article featured image


Yesterday we looked into the biggest cryptocurrency hack that ever happened, today we talk about how the attackers decided to give back the money they have stolen during it.

Yes, you heard it right! The cybercriminals behind the Chinese Internet protocol Poly Network attack who have stolen approximately $600 million worth of cryptocurrency assets began to return it, as shared by the organization on Twitter.

So far, the hacker has reimbursed $256 million Binance Smart Chain (BSC) tokens, $3.3 million in Ethereum tokens, and $1 million in USD Coin (USDC) on the Polygon network, but decided to keep the rest of it for the negotiations with the cross-chain DeFi protocol.

In order to have back in its account all the assets that have been stolen, Poly still needs to receive the difference of $269 million on Ethereum and $84 million on Polygon.

Why Did the Attackers Return the Money to Poly Network?

It’s not the first time the hackers said they are willing to return the stolen assets, which made many believe that the attack may have been meant to show the Chinese company it needs better protection against cybercriminals, just like a white-hat hacker would do.

A white-hat hacker (a good hacker) is a computer security expert whose job is to breach secured networks in order to test their security.

On the other side, chief scientist at blockchain analytics firm Elliptic Tom Robinson thinks that giving back the stolen cryptocurrency shows that even if you can steal it, laundering and converting them might be an inconvenience “due to the transparency of the blockchain.”

It could also be the blockchain security company SlowMist announcement that they have identified the cybercriminal’s ID, email address, IP information, and device fingerprint.

The firm also stated that the hacker’s resources were initially in monero (XMR), but were swapped for BNB, ETH and MATIC, and other tokens that were used to sponsor the cyberattack.

Or maybe it was Poly Network’s message?

Poly Network cryptocurrency hack


In an AMA (Ask Me Anything) session the attackers declared they have attacked the Poly Network platform for fun and because “cross-chain hacking is hot.”

We can make assumptions, but we don’t know for sure the real reason why the hackers have returned the crypto-assets they have stolen two days ago.

How Did the Attack Happen in the First Place?

The hackers behind the Poly Network hack took advantage of a flaw between contract calls which enabled them to obtain ownership of crypto-assets and move them to attacker-controlled wallets:

This attack is mainly because the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed in by the user through the _executeCrossChainTx function.

Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract.


Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.