This week, the DeFi ecosystem witnessed the biggest hack recorded to date. An attacker has indeed managed to drain 600 million dollars from the Poly-Network protocol pools. Fortunately, after some unlikely twists and turns, the situation may have a happy ending with a remorseful hacker.
Poly Network hack: the hacker agrees to collaborate
In the early hours of Wednesday, August 11, the cross-chain protocol Poly-Network alerted its users that it had been the target of an attack. Its loot of $600 million was the largest sum ever stolen in the history of DeFi.
In practice, this staggering amount was mined from multiple blockchains:
- $273 million on Ethereum;
- $85 million in USDC on Polygon;
- $253 million on the Binance Smart Chain (BSC).
Even MtGox at the time did not suffer from such an attack. In addition to being the largest DeFi theft, it is even one of the largest thefts across the entire crypto ecosystem, across all categories.
Following the attack, protocol teams attempted to make contact with the attacker, noting that he would be prosecuted by numerous police forces around the world if he did not return the funds. A few hours later, the thug gave a sign of life, explaining that he was “ready to return the funds”. This news has delighted Poly-Network developers and aggrieved users.
To do so, the Poly-Network teams created 3 addresses so that the attacker could return the funds.
A promise is a promise
In the aftermath of the events, the attacker seems to have made good on his promises. Indeed, several transactions have been recorded to addresses created by PolyNetwork.
First of all, all 85 million dollars stolen from Polygon were returned on August 11, in the evening.
At the same time, the attacker returned the entire $253 million stolen from the Binance Smart Chain, through several transactions.
Finally, the attacker returned the 273 million initially stolen on Ethereum, within hours of the return on other blockchains.
Thus, all the funds, except the USDT frozen by Tether, have been returned. All’s well that ends well.
An unprecedented event
This hack is truly a first in the history of cryptocurrencies, both in the amount stolen and in the management of events following the attack. Indeed, if the DeFi hacks do not cease to multiply, it had never happened until now that an attacker returns the funds, especially in the context of such a big loot.
This is fortunate for Poly-Network and the entire DeFi ecosystem, for whom the loss of $600 million could have been catastrophic.
Recently, for example, $20 million was stolen from the Popsicle Finance protocol. Unfortunately for them, the attacker did not charitably return the funds. Another proof that DeFi protocols, frequently victims of attacks (even if it was the case for the Poly Network project), should be audited.