Every token swiped in the world's biggest ever crypto-currency heist has now been returned to the victim organization.
A cyber-thief hit blockchain connection platform Poly Network on August 10, stealing crypto-currency worth more than $610m. After a blockchain keeper's private key was leaked, the attacker exploited a code vulnerability to change the “keeper role” of two blockchain contracts so that any transaction was possible.
From a Bscscan contract, the threat actor made the following withdrawals: $133,023,777.79, $85,519,813.63, $87,594,029.67, $132,907,573.59, $132,907,574.59 and $133,029927.08 (USD). A further $93,343,903.87 in Ether was withdrawn ($182,628,360.16 USD) from an Etherscan contract.
After the attack took place, Poly Network appealed to the culprit to give back their ill-gotten gains. The attacker responded by saying that they had performed the theft to make a point about security and had always intended to give the proceeds back.
In the days that followed, the attacker began paying back the stolen funds in increments. By August 13, nearly half of the tokens ($260m worth) had been returned to Poly Network in the form of $3.3m worth of Ethereum, $256m worth of Binance Coin, and $1m worth of Polygon.
While negotiating with Poly Network to return the funds, the hacker was given the name Mr. White Hat by their victim. The platform offered the unknown attacker a job as its chief security advisor and offered to pay them a $500k bug bounty for identifying the flaw exploited in the attack.
Now the mystery hacker has given its victim access to the final cache of stolen tokens. In a blogpost published on Monday, Poly Network said Mr. White Hat had at last shared with them the private key needed to regain control of the remaining tokens.
"At this point, all the user assets that were transferred out during the incident have been fully recovered," said the organization. "We are in the process of returning full asset control to users as swiftly as possible."
Prior to the theft from Poly Network, the biggest crypto-heist to have occurred took place in 2018 when thieves stole $534.8m from Japanese digital currency exchange Coincheck.