It’s good to love your work, but this is ridiculous.
Hackers who made off with more than $600 million worth of crypto this week say they didn’t need the money and did it all “for fun.”
In an apparent effort to prove the bizarre claims, they’ve even returned $342 million worth of stolen funds, according to PolyNetwork, the decentralized finance platform that was hacked.
The oddball explanation behind the biggest cryptocurrency heist of all time emerged on Thursday from a blockchain-based question-and-answer session held by someone claiming to be behind the hack, and whom experts have confirmed is tied to an account that was used in the attack.
On the hacking, this person explained: “Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!”
“I can trust nobody!” the person continued. “The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.”
On returning the money, this person said: “That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”
Tom Robinson, chief scientist at blockchain analytics firm Elliptic, told CNBC that the person behind the Q&A was “definitely” behind the Poly Network attack.
“The messages are embedded in transactions sent from the hacker’s account,” Robinson told CNBC. “Only the holder of the stolen assets could have sent them.”
After the hack, PolyNetwork publicly begged the hackers to return the coins, warning that “law enforcement in any country will regard this as a major economic crime and you will be pursued.”
The hackers are still holding onto $268 million in Ethereum, according to PolyNetwork. It’s unclear whether they plan to return the rest of the crypto.
Some blockchain experts have offered an alternative explanation for why the money was returned, saying that the hackers may have found it all but impossible to secretly convert it into usable cash on such a mass scale.
“Even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions,” Tom Robinson of UK blockchain analysis company Elliptic told Reuters.
Like the hackers, PolyNetwork itself is also mysterious. It is not clear where the company is based or whether it is working with any law enforcement agency to investigate the heist.
The hackers exploited a vulnerability in the so-called “smart contracts” that PolyNetwork uses to transfer tokens between users, allowing them to divert funds to themselves, according to the company.
They stole 12 kinds of cryptocurrencies, according to blockchain forensics company Chainalysis, but have returned all of the cryptocurrencies except for the missing $268 million worth of Ethereum.
With Post wires