Hackers Return Nearly Half of the $600 Million they Stole in One of the Biggest Crypto Heists

Hackers have returned nearly half of the $600 million they stole in what's likely to be one of the biggest cryptocurrency thefts ever. From a report: The cybercriminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together. Poly Network disclosed the attack Tuesday and asked to establish communication with the hackers, urging them to "return the hacked assets."

A blockchain is a ledger of activities upon which various cryptocurrencies are based. Each digital coin has its own blockchain and they're different from each other. Poly Network claims to be able to make these various blockchains work with each other. Poly Network is a decentralized finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries -- such as brokerages and exchanges. Hence, it's dubbed decentralized. Proponents say this can make financial applications such as lending or borrowing more efficient and cheaper. "The amount of money you hacked is the biggest in defi history," Poly Network said in a tweet. In a strange turn of events Wednesday, the hackers began returning some of the funds they stole. They sent a message to Poly Network embedded in a cryptocurrency transaction saying they were "ready to return" the funds. The DeFi platform responded requesting the money be sent to three crypto addresses. As of 7 a.m. London time, more than $4.8 million had been returned to the Poly Network addresses. By 11 a.m. ET, about $258 million had been sent back.

Dumb criminals

[doesnothingwell]

Rule one or maybe three, don't shit where you eat.

Re:Dumb criminals

[Ostracus]

In a way yes. Terrible when even criminals can't trust cryptocurrency to be secure.

Re:

[GoTeam]

Any chance this is the US (or any other) government testing some new tool? Sending that much back because of the fear you could be tracked seems odd. The crime is done, even if 100% of the money is returned.

Re:Dumb criminals

[shaitand]

Not at all. DeFi pushed for the exchanges to block the funds in question. They've undoubtedly returned these funds in a manner which makes it extremely difficult from a technical perspective to wholesale block the exchange of the retained funds without blocking the returned funds as well.

Re:

[GoTeam]

Ah, thanks.

Re: Dumb criminals

[ami.one]

Ooooh ! That's a brilliant, even if evil, idea
Thanks for explaining that

Re:

[arglebargle_xiv]

I know you're joking, but that's probably the reason: If they steal too many of people's digital tulip bulbs, confidence in the whole air castle will collapse, along with the ability to cash out said bulbs by the crooks. By returning half of them, they're ensuring they maintain enough value to be monetizable. Better 50% of $600M than 100% of nothing when it causes the air castle to collapse.

One things for sure

[Anonymous Coward]

This wasn't hackers, this was an exit scam gone wrong, at this point i would be tearing Defis staffs affairs to pieces, guaranteed they made a OPSEC mistake (they always do)

Re:

[shaitand]

While you are technically correct you are also wrong in that are a handful of protocols which combined result in the common DeFi platform and a subset of people with greater control over that platform and most of them are tied to Binance.

This is like pointing out LAMP doesn't refer to a group but a technology stack. This is true but each respective community group has key players and the Apache group has players which are key on multiple of the respective projects. The difference is that each of those proje

Why�

[cjeze]

Dosent make sense

Re:

[iggymanz]

Traceability of much the funds makes returning perfectly sensible.
Two of the promises, actually turning out to be lies in many cases, of crypto coin was anonymity and untraceabilty.

Re:

[systemd-anonymousd]

The relevant word in "public ledger" is in the phrase. The word is public.

Crypto was designed to be public. If you associate your real identity somewhere in the transaction history in the public ledger, that information is now forever associated with that transaction.

By default, your transactions aren't associated with anything other than a transaction hash in the public ledger. So it's really up to you and who you do business with (and who you are allowed to do business with) that determines how much infor

Re:

[fahrbot-bot]

The relevant word in "public ledger" is in the phrase. The word is public.

Thanks, that explains Heath Ledger's parent's fondness for a certain candy bar [wikipedia.org] ... :-)

Re:

[iggymanz]

...plus those that get certain information about you and whom you do business with and which exhanges you use...

At least it's the crooks mostly getting fucked over

Re:

[shaitand]

This all really boils down to ETH which is to Bitcoin what ActiveX support was for the browser. A lot of the same type of entities buying into this were IE and AOL fans as well. All the cool possibilities of this tech comes from a complexity level which essentially makes it swiss cheese from a security perspective.

Bitcoin lives up to its promises with a public ledger but no association between hashes and humans. It is the humans who keep exposing themselves to side channel attacks. Untraceable was never par

Re:

[cjeze]

It explains a little. They could hold the money ransom. Ie. not return it or destroy it instead....

Re:

[thegarbz]

Because the money was blacklisted as stolen and no one is accepting it. They tried to launder it and failed.

