Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Bitcoin IT

Hackers Return Nearly Half of the $600 Million they Stole in One of the Biggest Crypto Heists (cnbc.com) 58

Hackers have returned nearly half of the $600 million they stole in what's likely to be one of the biggest cryptocurrency thefts ever. From a report: The cybercriminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together. Poly Network disclosed the attack Tuesday and asked to establish communication with the hackers, urging them to "return the hacked assets."

A blockchain is a ledger of activities upon which various cryptocurrencies are based. Each digital coin has its own blockchain and they're different from each other. Poly Network claims to be able to make these various blockchains work with each other. Poly Network is a decentralized finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries -- such as brokerages and exchanges. Hence, it's dubbed decentralized. Proponents say this can make financial applications such as lending or borrowing more efficient and cheaper. "The amount of money you hacked is the biggest in defi history," Poly Network said in a tweet. In a strange turn of events Wednesday, the hackers began returning some of the funds they stole. They sent a message to Poly Network embedded in a cryptocurrency transaction saying they were "ready to return" the funds. The DeFi platform responded requesting the money be sent to three crypto addresses. As of 7 a.m. London time, more than $4.8 million had been returned to the Poly Network addresses. By 11 a.m. ET, about $258 million had been sent back.

This discussion has been archived. No new comments can be posted.

Hackers Return Nearly Half of the $600 Million they Stole in One of the Biggest Crypto Heists

Comments Filter:
  • by doesnothingwell ( 945891 ) on Wednesday August 11, 2021 @11:57AM (#61680585)
    Rule one or maybe three, don't shit where you eat.
    • by Ostracus ( 1354233 ) on Wednesday August 11, 2021 @12:13PM (#61680649) Journal

      In a way yes. Terrible when even criminals can't trust cryptocurrency to be secure.

      • by GoTeam ( 5042081 )
        Any chance this is the US (or any other) government testing some new tool? Sending that much back because of the fear you could be tracked seems odd. The crime is done, even if 100% of the money is returned.
      • I know you're joking, but that's probably the reason: If they steal too many of people's digital tulip bulbs, confidence in the whole air castle will collapse, along with the ability to cash out said bulbs by the crooks. By returning half of them, they're ensuring they maintain enough value to be monetizable. Better 50% of $600M than 100% of nothing when it causes the air castle to collapse.
  • by Anonymous Coward

    This wasn't hackers, this was an exit scam gone wrong, at this point i would be tearing Defis staffs affairs to pieces, guaranteed they made a OPSEC mistake (they always do)

  • Dosent make sense

    • Traceability of much the funds makes returning perfectly sensible.
      Two of the promises, actually turning out to be lies in many cases, of crypto coin was anonymity and untraceabilty.

      • The relevant word in "public ledger" is in the phrase. The word is public.

        Crypto was designed to be public. If you associate your real identity somewhere in the transaction history in the public ledger, that information is now forever associated with that transaction.

        By default, your transactions aren't associated with anything other than a transaction hash in the public ledger. So it's really up to you and who you do business with (and who you are allowed to do business with) that determines how much infor

        • The relevant word in "public ledger" is in the phrase. The word is public.

          Thanks, that explains Heath Ledger's parent's fondness for a certain candy bar [wikipedia.org] ... :-)

        • ...plus those that get certain information about you and whom you do business with and which exhanges you use...

          At least it's the crooks mostly getting fucked over

      • This all really boils down to ETH which is to Bitcoin what ActiveX support was for the browser. A lot of the same type of entities buying into this were IE and AOL fans as well. All the cool possibilities of this tech comes from a complexity level which essentially makes it swiss cheese from a security perspective.

        Bitcoin lives up to its promises with a public ledger but no association between hashes and humans. It is the humans who keep exposing themselves to side channel attacks. Untraceable was never par
      • by cjeze ( 596987 )

        It explains a little. They could hold the money ransom. Ie. not return it or destroy it instead....

    • Because the money was blacklisted as stolen and no one is accepting it. They tried to launder it and failed.

  • by Anonymous Coward

    On Monday April 26, 2021 @02:16AM UTC, Pyrite Pete [urbandictionary.com] had said:

    That was back when bitcoin had already fallen, and down to about $47K at the time. It should've been back up to "twice its value" no later than June 26 20201 - over three months ago. It is now sitting at only about $46K.

    Now that's what I call a prediction #FAIL!

    • Mutli-decade long deflationary investment failed to move like an AC predicted over the course of two months... news at 11.
    • by Kaenneth ( 82978 )

      You really need mental health care.

      Let it go, and move on with your life.

  • by sdinfoserv ( 1793266 ) on Wednesday August 11, 2021 @12:21PM (#61680709)
    Given the transactions from the stolen tokens were blacklisted and rejected, the tokens are valueless. thus, nothing was returned because nothing of value was stolen.
    "About one hour after Poly announced the hack on Twitter, the hacker tried to move assets including USDT through the Ethereum address into liquidity pool Curve.fi, records show. The transaction was rejected."
    https://www.coindesk.com/cross... [coindesk.com]
    • by GoTeam ( 5042081 )
      Wow, thanks for that information. It would explain why they're giving it back.
    • by Anonymous Coward

      Given the transactions from the stolen tokens were blacklisted and rejected, the tokens are valueless. thus, nothing was returned because nothing of value was stolen.

      If nothing of value was stolen, then why did Poly ask miners and crypto exchanges to blacklist the tokens [slashdot.org] from the three addresses? If they were of no value, then why bother?

      • by srg33 ( 1095679 )

        I'll try to explain. The original tokens had some (indeterminate) value. Maybe analogous to bank checks, just for this super short explanation. Normally, that would be no problem to deposit at another bank. However, like this IF the originating bank notified other banks (blacklisted those checks) THEN other banks would not accept/cash/deposit the checks: worthless.

