PolyNetwork has gained back almost 50 percent of the Binance Smart Chain (BSC), Ethereum, and USD Coin. The cryptocurrency broker suffered the largest-ever crypto coin theft, roughly amounting to $611 Million.
In a rather strange turn of events, threat actors who pulled off the biggest cryptocurrency theft have had a change of heart. PolyNetwork has begun receiving the digital tokens that the hackers had successfully transferred to their own wallets.
$260 million (As of 11 Aug 04:18:39 PM +UTC) of assets had been returned:
The remainings are $269M on Ethereum, $84M on Polygon
— Poly Network (@PolyNetwork2) August 11, 2021
The biggest-ever cryptocurrency theft ever sees sudden reversal:
PolyNetwork is a platform that multiple blockchain providers, namely, Neo, Ontology, and Switcheo created. The intention behind the multi-platform collaboration was to facilitate the easy exchange of crypto tokens across different crypto platforms, including Bitcoin and Ethereum.
Two days ago, PolyNetwork had confirmed that it was a victim of a major attack. The platform confirmed attackers successfully compromised their defenses and infiltrated the cryptocurrency holding vault.
The cost of Poly Network exploitation has been the largest compared to the others up until now. pic.twitter.com/cshaHaXwXA
— Coin98 Analytics (@Coin98Analytics) August 10, 2021
The as-yet-unknown hacker group had successfully transferred Binance Chain, Ethereum, and Polygon assets into their wallets amounting to roughly $611 Million. Needless to add, this is by far the largest every cryptocurrency theft.
Poly Network added the threat actor successfully exploited a vulnerability between contract calls. This allowed them gain ownership of funds and transfer them to attacker-controlled wallets:
- Ethereum: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
- Binance Smart Chain: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
- Polygon: 0x5dc3603C9D42Ff184153a8a9094a73d461663214
Blockchain security firm SlowMist offered some technical details of the hack, and laid out the vulnerabilities that allowed cybercriminals to siphon off millions of crypto tokens:
This attack is mainly because the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed in by the user through …
— SlowMist (@SlowMist_Team) August 10, 2021
After PolyNetwork confirmed the attack, Binance CEO Changpeng stepped in and assured the company was coordinating with security partners to remediate the situation.
We are aware of the https://t.co/IgGJ0598Q0 exploit that occurred today. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can. Stay #SAFU. 🙏 https://t.co/TG0dKPapQT
— CZ 🔶 Binance (@cz_binance) August 10, 2021
It is important to note that the threat actors were successful. In other words, they were able to transfer the tokens from PolyNetwork’s holdings to their own wallets.
However, in a bizarre turn of events, the as-yet-unknown threat actors have reportedly started returning the stolen cryptocurrencies.
Threat actors start returning stolen crypto coins:
Within just two days, threat actors who stole $611 Million-worth in cryptocurrencies, have started to return the crypto tokens. The thieves have been embedding Q&A messages in transactions explaining the motivation for the hack.
— Tom Robinson (@tomrobin) August 11, 2021
As the thread indicates, the thieves claim they hacked the network because “it was fun”, and are returning the cryptocurrencies “to keep them safe”.
Reports, however, indicate the threat actors might have been spooked by claims from SlowMist. The security firm claimed it had successfully traced the attacker’s email address, IP address, and device fingerprint.
2)The SlowMist security team has grasped the attacker's mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker.
— SlowMist (@SlowMist_Team) August 10, 2021
Additionally, PolyNetwork had sent out an open letter to the thieves, urging them to return the stolen tokens. The network had included its email address and an appeal to return “people’s money”.
— Poly Network (@PolyNetwork2) August 10, 2021
However, the most obvious motivation might have been the fear about stolen tokens becoming useless.
.@OKEx is already on the case. We're watching the flow of coins, and will do our best to manage the situation.
Our wallet team will get in touch if we need more information. https://t.co/crD296bNdQ
— Jay_OKEX_CEO (@JayHao8) August 10, 2021
Multiple crypto token exchange platforms, and online cryptocurrency trading houses had jointly started blacklisting the cryptocurrency assets identified as stolen in the attack.
— Paolo Ardoino (@paoloardoino) August 10, 2021
Such unified stand would have ensured that the threat actors cannot offload a bulk of their stolen tokens in the near future. Moreover, attempts to sell even small amounts might have triggered alarms.
Huobi has taken notice of the large sum stolen from the #PolyNetwork tonight. Our risk control and security teams are already tracking and identifying the addresses involved. We'll do everything in our power to assist and protect the crypto community. #StrongerTogether
— Du Jun (@DujunX) August 10, 2021
About 50 percent of the stolen assets are now back in the custody of the rightful owners. However, the hacker still has to return another $269 million on Ethereum and $84 million on Polygon.