Recently, hackers stole over 600 million euros in various cryptocurrencies from the Poly Network platform. The theft did not really enrich them, as they can do nothing with the money.
Update: The hacker, who apparently acted alone, has now come forward. He claims that he did it all just for fun. We have expanded the article with his statement.
Who are the hackers? On August 10, a single report shook the entire cryptocurrency world. One or more hackers under the name “Mr. White Hat” have seized over 600 million euros in the form of Bitcoin, Ethereum, and other currencies during a digital heist.
A “White Hat” refers to a hacker who kindly points out security vulnerabilities with their actions – as opposed to “Black Hats”. Between the two are “Gray Hats”, who look for vulnerabilities unsolicited and then ask for a fee to report them. However, it is unclear whether this hacker is actually a “White Hat” or just claims to be one.
The target of this attack was the trading platform Poly Network, where security vulnerabilities were exploited. The platform proved to be particularly lucrative because it allows trading between different cryptocurrencies — hardly any other platform offers that. Thus, the hackers were able to transfer several currencies in fewer transactions.
To recover the funds of over 10,000 affected customers, Poly Network wrote an open letter to the hackers:
Dear hackers,
We are the Poly Network team.
We would like to communicate with you and ask you to return the hacked assets.
The amount of money you have stolen is the largest in the history of decentralized finance. Law enforcement and courts in all countries will treat this as serious economic crime and pursue you. It would be very unwise of you to conduct further transactions. The money you have stolen belongs to over 10,000 members of our crypto community.
You should talk to us to find a solution.
Hackers can do nothing with the money
Poly applies more pressure: To further pressure the hackers to repay the assets, the trading platform published the wallet addresses of the hackers on Twitter. This allows the hackers from Mr. White Hat to conduct further transactions under the White Hat’s name. If they now attempt to pay someone with the stolen cryptocurrency or exchange crypto for traditional currency, it will be immediately clear to all involved: The money is stolen.
This is comparable to banknotes being rendered worthless by a dye spray during an attempted break-in of a cash box.
Hackers return money: Shortly thereafter, Poly Network received a message linked to a transaction. In it, the hackers wrote “ready to transfer”.
And indeed, the money landed piece by piece in the wallets of Poly Network. By August 13, 2021, the hackers had returned approximately 340 million euros of the 600 million euros — more than half. Enough success? Not at all: The officials at Poly promise their members that they will not stop until every last cent is returned to where it was stolen from.
Hacker claims: “That was always the plan”
This is what the hacker says: After the attack and the offer from Poly, the attacker came forward. He says he only did it “for fun” and that he was never interested in the money (via CNBC.com). He was actually concerned about the bug he found:
When I noticed the bug, I had mixed feelings. Ask yourself what you would do if you saw such wealth before you. Politely ask the team if they could fix it? Anyone could be a traitor given a billion! I can trust no one. The only solution that came to my mind was to keep it in a secure account while I remain anonymous and safe.
“Mr. White Hat” via CNBC
He further claims that he wanted to return the money from the beginning. He is “not particularly interested” in the money, but he knows how much it affects people when they are attacked: “Shouldn’t they learn from such an attack?”
Even though we cannot verify whether the hacker is serious, at least the messages apparently undeniably come from him. A specialist explains: The messages were embedded in transactions that clearly belong to the hacker’s account. Only the owner of the stolen assets could have sent them.
Members and Twitter users: Hire the hacker
The reaction to the open letter from Poly Network is clear. A large part of the users is simply mocking it. Others express their sympathy for the affected. But one user has an absurd yet brilliant idea: “Hire the hacker”, demands user CryptoPittie001 and quickly gains support for this idea.
After all, he pointed the site’s operators to an important security vulnerability. Poly should pay the hacker to find even more dangerous holes in their security measures, believes CryptoPittie.
An idea that could actually work. It would not be the first time that a company hires a hacker who successfully penetrated its own security. After all, who better to identify potential threats than the enemy themselves?
Platforms like Poly Network were victims of such hacker attacks three times more often in 2021 than in the previous year. But theft is not the only danger when trading cryptocurrencies, as Twitch streamer Trainwrecks reports: Twitch streamer warns against gambling and cryptocurrencies, then loses $2 million
