Hacker Returns Half of $611 Million Stolen Cryptocurrency Haul

The hacker behind the largest heist in cryptocurrency history has reportedly returned almost half of the $611m stolen.

Poly Network, a platform that facilitates cryptocurrency transactions including bitcoin, announced earlier this week that it had been hacked, resulting in a multi-million dollar loss.

"We call on miners of affected blockchain and crypto exchanges to blacklist tokens coming from the above addresses," the network tweeted on Tuesday, providing three addresses that it said the assets had been transferred to. "We will take legal actions and we urge the hackers to return the assets," it added.

The network addressed the hacker in an open letter over Twitter the following day, writing: "Dear hacker ... We want to establish communication with you and urge you to return the hacked assets. The amount of money you hacked is the biggest in defi [decentralized finance] history. Law enforcement in any country will regard this as a major economic crime and you will be pursued. It is very unwise for you to do any further transactions. You should talk to us to work out a solution."

The hacker then reportedly posted messages embedded in ethereum transactions sent from the account under their control pledging to return funds and claiming to be "not very interested in money."

"I AM _NOT_VERY INTERESTED IN MONEY," the hacker allegedly wrote in screenshots from a three-page-long Q&A session shared by Tom Robinson, co-founder of crypto tracking firm Elliptic. "I KNOW IT HURTS WHEN PEOPLE ARE ATTACKED, BUT SHOULDN'T THEY LEARN SOMETHING FROM THOSE HACKS?"

The hacker, who is believed to have exploited a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains, added they did it "for fun" and wanted to "expose the vulnerability" in Poly Network software before others could.

Poly Network swaps tokens across different blockchains, including Ethereum and Ontology, as well as the blockchain for bitcoin.

On Wednesday, Poly Network announced that $260 million of the stolen funds had been returned but that $353 million was still outstanding. On Thursday, the network posted an update, saying it had so far received $342m back.

"$342 million (As of 12 Aug 08:18:29 AM +UTC) of assets had been returned," Poly Network said in a tweet earlier today. Of the returned assets, $4.6m are believed to be in ethereum, $252m in BSC and $85m in polygon. The remaining $268m on ethereum have yet to be returned, according to the platform.

In the embedded messages shared from the hacker's account, the person claimed to have spent all night looking for a vulnerability to exploit and decided to take millions of dollars in cryptocurrency tokens to make a point.

"Either they just intended to commit theft and steal the assets, or they were acting like a white hat hacker to expose a bug, to help Poly Network make themselves more strong and secure," Robinson told the BBC. "I wonder whether this hacker stole the funds, realized how much publicity and attention they were getting, realized wherever they moved the funds they would be watched, and decided to give it back," he added.

The Elliptic co-founder told Reuters that the decision to return the money could be due to the difficulty of laundering stolen crypto on such a large scale.

"Even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions," Robinson said.

The hacker or hackers have so far not been identified.

Newsweek has contacted Poly Network for comment.