back to article Thief hands back at least a third of $600m in crypto-coins stolen from Poly Network

Whoever drained roughly $600m in cryptocurrencies from Poly Network is said to have returned at least $260m so far. The cyber super-heist, revealed yesterday, was described by Poly Network as the largest of its kind in decentralized finance history. The Chinese biz, which handles the exchange of cryptocurencies and other …

  1. Anonymous Coward
    Anonymous Coward

    Fruity notes

    Pinky: "We wuz robbed give it back",

    Perpy: "OK, here you go, oopsie forgot crypto was tracked"

    Perky: "They wuz totally robbed, we confirm it, we is giving third party confirmation of said events".

    Amazing that the guy had such deep knowledge of their system, and yet no way to liquidate it, and somehow was unaware that the crypto crapto would be tracked and logged in some sort of "blockchain thingy".

    And if Perky has the IP address, then why is the IP not released?

    Rich deep fruity notes, with a hint of citrous. A smell so dense it can be chewed.

  2. Phil Kingston

    Do it once, do it big, get out.

    1. NoneSuch Silver badge
      Pint

      This was not a theft.

      He simply took an advance on the bug bounty for the flaw he discovered, but not yet reported.

      (sarcasm) I'm sure giving some of the money back will stop the investigation. (/sarcasm)

  3. Anonymous Coward
    Anonymous Coward

    It’s like it all never actually existed

    There

    Gone

    There

    Pooooof!

  4. lglethal Silver badge
    Go

    This definitely has all the hallmarks of a:

    "Hey what happens if i do this?"

    "Ha, i just stole some of their Coins! How easy was that!"

    "I wonder how much i could steal?"

    "Hmmm. That's a lot of money. Umm how do I turn that into cash?"

    "Oh man. Look everyone's talking about the theft, how awesome am I?"

    "Ohhhh shiitttt! This is not good. Everyone is trying to track me down. Oh shit, maybe they can track me. And none of my attempts to turn it into cash have worked. Everything is getting blocked. And oh no they're publishing the wallet details. Everyone knows where the coins are. Oh shit!!!!!!!"

    "Wait maybe if i give it back, and pretend I was just doing it to highlight their security failures, maybe People will stop looking for me... Shit, shit, shit.... Please stop looking for me...."

    This does not have the hallmarks of a professional on it. If it had been a professional, the moment the money began to leave Poly, it would have been being split up, and sent to multiple places where it was being turned into actual currency, before anyone cottoned onto the fact a theft had happened at all. It would not have been sitting in a single account, just waiting to be tracked down.

    Alternatively, if they stole $600 million, and Poly gets back say $599 million. A $ 1 million dollar pay-off is not too shabby for a nights work... And $1 million is a lot easier to hide than $600 million...

    1. Hans Neeson-Bumpsadese

      There's a saying about not attributing to malice what could actually be attributed to stupidity. In this case I think we have a combination of both.

    2. Anonymous Coward
      Anonymous Coward

      Split up and turned into other crypto currency first, cycled through a few of them to launder it, then into different real currencies over a longer timeframe.

      1. lglethal Silver badge
        Go

        I was not really going into how you would actually do it. I was more pointing out that a professional would already have in place there "exit strategy" before they stole anything, so that the moment the first coin hit their wallet, it would be already on its way out the door to the first cycle of the laundering.

    3. FlamingDeath Silver badge

      Interesting thought, more likely the case though, is this is the work of state sponsored actors

      They’re not hiding in embassies though

    4. hoola Silver badge

      Maybe they threatened to just destroy it all. Sure the perpetrators would not get the Crypto money but if they get the ransom, then they are still better off.

      $600 million on cash or gold is quite difficult to do things with quickly where as a digital theft ups the speed stakes.

    5. Anonymous Coward
      Anonymous Coward

      "And $1 million is a lot easier to hide than $600 million..."

      Ah, memories of the end of "Entrapment".

