A group of hackers behind a more than $600 million cryptocurrency heist — one of the largest of its kind – has begun to return the money it stole.
As PYMNTS reported Tuesday (Aug. 10), the hackers pulled off the theft by exploiting a vulnerability in the multi-chain decentralized finance (DeFi) protocol Poly Network, which lets users swap tokens across multiple blockchains. In this case, the hackers transferred the stolen assets to addresses on Ethereum, Binance Smart Chain and Polygon.
Read more: Record Crypto Heist Nets Hackers Over $600M
Poly Network spoke to the hackers via Twitter soon after the theft, telling them, “The amount of money you stole was definitely the largest in DeFi history.”
The company also urged them to return what they stole, providing addresses where they could return the funds, which included $273 million stolen from Ethereum and, $253 million from Binance Smart Chain and $85 million from Polygon, Jason Yanowitz, co-founder of Blockworks, said in a tweet.
And apparently, that’s what happened. According to CNBC, the hackers began returning some of the stolen funds Wednesday.
They sent a message to Poly Network saying they were “ready to return” the stolen currency, and the platform responded with three crypto addresses. As of Wednesday morning, the hackers had returned more than $4.8 million.
“I think this demonstrates that even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, told CNBC.
“In this case, the hacker concluded that the safest option was just to return the stolen assets,” he said.
Following the theft, the hackers began sending the money to other cryptocurrency addresses, CNBC reported. The security firm SlowMist said more than $610 million in crypto was sent to three addresses.
The company said on Twitter that its researchers had ““grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues” related to the attacker and determined the theft was “likely to be a long-planned, organized and prepared attack.”