Money for nothing: the true story of the world’s biggest ever crypto heist

An online thief made history recently by stealing $610 million in cryptocurrency. Then they gave half of it back. Why?

One of the biggest heists in history didnt involve retired gangsters and an East End jewellers. It didnt involve suave European criminals, high speed cars and credit card fraud. And it certainly didnt involve ski masks and sawn off shotguns.

No, in 2021, crime is smarter. Hacking has been in the news a lot in recent years, mostly with fingers pointed at China or Russia, alleging their hackers have interfered in Western politics. But, it seems, not every hacker has malicious intent. 

Fans of the Michael Mann film Black Hat (and while were on the subject of robbery, why not give Heat a re-watch?) will know that in the world of hacking, there are Black Hatswho cause damage, and White Hatswho hack supposedly to point out a flaw in a companys system. The hacker who last week got away with around $610 million in one of the largest cryptocurrency heists ever reportedly identifies as the latter. 

The heist occurred when the hacker exploited a vulnerability in the blockchain site (where users can swap cryptocurrencies) Poly Network. A preliminary investigation by the company found the hacker had exploited a “vulnerability between contract calls. And once in, the hacker took thousands of digital tokens, including around $267m of Ether currency, $252m of Binance and roughly $85 million in USDC tokens. Elon Musks beloved Dogecoin, however, was left alone.

In an open letter to the hacker, Poly Network announced “The amount of money you have hacked is one of the biggest in defi [decentralised finance] history… Law enforcement in any country will regard this as a major economic crime and you will be pursued…The money you stole are [sic] from tens of thousands of crypto community members, hence the people [sic].”

Poly Network also asked the individual to get in touch “to work out a solution”.

In response, a person claiming to be the hacker contacted Tom Robinson, the chief scientist and co-founder of the crypto tracking firm Elliptic and published a letter through Robinson’s Twitter account. According to these messages, Poly Network had offered a $500,000 “bug bounty” to return the stolen assets and promised the anonymous hacker that “you will not be held accountable for this incident”.

According to Robinson, the hacker had told him they would not be claiming the money but would be donating it to the “unexpected victims” of the hack. The hacker then pledged to return the funds, claiming to be “not very interested in money”.

The following day, Poly Network said it had received $260m back, including $256m worth of Binance Coin, $3.3m worth of Ethereum and $1m worth of Polygon. To date, $269m in Ether tokens and $84m in Polygon tokens has yet to be recovered.

To unlock this article, please subscribe. Benefits include:

  • 2 Magazines delivered to your door
  • Direct offers and benefits with luxury hotels, clubs, restaurants and handpicked brands
  • Invitations to a minimum of 4 member-only events each year
  • Paywalled content — access to exclusive online features only for members
  • 15% off selected brands online with Gentleman's Journal
  • Your own Clubhouse membership card to redeem all the perks
Clubhouse Membership

Clubhouse Membership

Buy Now

Further Reading