Hacker returns all $610 million in cryptocurrency stolen in cyberattack

One of the largest cryptocurrency thefts ever has finally come to an (unusual) end.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

One of the largest cryptocurrency heists comes to a conclusion.

Getty Images

One of the largest cryptocurrency thefts ever appears to have been resolved -- by the hacker. Poly Network, a decentralized finance platform, had been robbed of more than $600 million in cryptocurrency through a code vulnerability earlier this month. But on Monday, the company said, every last virtual dime was returned.

Poly Network is a decentralized finance platform, or defi, that works across blockchains. It lets people swap tokens across multiple blockchains, including popular cryptocurrencies including Bitcoin and Ethereum. In the initial attack, the hacker stole $273 million of Ethereum tokens, $253 million in tokens on Binance Smart Chain and $85 million in USDC on the Polygon network, according to The Block

The hacker, known as Mr. White Hat, began returning assets almost immediately after the theft was revealed, apparently moving funds piecemeal. On Monday morning, Poly Network was contacted by the hacker, who provided a private key to the remainder of the outstanding funds.

"At this point, all the user assets that were transferred during the incident have been fully recovered," the company reported in a Medium post on Monday. Poly Network said it's now working to return the assets to their owners.

It's not immediately clear why the hacker decided to return the money, but a message included in the digital currency transaction by an anonymous person claim to be the hack said they were "[quitting] the show," according to CNBC.

"My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style," the hacker said in the message. "The consensus was reached in a painful and obscure way, but it works."