In a remarkable turn of events, the world’s largest crypto-currency heist has come to a close with all stolen tokens returned to the victim organization, Poly Network. The cyber-thief behind the attack, which occurred on August 10, managed to steal over $610m in crypto-currency by exploiting a vulnerability in the blockchain platform.
The thief, after gaining access to a blockchain keeper’s private key, manipulated the “keeper role” of two blockchain contracts, allowing them to execute unauthorized transactions. The stolen funds, amounting to millions of dollars, were withdrawn from Bscscan and Etherscan contracts in various crypto-currencies.
Following the theft, Poly Network made a public appeal to the hacker to return the stolen funds. Surprisingly, the attacker responded, claiming that the attack was done to highlight security flaws and that they intended to return the funds all along.
In a series of transactions, the hacker began returning the stolen tokens to Poly Network, with nearly half of the funds ($260m worth) already returned by August 13. As a gesture of goodwill, Poly Network offered the hacker a job as its chief security advisor and a $500k bug bounty for identifying the exploited flaw.
Recently, the mysterious hacker, now known as Mr. White Hat, provided Poly Network with the private key needed to access the remaining stolen tokens. In a blog post, Poly Network announced that all user assets have been fully recovered, and they are working to return control of the assets to the rightful owners.
This unprecedented resolution marks the end of the biggest crypto-heist in history, surpassing the 2018 theft of $534.8m from Coincheck. Poly Network’s swift response and cooperation with the hacker demonstrate the importance of cybersecurity in the crypto-currency industry.