The hackers said earlier on Wednesday that they would return the funds. An address connected with the hacker who took out and stole cross-chain protocol Poly Network of potentially hundreds of millions of dollars. But on Tuesday they started to return the funds to the original owner.
- The hacker’s Polygon address sent $10,000 in USDC to a wallet set up by Poly Network at 8:46 UTC on Wednesday before. And he or she sent another $1 million fifteen minutes later, Polygonscan shows.
- The hacker also sent back $1.1 million in BTCB on Binance Smart Chain at 9:49 UTC.
- When Poly Network declared the hack and the associated wallet addresses. The accounts held over $600 million in various cryptocurrencies. Less than $400 million remained. And by the time the hacker said they were ready to send the funds back.
- Before starting to send back the money, the hacker implanted a message in a transaction with themselves: “ACCEPT DONATIONS TO “THE HIDDEN SIGNER” NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY.”
- The hacker has been putting messages to transactions with their own addresses. They sent them to communicate with the world. A As a result, a lot of of people used the same method to ask for handouts.
- In early hours of Wednesday, the hacker used the same approach to say they were ready to return the funds. After that, they said that they were not able to connect and reach to Poly Network and asked for multisignature wallets.
- Poly Network, which had been asking for the funds’ return. They prepared wallets on Ethereum, Binance Smart Chain and Polygon, the three blockchains the hacker was using them.
- O3 Labs, a Tokyo-based blockchain developer associated with Poly Network’s affiliate Neo, said the hacker cloud be a so-called white-hat hacker. Returning the funds shows the hacker wasn’t after their own profit, like a so-called black-hat hacker. However they wanted to reveal vulnerabilities to make the project more
strong and intact.
- The attack used a bug within Poly Network’s cross-chain smart contract, in order to take advantages of it. This was security company SlowMist saying.