(Bloomberg) – Hackers returned about half of the roughly $ 610 million they stole on Tuesday in what was arguably one of the biggest cryptocurrency thefts on record in the burgeoning DeFi industry.
In an unusual twist, online thieves have pledged to return the full amount stolen to a decentralized financial protocol, or DeFi, known as PolyNetwork, which allows users to exchange tokens across multiple blockchains. It is not clear which PolyNetwork website is running the protocol.
In a post, the unidentified hackers said they “had just dumped all assets”, adding, “by hacking for good, I saved the project.” About $ 260 million has been returned so far, according to Tom Robinson, co-founder of blockchain forensics firm Elliptic.
Even more brazen, the pirates ask for donations as a reward for the return of funds. So far, they’ve made $ 200, Robinson said.
The hackers also posted an online question-and-answer session, explaining the motives for the attack as “for fun :)”. Online hackers said they took the funds “to keep them safe” after spotting a bug in the computer code. The hackers ended the missive by saying that they will be impossible to trace. “I’d rather stay in the dark and save the world.”
Blockchain security researcher SlowMist said they found the email address, IP address and fingerprint of the attackers’ device.
Elliptic, along with dozens of cryptocurrency exchanges and trackers, have been looking for hackers. Thousands of people were affected by the attack, PolyNetwork said in a letter posted on Twitter Tuesday.
“This demonstrates that while you can steal crypto assets, laundering and cashing them out is extremely difficult, due to the transparency of blockchain and the use of blockchain analytics,” said Robinson. “In this case, the hacker concluded that the safest option was simply to return the stolen assets.”
The heist brought in 11 different cryptocurrencies, including $ 93 million in Ether, according to Chainalysis, a blockchain researcher who has tracked some of the hackers’ transactions. The attacker had attempted to launder some of the money by using PolyNetwork to cash Dai and USDC coins and convert them all back to Dai, Chainalysis said.
DeFi apps – which allow people to lend, borrow, and exchange coins without using middlemen – have become frequent targets of attack in recent times, as they have grown in popularity. Some $ 156 million was taken out of DeFi-related hacks in the first five months of the year, surpassing the $ 129 million stolen in such attacks throughout 2020, according to crypto security firm CipherTrace.
(Updates with additional information about the attack)
More stories like this are available at bloomberg.com
Subscribe now to stay ahead of the game with the most trusted source of business information.
© 2021 Bloomberg LP