Hackers returned about half of the $610 million or so they pilfered Tuesday in what was likely one of the biggest cryptocurrency thefts on record in the burgeoning DeFi sector.
In an unusual twist, the online thieves pledged to return the entire amount stole from a decentralized finance, or DeFi, a protocol known as PolyNetwork that lets users swap tokens across multiple blockchains.
In a message the unidentified hackers said that they “just dumped all the assets,” adding, “hacking for good, I did save the project.” About $258 million has been returned so far, according to Tom Robinson, co-founder of blockchain forensics firm Elliptic.
Even more brazen, the hackers are asking for donations as a reward for returning the funds. So far, they’ve garnered $200, Robinson said.
The hackers also posted a Q&A online, explaining motivations for the attack as “for fun:).” The online pirates said they took the funds “to keep it safe” after spotting a bug. The hackers ended the missive saying they will be impossible to trace. “I prefer to stay in the dark and save the world.”
Elliptic, as well as scores of cryptocurrency exchanges and trackers, have been on the hunt for the hackers. Thousands of people were affected by the attack, PolyNetwork said in a letter posted Tuesday on Twitter.
“This demonstrates that even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Robinson said. “In this case the hacker concluded that the safest option was just to return the stolen assets.”
DeFi apps -- which let people lend, borrow and trade coins without using intermediaries -- have become frequent targets of attacks lately, as they gain in popularity. Some $156 million was netted from DeFi-related hacks in the first five months of the year, surpassing the $129 million stolen in such attacks through all of 2020, according to crypto security firm CipherTrace.