The PolyHack

Ever hear of bank robbers pulling off a successful heist then subsequently deciding to return the money? Yeah, neither have we. Tuesday “hackers perpetrated what is likely the biggest theft ever in the world of decentralized finance, stealing about $600 million in cryptocurrency from a protocol known as PolyNetwork that lets users swap tokens across multiple blockchains.”

Like most victims of hackings there was not much that PolyNetwork could do except ask the hacker nicely to give the money back. So, they did. PolyNetwork tweeted a picture of a letter addressed “Dear Hacker.”

Apparently, it worked…

For whatever reason, the hackers were like, yeah, okay. They have now returned back $256 million in tokens out of the haul so far. The apparent hackers embedded the message, “READY TO RETURN THE FUND!” in an Ethereum transaction on Thursday morning. A second message embedded in a transaction read, “IT’S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAO”.

Hackers can be strange creatures; for some it’s simply about having the ability and power to pull off disruptive feats and make a statement for the sake of street cred, or perhaps they were truly just bored. While fear seems to be the unlikely motive of the return, blockchain security firm Slowmist has identified the hacker’s transaction ID information, which is largely inconsequential at this juncture. If the hacker(s) do return the entirety of the haul, they’re certainly bound to take a hit in gas fees.

The PolyNetwork hack underscores the infancy of the strength of smart contract security — the nature of large-scale crypto projects are often pretty open source, therefore allow the savvy keyboard bandit to find flaws in projects and exploit them. While this can be viewed as a flaw, it’s also not a bug — it’s a feature. It’s just still very early. Unlike banks, crypto projects cannot throw the same level of cybersecurity manpower to secure these environments as well. The vulnerability of a project becomes a further free market proof of concept. If a large breach occurs so does public trust, but at the same time when it comes to the security of capital, that market isn’t necessarily forgiving.

Brookfield Brief is a weekly newsletter covering the most relevant stories in business, finance, and tech news.

Related posts:

According to the definition, vaginal intercourse is when the male penis penetrates the woman’s vagina. To this day, in some places people still talk about “normal” intercourse, which leads many…

Big companies use LinkNYC as a platform to reach consumers on the street. They tell us what information we see and are uniform throughout the city. LinkNYC uses advertising as a source for their…