child with computer isolated on white

$600M

Shutterstock

An anonymous hacker who stole over $600 million in various cryptocurrencies earlier this week has begun the process of returning the money to its original owners, claiming they only pulled off history’s largest decentralized finance theft “for fun :)” — their goddamn words, not ours. On Tuesday, the Poly Network crypto platform announced via Twitter that a malicious actor succeeded in exploiting a security flaw, and subsequently withdrew hundreds of millions of dollars spread across the Ethereum blockchain, Polygon network, Binance smart chain, and various other tokens to a single encrypted wallet address. (For some reason, MAGACoin remained untouched, though).

“The hacker apparently exploited a vulnerability in the way Poly Network verified smart contracts to change a list of public keys to match the hacker's private keys... Once those keys were changed, the hacker was able to reroute funds to personal wallets,” explains Ars Technica, summarizing a breakdown of the hack from software engineer, Kelvin Fichter.

After pleading with the hacker to return the assets and urging miners to blacklist the thief’s wallet addresses, Poly Network reminded the mastermind that $600 million is a lot of money in the eyes of any country’s law enforcement, and given that this amounted to the largest DeFi heist in history, they could be certain international heat would soon come their way. This, coupled with the near impossibility of cashing all those funds out while remainig anonymous, is probably the main reason victims began seeing their money returned to their accounts within the past couple days.

In a self-aggrandizing “Q&A,” the hacker claimed it was always their intent to return the funds, saying that the whole thing was ostensibly a big ol’ goof to point out Poly’s security flaws. Uh-huh.

They still made it out with some profit — As the Ars writeup notes, the hacker clearly wasn’t doing this solely out of “white hat” concerns for a better, more secured cryptocurrency market system, given that they definitely made at least some money off the whole thing. “In the meanwhile, depositing the [stable coins, like Tether,] could earn some interest to cover potential cost so that I have more time to negotiate with the Poly team,” the hacker admitted in their Q&A session. The anonymous person ended their little explanation with “I prefer to stay in the dark and save the world,” which... okay, dude. Sure thing.