PolyNetwork $600 Million Attack: Hacker Says ‘Ready to Return the Funds’

Just a day after cross-chain DeFi protocol PolyNetwork was exploited via a major security breach, the hacker has sent back almost $5 million of the funds to the platform.

On Wednesday morning, the hacker sent an encrypted message to PolyNetwork via an Ethereum transaction stating that they were “ready to return the funds.”

The hacker further requested for a multi-signature wallet address to return the funds, saying

“Failed to connect the Poly. I need a secure multi-sig wallet from you.”

Promptly, PolyNetwork developers replied that they will be preparing a multi-signature address, allegedly controlled by “known Poly addresses”, for the funds to be returned.

They also enclosed three different wallets that the funds can be sent to, an Ethereum, Binance Smart Chain, and Polygon address, the three blockchains that the hacker had been using since yesterday.

A subsequent message from the hacker read,

“IT’S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAO.”

The hacker immediately began sending the funds back to PolyNetwork. They sent over $1 million worth of USDC via the Polygon address, doing so in three transactions.

They also sent about $1.1 million in BTCB, a bitcoin-pegged token on the Binance Smart Chain network, over $2 million worth of Shiba Inu, and about $616,000 in the stablecoin, FEI.

The Biggest DeFi Hack in History

On Tuesday, PolyNetwork announced that it had suffered a major attack that saw it lose about $600 million worth of digital assets.

The attack had drawn the attention of the entire financial industry, with crypto entities springing into action immediately to stop the funds from leaving the addresses they were sent.

A few hours after the hack, the cybersecurity firm, Slowmist, claimed that it had discovered the hacker’s IP and email addresses, adding that the hacker took advantage of a bug within PolyNetwork’s cross-chain smart contract.

Polygon said yesterday,

“The SlowMist security team has discovered the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker.”

White-hat Hacker Speculations

The PolyNetwork hacker has become a sensation within the crypto industry in a little over 24 hours.

It came as a surprise to many when the hacker began sending back the funds, with some speculating that it might be a white-hat hacker.

Tokyo-based blockchain company, O3 Labs, noted in a tweet today that the hacker might be ” of the white-hat variety.”

While this speculation is not established at the moment, returning the funds can be an indication that the hacker wanted to expose some vulnerabilities on the PolyNetwork system.