Top

Hacker takes $610 million in major cryptocurrency theft

The hacker returned the stolen money and was offered a position at Poly Network

A hacker named Mr. White Hat was behind the biggest cryptocurrency theft in history, stealing 610 million dollars from Poly Network. The major cryptocurrency heist revealed crucial security vulnerabilities, while at first it was thought that behind the theft was a whole group of special hackers.

The hacker took advantage of the weaknesses of Poly Network, a platform that links different block-chains to work together. Poly Network revealed the attack on Twitter and asked to be contacted by the hacker, urging him to return the hacked assets.

According to Poly Network’s investigation, the hacker exploited a “vulnerability between contract calls”. The company published the cryptocurrency wallets in which the money was transferred and urged miners and various exchange networks to blacklist these addresses and block the transactions.

Biggest in history’

“We want to establish communication with you and urge you to return the hacked assets. The amount of money you hacked is the biggest one in DeFi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued” Poly Network highlighted on a written announcement. “The money you stole is from tens of thousands of crypto community members, hence the people”.

Changpeng Zhao, CEO of the huge Binance cryptocurrency exchange, wrote on Twitter that they “are aware of the Poly Network exploit that occurred. While no one controls BSC (or ETH), we are coordinating with all our security partners to proactively help. There are no guarantees. We will do as much as we can”.

Stolen assets were returned

The hacker behind the big theft, Mr. White Hat, returned the money partially while the Poly Network offered him the position of Chief Security Advisor in the company. The hacker published a three-page-long Q&A session, explaining that he has always planned to return the stolen assets and his aim was only to highlight Poly Network’s security vulnerabilities.

“I am not very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those attacks?” the hacker wrote, underlining that “when spotting the bug, I had a mixed feeling. Ask yourself what to do had you facing [sic.] so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion. I can trust nobody! The only solution I can come up with is saving it in a trusted account.”

“Mr. White Hat shared his concerns about Poly Network’s security and overall development strategy in a recent public dialogue. The Poly team is actively working with organizations that are equipped to provide security solutions, with the aim of presenting the public with a robust and secure system that is fully prepared for Poly Network’s recovery and revamp” the company stated in a written announcement after the refund.

The company also offered a $500,000 reward to the hacker, for the refund, and publicly pledged to take steps to further shield its security systems. “Poly Network previously promised to reward Mr. White Hat with a $500,000 bug bounty, but he did not accept it and has publicly stated that he has considered offering it to the technical community who have made contributions to block-chain security. Whatever Mr. White Hat chooses to do with the bounty, in the end, we have no objections” said Poly Network.

DeFi (Decentralized Finance) has become a major target for hackers. From the beginning of the year to July, DeFi-related attacks reached $361 million, almost three times what was recorded in 2020 as a whole, according to CipherTrace. DeFi-related scams are also on the rise. In the first three months of the year, they accounted for 54% of total cryptocurrency fraud, compared to 3% for 2020. Cryptocurrency experts warn that this major theft highlights the dangers of the unregulated DeFi sector and that measures must be taken to further shield trade.

George Mavridis is a journalist currently conducting his doctoral research at the Department of Journalism and Mass Media at Aristotle University of Thessaloniki (AUTH). He holds a degree from the same department, as well as a Master’s degree in Media and Communication Studies from Malmö University, Sweden, and a second Master’s degree in Digital Humanities from Linnaeus University, Sweden. In 2024, he completed his third Master’s degree in Information and Communication Technologies: Law and Policy at AUTH. Since 2010, he has been professionally involved in journalism and communication, and in recent years, he has also turned to book writing.