A hacker may have just pulled off the biggest cryptocurrency heist in history.
On Tuesday morning, blockchain provider Poly Networks reported it had come under attack, which allowed a hacker to loot cryptocurrency assets belonging to “tens of thousands” of users.
The hacker transferred the stolen funds to three wallets, which originally contained over $600 million in various cryptocurrencies, according to CoinDesk.
Poly Networks implements interoperability between various blockchains, including Ethereum and the Binance Chain, which were both ensnared in the attack.
“After preliminary investigation, we located the cause of the vulnerability,” Poly Networks said in a tweet. “The hacker exploited a vulnerability between contract calls, exploit was not caused by the single keeper as rumored.”
In response, Poly Networks called on cryptocurrency exchanges and miners not to accept transactions from the hacker-controlled wallets. In addition, Poly Networks published a letter addressed to the mysterious culprit, urging them to voluntarily return the stolen funds.
“The amount of money you hacked is the biggest one in defi (decentralized finance) history,” Poly Networks wrote. “Law enforcement in any country will regard this as a major economic crime and you will be pursued.”
In the meantime, the various cryptocurrency providers have begun blocking transfers from the hacker-controlled wallets. But there’s some evidence the attacker behind the heist isn’t interested in converting the stolen funds into cash. Security researcher Alon Gal noticed the hacker appears to be leaving messages in one of the wallets.
“It would have been a billion hack if I had moved remaining shitcoins!” one message says. “Not so interested in money, now considering returning some tokens or just leaving them here.”