Nearly all of the $600 million stolen in a huge crypto heist has been returned — but there’s a catch
Nearly all of the $600 million stolen in one of the biggest cryptocurrency heists ever has now been returned by hackers.
Poly Network, the crypto platform targeted in the attack, said Thursday that all of the funds bar $33 million worth of the digital coin tether had been transferred.
The issuer of tether, a so-called stablecoin pegged to the U.S. dollar, used a built-in failsafe to freeze the assets soon after the theft.
In an unusual turn of events Wednesday, an anonymous person claiming to be the hacker said they were “ready to return” the funds. The identity of the hacker, or hackers, is not yet known.
Poly Network requested they send the money to three digital currency wallets. And, sure enough, the hacker had returned more than $342 million of the funds to those wallets by Thursday.
But there’s a catch. While almost all of the haul has been sent back to Poly Network, the last $268 million of assets is currently locked in an account that requires passwords from both Poly Network and the hacker to gain access.
“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said in a blogpost Friday.
In a message embedded in a digital currency transaction, the suspected hacker said they would “provide the final key when _everyone_ is ready.”
Record ‘DeFi’ hack
Poly Network is what’s known as a “decentralized finance,” or DeFi, system. DeFi projects aim to use blockchain — the technology which underpins most cryptocurrencies — to replicate traditional financial services like loans and trading.
In Poly Network’s case, the DeFi system allows users to transfer tokens from one blockchain to another.
Someone exploited a vulnerability in Poly Network’s code which allowed them to transfer tokens to their own crypto wallets. The platform lost more than $610 million in the attack, according to researchers at security firm SlowMist.
Poly Network called it “the biggest in defi history.”
The self-proclaimed hacker claims they carried out the theft “for fun” and that it was “always the plan” to eventually return the funds.
CNBC could not independently verify the authenticity of the messages.
In a further message, the hacker claimed Poly Network offered them a $500,000 bounty to send all of the money back, and that they turned it down. The hacker shared what appears to be a statement from Poly Network promising that they would “not be held accountable for this incident,” effectively granting them immunity.
Poly Network did not return a request for comment from CNBC by the time of publication.
“Offering immunity may have sounded like a smart move from Poly Network to dangle a carrot, but it is unlikely that the authorities would agree with this decision nor even allow it,” said Jake Moore, a specialist at cybersecurity firm ESET.
“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks.”
Identifying the hacker
Robinson said the hacker “might well still find themselves being pursued by the authorities.”
“Their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow.”
Cryptocurrencies are often the go-to for cybercriminals, particularly in ransomware attacks which lock down organizations’ systems or steal data while demanding a ransom payment to recover access.
That’s because the people sending and receiving digital currencies aren’t revealing their identities. However, it has become possible to trace the location of the funds by analyzing the blockchain, which contains a public record of all historical crypto transactions.
Bay Area Rapid Transit (BART) passengers walk off a train at the Richmond station on March 15, 2023 in Richmond, California.
Justin Sullivan | Getty Images
Commuters in and around San Francisco rode into work for free on Tuesday morning due to an outage in the Clipper card system, which is used to handle payments for train, bus and ferry rides.
“ATTENTION: The Clipper system is experiencing an outage on all operators this morning,” the Bay Area Clipper account wrote in a post on X. “Please be prepared to pay your fare with another form of payment if required by your transit agency.”
Many buses were waving commuters on without asking for payment, and at Bay Area Rapid Transit (BART) train stations, the faregates were open, allowing travelers to walk through for free.
Clipper is owned by the Metropolitan Transportation Commission, which manages transportation for the nine-county Bay Area. The service is used by hundreds of thousands of tech workers in San Francisco and Silicon Valley.
The MTC website said there were 1.35 million unique Clipper cards — physical and digital — used in May, the highest monthly toll for the year and the most since December 2019, before the pandemic. A fact sheet from the MTC says Clipper is used by 800,000 transit riders a day across the region.
BART fare gates open on July 1, 2025, due to Clipper outage
Kif Leswing
BART, in particular, has undergone dramatic changes in recent years, most notably installing fare gates starting in late 2023, with full deployment expected to be completed by the end of this year.
In the first five months of the year, average BART station exits totaled between 170,000 and 182,000 a month, according to its website. Those numbers are way down from the pre-pandemic days of 2019, when averages were generally above 400,000 a month.
The MTC has plans to roll out an updated system called Clipper 2.0, which it says will be a “customer-focused, cost-effective fare collection system” with a “flexible platform for future fare structures.” Features include use across the various mobile operating systems, updated communication and “expanded retail, online and mobile sales.”
The update, however, has been routinely delayed, leading to tense confrontations at recent Clipper executive board meetings.
An image of a Quantix drone made by AeroVironment.
David Mcnew | Getty Images News | Getty Images
AeroVironment shares fell 7% Tuesday after the defense contractor said it plans to offer $750 million in common stock and $600 million in convertible senior notes due in 2030 to repay debt.
The drone maker said it would use leftover funding for general purposes such as boosting manufacturing capacity.
AeroVironment shares have soared 85% this year, ballooning its market value to about $13 billion.
Last week, shares of the Arlington, Virginia-based company rallied on strong fourth-quarter results, lifting higher as CNBC’s Jim Cramer called it the “next Palantir of hardware.”
Last month, the company also closed its $4.1 billion acquisition of space-related defense tech company Blue Halo.
Earlier this month, President Donald Trump signed an executive order intended to boost drone production in the U.S. and crack down on unauthorized uses.
The company also has a high short interest level, which may have contributed to some of the recent gains, creating a short squeeze. This phenomenon occurs when a stock price surges, forcing those shorting the stock to purchase shares to cover their positions and prevent losses.
Aerovironment 1 month stock chart
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Sports2 years agoButton battles heat exhaustion in NASCAR debut
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike