Hackers Give Back Half Of $600m In Stolen Crypto Currencies

Uploaded on 2021-08-20 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers, TECHNOLOGY-Key Areas-Blockchain

Hackers successfully exploited a vulnerability to steal more than $600 million in crypto currency tokens from blockchain-based platform Poly Network, making this the largest hack in recorded history. 

According to blockchain forensics company Chainalysis, they found a weakness a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains. Now, in an unusual twist the hackers have returned a large amount of the stolen funds. 

This twist came after a slew of crypto-currency experts and businesses pledged to track the hacker’s crypto activity on the blockchain, but the hackers' identity and how exactly funds were stolen, remain unknown.  The hackers were able to change the “keeper role” of a blockchain contract, allowing them to make any transaction, such as a withdrawal. The vulnerability was due to a keeper’s private key being leaked. 

Poly Network, a decentralised finance platform that facilitates peer-to-peer transactions, confirmed that they have “the attacker’s mailbox, IP and device fingerprints through on-chain and off-chain tracking.” The firm confirmed the attack by issuing a statement on Twitter in which they urged the hackers to ‘return the hacked assets’. Surprisingly, the request seems to have worked. Hackers have since been in contact and have returned almost half of the stolen assets. 

The hackers sent a message to Poly Network embedded in a crypto-currency transaction saying they were “ready to return” the funds. Poly Network responded requesting the money be sent to three crypto addresses.

One of the hackers has supposedly claimed that they carried out the attack “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic, a crypto identity tracking firm. It was “always the plan” to return the tokens, the purported hacker wrote, adding: “I am not very interested in money.”

According to a spokesman for Elliptic, the decision to return the money could have been prompted by the difficulties of laundering stolen crypto on such a large scale.

“Even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” said  Elliptic's co-founder, Tom Robinson.

The Poly Network attack comes as losses from theft, hacks and fraud related to decentralised finance (DeFi) hit an all-time high.In the first half of 2021, DeFi-related thefts totaled $361 million, a nearly three-fold increase compared with the entirety of 2020, according to data from crypto currency compliance company CipherTrace.

TEISS:        Forbes:      Al Jazeera:    Sky:      NYPost:   Interesting Engineering:    Yahoo:

You Might Also Read:

Standing On The Cryptocurrency Frontier:

 

« Vaccine Passport Scams
US State Department Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Polygraph

Polygraph

Polygraph monitors the activities of click fraud gangs, including how they operate, who they target, the techniques they use, and how to detect their fraud.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.

Red Maple Technologies

Red Maple Technologies

Started and run by engineers from the UK Intelligence and Defence communities, Red Maple is a technical consultancy and product company.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

Washington Technology Solutions (WaTech)

Washington Technology Solutions (WaTech)

WaTech operates the state’s core technology infrastructure – the central network and data center, provides strategic direction for cybersecurity and protects state networks from growing cyber threats.

Cloud Software Group

Cloud Software Group

Cloud Software Group provides mission-critical software to enterprises at scale.

Securily

Securily

Securily offers the ultimate solution for small to medium-sized businesses, blending cutting-edge AI with expert human insight to deliver the world’s easiest and most effective pentesting experience.

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.