The community just witnessed the largest ever theft from a DeFi protocol. The unidentified attacker siphoned off with a whopping $612 million worth of cryptocurrency from cross-chain DeFi protocol Poly Network. However, it didn’t take long enough for them to return the stolen funds.
After pulling off the biggest heist in the history of DeFi, the hackers returned more than a third of $613 million in digital coins they stole, said Poly Network. The hacker has claimed they are keeping the rest of the funds safe while they negotiate with the team behind the protocol.
It this a white hat hack to teach DeFi protocol about its security flaws?
The blockchain forensics company Chainalysis revealed that a vulnerability in the digital contracts Poly Network, which uses to move assets between different blockchains, was exploited. In an email, a person claiming to be behind the entire act said that they did it “for fun” and wanted to “expose the vulnerability” before others could exploit it.
If that is true, then the lesson is quite an expensive one. The purported hacker revealed that they were never really “interested in money” and returning the tokens was always part of the plan. The entities behind it has not yet been identified nor the message has been authenticated.
“The attacker communicated with Poly Network via Ether transaction note during this process, voicing their intention to start by returning altcoins and asking if their stolen USDT could be unlocked in return for returning stolen USDC. It’s possible this is a ruse to make off with the unstolen USDT, but so far nothing suggests the attacker won’t continue to return the stolen funds.”
Interestingly, one such cryptocurrency security firm called Slowmist has claimed to have identified hacker information such as mailbox, IP address, and device fingerprints, meaning they are close to unmasking them. However, Chainalysis also revealed that there is no information to confirm this.
Nothing in this DeFi space is bizarre anymore. The exploiter even went ahead to conduct an AMA session.