Update 8/11/2021 8am PT: the hacker has now returned $256 million, with more being returned by the moment.
That was quick. The hacker who stole approximately $600 million worth of various cryptocurrencies from Poly Network has returned millions of dollars from their haul, The Block reported, after creating a token called "The hacker is ready to surrender."
It's not hard to guess why the hacker waved the white flag: A blockchain security firm called SlowMist claimed to have identified them and collected their email address, IP address, and device fingerprint just hours after Poly Network revealed the attack.
Optimism developer Kelvin Fichter also shared on Twitter some details about how the hacker managed to exploit flaws in Poly Network's system to conduct this heist.
Ok here's how the Poly Network hack actually worked. If I'm reading the contracts correctly, it's pretty genius.August 10, 2021
For the non-developers out there, Fichter summarized the flaw with the following: "Fantastic. No private key compromise required! Just craft the right data and boom... the contract will just hack itself!" Which appears to be exactly what the hacker did.
Poly Network has confirmed the hacker started to return stolen funds today:
So far, we have received a total value of $4,772,297.675 assets returned by the hacker.ETH address: $2,654,946.051BSC address: $1,107,870.815Polygon address: $1,009,480.809 pic.twitter.com/bPFAQk4mvSAugust 11, 2021
That's approximately $4.7 million of the stolen $600 million-plus recovered so far. Now the question is if whoever stole those cryptocurrencies plans to return their entire haul or if they're going to keep a little something to themselves for their effort.