hacker returns $3 billion in stolen funds

In the world of cryptocurrencies, ether is often called “Digital Oil”. In an ironic tone, we can link this nickname with the biggest case of corruption in recent Brazilian history, which was the “Petrolão” scandal.

In the biggest hack in DeFi history, it’s still unclear how the hack was done, but there’s a high chance the hacker has acquired ADM access (either through a bug or some key leak).

The most curious thing is the unfolding of this hack.

PolyNetwork politely asked the hacker to return the money:

“Dear Hacker, we are the Poly Network team. We want to establish communication with you, and ask you to return the hacked assets. The volume of money hacked is the largest in DeFi history. The laws of any country will frame this as a major economic crime, and you will be prosecuted. It would not be wise for you to carry out any other transaction with these funds. The stolen money belongs to tens of thousands of members of the crypto community.

You should talk to us to come up with a solution.”

In addition, PolyNetwork also posted tweets with the addresses of the wallets to which the hacker should send funds:

Poly addresses

“We hope you will transfer the assets to the addresses below.” Then put the wallet addresses on the Ethereum, Binance Smart Chain, and Polygon networks.

How did you get to the hacker?

PolyNetwork was able to track down the hacker, as his tracks led to a Chinese brokerage that had all of his data.

This was because, hours after the theft, blockchain security company Slowmist claimed that it had already tracked the attacker’s IP and email information while the investigation continued.

Slowmist suggests that the attacker used a small Chinese cryptocurrency broker, Hoo, to raise funds for the attack.

Return of funds

As happened in the Petrobras scheme, well known by Brazilians, part of the theft was returned (more than 50 billion reais were recovered).

In the case of PolyNetwork, of the US$ 600 million initially embezzled by the hacker, most of it has already been returned. Except for the backs frozen in USDT, all assets were transferred for a multi-signature wallet controlled by hacker “white hat” and Poly’s development team.

Blockchain Q&A session

Another curious fact was the conduct of an AMA (question and answer section) by the hacker on the Ethereum blockchain. Several people sent transaction messages to the attacker’s address and, surprisingly, he answered several questions.

In a compiled, the hacker responds talks about “mixed feelings” when he came across the vulnerability in the code. “Ask yourself what to do if you faced such a fortune. Politely asking the project team so they can fix it? Anyone could be the traitor given a billion.”

“I can’t trust anyone! The only solution I can find is to save it to a trusted account.”, he continued.

Regarding the return in parts, the hacker stated that he needed time to talk with the developer team and rest. His initial motivation, according to the attacker himself, was “anger” by the team’s initial response.

Read more: