$4.77M Returned, Poly Network Hacker Starts Giving Back the Stolen $611 Million Crypto Assets
The attacker of cross-chain Poly Network has already started to return the $611 million worth of crypto assets just a day after stealing them.
“Its already a legend to win so much fortune. It will be an eternal legend to save the world. I made the decision, no more DAO,” read one of the messages from the attacker.
$4.77 million has been returned so far, shared by the Poly Network team on Twitter. As we reported, Tether had saved the loss of $33 million yesterday by freezing USDT addresses.
On the day of the attack, blockchain security firm Slowmist also obtained information about the attacker, including their IP address, email ID, and device fingerprints through on-chain and off-chain tracking, following which the hacker announced their decision to return the funds.
Slowmist further said that the attacker used a little-known Chinese cryptocurrency exchange Hoo for the attack, adding, “this is likely to be a long-planned, organized and prepared attack.”
2) A lot of chinese funds / individuals are affected because @PolyNetwork2 is used by NEO and Ontology to bridge assets over from Ethereum. Basically, assets are locked on ethereum via smart contracts. Somehow the hacker managed to withdraw it all.
— Boxmining (@boxmining) August 10, 2021
The Poly Network team also reached out to the attacker, urging them to return the hacked funds on the grounds that the amount stolen was the biggest one in DeFi history and because law enforcement will regard this as “a major economic crime.”
While previously suspected to be the leakage of the single keeper’s private key, the attack actually happened “because the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed in by the user through the _executeCrossChainTx function. Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract,” explained Slowmist in its analysis.