LONDON/SINGAPORE/HONG KONG (Reuters) - Hackers behind one of the biggest ever cryptocurrency heists have returned more than a third of about $600 million in digital coins they stole, blockchain researchers said on Wednesday.
Poly Network, a decentralised finance platform that facilitates peer-to-peer transactions, announced the hack on Twitter, posting details of digital wallets to which the tokens were sent.
The value of the coins in the wallets was just over $600 million at the time of the announcement, according to blockchain analysts.
Poly Network later urged the hackers to return the stolen funds to several of its digital addresses, saying it planned to take legal action.
Blockchain forensics company Chainalysis said roughly $260.97 million worth of cryptocurrency was returned in a range of coins.
The hackers said they perpetrated the heist "for fun" and wanted to "expose the vulnerability" before others could exploit it, according to digital messages shared by blockchain analyst firm Elliptic and Chainalysis. The identity of the hackers was unknown, including whether a group or an individual was responsible.
Reuters could not verify the authenticity of the messages.
An executive from cryptocurrency firm Tether said on Twitter the company had frozen $33 million connected with the hack, and top management at large crypto exchanges told Poly Network they would also try to help.
Tom Robinson, Elliptic's co-founder, said the extraordinary decision to return the money could have been prompted by the headaches of laundering stolen crypto on such a scale.
"Even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions," said Robinson.
Poly Network, which allows users to swap tokens across different blockchains, did not respond to requests for more details. It was not immediately clear where the platform is based, or whether any law enforcement agency was investigating the heist.
Spokespeople for the Department of Justice and the Commodity Futures Trading Commission did not immediately respond to requests for comment.
The size of the theft was comparable to the $530 million in digital coins stolen from Tokyo-based exchange Coincheck in 2018. The Mt. Gox exchange, also based in Tokyo, collapsed in 2014 after losing half a billion dollars in bitcoin.
The Poly Network attack comes as losses from theft, hacks and fraud related to decentralised finance (DeFi) hit an all-time high, according to crypto intelligence company CipherTrace.
At $600 million, however, the Poly Network theft far outstripped the $474 million in criminal losses CipherTrace said were registered by the entire DeFi sector from January to July. The thefts illustrated risks of the mostly unregulated sector and may attract the attention of regulators.
RISKS OF DECENTRALISED FINANCE
DeFi platforms allow parties to conduct transactions, usually in cryptocurrency, directly without traditional gatekeepers such as banks or exchanges. The sector has boomed. over the last year, with platforms now handling more than $80 billion worth of digital coins.
Proponents of DeFi say it offers people and businesses free access to financial services, arguing that the technology will cut costs and boost economic activity. But technical flaws and weaknesses in their computer code can make them vulnerable to hacks.
(Reporting by Alun John in Hong Kong, Tom Wilson in London and Tom Westbrook in SingaporeEditing by Jane Wardell, David Holmes, Elaine Hardcastle, Michelle Price and Cynthia Osterman)
