Nearly all of the $600 million stolen in a huge crypto heist has been returned — but there’s a catch
Nearly all of the $600 million stolen in one of the biggest cryptocurrency heists ever has now been returned by hackers.
Poly Network, the crypto platform targeted in the attack, said Thursday that all of the funds bar $33 million worth of the digital coin tether had been transferred.
The issuer of tether, a so-called stablecoin pegged to the U.S. dollar, used a built-in failsafe to freeze the assets soon after the theft.
In an unusual turn of events Wednesday, an anonymous person claiming to be the hacker said they were “ready to return” the funds. The identity of the hacker, or hackers, is not yet known.
Poly Network requested they send the money to three digital currency wallets. And, sure enough, the hacker had returned more than $342 million of the funds to those wallets by Thursday.
But there’s a catch. While almost all of the haul has been sent back to Poly Network, the last $268 million of assets is currently locked in an account that requires passwords from both Poly Network and the hacker to gain access.
“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said in a blogpost Friday.
In a message embedded in a digital currency transaction, the suspected hacker said they would “provide the final key when _everyone_ is ready.”
Record ‘DeFi’ hack
Poly Network is what’s known as a “decentralized finance,” or DeFi, system. DeFi projects aim to use blockchain — the technology which underpins most cryptocurrencies — to replicate traditional financial services like loans and trading.
In Poly Network’s case, the DeFi system allows users to transfer tokens from one blockchain to another.
Someone exploited a vulnerability in Poly Network’s code which allowed them to transfer tokens to their own crypto wallets. The platform lost more than $610 million in the attack, according to researchers at security firm SlowMist.
Poly Network called it “the biggest in defi history.”
The self-proclaimed hacker claims they carried out the theft “for fun” and that it was “always the plan” to eventually return the funds.
CNBC could not independently verify the authenticity of the messages.
In a further message, the hacker claimed Poly Network offered them a $500,000 bounty to send all of the money back, and that they turned it down. The hacker shared what appears to be a statement from Poly Network promising that they would “not be held accountable for this incident,” effectively granting them immunity.
Poly Network did not return a request for comment from CNBC by the time of publication.
“Offering immunity may have sounded like a smart move from Poly Network to dangle a carrot, but it is unlikely that the authorities would agree with this decision nor even allow it,” said Jake Moore, a specialist at cybersecurity firm ESET.
“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks.”
Identifying the hacker
Robinson said the hacker “might well still find themselves being pursued by the authorities.”
“Their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow.”
Cryptocurrencies are often the go-to for cybercriminals, particularly in ransomware attacks which lock down organizations’ systems or steal data while demanding a ransom payment to recover access.
That’s because the people sending and receiving digital currencies aren’t revealing their identities. However, it has become possible to trace the location of the funds by analyzing the blockchain, which contains a public record of all historical crypto transactions.
Intuit CEO Sasan Goodarzi speaks at the opening night of the Intuit Dome in Los Angeles on Aug. 15, 2024.
Rodin Eckenroth | Filmmagic | Getty Images
Intuit shares fell 6% in extended trading Thursday after the finance software maker issued a revenue forecast for the current quarter that trailed analysts’ estimates due to some sales being delayed.
Here’s how the company performed in comparison with LSEG consensus:
- Earnings per share: $2.50 adjusted vs. $2.35 expected
- Revenue: $3.28 billion vs. $3.14 billion
Revenue increased 10% year over year in the quarter, which ended Oct. 31, according to a statement. Net income fell to $197 million, or 70 cents per share, from $241 million, or 85 cents per share, a year ago.
While results for the fiscal first quarter topped estimates, second-quarter guidance was light. Intuit said it anticipates a single-digit decline in revenue from the consumer segment because of promotional changes for the TurboTax desktop software in retail environments. While that will affect revenue timing, it won’t have any impact on the full 2025 fiscal year.
Intuit called for second-quarter earnings of $2.55 to $2.61 per share, with $3.81 billion to $3.85 billion in revenue. The consensus from LSEG was $3.20 per share and $3.87 billion in revenue.
For the full year, Intuit expects $19.16 to $19.36 in adjusted earnings per share on $18.16 billion to $18.35 billion in revenue. That implies revenue growth of between 12% and 13%. Analysts polled by LSEG were looking for $19.33 in adjusted earnings per share and $18.26 billion in revenue.
Revenue from Intuit’s global business solutions group came in at $2.5 billion in the first quarter. The figure was up 9% and in line with estimates, according to StreetAccount. Formerly known as the small business and self-employed segment, the group includes Mailchimp, QuickBooks, small business financing and merchant payment processing.
“We are seeing good progress serving mid-market customers in MailChimp, but are seeing higher churn from smaller customers,” Sandeep Aujla, Intuit’s finance chief, said on a conference call with analysts. “We are addressing this by making product enhancements and driving feature discoverability and adoption to improve first-time use and customer retention.”
Better outcomes are a few quarters away, Aujla said.
CreditKarma revenue came in at $524 million, above StreetAccount’s $430 million consensus.
At Thursday’s close, Intuit shares were up about 9% so far in 2024, while the S&P 500 has gained almost 25% in the same period.
On Tuesday Intuit shares slipped 5% after The Washington Post said President-elect Donald Trump’s proposed “Department of Government Efficiency” had discussed developing a mobile app for federal income tax filing. But a mobile app for submitting returns from Intuit is “already available to all Americans,” CEO Sasan Goodarzi told CNBC’s Jon Fortt.
Goodarzi said on CNBC that he’s personally communicating with leaders of the incoming presidential administration.
On the earnings call, Goodarzi sounded optimistic about the economy.
“Our belief, which is not baked into our guidance, is that we will see an improved environment as we look ahead in 2025, particularly just with some of the things that I mentioned earlier around just interest rates, jobs, the regulatory environment,” he said. “These things have a real burden on businesses. And we believe that a better future is to come.”
WATCH: H&R Block, Intuit shares fall after report Trump administration is considering a free tax-filing app
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports8 months agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway