Just 24 hours after one of the largest DeFi hacks took place, specifically on the Poly Network protocol, the attacker is reportedly starting to return the stolen funds. According to Chainalysis, the threat actor began to send the cryptos back to three Poly Network addresses. However, as of press time, the hacker returned around $260.97 million from the $611 million stolen.
The Cryptocurrencies given back by the attacker are POLYGON-Peg USDC, Binance-Peg BTCB, Binance-Peg BUSD, Binance-Peg USDC, FEI, SHIB, Binance-Peg ETH, BNB and RenBTC. During a tweet, the Poly Network specified that the remaining are around $269 million in Ethereum and $84 million in Polygon. “The attacker communicated with Poly Network via Ether transaction note during this process, voicing their intention to start by returning altcoins and asking if their stolen USDT could be unlocked in return for returning stolen USDC,” Chainalysis noted.
Will the Attacker Return the Remaining Funds?
But, there are no solid indications that the attacker will keep returning the funds. Still, one of the attacker’s addresses is now empty, and one of them holds one kind of crypto – USDC. As reported by Finance Magnates, though the exact way of breaching the protocol security is unknown, several Blockchain investigation companies have already initiated probes. According to Chinese blockchain security firm, BlockSec, the attack might have been triggered by the leak of private keys or a bug during Poly’s signing process.
On the other hand, SlowMist, a cryptocurrency cybersecurity firm, claimed to have identified the hacker’s mailbox, IP address and device fingerprints. “With the technical support of SlowMist’s partner, Hoo and multiple exchanges, the SlowMist security team found that the hacker’s initial source of funds was Monero (XMR), which was then exchanged to BNB/ETH/ MATIC on the exchanges. Wait for the currency and withdraw the tokens to 3 addresses respectively, and launch an attack on the 3 chains soon,” the company detailed.