A HACKER behind one of the largest ever crypto heists has returned almost half of the £433m they stole in a bombshell twist.
The cunning thief said they were "not very interested in money" and robbed Poly Network – a multi-cryptocurrency trading platform – to teach them a lesson.
The company said it's since recouped £187m in stolen funds; £2.4m worth of Ethereum, £185m worth of Binance Smart Chain and £720k worth of polygon.
In a three-page-long Q&A session posted online, the perpetrator said he always planned to return the cash but carried out the attack to highlight security flaws in Poly Network's software.
"I know it hurts when people are attacked, but shouldn't they learn something from those hacks?" he wrote in notes embedded on the Ethereum blockchain.
The brazen crook stayed up all night to find weak points to exploit and feared Poly Network would patch the security flaws quietly without telling anyone and so decided to take millions in crypto tokens to make a point.
They said they didn't want to cause a "real panic [in] the crypto world" and so only took "important coins", leaving behind Dogecoin – the currency that started off as a joke.
CAUGHT RED HANDED?
Tom Robinson, a co-founder of Elliptic, a blockchain analytics and compliance firm, said the hacker could have realised they were being tracked and returned the cash to avoid being punished.
The analyst said blockhain technology makes it hard for cyber-criminals to profit from digital heists because everyone can see the money being moved across the network and into a hacker's wallet.
"I wonder whether this hacker stole the funds, realised how much publicity and attention they were getting, realised wherever they moved the funds they would be watched, and decided to give it back.
"The blockchain itself has operated here flawlessly, but the problem is on blockchains like Ethereum, you can write your own smart contracts. Various services have started offering this, including Poly Network.
"So whenever a human being writes code, there's a chance they will make a mistake."
HACK AND GRAB
On Tuesday, Poly Network wrote a letter on Twitter asking the hacker to get in touch "to work out a solution".
"The amount of money you hacked is the biggest one in the defi history," the trading platform said in a tweeted message to the thieves, using a reference to decentralised finance involving cryptocurrency.
The platform added that the money as stolen from "tens of thousands of crypto community members".
The site said an initial probe investigation found a hacker exploited a "vulnerability between contract calls".
About £193m of Ether currency had been taken, £182m of Binance coins and roughly £62m in USDC tokens.
Once the hackers stole the money, they began to send it to various other cryptocurrency addresses, CNBC reports.
Researchers at security company SlowMist said a total of more than £440m worth of cryptocurrency was transferred to three different addresses.
SlowMist said that their researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker”.
The researchers concluded that the theft was “likely to be a long-planned, organized and prepared attack”.
HOW IT WORKS
A blockchain is where encrypted data can be supposedly transferred securely, making it nearly impossible to duplicate or counterfeit.
Poly Network urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.
Cryptocurrency systems have been were developed independently, so have struggled to work in conjunction with each other.
Each digital coin has its own blockchain and they’re different to each other but Poly Network claims to be able to make these various blockchains work with each other.
A blockchain is essentially a digital record of transactions that is duplicated and distributed across the entire network of computer systems.
How to keep yourself safe from hackers and scammers
FOLLOW these steps to protect yourself from hackers in the future:
- Make a 'strong' password with 8 or more characters and a combination of upper case characters, numbers and symbols
- Don't do online banking on public WiFi, unless absolutely necessary
- Don't click on dodgy email links claiming to be from banks
- Use different passwords for different sites
- Never re-use your main email password
- Use anti-virus software
- Don't accept Facebook friend requests or LinkedIn invitations from people you don't know
- Think before you put personal info on social media
- Find My iPhone, Android Lost and BlackBerry Protect all allow you to remotely wipe a stolen phone. Set this feature up
- Only shop online on secure sites
- Don't store your card details on websites
- Password protect your phone and other devices
Source: Read Full Article