The attacker responsible for yesterday’s $600 million hack of decentralized finance () interoperability protocol Poly Network sent nearly $5 million worth of crypto back to the project.
Earlier today, Poly Network developers told the hacker (via a message attached to an transaction) that they are preparing a multi-signature address controlled by “known Poly addresses.”
They also listed three wallets to which the hacker could return the funds.
The attacker has transferred about $2.1 million in crypto to two of these addresses.
First, they sent a total of 1,010,100 USDC to a wallet on the Polygon blockchain.
About an hour later, they followed up with a transaction of 23.88 BTCB (a token pegged to the price of that works on the Binance Smart Chain network), worth roughly $1.103 million at current prices.
Lastly, the hacker just sent over $2.65 million to the Ethereum wallet provided by Poly Network (259 billion Shiba Inu tokens and 616,000 Fei USD stablecoins).
Poly Network hacker ‘to return the fund!’
At 12 am EST, the hacker also announced that they are “Ready to return the fund!” via a message in an Ethereum transaction they sent to themselves.
Shortly after, they said “Failed to contact the Poly. I need a secured multisig wallet from you” via a similar method. In their response, Poly Network developers published the three aforementioned addresses for the hacker to return the stolen funds to.
Notably, cybersecurity company Slowmist claimed that it has identified the hacker’s IP and email addresses yesterday.
“The SlowMist security team has discovered the attacker's mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker,” the firm wrote in a post on Weibo yesterday.
Earlier, Poly Network developers also told the hacker that he committed “the biggest hack in DeFi history” and therefore “any country will regard this as a major economic crime and you will be pursued.”
This may be one of the reasons why they have begun returning funds. Still, just $5 million of a $600 million total is minuscule.
Editor's note: This article has been updated to reflect additional returns the Poly Hacker has made since initial publication.