Security News > 2021 > August > Thief hands back at least a third of $600m in crypto-coins stolen from Poly Network

Whoever drained $600m in cryptocurrencies from Poly Network is said to have returned at least $260m so far.

Poly Network said the crook was able to interfere with the execution of smart contracts - typically, small programs that automatically run to fulfill agreements between parties - that are used by the platform to exchange people's tokens and coins.

"The hacker exploited a vulnerability, which is the executeCrossChainTx function between contract calls," a spokesperson for Poly Network told El Reg.

The team at Chainalysis put it more bluntly: "The attacker pulled off the heist by taking advantage of an exploit in the smart contracts Poly Network uses to carry out cross-chain transactions."

Earlier, Poly Network publicly pleaded for the thief to return all of the stolen assets, and urged crypto-exchanges and others to refuse to handle transactions from specific wallet addresses understood to be holding the loot or otherwise involved in the information superhighway robbery.

Instead, we're told, it was more of a prank to teach Poly Network a lesson in computer security by publicly exposing a vulnerability, and that they always intended to hand back the plunder - which are among the oldest excuses in the book.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/11/poly_network_funds_returned/