Hackers Steal US$600 Million in Crypto Just “For Fun”

After committing one of the biggest crypto heists in history, the attackers who stole US$600 million in cryptocurrencies “for fun” from Poly Network have returned more than a third of the total amount, blockchain researchers reported on Wednesday.

Cross-chain decentralized finance platform Poly Network reported a record US$600 million in cryptocurrency theft on Twitter on Tuesday, adding that the attackers had begun returning some of the funds hours later. The platform that allows users to swap tokens across different blockchains reported its security was breached by cybercriminals. “The amount of money hacked is the largest in the history of DeFi (decentralized finance),” tweeted Poly Network, urging the attackers to return the amount and threatening legal action. Poly Network also called for traders who run cryptocurrency wallets to reject stolen Ethereum, BinanceChain and OxPolygon tokens. “The money you stole is from tens of thousands of crypto community members, hence the people,” the company said in a statement addressed to the hackers.

pic.twitter.com/Yzw4oDenjC

— Poly Network (@PolyNetwork2) August 10, 2021

Later that Wednesday, Poly Network said the attackers sent a message attached to a transaction stating that they were prepared to return the funds. According to blockchain forensics company Chainalysis and cryptocurrency tracking firm Elliptic, one person claiming to be behind the attack said he did it “for fun” and wanted to “expose the vulnerability” in Poly Network before others could exploit it. The plan, the alleged attacker said, was always to return the tokens, adding: “I am not really interested in the money.”

However, for Elliptic's Co-Founder Tom Robinson, the reason underlying the return of the money may lie elsewhere. The attackers' main motivation may have to do with the sheer amount of work that would be involved in laundering such a large sum of crypto. “Even if you can steal crypto-assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” he told Reuters. “In this case, the hacker concluded that the safest option was just to return the stolen assets.” As of the latest reports, the attackers have returned US$260 million in cryptocurrencies and have not yet been identified. 

In recent years, DeFi has become quite an attractive target for cybercriminals. Through July, DeFi-related hacks totaled US$361 million from the beginning of the year, a nearly three-fold increase over all of 2020, according to cryptocurrency compliance firm CipherTrace.

Mexico is one of the countries that has not recognized cryptocurrencies as legal tender. In late June, Mexico's central bank (Banxico) said it was not considering cryptocurrencies under current laws and warned that financial institutions that operate with them would be subject to sanctions. The bank's statement came after local businessman Ricardo Salinas said he was working so Banco Azteca could accept bitcoin.