Cryptocurrency News

Days After the Biggest Hack in DeFi History, Poly Network Attacker Starts Returning Stolen Funds

By August 12, 2021 No Comments

Key takeaways:

  • An exploit in the Poly cross-chain protocol affected Ethreum, Binance Smart Chain and Polygon networks
  • “A vulnerability between contract calls” was used to steal $612 million worth of crypto assets
  • What followed was a bizarre back and forth between the attacker and the crypto community

On Tuesday, the largest attack on decentralized finance (DeFi) took place. More than $600 million worth of funds were stolen using an exploit on cross-chain protocol Poly Network. The company reported that the attacker identified “a vulnerability between contract calls”, which are used by renBTC, WBTC and WETH.

$612M worth of crypto assets stolen as a result of Poly Network exploit

Poly Network took to Twitter to announce that the attack affected three of the more popular blockchain networks. Ethereum network was the hardest hit as the attacker made away with $273 million. Binance Smart Chain suffered a loss of $253 million, while $85 million USDC were removed from the Polygon network.

In one of the messages recorded on ETH transaction records, the attacker implied that the final sum of stolen funds could reach $1 billion if only he was interested in moving “remaining shitcoins”. Somewhat bizarrely, the attacker also implied that money was not the main motive behind the hack, which points to a possible white hack attack.

Following the incident, the Poly Network team urged the attacker to return the stolen funds in an open letter and made it obvious that there is nowhere to hide.

A day after the incident, the attacker returns $260 million

Perhaps the letter worked or the Poly Network exploiter made up his mind beforehand to return the funds. Whatever the case may be, the attacker has already returned almost half of the crypto assets. Most of the returned assets belonged to BSC. There is still $269 million on Ethereum and $84 million on Polygon waiting to be returned.

“When spotting the bug, I had a mixed feeling. Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion. I can trust nobody! The only solution I can come up with is saving it in a trusted account.” – Poly Network exploiter

In what can only be characterized as bizarre behavior, the hacker started conducting an “ask me anything” (AMA) of sorts via notes in Ethereum transaction records. Embed messages can be accessed on When asked, what was the motive behind the attack on the Poly protocol, the hacker simply answered that it was “for fun” and that “cross-chain hacking is hot”.

SlowMist, a Chinese-based cybersecurity company, stated that they have the hacker’s email address and IP address and that they have successfully identified the flow of funds during the attack. The company has not yet disclosed the sensitive information, which suggests there are actions being taken away from the public spotlight.