Nearly all of the $600 million stolen in a huge crypto heist has been returned — but there’s a catch
Nearly all of the $600 million stolen in one of the biggest cryptocurrency heists ever has now been returned by hackers.
Poly Network, the crypto platform targeted in the attack, said Thursday that all of the funds bar $33 million worth of the digital coin tether had been transferred.
The issuer of tether, a so-called stablecoin pegged to the U.S. dollar, used a built-in failsafe to freeze the assets soon after the theft.
In an unusual turn of events Wednesday, an anonymous person claiming to be the hacker said they were “ready to return” the funds. The identity of the hacker, or hackers, is not yet known.
Poly Network requested they send the money to three digital currency wallets. And, sure enough, the hacker had returned more than $342 million of the funds to those wallets by Thursday.
But there’s a catch. While almost all of the haul has been sent back to Poly Network, the last $268 million of assets is currently locked in an account that requires passwords from both Poly Network and the hacker to gain access.
“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said in a blogpost Friday.
In a message embedded in a digital currency transaction, the suspected hacker said they would “provide the final key when _everyone_ is ready.”
Record ‘DeFi’ hack
Poly Network is what’s known as a “decentralized finance,” or DeFi, system. DeFi projects aim to use blockchain — the technology which underpins most cryptocurrencies — to replicate traditional financial services like loans and trading.
In Poly Network’s case, the DeFi system allows users to transfer tokens from one blockchain to another.
Someone exploited a vulnerability in Poly Network’s code which allowed them to transfer tokens to their own crypto wallets. The platform lost more than $610 million in the attack, according to researchers at security firm SlowMist.
Poly Network called it “the biggest in defi history.”
The self-proclaimed hacker claims they carried out the theft “for fun” and that it was “always the plan” to eventually return the funds.
CNBC could not independently verify the authenticity of the messages.
In a further message, the hacker claimed Poly Network offered them a $500,000 bounty to send all of the money back, and that they turned it down. The hacker shared what appears to be a statement from Poly Network promising that they would “not be held accountable for this incident,” effectively granting them immunity.
Poly Network did not return a request for comment from CNBC by the time of publication.
“Offering immunity may have sounded like a smart move from Poly Network to dangle a carrot, but it is unlikely that the authorities would agree with this decision nor even allow it,” said Jake Moore, a specialist at cybersecurity firm ESET.
“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks.”
Identifying the hacker
Robinson said the hacker “might well still find themselves being pursued by the authorities.”
“Their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow.”
Cryptocurrencies are often the go-to for cybercriminals, particularly in ransomware attacks which lock down organizations’ systems or steal data while demanding a ransom payment to recover access.
That’s because the people sending and receiving digital currencies aren’t revealing their identities. However, it has become possible to trace the location of the funds by analyzing the blockchain, which contains a public record of all historical crypto transactions.
Technology
Figure AI sued by whistleblower who warned that startup’s robots could ‘fracture a human skull’
Startup Figure AI is developing general-purpose humanoid robots.
Figure AI
Figure AI, an Nvidia-backed developer of humanoid robots, was sued by the startup’s former head of product safety who alleged that he was wrongfully terminated after warning top executives that the company’s robots “were powerful enough to fracture a human skull.”
Robert Gruendel, a principal robotic safety engineer, is the plaintiff in the suit filed Friday in a federal court in the Northern District of California. Gruendel’s attorneys describe their client as a whistleblower who was fired in September, days after lodging his “most direct and documented safety complaints.”
The suit lands two months after Figure was valued at $39 billion in a funding round led by Parkway Venture Capital. That’s a 15-fold increase in valuation from early 2024, when the company raised a round from investors including Jeff Bezos, Nvidia, and Microsoft.
In the complaint, Gruendel’s lawyers say the plaintiff warned Figure CEO Brett Adcock and Kyle Edelberg, chief engineer, about the robot’s lethal capabilities, and said one “had already carved a ¼-inch gash into a steel refrigerator door during a malfunction.”
The complaint also says Gruendel warned company leaders not to “downgrade” a “safety road map” that he had been asked to present to two prospective investors who ended up funding the company.
Gruendel worried that a “product safety plan which contributed to their decision to invest” had been “gutted” the same month Figure closed the investment round, a move that “could be interpreted as fraudulent,” the suit says.
The plaintiff’s concerns were “treated as obstacles, not obligations,” and the company cited a “vague ‘change in business direction’ as the pretext” for his termination, according to the suit.
Gruendel is seeking economic, compensatory and punitive damages and demanding a jury trial.
Figure didn’t immediately respond to a request for comment. Nor did attorneys for Gruendel.
The humanoid robot market remains nascent today, with companies like Tesla and Boston Dynamics pursuing futuristic offerings, alongside Figure, while China’s Unitree Robotics is preparing for an IPO. Morgan Stanley said in a report in May that adoption is “likely to accelerate in the 2030s” and could top $5 trillion by 2050.
Read the filing here:
-
Sports2 years agoStory injured on diving stop, exits Red Sox game
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports3 years agoButton battles heat exhaustion in NASCAR debut
-
Sports3 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment3 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment1 year agoHere are the best electric bikes you can buy at every price level in October 2024