The polynetwork logo that appears on the phone screen along with the physical representation of some cryptocurrencies.
Jakub Porzycki | NurPhoto via Getty Images
Almost all of the $ 600 million stolen by one of the biggest crypto robbers to date has been returned by hackers.
PolyNetwork, the crypto platform targeted by the attack, said Thursday that all funds had transferred $ 33 million worth of digital coin tethers.
The issuer of tether, the so-called stablecoin, was fixed in US dollars and used a built-in failsafe to freeze assets shortly after the theft.
In an unusual event on Wednesday, an anonymous person claiming to be a hacker said he was “ready to return” the funds. The identity of the hacker or hacker is not yet known.
Polynetwork has requested that money be sent to three digital currency wallets. And, indeed, hackers had returned over $ 342 million to their wallets by Thursday.
But there are pitfalls. Almost all of the shipment was returned to PolyNetwork, but the last $ 268 million in assets are now locked to accounts that require passwords from both PolyNetwork and hackers to access.
Tom Robinson, chief scientist at blockchain analytics firm Elliptic, said: Friday blog post.
In a message embedded in the digital currency transaction, the hacker said, “I will provide the final key when _everyone_ is ready.”
Record a “DeFi” hack
Polynetworks are known as “decentralized finance” or DeFi systems. The DeFi project aims to replicate traditional financial services such as loans and transactions using blockchain, the technology behind most cryptocurrencies.
For Poly Network, the DeFi system allows users to transfer tokens from one blockchain to another.
Someone has exploited a code vulnerability in PolyNetwork to allow tokens to be transferred to their crypto wallet. The platform lost more than $ 610 million in the attack, according to researchers at security firm SlowMist.
Polynetwork called it “the largest in decentralized finance history”.
Self-proclaimed hackers claim that it was “always a plan” for them to carry out the theft “for fun” and ultimately return the funds.
CNBC was unable to independently verify the authenticity of the message.
In a further message, hackers claimed that Polynetwork offered them a $ 500,000 bounty to send back all the money and they turned it down. The hacker shared what appeared to be a statement from the Poly Network, promised that he would not be held liable for this case, and effectively disclaimed him.
Polynetwork did not return a request for comment from CNBC by the time of publication.
“Providing an exemption may sound like a wise move from a polynetwork to hang carrots, but authorities have agreed to this decision,” said Jake Moore, a specialist at cybersecurity firm ESET. It is unlikely that you will or allow it. “
“This attack is likely to be similarly closely monitored by cybercriminals and law enforcement agencies, opening up the possibility of counterfeit attacks.”
“You may find yourself being chased by the authorities,” Robinson said.
“Their activities left a number of digital bread crumbs on the blockchain that law enforcement agencies should follow.”
Cryptocurrencies are often the go-to for cybercriminals. This is especially true for ransomware attacks that lock down an organization’s systems or steal data while demanding a ransom payment to regain access.
This is because people who send and receive digital currencies do not reveal their identities. However, it is now possible to track the location of funds by analyzing the blockchain, which contains public records of all past crypto transactions.
Almost all of the $ 600 million cryptocurrency has been returned
Source link Almost all of the $ 600 million cryptocurrency has been returned