An as-yet-unidentified hacker has returned nearly all of the $600 million stolen by exploiting a vulnerability in the cryptocurrency platform Poly Network. The firm cited the anonymous person claiming to be the perpetrator as saying they were “ready to return” the rest of the stolen digital currency.
Almost all of the funds have been returned to three digital currency wallets, but $268 million in assets is currently locked in an account that requires passwords from both Poly Network and the hacker.
“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said in a blogpost Friday.
In a message embedded in the transaction, the hacker said they would "PROVIDE THE FINAL KEY WHEN _EVERYONE_ IS READY.”
At this point, it’s still unclear why the hacker decided to return the funds. Some analysts believe the move was motivated by the fact that it’s challenging to launder and cash out large amounts of stolen cryptocurrency.
“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Robinson told CNBC earlier this week. “In this case the hacker concluded that the safest option was just to return the stolen assets.”
Others have speculated that the hacker was afraid of being exposed and facing legal consequences. The identity of the hacker, who is known as “White Hat,” has yet to be uncovered. However, cybersecurity researchers say the individual left behind numerous “digital breadcrumbs” on the blockchain that could be traced by law enforcement.
According to CNBC, the hacker claimed in a message that they stole the funds “for fun” and that it was “always the plan” to return the funds. Poly Network has described the hack as “the biggest in defi history.”