So far, $258 million in stolen crypto assets have been returned, and the hacker claims to be keeping the remaining funds safe while negotiating with Poly.
The Poly Network hacker has now returned $258 million to the cross-chain DeFi protocol and held a question-and-answer session about how the initial hack occurred.
The Poly Network suffered a $612 million exploit on Aug. 10 in what is being described as the largest DeFi hack to date, with the hacker stealing assets from Ethereum, Binance Chain, and the Polygon Network.
According to Tom Robinson, the chief scientist at blockchain analytics firm Elliptic, the hacker has returned roughly $258 million in funds to Poly so far, with $342 million still owed.
The attacker stated their willingness to return the stolen funds on multiple occasions, leading to speculation that it was a white hat hack designed to teach Poly a costly lesson about its security flaws.
Robinson, on the other hand, stated that the return of funds “demonstrates that even if you can steal crypto-assets, laundering and cashing out is extremely difficult due to the transparency of the blockchain.”
The hacker has held an AMA (Ask Me Anything) using embedded messages in Ethereum transactions, and while they appear to be a non-native English speaker, their grand plan has been lost in translation.
When asked why they were hacking and why the Poly protocol, in particular, the hacker says it was “for fun” and “cross-chain hacking is hot.”
Despite such responses, they go on to claim that the hack was carried out for noble reasons and that they have since been transferring tokens between addresses only to keep them safe:
“I had mixed feelings when I saw the bug. Consider what you would do if you were faced with such good fortune. So you’re politely asking the project team to fix it? Given one billion dollars, anyone could be a traitor. Nobody can I put my trust in! The only solution I can think of is to save it in a trusted account.”
“At this point, everyone smells a conspiracy. Insider? Who knows? It’s not me, but who knows? I accept responsibility for exposing the vulnerability before any insiders hide and exploit it!” they added.
Users on Twitter noted that the hacker was requesting instructions on how to deposit funds into Tornado Cash, a decentralized protocol that allows private Ethereum transactions.
When asked why they had been selling and swapping some of the stolen stablecoins, the attacker responded, “I was pissed by the Poly team for their initial response.”
Yesterday, the Poly team sent an open letter to the hacker, urging him to return the stolen assets because “law enforcement in any country will regard this as a major economic crime, and you will be pursued.”
The hacker continues, “They urged others to blame me and hate me before I had a chance to respond!” and that they had no plans to launder the money:
“In the meanwhile, depositing the stables could earn some interest to cover potential cost so that I have more time to negotiate with the Poly team.”