The menace actor who hacked Poly Community’s cross-chain interoperability protocol yesterday to steal over $600 million value of cryptocurrency belongings is now returning the stolen funds.
Because the Chinese language decentralized finance (DeFi) platform Poly Community shared two hours in the past, the hacker has already returned nearly $260 million worth of stolen cryptocurrency.
In complete, the attacker has transferred again $256 million Binance Sensible Chain (BSC) tokens, $3.3 million in Ethereum tokens, and $1 million in USD Coin (USDC) on the Polygon community.
To ship again all of the stolen funds, the hacker nonetheless has to return one other $269 million on Ethereum and $84 million on Polygon.
Motives behind returning the stolen belongings unknown
The menace actor explained the motivation for the hack by embedding Q&A messages in transactions (as Elliptic Chief Scientist and Co-founder Tom Robinson discovered), the motives behind their resolution to offer again the stolen cryptocurrency usually are not but recognized.
Nevertheless, it may have been prompted by blockchain safety agency SlowMist’s claims that it traced the attacker’s electronic mail deal with, IP deal with, and system fingerprint.
SlowMist additionally found that the belongings used to fund the assault had been Monero (XMR) exchanged to BNB, ETH, MATIC, and different tokens.
In a bizarre twist of occasions, Poly Community additionally urged the hacker to return the cryptocurrency stolen from “hundreds of crypto group members” to keep away from touchdown on law enforcement’s radar.
— Poly Community (@PolyNetwork2) August 10, 2021
The most important cryptocurrency hack ever
Following a preliminary investigation of the assault, Poly Community said the menace actor exploited a vulnerability between contract calls which allowed them to realize possession of funds and switch them to attacker-controlled wallets:
“This assault is especially as a result of the keeper of the EthCrossChainData contract may be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx operate of the EthCrossChainManager contract can execute the information handed in by the consumer by means of the _executeCrossChainTx operate,” SlowMist additional explained.
“Due to this fact, the attacker makes use of this operate to move in rigorously constructed information to change the keeper of the EthCrossChainData contract.”
After Poly Community disclosed the assault, Binance CEO Changpeng Zhao said the corporate was coordinating with safety companions to remediate the scenario.
— Poly Community (@PolyNetwork2) August 12, 2021