Nearly all of the $600 million stolen in a huge crypto heist has been returned — but there’s a catch
Nearly all of the $600 million stolen in one of the biggest cryptocurrency heists ever has now been returned by hackers.
Poly Network, the crypto platform targeted in the attack, said Thursday that all of the funds bar $33 million worth of the digital coin tether had been transferred.
The issuer of tether, a so-called stablecoin pegged to the U.S. dollar, used a built-in failsafe to freeze the assets soon after the theft.
In an unusual turn of events Wednesday, an anonymous person claiming to be the hacker said they were “ready to return” the funds. The identity of the hacker, or hackers, is not yet known.
Poly Network requested they send the money to three digital currency wallets. And, sure enough, the hacker had returned more than $342 million of the funds to those wallets by Thursday.
But there’s a catch. While almost all of the haul has been sent back to Poly Network, the last $268 million of assets is currently locked in an account that requires passwords from both Poly Network and the hacker to gain access.
“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said in a blogpost Friday.
In a message embedded in a digital currency transaction, the suspected hacker said they would “provide the final key when _everyone_ is ready.”
Record ‘DeFi’ hack
Poly Network is what’s known as a “decentralized finance,” or DeFi, system. DeFi projects aim to use blockchain — the technology which underpins most cryptocurrencies — to replicate traditional financial services like loans and trading.
In Poly Network’s case, the DeFi system allows users to transfer tokens from one blockchain to another.
Someone exploited a vulnerability in Poly Network’s code which allowed them to transfer tokens to their own crypto wallets. The platform lost more than $610 million in the attack, according to researchers at security firm SlowMist.
Poly Network called it “the biggest in defi history.”
The self-proclaimed hacker claims they carried out the theft “for fun” and that it was “always the plan” to eventually return the funds.
CNBC could not independently verify the authenticity of the messages.
In a further message, the hacker claimed Poly Network offered them a $500,000 bounty to send all of the money back, and that they turned it down. The hacker shared what appears to be a statement from Poly Network promising that they would “not be held accountable for this incident,” effectively granting them immunity.
Poly Network did not return a request for comment from CNBC by the time of publication.
“Offering immunity may have sounded like a smart move from Poly Network to dangle a carrot, but it is unlikely that the authorities would agree with this decision nor even allow it,” said Jake Moore, a specialist at cybersecurity firm ESET.
“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks.”
Identifying the hacker
Robinson said the hacker “might well still find themselves being pursued by the authorities.”
“Their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow.”
Cryptocurrencies are often the go-to for cybercriminals, particularly in ransomware attacks which lock down organizations’ systems or steal data while demanding a ransom payment to recover access.
That’s because the people sending and receiving digital currencies aren’t revealing their identities. However, it has become possible to trace the location of the funds by analyzing the blockchain, which contains a public record of all historical crypto transactions.
Omar Marques | Sopa Images | Lightrocket | Getty Images
EToro, a stock brokerage platform that’s been ramping up in crypto, has priced its IPO at $52 a share, as the company prepares to test the market’s appetite for new offerings.
The Israel-based company raised nearly $310 million, selling nearly 6 million shares in a deal that values the business at about $4.2 billion. The company had planned to sell shares at $46 to $50 each. Another almost 6 million shares are being sold by existing investors.
IPOs looked poised for a rebound when President Donald Trump returned to the White House in January after a prolonged drought spurred by rising interest rates and inflationary concerns. CoreWeave’s March debut was a welcome sign for IPO hopefuls such as eToro, online lender Klarna and ticket reseller StubHub.
But tariff uncertainty temporarily stalled those plans. The retail trading platform filed for an initial public offering in March, but shelved plans as rising tariff uncertainty rattled markets. Klarna and StubHub did the same.
EToro’s Nasdaq debut, under ticker symbol ETOR, may indicate whether the public market is ready to take on risk. Digital physical therapy company Hinge Health has started its IPO roadshow, and said in a filing on Tuesday that it plans to raise up to $437 million in its upcoming offering. Also on Tuesday, fintech company Chime filed its prospectus with the SEC.
Another trading app, Webull, merged with a special-purpose acquisition company in April.
Founded in 2007 by brothers Yoni and Ronen Assia along with David Ring, eToro competes with the likes of Robinhood and makes money through fees related to trading, including spreads on buy and sell orders, and non-trading activities such as withdrawals and currency conversion.
Net income jumped almost thirteenfold last year to $192.4 million from $15.3 million a year earlier. The company has been ramping up its crypto business, with revenue from cryptoassets more than tripling to over $12 million in 2024. One-quarter of its net trading contribution last year came from crypto, up from 10% the prior year.
