Poly Network Hacker Appears to Have Returned Part of the $611M Stolen Funds

Just 24 hours after one of the largest DeFi hacks took place, specifically on the Poly Network protocol, the attacker is reportedly starting to return the stolen funds. According to Chainalysis, the threat actor began to send the cryptos back to three Poly Network addresses. However, as of press time, the hacker returned around $260.97 million from the $611 million stolen.

The cryptocurrencies gave back by the attacker are POLYGON-Peg USDC, Binance-Peg BTCB, Binance-Peg BUSD, Binance-Peg USDC, FEI, SHIB, Binance-Peg ETH, BNB, and RenBTC. During a tweet, Poly Network specified that the remainings are around $269 million on Ethereum and $84 million on Polygon. “The attacker communicated with Poly Network via Ether transaction note during this process, voicing their intention to start by returning altcoins and asking if their stolen USDT could be unlocked in return for returning stolen USDC,” Chainalysis noted.

Suggested articles

TMGM Breaks Record With $195 Billion In July Trading VolumeGo to article >>

Will the Attacker Return the Remaining Funds?

But there are no solid indications that the attacker will keep returning the funds. Still, one of the attacker’s addresses is now empty, and one of them holds one kind of crypto – USDC. As reported by Finance Magnates, though the exact way of breaching the protocol security is unknown, several blockchain investigation companies have already initiated probes. According to Chinese blockchain security firm, BlockSec, the attack might have been triggered by the leak of private keys or a bug during Poly’s signing process.

On the other hand, SlowMist, a cryptocurrency cybersecurity firm, claimed to have identified the hacker’s mailbox, IP address, and device fingerprints. “With the technical support of SlowMist’s partner Hoo and multiple exchanges, the SlowMist security team found that the hacker’s initial source of funds was Monero (XMR), which was then exchanged to BNB/ETH/ MATIC on the exchanges. Wait for the currency and withdraw the tokens to 3 addresses respectively, and launch an attack on the 3 chains soon,” the company detailed.