Pyrite Pete's failed prediction

[Anonymous Coward]

On Monday April 26, 2021 @02:16AM UTC, Pyrite Pete [urbandictionary.com] had said:

Wait 1-2 months, and BTC will be twice its value. [slashdot.org]

That was back when bitcoin had already fallen, and down to about $47K at the time. It should've been back up to "twice its value" no later than June 26 20201 - over three months ago. It is now sitting at only about $46K.

Now that's what I call a prediction #FAIL!

Re:

[shaitand]

Mutli-decade long deflationary investment failed to move like an AC predicted over the course of two months... news at 11.

Re:

[Kaenneth]

You really need mental health care.

Let it go, and move on with your life.

correction - NOTHING was sent back

[sdinfoserv]

Given the transactions from the stolen tokens were blacklisted and rejected, the tokens are valueless. thus, nothing was returned because nothing of value was stolen.
"About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. The transaction was rejected."
https://www.coindesk.com/cross... [coindesk.com]

Re:

[GoTeam]

Wow, thanks for that information. It would explain why they're giving it back.

Re:

[Anonymous Coward]

Given the transactions from the stolen tokens were blacklisted and rejected, the tokens are valueless. thus, nothing was returned because nothing of value was stolen.

If nothing of value was stolen, then why did Poly ask miners and crypto exchanges to blacklist the tokens [slashdot.org] from the three addresses? If they were of no value, then why bother?

Re:

[srg33]

I'll try to explain. The original tokens had some (indeterminate) value. Maybe analogous to bank checks, just for this super short explanation. Normally, that would be no problem to deposit at another bank. However, like this IF the originating bank notified other banks (blacklisted those checks) THEN other banks would not accept/cash/deposit the checks: worthless.

Re:correction - NOTHING was sent back

[sdinfoserv]

once blacklisted, they became valueless. Therein lies the true risk of digitial "currency". With the flip of a digital switch, you have nothing. Crypto is made up nothingness. Unlike real currency that is backed by a nation state or globally recognized bank, crypto is just imagination, gone just as quickly.

Re:

[serviscope_minor]

Crypto is made up nothingness. Unlike real currency that is backed by a nation state or globally recognized bank, crypto is just imagination, gone just as quickly.

So... totally unlike Zimbabwe dollars then?

Also if the US DOJ gets a bee in its bonnet about you, you will suddenly find your assets frozen with zero notice, pretty much worldwide. It might be possible to secretly stash some, but not easy.

Re:

[sdinfoserv]

yep. Zimbabwe dollar transactions happen just fine on a hilltop, in a remote village, or anywhere without power or internet. So, yes, they’re better. A DOJ "bee" requires a court order to freeze your assets - as opposed to some script kiddies tweeting, no oversight, no recourse.. If you want to "invest" in the Zimbabwe dollars, sure, be my guest. You can throw any nonsense situation red herring you want. Bottom line is you can have a suitcase full of US dollars, travel anywhere, hold them in your

Re:

[sdinfoserv]

suitcase full of money or a credit card. but a frozen credit card doesn't cost you any thing. you just don't have access to "credit". Credit is a future promise to pay.

Re:

[serviscope_minor]

yep. Zimbabwe dollar transactions happen just fine on a hilltop, in a remote village, or anywhere without power or internet.

No they don't, that's the entire point.

"Real" currencies are not backed by a nation state they are backed by belief in a nation state.

If people stop believing in the nation state when it comes to currency, then the currency stops functioning. Then you get hyperinflation so while you might be able to hand someone a $10,000,000 ZWL note for a chicken on a hilltop in a remote village, by

Re:

[slazzy]

Not really, it could still be used for private transactions when people don't know the coins are blacklisted. Also, if people swap the coins to another currency like monero within minutes/hours of them being stolen, blacklisting the coins will only leave innocent people on the hook.

Re:

[tlhIngan]

Not really, it could still be used for private transactions when people don't know the coins are blacklisted. Also, if people swap the coins to another currency like monero within minutes/hours of them being stolen, blacklisting the coins will only leave innocent people on the hook.

In other words, your coins can arbitrarily be made worthless by no action on your part. And with absolutely no recourse either.

Which should probably be more widely known that you can be billionaire today, bankrupt tomorrow.

Now, y

Re:

[Kaenneth]

And you could get hit by lightning and be dead, can't prevent everything.

Re: correction - NOTHING was sent back

[reanjr]

Same thing can happen with dollar bills. If you end up with some bills whose serial numbers are tied to a bank robbery, you're SOL if you try to deposit it to a bank that checks the serial numbers.

Re:

[John.Banister]

If a nation state could delcare "dollars with the following serial numbers are no longer legal currency" after a bank robbery, they would do it. All currency is made up nothingness.