This isn’t eToro’s first attempt at going public. In 2022, the company scrapped plans to hit the market through a merger with a special purpose acquisition company (SPAC) during a sharp downturn in equity markets. The deal would have valued the company at more than $10 billion.
CEO Yoni Assia told CNBC early last year that eToro was still aiming for a market debut but “evaluating the right opportunity” as it was building relationships with exchanges, including the Nasdaq.
“We definitely are eyeing the public markets,” he said at the time. “I definitely see us becoming eventually a public company.”
EToro said in its prospectus that BlackRock had expressed interest in buying $100 million in shares at the IPO price. The company said it planned to sell 5 million shares in the offering, with existing investors and executives selling another 5 million.
Underwriters for the deal include Goldman Sachs, Jefferies and UBS.
— CNBC’s Ryan Browne and Jordan Novet contributed reporting
WATCH: Venture capital firm founder on the Gulf’s next wave of unicorns
Klay Thompson #31 of the Dallas Mavericks handles the ball during the game against the Memphis Grizzlies during the 2025 SoFi Play-In Tournament on April 18, 2025 at FedExForum in Memphis, Tennessee.
Joe Murphy | National Basketball Association | Getty Images
Chime Financial paid the NBA’s Dallas Mavericks roughly $33 million over three years to have its logo worn as a patch on player jerseys, the company disclosed in its IPO filing Tuesday.
The Mavericks finalized the jersey deal, along with “certain other sponsorship and promotional rights,” in 2020, but terms weren’t announced. CNBC reported at the time that, citing an NBA official, that the league’s patch sponsorships ranged from $2 million to $20 million per season, depending on market size.
Chime, a San Francisco-based fintech company that provides online banking services like direct deposit and credit cards, plans to soon debut on the Nasdaq. Cynthia Marshall, who was CEO for the Mavericks from 2018 until December of last year, is on Chime’s board, so the company included details of the arrangement in the related party transactions section of its filing.
The company said it paid the Mavericks $10.5 million in 2022, $11.5 million in 2023 and $11.2 million last year.
Marshall told CNBC in 2020 that the decision to select Chime for its jersey patch came as the team was looking to fill its official sponsorship slot, which came with the deal. The logo has been displayed around American Airlines Center, where the Mavericks play their home games.
“We wanted somebody that was doing well as a business and growing,” Marshall said. “It’s a perfect fit.”
Chime’s IPO filing lands a day after the Mavericks shocked the NBA world by winning the draft lottery and the right to draft presumed top pick Cooper Flagg from Duke University. The Mavericks had only a 1.8% chance of landing the top pick based on where they finished in the standings. ESPN reported on Wednesday that the Mavericks plan to draft Flagg and are not considering the possibility of trading him.
It was a remarkably fortuitous turn of events for a front office and ownership team that’s been roundly criticized for months since trading franchise cornerstone Luka Doncic in February, bringing back older star Anthony Davis in return.
Longtime owner Mark Cuban sold a majority stake in the Mavericks in 2023 to casino owner Miriam Adelson and her family.
In October, the Mavericks announced a multi-year extension to its Chime deal, agreeing to showcase the brand and the company’s products more broadly. One new aspect was the creation of Chime Lane, “a dedicated entrance featuring exclusive benefits for Chime members during Mavs games and select events at AAC,” the team said in a press release.
— CNBC’s Jordan Novet contributed to this report.
A sign that reads “Epic Intergalactic Headquarters” on campus.
Epic Systems
CureIS Healthcare, a managed care services company, filed a civil lawsuit against Epic Systems on Monday night, alleging the electronic health record, or EHR, giant has carried out a “multi-prong scheme to destroy” CureIS’ business.
CureIS offers technology and managed services for government programs, including Medicare, Medicaid and other state health initiatives. In a 40-page complaint that was made public on Tuesday, CureIS claims Epic has interfered with its customer relationships, blocked access to necessary data and raised unfounded security concerns, among other anticompetitive practices.
Epic, the leader in the EHR market, did not immediately respond to CNBC’s request for comment.
The lawsuit is the latest legal battle facing Epic, which houses medical records for about 280 million patients in the U.S. and offers other health-care tools. Data startup Particle Health filed an antitrust lawsuit against the company in September, alleging Epic has used its dominance in the EHR space to stifle competition in other markets that use that data.
“Particle’s claims are baseless,” Epic told CNBC in a statement at the time.
CureIS’ suit was filed in the U.S. District Court for the Northern District of California. The company is being represented by Quinn Emanuel Urquhart & Sullivan, LLP, the same firm that is representing Particle.
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business3 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway