Hacker behind biggest cryptocurrency heist ever returns stolen funds

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Hacker behind $600M cryptocurrency heist returning stolen funds

The threat actor who hacked Poly Network’s cross-chain interoperability protocol yesterday to steal over $600 million worth of cryptocurrency assets is now returning the stolen funds.

AAs the Chinese decentralized finance (DeFi) platform Poly Network shared two hours ago, the hacker has already returned almost $260 million worth of stolen cryptocurrency.

In total, the attacker has transferred back $256 million Binance Smart Chain (BSC) tokens, $3.3 million in Ethereum tokens, and $1 million in USD Coin (USDC) on the Polygon network.

To send back all the stolen funds, the hacker still has to return another $269 million on Ethereum and $84 million on Polygon.

Motives behind returning the stolen assets unknown

The threat actor explained the motivation for the hack by embedding Q&A messages in transactions (as Elliptic Chief Scientist and Co-founder Tom Robinson found), the motives behind their decision to give back the stolen cryptocurrency are not yet known.

However, it could have been prompted by blockchain security firm SlowMist’s claims that it traced the attacker’s email address, IP address, and device fingerprint.

SlowMist also discovered that the assets used to fund the attack were Monero (XMR) exchanged to BNB, ETH, MATIC, and other tokens.

In a weird twist of events, Poly Network also urged the hacker to return the cryptocurrency stolen from “thousands of crypto community members” to avoid landing on law enforcement’s radar.

The biggest cryptocurrency hack ever

Following a preliminary investigation of the attack, Poly Network said the threat actor exploited a vulnerability between contract calls which allowed them to gain ownership of funds and transfer them to attacker-controlled wallets:

“This attack is mainly because the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed in by the user through the _executeCrossChainTx function,” SlowMist further explained.

“Therefore, the attacker uses this function to pass in carefully constructed data to…

Source…