A recent massive hack, considered the largest ever in the decentralized finance (DeFi) space, took a total of more than $600 million in cryptocurrencies from the blockchain platform Poly Network.
The DeFi site made the announcement on Twitter on Tuesday morning, revealing that the hackers made illegal transfers of millions of dollars to separate cryptocurrency wallets, Forbes reported.
Poly divulged that the transfers amounted to 2,858 Ether coins worth around $267 million, 6,610 Binance tokens worth $252 million, and about $85 million in USDC coins on its network.
In total, the stolen digital tokens reached $604 million. It is way higher than the $460 million worth of Bitcoin hacked from the Tokyo-based Mt. Gox cryptocurrency exchange in 2014, which led to its bankruptcy and enforcement of stricter regulations in the cryptocurrency market, the Forbes report added. Another $530 million in digital tokens were also stolen from Coincheck in 2018.
Poly Network Hack: $260 million in Crypto Returned
On Wednesday, however, the cybercriminals behind the heist returned around $260 million and around $353 million remained outstanding, Poly further tweeted. This came after Poly urged the hackers to return the stolen tokens, emphasizing that they have identified them and would pursue legal action.
Crypto security company SlowMist revealed that its researchers had "grasped the attacker's mailbox, IP, and device fingerprints" and are "tracking possible identity clues related to the Poly Network attacker," a CNBC report said.
The SlowMist researchers said the heist was "likely to be a long-planned, organized and prepared attack."
Poly Network had urged cryptocurrency exchanges to blacklist tokens emanating from the hackers' addresses.
Hackers Exploited Vulnerability in Poly Network's Digital Contracts
According to a Reuters report, the hackers took advantage of a vulnerability in the digital contracts Poly Network utilizes to transfer assets between blockchains, quoting blockchain forensics company Chainalysis.
An individual claiming to have been behind the breach said the hackers merely did it "for fun", seeking to show the network's vulnerability before real cybercrime syndicates would exploit it, Chainalysis and crypto tracking firm Elliptic further said.
The hacker claimed that returning the stolen tokens was "always the plan," adding that they were not interested in money. These hackers have not been identified by Reuters, which said it has not verified the authenticity of the messages.
Elliptic CEO Tom Robinson stressed in the Reuters report that the hackers' decision to return the stolen tokens was prompted by a realization of the legal consequences of a crypto laundering case of its scale. He also said even if they succeeded in stealing the assets, "laundering them and cashing out is extremely difficult" given the blockchain's transparency and financial institutions' broad use of blockchain analytics.
Meanwhile, around $3.3 million in Ether that became part of the theft has been frozen, Forbes further reported. Binance CEO Changpeng Zhao also disclosed "coordinating with all our security partners to proactively help," but that "there are no guarantees."