Re:

[sdinfoserv]

nope. doesn't work that way. FYI, my dad is a retired treasury agent. Dollars are legal currency anywhere, so long as they're not defaced. Stores or people – the actual transitional level – do not check serial numbers. Serial numbers can have watch / hold states put on them, so if/when they go through large federal banks where the serial numbers are scanned, they're flagged, put aside and the Secret Service is called. Secret Service is responsible for currency enforcement. SSthen work wit

Re: correction - NOTHING was sent back

[dada21]

Post COVID there are numerous businesses near me that no longer accept legal tender.

Iâ(TM)m happy with my crypto for the purposes I hold it. Iâ(TM)m unhappy with my paper currency but I hold it for now.

Who blacklisted them

[rsilvergun]

And how? Will they be un-blacklisted at some point? And if the blacklisting can be removed who's going to remove it?

Re:

[sdinfoserv]

A is a currency. backed by a nation state. it's always valid. B is imagined, it only has value because the recipient chooses to accept it. A is valued at $100 anywhere, that’s called “face value”. B is only worth what the recipient is willing to risk for it. For example, B valued at $100 is only going to get $60 of A to “wash” the B . Let’s not forget the goal is to end up with the most A.
As far as credit / debit cards, your analogy is untrue. If a card is locke

Re:

[sdinfoserv]

A=dollars, B=crypto. A is used to determine inflation rates, CPI (consumer price index), is what raises are based on and interest rates. It’s used for year of year comparisons. In the office you’re paid a salary of $A/year or $A/hour, not B. B, is, well, only worth the recipient is willing to risk for it because it's hugely unstable. If your B exchange gets hacked and stolen, you’re out. If you’re A bank gets ripped off, your deposit is covered by FDIC insurance.
Come on. Be r

Re:

[Reziac]

When I saw "returned" I began wondering if it wasn't purely theft, but rather some sort of money laundering scheme.

Re:

[thegarbz]

Isn't it great they used crypto which isn't under anyone's control and thus can be traded freely by all. I love watching these people stick it to the gubbmint.

I asked this on the 1st thread

[rsilvergun]

but if that worked and all the coins have been blacklisted, doesn't that imply there's been significant power consolidation in the Crypto markets?

When I asked before someone replied there'd still be plenty of places to sell the coins to because it would be impossible to get all the miners on board to blacklist them (I misunderstood initially and thought the exchanges would do the blacklisting).

How was it possible to blacklist all the coins so thoroughly that the thief is returning them in hopes of escaping punishment? Is that because you can count on 51% of the miners to blacklist? And if you can, doesn't that mean those miners are coordinating in a way that may not be beneficial long term for the freedom of the network?

I mean, if an exchange can get those miners can act, I'm pretty sure a national gov't could.

So wouldn't that mean centralization?

[rsilvergun]

But the pool manager is being the ones in control? Not sure why somebody mad at you down. I Can't honestly say if you're right or wrong what the correct response would be the reply with the right answer not mod down on the off chance since you're not correct. And if you're right then the pool managers are effectively Banks in terms of the power they wield. And we're right back where we started with a centrally managed financial system. Only one that's using a heck of a lot more electricity in our current on

One correction

[rsilvergun]

I gather from other posts they're not giving back money in the hopes of being let go. They're giving it back because the nature of the crypto currency is such that it's difficult to black list only some of the coins. And that the blacklisting can be removed, and once it is they can dump what they keep.

In other words, they give back $300 million of crypto, but for either the hacker or the exchange to use it the exchange has to lift the blacklisting, freeing up the thieves to launder their stash and get a

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[PPH]

They realized they walked out of the bank with a bag of mob money. Put it back now and you'll only get a few fingers cut off.

Which means they still have over half

[Papaspud]

and even if they get 90% back- it means these guys made off with 60 million, not a bad days haul. These crimes are going to become more common, maybe not for this much, but don't tell me other shady actors aren't watching this carefully.

Re:

[Kaenneth]

I'm just waiting for the self-driving semi truck piracy.

That'll make a cool movie.

Re:

[PincushionMan]

Already been made. Maximum Overdrive [imdb.com]. First (and last) movie by that director.

Can't be too greedy any more

[xack]

There's too many observers of the blockchain, looking to blacklist the tiniest of suspicous transactions.

\o/

[easyTree]

Proponents say this can make financial applications such as lending or borrowing more efficient and cheaper.

Much cheaper - $600 million, interest free!

Am I the only one...

[kenh]

Am I the only one thinking this reminds them of the 'morning after' regret the criminal-hero's in "Office Space" felt when their computer rounding scheme succeeded beyond their wildest expectations? As you may recall, they converted their 'booty' into travelers checks and attempt to return the money. Hoping to avoid Federal "Pound You In The Ass" prison?