Hackers exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.
In a strange turn of events Wednesday, hackers returned almost half of the funds they stole.
Hackers have returned nearly half of the $600 million they stole in what’s likely to be one of the biggest cryptocurrency thefts ever.
The cybercriminals exploited a vulnerability in Poly Network, a platform that looks to connect different blockchains so that they can work together.
Poly Network disclosed the attack Tuesday and asked to establish communication with the hackers, urging them to “return the hacked assets.”
A blockchain is a ledger of activities upon which various cryptocurrencies are based. Each digital coin has its own blockchain and they’re different from each other. Poly Network claims to be able to make these various blockchains work with each other.
Poly Network is a decentralized finance platform. DeFi is a broad term encompassing financial applications based on blockchain technology that looks to cut out intermediaries — such as brokerages and exchanges. Hence, it’s dubbed decentralized.
Proponents say this can make financial applications such as lending or borrowing more efficient and cheaper.
“The amount of money you hacked is the biggest in defi history,” Poly Network said in a tweet.
Hackers start to return the funds
In a strange turn of events Wednesday, the hackers began returning some of the funds they stole.
They sent a message to Poly Network embedded in a cryptocurrency transaction saying they were “ready to return” the funds. The DeFi platform responded requesting the money be sent to three crypto addresses.
As of 7 a.m. London time, more than $4.8 million had been returned to the Poly Network addresses. By 11 a.m. ET, about $258 million had been sent back.
“I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said via email.
“In this case the hacker concluded that the safest option was just to return the stolen assets.”
Once the hackers stole the money, they began to send it to various other cryptocurrency addresses. Researchers at security company SlowMist said a total of more than $610 million worth of cryptocurrency was transferred to three addresses.
SlowMist said in a tweet that its researchers had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker.”
The researchers concluded that the theft was “likely to be a long-planned, organized and prepared attack.”
Poly Network urged cryptocurrency exchanges to “blacklist tokens” coming from the addresses that were linked to the hackers.
About $33 million of Tether that was part of the theft has been frozen, according to the stablecoin’s issuer.
Changpeng Zhao, CEO of major cryptocurrency exchange Binance, said he was aware of the attack.
He said Binance is “coordinating with all our security partners to proactively help,” but that “there are no guarantees.”
“We will take legal actions and we urge the hackers to return the assets,” Poly Network said on Twitter.
DeFi hacks on the rise
DeFi has become a key target for attacks.
Since the start of the year until July, DeFi-related hacks totaled $361 million — an increase of nearly three times from all of 2020, according to cryptocurrency compliance company CipherTrace.
DeFi-related fraud is also on the rise. In the first seven months of the year, it accounted for 54% of total crypto fraud volume versus 3% for all of last year.
On August 6, 1991, the first website was introduced to the world.
And while perhaps not as exciting or immersive as some of the nearly 1.9 billion websites that exist today, it makes sense that the first web page launched on the good ol’ W3 was, well, instructions about how to use it.
The first website contained information about the World Wide Web Project. It launched at the European Organization for Nuclear Research, CERN, where it was created by British computer scientist Tim Berners-Lee. On it, people could find out how to create web pages and learn about hypertext (coded words or phrases that link to content).
Berners-Lee created the web for the same reason a lot of us visit websites today: to make life just a little bit easier. For him, the problem to be solved rested in computers themselves: there was no way to share information between different devices.
And so in 1989, Berners-Lee proposed the idea for an information management system to his managers at CERN. The system would use hypertext to connect documents on separate computers connected to the Internet.
At first, the managers’ response was something along the lines of cool, but no thanks. But when Berners-Lee returned with a new-and-improved proposal a year later, the computer scientist was granted permission to work on the project. By 1991, it was ready to launch. Berners-Lee had developed HTML, HTTP and URLs — the building blocks for creating websites — all on his NeXT computer designed by Steve Jobs.
And so, with the creation of a single web page, the World Wide Web was born. And it’s grown quite a bit since then. There were 10 websites by 1992, 3,000 websites by 1994 (after the W3 became public domain), and 2 million by the time the search engine Google made its debut in 1996.
It’s worth mentioning that the first website was also lost. Excited by progress and unable at the time to fathom the true scope of the web’s abilities, computer scientists didn’t archive many of the very first websites. A project to restore the world’s first web page was launched in 2013 by CERN.
But not to worry: It’s back now, even at its original URL, for you to explore.
Josie Fischels is an intern on NPR’s News Desk.