Thief returns at least one-third of $ 600 million in stolen cryptocurrency to Poly Network • The Register
Whoever has drained around $ 600 million in cryptocurrencies from Poly Network has reportedly returned at least $ 260 million so far.
The cyber super-burglary, revealed yesterday, has been described by Poly Network as the largest of its kind in the history of decentralized finance. The Chinese company, which manages the exchange of cryptocurrencies and other tokens between different blockchains, said today that more than a third of the money stolen from its systems has been returned.
Here’s what Poly Network had to say earlier:
$ 260 million (as of Aug 11 04:18:39 PM + UTC) of assets had been returned:
Ethereum: $ 3.3 million
BSC: $ 256 million
Polygon: $ 1 million
Leftovers are $ 269 million on Ethereum, $ 84 million on Polygon
– Poly Network (@ PolyNetwork2) August 11, 2021
Poly Network said the scammer was able to interfere with the execution of smart contracts – usually small programs that run automatically to fulfill agreements between the parties – which are used by the platform to exchange the tokens. and people’s parts. Thus, the funds were diverted in transit instead of being pulled directly from digital wallets.
You can find more technical details here by security analysts Slowmist, and here by blockchain watchers Chainalysis.
“The attacker exploited a vulnerability, which is the _executeCrossChainTx function between contract calls,” said a spokesperson for Poly Network. El Reg. “Therefore, the attacker uses this function to pass carefully crafted data in order to modify the holder of the EthCrossChainData contract. This is not the case that this event occurred due to the security guard’s private key leak.
The Chainalysis team put it more bluntly, “The attacker pulled off the heist by taking advantage of an exploit in the smart contracts that Poly Network uses to perform cross-chain transactions.”
Previously, Poly Network publicly pleaded for the thief to return all stolen assets, and urged crypto exchanges and others to refuse to process transactions from specific wallet addresses believed to hold the loot or otherwise involved in the theft of the highway. information. At least tens of millions of dollars in onward transfers have been blocked.
A person who could be the scammer claimed that the theft was committed in order not to steal money. Instead, we are told, it was more of a joke than teaching Poly Network a lesson in computer security by publicly exposing a vulnerability, and that the thief still intended to return his loot. Yes indeed. Totally, absolutely and fully believable.
Perhaps another motivator for the disbeliever was that Slowmist claimed to have obtained “the attacker’s mailbox, IP address and fingerprints through on-chain and off-chain tracking.”
In other words, the net may have come close to the thief. Poly Network had threatened legal action and warned that police forces around the world would not allow this mega-burglary to continue. The thief may also have found it difficult to launder or close his huge pile of stolen assets.
What looks like a breakage FAQ has been incorporated into the metadata of some of the transactions returning the stolen tokens, according to Dr. Tom Robinson, chief scientist at the Elliptic Cryptocurrency Analysis House.
“Q: Why come back? A: I’m not very interested in money, ”wrote the suspected con artist during this self-directed question-and-answer session on the Ethereum blockchain. “I know it hurts when people are attacked, but shouldn’t they learn something from these hacks? I announced the return decision before midnight so people who trusted me should [have] a good rest;) ”®