The massive multi-million dollar exploit of the decentralized finance Poly Network sent shockwaves through the nascent industry, but there appears to be a happy ending.
According to the Poly Network, the hackers behind one of the industry’s largest-ever crypto heists have returned more than a third of stolen $613 million loot.
In a tweet on August 12, the DeFi protocol announced that it had received $260 million returned from the attackers. It also stated that there were $353 million outstanding on Ethereum and Polygon.
$260 million (As of 11 Aug 04:18:39 PM +UTC) of assets had been returned:
The remainings are $269M on Ethereum, $84M on Polygon
— Poly Network (@PolyNetwork2) August 11, 2021
Hacker Did it “for Fun”
As reported by CryptoPotato on August 10, the interoperability cross-chain DeFi protocol was exploited for more than $600 million. Analysis of the incursion revealed that private keys were compromised, made easier due to flaws in Poly Network’s smart contract design.
Poly Network stated at the time that the hacker had removed assets from Ethereum, Binance Smart Chain, and the Polygon network. Blockchain data showed that roughly $273 million was lifted from Ethereum, $253 million from BSC, and $85 million in USD Coin (USDC) from the Polygon network.
According to messages shared by crypto tracking firms, Elliptic and Chainalysis, the person claiming to have perpetrated the hack said they did it “for fun” wanted to “expose the vulnerability” before others could exploit it, and planned to return the tokens.
According to reports, co-founder of Elliptic Tom Robinson said the decision to return the loot could have been prompted by the hassles of laundering stolen cryptocurrency on such a scale. He stated:
“Even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,”
On August 10, the Poly team posted an open letter to the perpetrator urging them to return the stolen assets as “law enforcement in any country will regard this as a major economic crime, and you will be pursued.”
DeFi’s Biggest Exploit
According to CipherTrace, the $600 million Poly Network exploit has far outstripped the $474 million in criminal losses that were registered by the entire DeFi sector from January to July.
It was also comparable to the theft of $530 million in crypto assets from Tokyo-based exchange CoinCheck in 2018.
A long list of DeFi protocols has been targeted this year, most of which were running on BSC. These include PancakeBunny, Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, Spartan Protocol, Belt Finance, and Impossible Finance.