Following the largest cyber heist in the history of Decentralized Finance (DeFi), an offshoot of blockchain applications in which a total of $610 million were stolen through the exploitation of Poly Network, the attacker(s) seems to be having a rethink. As confirmed by the interoperable blockchain protocol, a total of $260 million has been returned as of 11 Aug 04:18:39 PM +UTC.
Following the hack which Blockchain.News reported that Poly Network opened a communication line with the hacker, requesting that the stolen funds be returned. As confirmed by the DeFi operator, the returned funds include a total of $3.3 million in Ethereum, $256 million in Binance Smart Chain, and $1 million in Polygon.
“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said via email as reported by CNBC. “In this case, the hacker concluded that the safest option was just to return the stolen assets.”
However, a person claiming to have perpetrated the hack said they did it "for fun" and wanted to "expose the vulnerability" before others could exploit it, according to Reuters, citing digital messages shared by Elliptic, a crypto tracking firm, and Chainalysis.
With about $269M on Ethereum and $84M on Polygon yet to be recovered, many people have questioned the safety promises of the DeFi platform. Over time, cryptocurrency exchanges and blockchain protocols have suffered similar mishaps. However, no decentralised finance platform has witnessed a breach of these magnitudes.
Speaking of this cyberattack, Isaac Fain, CTO at crypto/treasury technology specialist Ledgermatic, said the security properties of cross-chain token facilities are dependent on some form of trust anchor since the chains do not feature a shared consensus protocol:
"In this instance, a vulnerability in the smart contract code allowed the attacker(s) to compromise the trust anchor by making their keypairs the sole authority that linked values between chains. Other networks have similar strategies, including Blockstream's Liquid and Rootstock's RSK. In those cases, the developers employ specialized HSM hardware to protect the set of validators that secure the side-chain, providing a secure trust anchor with hardware in accordance with NIST security standards. Poly's implementation was essentially reduced to an on-chain whitelist that the attackers substituted with their own keys."
KuCoin suffered a system breach that saw it lose a total of $280 million worth of cryptocurrencies back in October 2020. The exchanges’ effort to recover the fund was profound, and the firm noted that it had sufficient evidence to identify the attacker. Identifying hackers in a DeFi-based protocol may come off as a bit more challenging. However, with the generosity of the Poly Network hacker, the likelihood of recovering more funds is high.
Image source: Shutterstock