Hacker behind $600M Poly Network theft returns stolen cryptocurrency

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Poly Network, the cross-chain decentralized finance platform provider that had about $600 million in cryptocurrency stolen from it earlier this month, has had all the funds returned.

The hack, first reported Aug. 10, involved the theft of Binance Chain, Ethereum and Polygon assets, with estimates that they were worth at the time up to $611 million. The hacker took advantage of a cryptography issue to exploit functions that modified contracts on Poly.

The following day, the hacker, who went by the name of “Etherhood,” started returning small amounts of some of the stolen funds. Etherhood said that the primary motivation for the hack was “for fun” that they had gone after the Poly Network as “cross-chain hacking is hot.”

Etherhood went on to explain that he or she had stolen the cryptocurrency to keep it safe before insiders exploited the vulnerability. That was capped off with the statement, “I prefer to stay in the dark and save the world.”

It was speculated at the time that some of the funds were being returned in an attempt to avoid criminal charges after researchers had tracked down identifying information. Etherhood, who did promise to return all the funds, has now done so.

Bleeping Computer reported that the hacker, now going by the name of “Mr. White Hat,” gave Poly Network access to the last tranche of stolen digital assets in their wallet, worth around $141 million earlier today.

“At this point, all the user assets that were transferred out during the incident have been fully recovered,” Poly Network wrote on Medium. “Thanks to Mr. White Hat’s cooperation, Poly Network has officially entered the fourth phase of our roadmap ‘Asset Recovery.’ We are in the process of returning full asset control to users as swiftly as possible.”

Poly Network paid the hacker a $500,000 reward in cryptocurrency, officially as a bug bounty for uncovering the cryptography issue. The payment could also be argued to be a reward for doing the right thing and returning the stolen cryptocurrency, however.

The hacker, who is strangely very talkative, left a message on the final transfer, apologizing and promising to return more funds that were originally…