Poly Network Hacker Appears to Have Returned Part of the $611M Stolen Funds

Wednesday, 11/08/2021 | 22:30 GMT by Felipe Erazo
  • A crypto cybersecurity firm claimed to be close to identifying the person behind the attack against the Poly Network protocol.
Poly Network Hacker Appears to Have Returned Part of the $611M Stolen Funds
FM

Just 24 hours after one of the largest DeFi hacks took place, specifically on the Poly Network protocol, the attacker is reportedly starting to return the stolen funds. According to Chainalysis, the threat actor began to send the cryptos back to three Poly Network addresses. However, as of press time, the hacker returned around $260.97 million from the $611 million stolen.

The Cryptocurrencies given back by the attacker are POLYGON-Peg USDC, Binance-Peg BTCB, Binance-Peg BUSD, Binance-Peg USDC, FEI, SHIB, Binance-Peg ETH, BNB and RenBTC. During a tweet, the Poly Network specified that the remaining are around $269 million in Ethereum and $84 million in Polygon. “The attacker communicated with Poly Network via Ether transaction note during this process, voicing their intention to start by returning altcoins and asking if their stolen USDT could be unlocked in return for returning stolen USDC,” Chainalysis noted.

Will the Attacker Return the Remaining Funds?

But, there are no solid indications that the attacker will keep returning the funds. Still, one of the attacker’s addresses is now empty, and one of them holds one kind of crypto – USDC. As reported by Finance Magnates, though the exact way of breaching the protocol security is unknown, several Blockchain investigation companies have already initiated probes. According to Chinese blockchain security firm, BlockSec, the attack might have been triggered by the leak of private keys or a bug during Poly’s signing process.

On the other hand, SlowMist, a cryptocurrency cybersecurity firm, claimed to have identified the hacker’s mailbox, IP address and device fingerprints. “With the technical support of SlowMist’s partner, Hoo and multiple exchanges, the SlowMist security team found that the hacker’s initial source of funds was Monero (XMR), which was then exchanged to BNB/ETH/ MATIC on the exchanges. Wait for the currency and withdraw the tokens to 3 addresses respectively, and launch an attack on the 3 chains soon,” the company detailed.

Just 24 hours after one of the largest DeFi hacks took place, specifically on the Poly Network protocol, the attacker is reportedly starting to return the stolen funds. According to Chainalysis, the threat actor began to send the cryptos back to three Poly Network addresses. However, as of press time, the hacker returned around $260.97 million from the $611 million stolen.

The Cryptocurrencies given back by the attacker are POLYGON-Peg USDC, Binance-Peg BTCB, Binance-Peg BUSD, Binance-Peg USDC, FEI, SHIB, Binance-Peg ETH, BNB and RenBTC. During a tweet, the Poly Network specified that the remaining are around $269 million in Ethereum and $84 million in Polygon. “The attacker communicated with Poly Network via Ether transaction note during this process, voicing their intention to start by returning altcoins and asking if their stolen USDT could be unlocked in return for returning stolen USDC,” Chainalysis noted.

Will the Attacker Return the Remaining Funds?

But, there are no solid indications that the attacker will keep returning the funds. Still, one of the attacker’s addresses is now empty, and one of them holds one kind of crypto – USDC. As reported by Finance Magnates, though the exact way of breaching the protocol security is unknown, several Blockchain investigation companies have already initiated probes. According to Chinese blockchain security firm, BlockSec, the attack might have been triggered by the leak of private keys or a bug during Poly’s signing process.

On the other hand, SlowMist, a cryptocurrency cybersecurity firm, claimed to have identified the hacker’s mailbox, IP address and device fingerprints. “With the technical support of SlowMist’s partner, Hoo and multiple exchanges, the SlowMist security team found that the hacker’s initial source of funds was Monero (XMR), which was then exchanged to BNB/ETH/ MATIC on the exchanges. Wait for the currency and withdraw the tokens to 3 addresses respectively, and launch an attack on the 3 chains soon,” the company detailed.

About the Author: Felipe Erazo
Felipe Erazo
  • 1036 Articles
  • 46 Followers
About the Author: Felipe Erazo
Felipe earned a degree in journalism at the University of Chile with the highest honour in the overall ranking, and he also holds a Bachelor of Arts in Social Communication. In addition, he has been working as a freelance writer and Forex/crypto analyst, with experience gained from several forex broker firms and crypto-related media outlets around the world. He has been involved in the world of online forex trading since 2010 and in the crypto sphere since 2015.
  • 1036 Articles
  • 46 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}