Hacker reportedly returns millions after massive $600M crypto heist

The attacker exploited a vulnerability in Poly Network, a platform for swapping tokens across different blockchains.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
Angela Lang/CNET

The Poly Network on Tuesday disclosed a cyberattack that reportedly netted the hacker more than $600 million in cryptocurrency, making it what appears to be one of the largest cryptocurrency thefts ever. But now, some of that money is reportedly being given back after Poly Network urged the attacker to "return the hacked assets."

On Wednesday morning, Poly Network said assets valued at over $4.7 million have been returned. The hacker apparently has continued to return the stolen crypto and has sent back at least $256 million in tokens so far, according to a report from The Block

Poly Network is a decentralized finance platform, or defi, that works across blockchains. It lets people swap tokens across multiple blockchains, including popular cryptocurrencies including Bitcoin and Ethereum. In the initial attack, the hacker stole $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC on the Polygon network, according to The Block

In a tweet on Tuesday, Poly Network said its preliminary investigation found that the hacker "exploited a vulnerability between contract calls" and was "not caused by the single keeper as rumored."

Poly Network didn't immediately respond to a request for additional comment.