Hacker returns $342m of $610m taken in world's biggest crypto heist

A hacker asked for donations as they returned $610m stolen from the Poly Network. Image: Getty (boonchai wedmakawand via Getty Images)

The hacker behind one of the biggest ever cryptocurrency heists has asked to be rewarded in donations, as they return approximately $610m (£440m) in tokens they took from blockchain network provider Poly Network.

The hacker has so far received about $3,750 in cryptocurrency donations for their efforts and returned about $342m of the approximately $611m that had been taken, according to a tweet by Poly Network.

It is the latest twist in a bizarre case that is thought to be one of the largest ever crypto heists, trumping the $530m heist at Tokyo-based bitcoin exchange Coincheck in 2018.

About $267m of ethereum (ETH-USD), $252m of Binance coin (BNB-USD) and roughly $85m in USDC tokens were taken, according to wallet addresses posted on Twitter. Looters apparently exploited a vulnerability in Poly Network's systems to make off with the funds.

$342 million (As of 12 Aug 08:18:29 AM +UTC) of assets had been returned:
Ethereum: $4.6M
BSC: $252M
Polygon: $85M

The remaining is $268M on Ethereum

— Poly Network (@PolyNetwork2) August 12, 2021

"Despite the return of the funds, the hacker might well still find themselves being pursued by the authorities. Their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow, aided by blockchain analytics tools," wrote Dr Tom Robinson, co-founder and chief scientist at blockchain analysis firm Elliptic.

Read more: Hackers begin returning funds after sensational $600m crypto heist of Poly Network

Before it was clear the hacker would return the money, Poly Network posted a letter on Twitter on Wednesday pleading for communication and urging the hackers to return the assets. It called the theft "one of the biggest in the DeFi history", referring to the decentralised finance space that Poly Network operates in.

"Law enforcement in any country will regard this as a major crime and you will be pursued," the company said in its letter.

In the process of returning the funds, the hacker posted a series of messages embedded into cryptocurrency transactions, including a Q&A explaining their actions and saying that returning the money was "always the plan".

The $600 million Poly Network hacker has published part one of a "Q&A":#polynetworkhack pic.twitter.com/3y1JQnHe50

— Tom Robinson (@tomrobin) August 11, 2021

The reversal came after security researchers said they had identified a trail of digital clues left by the hackers.

SlowMist, a blockchain security firm, said it had managed to identify "the attacker’s mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker".

The incident could be a knock to confidence in the rapidly-growing but early stage decentralised finance (DeFi) industry. DeFi doesn't rely on central financial intermediaries such as brokerages, exchanges or banks to offer services. Instead, processes are entirely automated by code that can be used off-the-shelf by anyone. It offers a more open alternative to financial service that is accessible to anyone with a smartphone and good internet connection. As of January 2021, approximately $20.5bn (£15bn) was invested in DeFi.

Watch: What are the risks of investing in cryptocurrency?