Decentralized Finance (DeFi) platform, Poly Network confirmed on Monday that all $610 million worth of crypto assets stolen, in what has been considered as the largest crypto heist of all time, have been returned by the hacker.
Recall two weeks ago when the world was shocked by the news that a hacker, which Poly Network is calling “Mr White Hat”, had made away with assets worth $610 million. In the attack on the Polygon Network, the hacker made away with $273 million worth of Ethereum tokens, $253 million in Binance Smart Chain tokens, and $85 million in USDC. The hacker was said to have exploited a vulnerability in Poly Network’s code which allowed him to transfer the funds to his accounts.
Strangely though, the hacker did not run off with the digital assets but made it clear that he was not interested in money. Through encrypted messages, the hacker opened a dialogue with Poly Network and promised to return all the funds. Sure enough, the hacker kept to the promise and started returning the assets bit by bit, starting with an initial $260 million. By August 12, “Mr. White Hat” had returned more than half of the assets.
The dialogue with the hacker wasn’t a smooth ride though. More than $200 million of assets were locked in an account that required passwords from both Poly Network and the hacker, and for some time, the hacker refused to hand over the password.
Poly Network pleaded with “Mr. White Hat” to return the remaining funds, with the promise of paying a $500,000 bounty for helping it identify a flaw in its systems, and a job offer as Chief Security Advisor.
The hacker has now given Poly Network the password to access the final tranche of stolen funds. The company confirmed in a blog post that the hacker had shared the password needed to regain control of the remaining assets. “At this point, all the user assets that were transferred out during the incident have been fully recovered. We are in the process of returning full asset control to users as swiftly as possible,” Poly Network said. $33 million of tether, or USDT, however, remains frozen by its issuers.
In appreciation, Poly Network thanked “Mr. White Hat” for keeping his promise, and community partners, and the multiple security agencies who offered assistance. Conversely, security experts believe that, rather than being an act of goodwill, the hacker realized that it would be difficult to launder the money and cash out since all transactions are recorded on the blockchain.
Poly Network’s breach is considered to be the biggest crypto heist ever, and one of the most interesting as well. The heist exceeded that of the $534.8 million stolen from Japanese digital currency exchange Coincheck in a 2018 attack and the estimated $450 million worth of bitcoin that went missing from Tokyo-based Mt. Gox in 2014. In the case of Poly Network, though, the attacker maintained a public dialogue with their victim, ultimately returning the stolen assets, and even apologized.