At least $260 million worth of stolen crypto coins were sent back by a cyber-attacker from their same victim, Poly Network. Although the amount that has been returned is only less than half of their initial stolen asset of $600 million worth of cryptocurrency against the said Chinese decentralized finance or DeFi platform.
The total crypto assets returned to the Polygon network were $3.3 million in Ethereum tokens, $1 million in USD Coin (USDC), and $256 million Binance Smart Chain (BSC) tokens. But there is still a remaining $269 million on Ethereum and $84 million on Polygon for the threat actor to settle the case.
The purpose of returning the crypto assets remain unidentified
Even though the hackers have purposely embedded some Q&A messages in transactions to explain their motive in sending back a huge amount of their stolen crypto assets, it is unknown and unclear as to what made them do it. Nevertheless, a security firm called SlowMist claimed that the said hacker’s activity was triggered upon tracing the threat actor’s email address, IP address, and device fingerprint.
Additionally, the finance firm Poly Network has threatened the attacker to return all of the stolen assets before alerting law enforcers.
Biggest cryptocurrency heist in history
Throughout the progress of the attack’s preliminary investigation, it was found that the hackers have seemingly exposed a vulnerable side of the Poly Network, which leads them to obtain possession of the crypto assets and allocate the collected stolen funds toward the wallets that are under the control of the hackers. These wallets include Ethereum wallet, Binance Smart Chain wallet, and Polygon wallet.
As the security firm SlowMist reported, they can assume that the attack was successful because the EthCrossChainData contract’s gatekeeper has been altered by the EthCrossChainManager contract. Furthermore, the EthCrossChainManager contract’s erifyHeaderAndExecuteTx function was able to execute data that was conceded by the user with the help of the _executeCrossChainTx function. In other words, the process of this attack was successful due to the attacker’s ability to operate the function and then approve the cautiously assembled data, which enables it to modify the EthCrossChainData contract’s keeper.
Binance CEO Changpeng Zhao stated that they are willing to coordinate with their security partners to mitigate the issue upon learning it from Poly Network’s attack announcement. Moreover, other firms have also offered help to Poly Network, such as OKEx, Tether, and Huobi, all of which are reported to have frozen some cryptocurrency assets involved with the attack.