One of the biggest heists in history didn’t involve retired gangsters and an East End jewellers. It didn’t involve suave European criminals, high speed cars and credit card fraud. And it certainly didn’t involve ski masks and sawn off shotguns.
No, in 2021, crime is smarter. Hacking has been in the news a lot in recent years, mostly with fingers pointed at China or Russia, alleging their hackers have interfered in Western politics. But, it seems, not every hacker has malicious intent.
Fans of the Michael Mann film Black Hat (and while we’re on the subject of robbery, why not give Heat a re-watch?) will know that in the world of hacking, there are ‘Black Hats’ who cause damage, and ‘White Hats’ who hack supposedly to point out a flaw in a company’s system. The hacker who last week got away with around $610 million in one of the largest cryptocurrency heists ever reportedly identifies as the latter.
The heist occurred when the hacker exploited a vulnerability in the blockchain site (where users can swap cryptocurrencies) Poly Network. A preliminary investigation by the company found the hacker had exploited a “vulnerability between contract calls”. And once in, the hacker took thousands of digital tokens, including around $267m of Ether currency, $252m of Binance and roughly $85 million in USDC tokens. Elon Musk’s beloved Dogecoin, however, was left alone.
In an open letter to the hacker, Poly Network announced “The amount of money you have hacked is one of the biggest in defi [decentralised finance] history… Law enforcement in any country will regard this as a major economic crime and you will be pursued…The money you stole are [sic] from tens of thousands of crypto community members, hence the people [sic].”
Poly Network also asked the individual to get in touch “to work out a solution”.
In response, a person claiming to be the hacker contacted Tom Robinson, the chief scientist and co-founder of the crypto tracking firm Elliptic and published a letter through Robinson’s Twitter account. According to these messages, Poly Network had offered a $500,000 “bug bounty” to return the stolen assets and promised the anonymous hacker that “you will not be held accountable for this incident”.
According to Robinson, the hacker had told him they would not be claiming the money but would be donating it to the “unexpected victims” of the hack. The hacker then pledged to return the funds, claiming to be “not very interested in money”.
The following day, Poly Network said it had received $260m back, including $256m worth of Binance Coin, $3.3m worth of Ethereum and $1m worth of Polygon. To date, $269m in Ether tokens and $84m in Polygon tokens has yet to be recovered.
To unlock this article, please subscribe. Benefits include:
- 2 Magazines delivered to your door
- Direct offers and benefits with luxury hotels, clubs, restaurants and handpicked brands
- Invitations to a minimum of 4 member-only events each year
- Paywalled content — access to exclusive online features only for members
- 15% off selected brands online with Gentleman's Journal
- Your own Clubhouse membership card to redeem all the perks