help Poly Network make themselves more strong and secure.”
He went on to say that the nature of blockchain technology makes it difficult for cybercriminals to profit from stealing digital currencies because everyone can watch the money moving over the network and into the hackers’ wallets.
“I wonder if this hacker stole the funds, saw how much attention they were getting, realized they would be monitored wherever they transferred the funds and chose to give it back,” Mr. Robinson speculated.
“The blockchain has worked beautifully here, but the difficulty is that you can design your smart contracts on blockchains like Ethereum.” Poly Network is one of the services that has started to offer this.
“Every time a person creates code, there’s a chance they’re going to make a mistake.”
How this Works
When users trade one cryptocurrency for another, such as BSC for Ethereum, Poly Network’s platform facilitates movement between many blockchains.
According to James Chappell, co-founder of London-based cyber-security firm Digital Shadows, “The Poly Network is the thing that permits the movement across various chains – ultimately, its software, its code, and code always has errors and defects in it.”
“That is true of banks, as well as any other financial system. Unfortunately, it appears that a party identified a flaw in the implementation and exploited it to deceive the network into mistakenly transferring these tokens.”
Several other services have been subjected to similar attacks in the last 12 months. These are some of them:
In February, hackers stole $11 million from Yearn Finance; in March, hackers took $37 million from Alpha Finance; and in April, hackers stole $32 million from Meerkat Finance.
After a wild 24 hours in the crypto world, it appears that the hacker plans to return all or most of the stolen funds.
“The pain endured is temporary, but memorable,” the offender said on the internet.
The idea that it was all a ruse to get Poly Network to remedy its security flaws has been met with skepticism.
If the motive was honorable, why the internet taunting and boasting?
One cyber-security firm claims it was close to figuring out the identity of a suspect, raising the possibility that the net was closing in.
It’s possible the hacker bit off more than they could chew and become terrified, so they returned the money.
- LaikaCoin: Created in Honor of the First Dog in Space - April 30, 2021
- Ethereum Price Prediction for 2021: Buy Before July 6 - April 30, 2021
- Crypto Day Trading: A Beginner’s Guide to Day Trading Crypto - April 30, 2021