      • by sdinfoserv ( 1793266 ) on Wednesday August 11, 2021 @01:25PM (#61680969)
        once blacklisted, they became valueless. Therein lies the true risk of digitial "currency". With the flip of a digital switch, you have nothing. Crypto is made up nothingness. Unlike real currency that is backed by a nation state or globally recognized bank, crypto is just imagination, gone just as quickly.
        • Crypto is made up nothingness. Unlike real currency that is backed by a nation state or globally recognized bank, crypto is just imagination, gone just as quickly.

          So... totally unlike Zimbabwe dollars then?

          Also if the US DOJ gets a bee in its bonnet about you, you will suddenly find your assets frozen with zero notice, pretty much worldwide. It might be possible to secretly stash some, but not easy.

          • yep. Zimbabwe dollar transactions happen just fine on a hilltop, in a remote village, or anywhere without power or internet. So, yes, they’re better. A DOJ "bee" requires a court order to freeze your assets - as opposed to some script kiddies tweeting, no oversight, no recourse.. If you want to "invest" in the Zimbabwe dollars, sure, be my guest. You can throw any nonsense situation red herring you want. Bottom line is you can have a suitcase full of US dollars, travel anywhere, hold them in your
            • suitcase full of money or a credit card. but a frozen credit card doesn't cost you any thing. you just don't have access to "credit". Credit is a future promise to pay.
            • yep. Zimbabwe dollar transactions happen just fine on a hilltop, in a remote village, or anywhere without power or internet.

              No they don't, that's the entire point.

              "Real" currencies are not backed by a nation state they are backed by belief in a nation state.

              If people stop believing in the nation state when it comes to currency, then the currency stops functioning. Then you get hyperinflation so while you might be able to hand someone a $10,000,000 ZWL note for a chicken on a hilltop in a remote village, by

        • by slazzy ( 864185 )
          Not really, it could still be used for private transactions when people don't know the coins are blacklisted. Also, if people swap the coins to another currency like monero within minutes/hours of them being stolen, blacklisting the coins will only leave innocent people on the hook.
          • by tlhIngan ( 30335 )

            Not really, it could still be used for private transactions when people don't know the coins are blacklisted. Also, if people swap the coins to another currency like monero within minutes/hours of them being stolen, blacklisting the coins will only leave innocent people on the hook.

            In other words, your coins can arbitrarily be made worthless by no action on your part. And with absolutely no recourse either.

            Which should probably be more widely known that you can be billionaire today, bankrupt tomorrow.

            Now, y

        • If a nation state could delcare "dollars with the following serial numbers are no longer legal currency" after a bank robbery, they would do it. All currency is made up nothingness.
          • nope. doesn't work that way. FYI, my dad is a retired treasury agent. Dollars are legal currency anywhere, so long as they're not defaced. Stores or people – the actual transitional level – do not check serial numbers. Serial numbers can have watch / hold states put on them, so if/when they go through large federal banks where the serial numbers are scanned, they're flagged, put aside and the Secret Service is called. Secret Service is responsible for currency enforcement. SSthen work wit
        • And how? Will they be un-blacklisted at some point? And if the blacklisting can be removed who's going to remove it?
        • by Reziac ( 43301 ) *

          When I saw "returned" I began wondering if it wasn't purely theft, but rather some sort of money laundering scheme.

    • Isn't it great they used crypto which isn't under anyone's control and thus can be traded freely by all. I love watching these people stick it to the gubbmint.

    • by rsilvergun ( 571051 ) on Wednesday August 11, 2021 @01:54PM (#61681113)
      but if that worked and all the coins have been blacklisted, doesn't that imply there's been significant power consolidation in the Crypto markets?

      When I asked before someone replied there'd still be plenty of places to sell the coins to because it would be impossible to get all the miners on board to blacklist them (I misunderstood initially and thought the exchanges would do the blacklisting).

      How was it possible to blacklist all the coins so thoroughly that the thief is returning them in hopes of escaping punishment? Is that because you can count on 51% of the miners to blacklist? And if you can, doesn't that mean those miners are coordinating in a way that may not be beneficial long term for the freedom of the network?

      I mean, if an exchange can get those miners can act, I'm pretty sure a national gov't could.
      • I gather from other posts they're not giving back money in the hopes of being let go. They're giving it back because the nature of the crypto currency is such that it's difficult to black list only some of the coins. And that the blacklisting can be removed, and once it is they can dump what they keep.

        In other words, they give back $300 million of crypto, but for either the hacker or the exchange to use it the exchange has to lift the blacklisting, freeing up the thieves to launder their stash and get a
  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Wednesday August 11, 2021 @12:29PM (#61680737)
    Comment removed based on user account deletion
    • by PPH ( 736903 )

      They realized they walked out of the bank with a bag of mob money. Put it back now and you'll only get a few fingers cut off.

  • by Papaspud ( 2562773 ) on Wednesday August 11, 2021 @12:40PM (#61680789)
    and even if they get 90% back- it means these guys made off with 60 million, not a bad days haul. These crimes are going to become more common, maybe not for this much, but don't tell me other shady actors aren't watching this carefully.
  • There's too many observers of the blockchain, looking to blacklist the tiniest of suspicous transactions.
  • Proponents say this can make financial applications such as lending or borrowing more efficient and cheaper.

    Much cheaper - $600 million, interest free!

  • Am I the only one thinking this reminds them of the 'morning after' regret the criminal-hero's in "Office Space" felt when their computer rounding scheme succeeded beyond their wildest expectations? As you may recall, they converted their 'booty' into travelers checks and attempt to return the money. Hoping to avoid Federal "Pound You In The Ass" prison?

news: gotcha

Working...