Crypto Hacker Returns Most of the Funny Money Stolen by Poly


The hacker who stole $ 600 million in imaginary money from Poly Network has started to return it. At the time of publication, around 56% is back in the hands of the decentralized financial platform (DeFi).

Some say the hacker is a legitimate security researcher who took advantage of the bug to illustrate the problem. Others say the perpetrator is simply not able to launder the counterfeit money quickly enough.

Whoever it is it is another example of the fragility of cryptocurrency. In today’s SB Blogwatch we drive over in our Fiat.

Your humble blogwatcher has curated these bloggy pieces for your entertainment. Not to forget: Stefani vs. Diddy’s Kong Quest.

DeFi deflagration debate:

What is that craic? Wolfie Zhao reports – “Poly Network attacker returns $ 256 million of stolen cryptocurrency”:

Biggest DeFi hack
The attacker in the $ 611 million Poly Network exploit began returning the stolen crypto assets less than a day after his ID information was reportedly received by blockchain security firm SlowMist. … Seven minutes before sending the first transaction in which part of the money was returned, the hacker created a token called “The hacker is ready to hand over” and sent this token to the specified polygon address.

The attacker’s attack came less than a day after the first exploit, the largest DeFi hack to date. The stolen assets included $ 273 million in Ethereum tokens, $ 253 million tokens on Binance Smart Chain, and $ 85 million in USDC on the Polygon network.

Strange. Tom Wilson adds, “Over half of the crypto tokens stolen in a $ 610 million hack are now being returned”:

Too difficult to wash
Poly Network, which allows users to transfer or exchange tokens across different blockchains, said Tuesday it had been hit by the cyber thieves and asked the perpetrators to return the stolen funds. … The theft highlighted the risks of the largely unregulated … DeFi sector. DeFi platforms allow users to conduct transactions, usually in cryptocurrency, without traditional gatekeepers such as banks or exchanges.

Poly Network … didn’t immediately respond to questions about … whether … law enforcement was involved. … Blockchain analysts said they might have found it too difficult to launder stolen cryptocurrencies on such a scale.

And it trickles back again and again. The latest update from Poly Network—@ PolyNetwork2– says:

$ 342 million
$ 342 million in assets returned as of Aug 12, 8:18:29 AM + UTC:
Ethereum: $ 4.6 million
BSC: $ 252 million
Polygon: $ 85 million

The remainder is $ 268 million on Ethereum.

So what happened The SlowMist security team blogs anonymously – “Analysis and Q&A”:

Monitor the transfer of stolen funds
This attack is mainly due to the fact that the holder of the EthCrossChainData contract can be modified by the EthCrossChainManager contract and that the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed by the user via the _executeCrossChainTx function. Therefore, the attacker uses this feature to pass carefully constructed data in order to change the address given by the attacker to the holder of the EthCrossChainData contract.

[Our] The anti-money laundering tracking system will continue to monitor the transfer of stolen funds, block all wallet addresses controlled by attackers, and remind exchanges and wallets to step up address monitoring to prevent associated malicious funds from flowing into the platform.

Clear as mud? How about lglethal’s summary?

Highlight your security flaws
“Hey, what if I do this? … Ha, I just stole some of your coins!

“I wonder how much I could steal? … That’s a lot of money. Um, how can I convert that into money? “

“Ohhhh ****! This is not good. Everyone is trying to track me down. … And none of my attempts to turn it into cash have worked. Everything is blocked. And oh no, they publish the wallet details. “

“If I return it and pretend I’m just doing it to point out their security flaws, maybe people will stop looking for me.”

but Papaspud doesn’t buy it:

Shady actors
Even if they get 90% back, it means these guys got away with $ 60 million. Not a bad day trip.

These crimes are becoming more common. … Don’t tell me that other shady actors aren’t watching this closely.

Time for a colorful metaphor? phealy looks at it from the side:

Imagine someone robbed a bank and suddenly the cash in your wallet is now worth 60% of yesterday’s value.

But how did poly convince the hacker to return it? srg33 has it all:

I will try to explain. The original tokens had some … value. Perhaps analogous to bank checks.

Normally it would not be a problem to deposit into another bank. However … if the bank of origin notifies other banks (blacklisted those checks), other banks would … not accept the checks: worthless.

Why can’t law enforcement to do some? orwelldesign thinks they shouldn’t:

If you end up bypassing the law
**** she. For real. You want to invent your own bull **** outside of society? You have to live with the consequences.

As with all speculative investments, sometimes you simply lose all of your money. Why is this society’s problem? We have a perfectly reasonable legal framework for money and investment. If you end up walking around the law, why in blue figgity – **** should the law step in to help you?

In the meantime, Donthingwell does this well:

Stupid criminals. Rule one: … don’t fuck where you eat.

And finally:


Previously in And finally

they have read SB blog watch by Richi Jennings. Richi curates the best blogs, the best forums, and the craziest websites … so you don’t have to. Hate mail can be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E & Ö. 30th

Image Sauce: Suzy Hazelwood (via Pexels)


Comments are closed.