Poly Network fired off a tweet Wednesday saying hackers had
returned $260 million worth of the digital assets taken in a heist a day
earlier valued at $613 million.
Polygon had urged the thieves to return the stolen fortune
and provided online addresses for transfers.
"Seven minutes prior to sending the first transaction
returning some of the funds, the hacker created a token called 'The hacker is
ready to surrender' and sent this token to the designated Polygon
address," digital asset research firm The Block said in a post at its
website.
One of the touted features of cryptocurrency is that
blockchain transactions are public, even if the people behind them are not.
Poly Network had put out a plea for the stolen Ethereum,
BinanceChain and OxPolygon tokens to be shunned by traders running
"wallets" for storing cryptocurrency.
"The amount of money you hacked is the biggest one in
the defi history," Poly Network said in a tweeted message to the thieves,
using a reference to decentralized finance involving cryptocurrency.
"The money you stole are from tens of thousands of
crypto community members."
Bounty due?
The return of some of the digital loot came as the thieves
were tracked by "white hat hackers" who use their software skills for
good.
The heist also sparked debate about whether it would be fair
to let the hackers keep some of the loot as reward for uncovering a Poly
Network weakness that could have been even more costly.
Open source developers alliance BinomialPool in a tweeted
exchange proposed a bounty of 5 percent to 10 percent for pulling off such
crypto-hacks.
"This could be a win-win," tweeted @BinomialPool.
"Hackers don't go into jail. The community faces
acceptable losses. Code gets better."
Paying hackers bounties for uncovering and reporting bugs in
software is common practice in the tech world.
Blockchain system defense firm SlowMist put out word it is
on the trail of the cyber crooks who pulled the Poly Network heist.
"The SlowMist security team has grasped the attacker's
mailbox, IP, and device fingerprints through on-chain and off-chain tracking,
and is tracking possible identity clues related to the Poly Network
attacker," the company said in a blog post.
Poly Network threatened police involvement, but also offered
the hackers the chance to "work out a solution."
The US Department of Justice and FBI did not respond to
requests for comment.
Poly Network posted online addresses used by the hackers,
and called on "miners of affected blockchain and crypto exchanges to
blacklist tokens" coming from them.
Poly Network did not reply to an AFP request for comment,
but Twitter users echoed calculations valuing the hackers' haul at some $600
million.
As of the end of April, cryptocurrency thefts, hacks and
fraud so far this year totaled $432 million, according to an analysis by
CipherTrace.
That compares to 2019, when defi hacks were virtually
non-existent, according to CipherTrace.
0 comments:
Post a Comment