  5. Ian Johnston Silver badge

    If it really was possible to track down criminal transactions in cryptocurrencies, the entire use case for them would disappear overnight, wouldn't it?

    1. Pascal Monett Silver badge

      If only it were that simple.

      You need to factor in international borders, the limits of police authority, the lack of diplomatic agreements on the subject, and the fact that criminals have a tendency to target people in countries where they do not live.

      The use case is valid. Unfortunately.

    2. doublelayer Silver badge

      It is possible to track them. Most of it is public and pseudonymous. It's used by criminals not because it's secret, but because it's convenient. For instance, you can get millions of dollars from someone without having to meet up in person to exchange heavy bags of currency or valuable items. Before crypto existed, criminals figured out ways to receive money when it became valuable enough. Now that there is crypto, criminals still do that but have branched out. If crypto dies, criminals will still commit crimes and will still find ways to get their anonymous money.

  6. tmTM

    Bottled it

    Felt the heat and returned the loot, hoping for no harm, no foul outcome.

    Probably means the company got owned by a single kid messing around, makes them look pretty useless.

    1. LybsterRoy Bronze badge

      Re: Bottled it

      Stole £600m returned c$250m - where's the rest?

  7. Andy 97

    Residents of CCP despotic rule have been warned that their beloved leaders are 'cracking down' on crypto.

    Suddenly an exchange in that very same locale is raided, huge sums disappear, some returned, so many questions.

    Maybe some of the exchange transactions were instigated by high ranking members of The CCP? A quick call to President 11 and 'would you Adam and Eve it?', they're returned.

  8. LybsterRoy Bronze badge

    I'm about to show my ignorance (not a pretty sight). When the nasties carry out a ransonware attach they ask to be paid in bitcoin and we are told that its untraceable. How come the imaginary money in this theft is traceable?

    1. marcellothearcane

      If I understand correctly...

      You can trace where it goes, but not the people at the end of it.

      The ledger just shows "wallet abc123 sent 100 currencies to wallet def456".

      The fun starts when you own lots of wallets, and split the money up and send it round in a complicated set of transactions - there are also services like banks where lots of people send plausibly legitimate money in and it comes out in various directions, but you can't work out which bits are the stolen money. You can also convert to any of the thousands of cryptocurrencies and send it across borders with ease.

      It's all standard money laundering techniques which are old hat. Crypto just lets criminals have a new and fairly unreglated way of laundering it.

    2. doublelayer Silver badge

      It's not untraceable, just pseudonymous. In fact, it's easier to trace where it went, but harder to tell who has it.

      Imagine your bank. If you transfer money from your account to your friend's account, I cannot see that you have done this. That transaction is private. However, the banks know exactly who you and your friend are because both of you were required to submit identification when you opened the accounts. The transfer is identified. Bitcoin reverses both aspects. You can open as many accounts as you want without identification of who you are, but any transfers can be viewed by anybody.

      Therefore, if we know where the money came from, we can see where it was transferred to. In turn, we can see anybody they pay. What we can't easily do is figure out who controls those opaque addresses without investigation of other things. The question is whether we can identify the criminals before they convert their public asset into something private. If we can stop them converting, they effectively lose control of the money because they can't spend it. If they're fast at laundering it, then they have now pulled off an unidentified and private transaction and can proceed to hide their new wealth.

  9. Spinux

    How

    How come they are able to track this 'heist' and cannot track bitcoins that are paid for ransomware?

    1. Anonymous Coward
      Anonymous Coward

      Re: How

      They can only be tracked to the point they're converted into Monero. From there they could emerge anywhere as Bitcoin again, or Ethereum or cash...etc.

      You can only track the address to which they were sent. When they are exchanged for another crypto you need to know which crypto they were converted to and the address the new crypto was sent to. This is impossible once you get into Monero.

      The exchange will know your initial Monero wallet, but beyond that once it's all split up it's a crap shoot.

  10. Anonymous Coward
    Anonymous Coward

    Fuck me

    I thought Dick Turpin wore a mask.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021