How did a hacker who stole crypto assets over 60 billion yen from DeFi return the full amount?

On August 10, 2021, the

decentralized finance (DeFi) platform ' Poly Network ' wasstolen from crypto assets worth a total of $ 611 million (about 68 billion yen). This case was a big topic because it was the largest DeFi hacking damage ever, but the day after the case, hackers started returning crypto assets, and on August 23, the stolen crypto assets were stolen. It became clear that all of them were returned.

Poly Network Commences Full Asset Restoration | by Poly Network | Poly Network | Aug, 2021 | Medium

Poly Network says it's got pretty much all of that $ 610m in stolen crypto-coins back • The Register

The breakdown of crypto assets stolen from Poly Network on August 10 is Ethereum: equivalent to 273 million dollars (about 30 billion yen), Binance coin: equivalent to 253 million dollars (about 28 billion yen), USD coin : Estimated to be worth about $ 85 million. Cryptocurrency tether (USDT) blacklists $ 33 million worth of USDT issued by Ethereum, which was stolen shortly after the Poly Network theft report. In addition, security company Slow Mist reported that it was tracking the criminal's email address and IP address, and prompt response to the theft case was taken.

Cryptocurrency assets totaling more than 60 billion yen, the highest ever, are stolen by hacking --GIGAZINE

Then, the next day, a hacker who stole the crypto assets said, 'I'm ready to return the funds.' Of the stolen crypto assets, Ethereum: $ 3.3 million (about 370 million yen), Binance coin: We have returned the total amount of 253 million dollars (about 28 billion yen) and 1 million dollars (about 110 million yen) of USD coins to Poly Network for a total of about 260 million dollars (about 29 billion yen).

When returning crypto assets, hackers say, 'I'm not very interested in money. Should I learn something from hacking?' 'I want to give you some hints on how to secure your network.' He said he was insisting. However, Tom Robinson, chief scientist at blockchain analytics firm

Elliptic , said, 'In this case, even if we were able to steal crypto assets, we would launder the stolen crypto assets from the transparency of the blockchain. Shows that it is very difficult. The hacker may have concluded that returning the stolen crypto assets is the safest option. ' He pointed out the possibility of being there.

A hacker who stole crypto assets over 60 billion yen returned 40%, and the ease of tracking may have become a bottleneck --GIGAZINE

Even after some of the crypto assets stolen by hackers have been returned, about $ 238 million (about 26 billion yen) is stored at the

multi-signature address, excluding Tether's frozen $ 33 million. The hacker continued to hold the private key. The Poly Network has named the hacker 'Mr. White Hat' and has continued to negotiate for a return. In this negotiation, Poly Network proposed to Mr. Whitehat that he would 'give up to $ 500,000 (about 55 million yen) as a reward for finding system vulnerabilities.' However, Mr. Whitehat did not accept the proposal, stating that 'the bounty should be provided to the tech community that has contributed to the security of the blockchain.'

After that, Poly Network, in the spirit of Mr. White Hat, campaigned on Immunefi, a platform dedicated to the bug bounty program, to 'give a bounty of 100,000 dollars (about 11 million yen) to those who find a serious bug'. Implemented . In addition, he asked Mr. White Hat to become a security adviser, saying, 'We have no intention of taking legal responsibility and sincerely invite Mr. White Hat as Chief Security Advisor.'

Poly Network, whose large amount of crypto assets have been stolen, solicits hackers to 'become a security adviser' --GIGAZINE

And on August 23, Mr. Whitehat revealed the multi-signature private key to Poly Network and returned all the stolen crypto assets. Poly Network said, 'We have confirmed that the private key sent by Mr. Whitehat is genuine. This has allowed us to recover all the stolen crypto assets. Mr. Whitehat keeps his promise. 'Thank you for giving me.' 'We are in contact with Tether and are in the process of unfreezing USDT,' he said, and is preparing to return the crypto assets to the user.

Mr. Whitehat also apologizes, 'I must admit that my barbaric and crazy behavior has brought a crisis to Poly Network. I'm sorry for the inconvenience.'

Robinson said, 'It's very difficult to build a secure decentralized application. Mr. Whitehat is invaluable.' Many companies are likely to work on hiring Mr. Whitehat because they are likely to be talented people. '

in Note, Posted by log1o_hf