The PolyHack

Ever hear of bank robbers pulling off a successful heist then subsequently deciding to return the money? Yeah, neither have we. Tuesday “hackers perpetrated what is likely the biggest theft ever in the world of decentralized finance, stealing about $600 million in cryptocurrency from a protocol known as PolyNetwork that lets users swap tokens across multiple blockchains.”

Like most victims of hackings there was not much that PolyNetwork could do except ask the hacker nicely to give the money back. So, they did. PolyNetwork tweeted a picture of a letter addressed “Dear Hacker.”

Apparently, it worked…

For whatever reason, the hackers were like, yeah, okay. They have now returned back $256 million in tokens out of the haul so far. The apparent hackers embedded the message, “READY TO RETURN THE FUND!” in an Ethereum transaction on Thursday morning. A second message embedded in a transaction read, “IT’S ALREADY A LEGEND TO WIN SO MUCH FORTUNE. IT WILL BE AN ETERNAL LEGEND TO SAVE THE WORLD. I MADE THE DECISION, NO MORE DAO”.

Hackers can be strange creatures; for some it’s simply about having the ability and power to pull off disruptive feats and make a statement for the sake of street cred, or perhaps they were truly just bored. While fear seems to be the unlikely motive of the return, blockchain security firm Slowmist has identified the hacker’s transaction ID information, which is largely inconsequential at this juncture. If the hacker(s) do return the entirety of the haul, they’re certainly bound to take a hit in gas fees.

The PolyNetwork hack underscores the infancy of the strength of smart contract security — the nature of large-scale crypto projects are often pretty open source, therefore allow the savvy keyboard bandit to find flaws in projects and exploit them. While this can be viewed as a flaw, it’s also not a bug — it’s a feature. It’s just still very early. Unlike banks, crypto projects cannot throw the same level of cybersecurity manpower to secure these environments as well. The vulnerability of a project becomes a further free market proof of concept. If a large breach occurs so does public trust, but at the same time when it comes to the security of capital, that market isn’t necessarily forgiving.

Brookfield Brief is a weekly newsletter covering the most relevant stories in business, finance, and tech news.

Related posts:

No amount of educating racists about the humanity of African people will change the fact that their worldview places African people at the bottom. From the construction of racial hierarchies to the…

Hello everyone. My name is Brandon Talbot. Welcome to my blog! I know this may be a little strange, introducing myself five days into my blog but here goes. I’m a 39 year old father of four who just…

There is an issue at Seattle Public Library. And people want to frame it as a free speech issue, a 1A issue. But that’s missing the point. Libraries aren’t part of any ‘apolitical milieu’, but it’s…