Hacker behind $ 600 million crypto robbery did it “for fun”


Digital cryptocurrencies, Bitcoin, Ripple, Ethernum, Dash, Monero and Litecoin.

Chesnot | Getty Images

One person who claims to be the hacker behind one of the biggest cryptocurrency heists of all time says the theft was “for fun”.

More than $ 600 million worth of crypto was stolen in the cyber attack that targeted a decentralized financial platform called Poly Network.

Decentralized finance is a rapidly growing area within the crypto industry that aims to replicate traditional financial products like loans and trading without the involvement of middlemen.

While it has attracted billions of dollars in investment, the DeFi space has also spawned new hacks and scams. For example, a token supported by billionaire investor Mark Cuban recently fell from 60 to several thousandths of a cent in an apparent “bank run”.

Poly Network is a platform that aims to connect different blockchains so that they can work together. A blockchain is a digital transaction book that is managed by a distributed network of computers and not by a central authority.

On Tuesday, a hacker took advantage of a bug in Poly Network’s code to steal the money. According to researchers at the blockchain security firm SlowMist, Poly Network lost more than $ 610 million in the attack.

Poly Network then begged the hacker to return the money, and in fact, almost half of the crypto fetch had been returned by Wednesday. As of Thursday morning, $ 342 million in assets had been returned, according to Poly Network.

In a question and answer embedded in a digital currency transaction on Wednesday, a person who claimed to be the anonymous hacker explained the reasons for the hack – “for fun”.

“When I discovered the mistake, I had mixed feelings,” said the person. “Ask yourself what to do when you are so lucky. Politely ask the project team so they can fix it?

“I can’t trust anyone!” the person continued. “The only solution I can think of is to save it on a _trusted_ account while I’m _anonymous_ and _safe_.”

The person also gave a reason for returning the funds: “That’s always the plan! I’m _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn from these hacks? “

Tom Robinson, chief scientist at blockchain analytics firm Elliptic, said the person who wrote the questions and answers was “definitely” the hacker behind the Poly Network attack.

“The messages are embedded in transactions sent from the hacker’s account,” Robinson told CNBC. “Only the owner of the stolen assets could have sent them.”

CNBC was unable to independently verify the authenticity of the message and the hacker or hackers were not identified. SlowMist said its researchers found information about the attacker’s IP and email information. In the questions and answers, the hacker claimed that he made sure that his identity was “undetectable”.