Doxxed: Experts outline the hacker’s motives for returning $611m to Poly Network

An unknown attacker, who orchestrated what authorities describe as the largest-ever attack in cryptocurrency history on the Chinese cross-chain protocol Poly Network, decided to return the $611 million stolen less than a day later. ForkLog spoke to experts who speculated about what might have prompted the hacker to such a decision.

According to Alexey Matyasevich, the smart-contracts developer, the hacker simply got doxxed. The funds used to finance the attack in BNB, ETH, MATIC and other tokens were transferred to the attacker’s address from the Chinese crypto exchange Hoo, which has KYC.

I think it is too late already, this guy doxxed himself.https://t.co/23L9IpZnEP
Or he used a stolen account.

— luoj.eth (@luojeth) August 10, 2021

“Usually hackers do not engage in any communication, because any communication is an additional opportunity to lose anonymity,” explained Matyasevich.

The developer believes that in the event of full restitution, the hacker could avoid prosecution by law enforcement. Otherwise, a criminal case awaits him.

Earlier, blockchain-security specialists from Slowmist managed to track down the attacker's identifier. They say they learned the attacker's email address, IP information, and the device's digital fingerprint. The information was obtained through the Hoo exchange and other trading platforms.

One of the main reasons is the difficulty of legitimising proceeds obtained through criminal activity in the cryptocurrency industry, noted Stanislav Shakirov, chief technology officer of Roskomsvoboda.

“Stolen crypto leaves a trace, and legitimising large sums is not easy. Given that you can end up in prison for this, returning the funds was probably the most sensible decision for the hacker,” he said.

Denis Voskvitsov, head of the fintech company Exantech, does not rule out that the attacker this way might have aimed to point to a vulnerability in a particular protocol or the industry as a whole:

“The theft may not have been the main goal. But to test this theory, we must wait for ‘programmatic’ statements from the organizer of the hack.”

Voskvitsov also recalled that part of the funds the hacker moved to liquidity pools and could already be earning a solid yield on the stolen assets.

“The probability is small, but perhaps that was the plan — to return most of the money so that everyone is satisfied, while still being in the black,” added Exantech's head.

To recall, on August 10 the Poly Network cross-chain protocol was subjected to an attack on the Ethereum, Binance Smart Chain, and Polygon. The total damage amounted to $611 million in various cryptocurrencies. Some of the stolen funds, for example in USDT, were blocked.

Part of the assets were moved by the hacker to the Ellipsis Finance liquidity pool.

On August 11 the hacker announced his intent to return the funds. At the time of writing he had transferred to Poly Network wallets $1 million in USDC, $1.1 million in BTCB, $2 million in Shiba Inu, 622 243 in FEI, 1000 BTC, 26 629 ETH and 119 664 866 BUSD.

The hacker who stole $611 million from Poly Network began returning funds

Earlier, developer Kelvin Fichter thoroughly analyzed the mechanism of the Poly Network attack.

An expert explained the mechanism of the $611 million Poly Network hack

Follow ForkLog news on Telegram: ForkLog Feed — all the news, ForkLog — essential news, infographics and opinions.