$613m cryptocurrency heist claimed as white hat hack

The hack, which occurred on 10 August, saw millions in Ethereum, BSC and Polygon cryptocurrencies stolen by exploiting a vulnerability on the platform which allows users to move their assets between different blockchains.

But the funds are slowly being returned to their original wallet, owned by Poly Network, with all the BSC and Polygon refunded and around $268m in Ethereum still missing. With the money slowly coming back to the firm, it is now thought that the attack may be perpetrated by white hat hackers who use their abilities ethically to reveal flaws in computerised systems.

A person claiming to have perpetrated the hack said they did it “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic, crypto tracking firm, and Chainalysis. It was “always the plan” to return the tokens, the purported hacker wrote, adding: “I am not very interested in money.”

The Poly Network itself has not issued a formal statement other than a message addressed to the hacker soon after the attack urging that the funds be returned and that law enforcement agencies across the world would be taking action.

Steve Bradford, senior vice president at cloud firm SailPoint, said: “That hackers stole some $600m in crypto shows just how attractive the market is for cyber criminals – and also how susceptible it is to being successfully breached. Investing in multiple security technologies is critical to warding off criminals. Layers of cyber defence are key, including identity security which can provide visibility over who has access to what, and when. This is crucial to spotting unusual, suspicious behaviour and dealing with threats well before a breach occurs.”

Attacks on similar organisations are frequent – according to CipherTrace some $474m in losses have been incurred by crypto platforms from January to July this year.

The UK’s Financial Conduct Authority (FCA) has been taking note, and even banned the cryptocurrency exchange Binance from operating in the country at the end of June.

Miles Tappin at ThreatConnect said: “Cybercrime follows the money, and that’s why we’ve seen such an uptick in the attacks against virtual currency sites such as Poly Network. Cybercriminals are drawn to thriving online industries. Attackers can make substantial amounts of money when attacking crypto exchanges due to the anonymity of the cryptocurrencies, allowing them to pass on their ill-gotten gains with limited risk.”

“Potential targets should understand as much as they can about the threats they face, including the malware and infrastructure they employ. This attack also highlights the need for organisations to immediately shift to a risk-led security strategy and focus on the risks that matter most to their enterprise. By understanding the risks they face, organisations will be better prepared to develop the correct strategies that address emerging attacks and defend against them proactively.”

“If organisations do not focus on risks, threats, and response, we will see more attacks and breaches in the future, malware targeted at emerging coins, and attackers gaining credentials to exchanges. It’s that simple.”