Hackers Steal, Then Surprisingly Partially Return $600M In Cryptocurrency From PolyNetwork
Yesterday, criminal hackers stole approximately $600 million in varying cryptocurrencies from the PolyNetwork, a blockchain interoperability company. Now, in an interesting turn of events, the hackers have begun returning the stolen funds in what was to be one of the biggest cryptocurrency thefts ever.
As it stands, cryptocurrencies all have their standalone networks, which means that going between them would be difficult at best. However, PolyNetwork aims to interconnect Bitcoin, Ethereum, and others through smart contracts and interconnections between other crypto chains. Interestingly, malicious hackers were reportedly able to exploit a vulnerability in the EthCrossChainManager contract and extract any amount of funds from it.
After this was discovered and exploited for over $600 million in cryptocurrency, PolyNetwork wished to open a line of communication and get the hacked assets returned. While there has been a public post on Twitter, the hacker and PolyNetwork are mainly communicating over the blockchain, which allows anyone to see the messages, provided they are not encrypted. You can see the malicious hacker’s alleged all caps self-Q&A session below from this spreadsheet:
While executing the attack with a evident stuck caps lock button is impressive, the malicious hacker did not reveal a motive other than it being fun and a personal challenge. However, it has been reported that around half of the stolen funds have now been returned after some negotiations. Sadly, we do not know all the details as the communications from PolyNetwork were encrypted at the malicious hacker's request.Q & A, PART ONE:
Q: WHY HACKING?
A: FOR FUN :)
Q: WHY POLY NETWORK?
A: CROSS CHAIN HACKING IS HOT
Q: WHY TRANSFERING TOKENS?
A: TO KEEP IT SAFE.
WHEN SPOTTING THE BUG, I HAD A MIXED FEELING. ASK YOURSELF WHAT TO DO HAD YOU FACING SO MUCH FORTUNE. ASKING THE PROJECT TEAM POLITELY SO THAT THEY CAN FIX IT? ANYONE COULD BE THE TRAITOR GIVEN ONE BILLION! I CAN TRUST NOBODY! THE ONLY SOLUTION I CAN COME UP WITH IS SAVING IT IN A _TRUSTED_ ACCOUNT WHILE KEEPING MYSELF _ANONYMOUS_ AND _SAFE_.
NOW EVERYONE SMELLS A SENSE OF CONSPIRACY. INSIDER? NOT ME, BUT WHO KNOWS? I TAKE THE RESPOSIBILITY TO EXPOSE THE VULNERABILITY BEFORE ANY INSIDERS HIDING AND EXPLOITING IT!
Q: WHY SO SOPHISTICATED?
A: THE POLY NETWORK IS DECENT SYSTEM. IT'S ONE OF THE MOST CHALLENGING ATTACKS THAT A HACKER CAN ENJOY. AND I HAD TO BE QUICK TO BEAT ANY INSIDERS OR HACKERS, I TOOK IT AS A BONUS CHALL :)
Q: ARE YOU EXPOSED?
A: NO. NEVER. I UNDERSTOOD THE RISK OF EXPOSING MYSELF EVEN IF I DON'T DO EVIL. SO I USED TEMPORARY EMAIL, IP OR _SO CALLED_ FINGERPRINT, WHICH WERE UNTRACABLE. I PREFER TO STAY IN THE DARK AND SAVE THE WORLD.
Hopefully, we will find out more from PolyNetwork soon, so stay tuned to HotHardware for updates on this curious and developing situation.