The hacker had said earlier Wednesday they would return the funds.
Addresses associated with the hacker who drained cross-chain protocol Poly Network of potentially hundreds of millions of dollars on Tuesday have started to return the funds.
- The hacker’s Polygon address sent $10,000 in USDC to a wallet set up by Poly Network at 8:46 UTC on Wednesday, before sending another $1 million fifteen minutes later, Polygonscan shows.
- The hacker also returned $1.1 million in BTCB on Binance Smart Chain at 9:49 UTC.
- On Ethereum, they returned $622,000 in fei at 10:54 UTC, and a little over $ 2 million in shiba inu five minutes later.
- When Poly Network announced the hack and the associated wallet addresses, the accounts held over $600 million in various cryptocurrencies. Less than $400 million remained by the time the hacker said they were ready to return the funds.
- Before starting the return, the hacker embedded a message in a transaction with themselves: “ACCEPT DONATIONS TO “THE HIDDEN SIGNER” NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY.”
- The hacker has been embedding messages to transactions with their own addresses to communicate with the world. Dozens of people used the same method to ask for handouts.
- Earlier Wednesday, the hacker used the same approach to say they were ready to return the funds. They then said they were unable to get in touch with Poly Network and asked for multisignature wallets.
- Poly Network, which had been calling for the funds’ return, prepared wallets on Ethereum, Binance Smart Chain and Polygon, the three blockchains the hacker has been using.
- O3 Labs, a Tokyo-based blockchain developer associated with Poly Network’s affiliate Neo, said the hacker might be a so-called white-hat hacker. Returning the funds indicates the hacker wasn’t after their own gain, like a so-called black-hat hacker, but wanted to expose vulnerabilities to make the project more robust.
- The attack took advantage of a bug within Poly Network’s cross-chain smart contract, security company SlowMist said.