Hacker steals over $600M in cryptocurrency, returns over half of it

A cat in a police lineup holding a sign which reads "I stole bitcoins."
(Image credit: iridi/Getty Images)

On August 10, hackers managed to steal $610 million in cryptocurrency in a bold digital heist by exploiting a vulnerability in Poly Network, a platform used to allow transactions between different blockchains. In a bizarre turn of events, the hackers have now returned more than half of their score after details of the bogus transactions were released to the public.  

Your next upgrade

(Image credit: Future)

Best CPU for gaming: the top chips from Intel and AMD
Best graphics card: your perfect pixel-pusher awaits
Best SSD for gaming: get into the game ahead of the rest

Poly Network works as a 'DeFi' or a decentralized finance platform that cuts out the middleman (brokerages, mostly), providing peer-to-peer financial transactions on various public blockchains. This means that a Bitcoin user can make transactions with an Ethereum user, which on other platforms isn't possible since the currencies operate on separate blockchains.

In what Poly Network is calling "the biggest DeFi heist ever," hackers found a way to manipulate transactions in a way that let them divert millions of dollars of over a dozen different cryptocurrencies to three separate digital wallet addresses.

(Image credit: Poly Network)

Once the theft occurred, Poly Network took to Twitter, asking for the return of the stolen assets from the hackers. The company then took the dramatic step of posting the addresses of the thief's digital wallets online and asking miners and crypto exchanges to blacklist any tokens coming from those addresses.

With this information made public, the company was able to flag the illegal transactions, essentially revealing a digital footprint for each stolen dollar. The hackers found themselves sitting on $600 million they can't use because everyone knows it's stolen. It's like dye packs hidden in stacks of money exploded after a big bang heist, rendering all of it bright pink and unusable.

Surprisingly, Poly Network took to Twitter this morning to explain that it is now working with the alleged hacker, called Mr. White Hat, who has been returning portions of the stolen funds throughout the day. 

(Image credit: Poly Network)

"I think this demonstrates that even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics," said Tom Robinson, chief scientist of blockchain analytics firm Elliptic, when consulted by CNBC.

According to Poly Network's Twitter account, as of August 12, $342 million (over half of the stolen amount) has been returned by the hackers, with an outstanding $268 million worth of Ethereum remaining. Despite being called Mr. White Hat, a term that refers to ethical hackers, there's no evidence that the person or group who committed the crime had good intentions.

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web.