Hackers have stolen $600 million in cryptocurrency from Poly Network, a decentralized finance platform, in the largest theft in the industry’s history, according to the company.
The funds were stolen due to a vulnerability in Poly Network, the platform said Tuesday, pleading with the thief to return the money.
“The amount of money you hacked is the biggest one in the defi history,” Poly Network wrote in a letter to the attacker it posted to Twitter. “The money you stole are from tens of thousands of crypto community members… you should talk to us to work out a solution.”
According to Tether’s CTO, Poly Network urged other members of the cryptocurrency ecosystem to “blacklist” assets coming from addresses used by the attacker to siphon off the funds, which included a mix of coins including $33 million in Tether. (Tether later stated that the assets were frozen within 20 minutes of learning of the attack in a statement.) Binance, a cryptocurrency exchange, said it was “working closely with all of our security partners to actively assist.” Poly Network is a network that connects the blockchains of various virtual currencies to create interoperability.
Following the hack, Poly Network established a number of addresses where the money could be returned, according to the company. And it appears that the hacker is on board: Poly Network said it had received about $4.7 million back as of 7:47 a.m. ET Wednesday. The hacker’s identity was not immediately revealed.
According to Chainalysis, a blockchain forensics firm, much more money, about $261 million, had been returned by noon. According to Chainalysis, the attacker claimed to have hacked Poly Network “for fun :)” and undertook the attack as a challenge in notes appended to some of the transactions.
“I take the responsibility to expose the vulnerability before any insiders hiding and exploiting it!” the attacker wrote. “I understood the risk of exposing myself even if I don’t do evil. So I used temporary email, IP or so called fingerprint, which were untraceable. I prefer to stay in the dark and save the world.”
Because every transaction is recorded and traceable, there was virtually no way for the hacker to safely withdraw the funds once the hack gained international attention, according to Chainalysis.
“With the inherent transparency of blockchains and the eyes of an entire industry on you, how could any cryptocurrency hacker expect to escape with a large cache of stolen funds?” the company wrote in its report. “In most cases, the best they could hope for would be to evade capture as the funds sit frozen in a blacklisted private wallet.”
As investors pour billions of dollars into digital currencies, regulators have increased their scrutiny of crypto platforms. Senator Elizabeth Warren recently asked SEC Chair Gary Gensler to look into the agency’s ability to regulate cryptocurrency trading.
In response, last week, Gensler said: “Right now, I believe investors using these platforms are not adequately protected.”