{"id":47546,"date":"2021-08-11T18:10:44","date_gmt":"2021-08-11T15:10:44","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=47546"},"modified":"2025-09-01T21:54:24","modified_gmt":"2025-09-01T18:54:24","slug":"doxxed-experts-outline-the-hackers-motives-for-returning-611m-to-poly-network","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/doxxed-experts-outline-the-hackers-motives-for-returning-611m-to-poly-network\/","title":{"rendered":"Doxxed: Experts outline the hacker&#8217;s motives for returning $611m to Poly Network"},"content":{"rendered":"<p>An unknown attacker, who orchestrated what authorities describe as the largest-ever attack in cryptocurrency history on the Chinese cross-chain protocol Poly Network, decided to return the $611 million stolen less than a day later. ForkLog spoke to experts who speculated about what might have prompted the hacker to such a decision.<\/p>\n<p>According to Alexey Matyasevich, the smart-contracts developer, the hacker simply got doxxed. The funds used to finance the attack in BNB, ETH, MATIC and other tokens were transferred to the attacker&#8217;s address from the Chinese crypto exchange Hoo, which has KYC.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">I think it is too late already, this guy doxxed himself.<a href=\"https:\/\/t.co\/23L9IpZnEP\">https:\/\/t.co\/23L9IpZnEP<\/a><br \/>\nOr he used a stolen account.<\/p>\n<p>\u2014 luoj.eth (@luojeth) <a href=\"https:\/\/twitter.com\/luojeth\/status\/1425099729969483778?ref_src=twsrc%5Etfw\">August 10, 2021<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote>\n<p>&#8220;Usually hackers do not engage in any communication, because any communication is an additional opportunity to lose anonymity,&#8221; explained Matyasevich.<\/p>\n<\/blockquote>\n<p>The developer believes that in the event of full restitution, the hacker could avoid prosecution by law enforcement. Otherwise, a criminal case awaits him.<\/p>\n<p>Earlier, blockchain-security specialists from Slowmist <a href=\"https:\/\/www.chainnews.com\/news\/794796710812.htm\" target=\"_blank\" rel=\"noopener\">managed to track down the attacker&apos;s identifier<\/a>. They say they learned the attacker&apos;s email address, IP information, and the device&apos;s digital fingerprint. The information was obtained through the Hoo exchange and other trading platforms.<\/p>\n<p>One of the main reasons is the difficulty of legitimising proceeds obtained through criminal activity in the cryptocurrency industry, noted Stanislav Shakirov, chief technology officer of Roskomsvoboda.<\/p>\n<blockquote>\n<p>&#8220;Stolen crypto leaves a trace, and legitimising large sums is not easy. Given that you can end up in prison for this, returning the funds was probably the most sensible decision for the hacker,&#8221; he said.<\/p>\n<\/blockquote>\n<p>Denis Voskvitsov, head of the fintech company Exantech, does not rule out that the attacker this way might have aimed to point to a vulnerability in a particular protocol or the industry as a whole:<\/p>\n<blockquote>\n<p>&#8220;The theft may not have been the main goal. But to test this theory, we must wait for &#8216;programmatic&#8217; statements from the organizer of the hack.&#8221;<\/p>\n<\/blockquote>\n<p>Voskvitsov also recalled that part of the funds the hacker moved to liquidity pools and could already be earning a solid yield on the stolen assets.<\/p>\n<blockquote>\n<p>&#8220;The probability is small, but perhaps that was the plan \u2014 to return most of the money so that everyone is satisfied, while still being in the black,&#8221; added Exantech&apos;s head.<\/p>\n<\/blockquote>\n<p>To recall, on August 10 the Poly Network cross-chain protocol was subjected to <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-stole-611-million-from-the-poly-network-cross-chain-protocol\">an attack on the Ethereum, Binance Smart Chain, and Polygon<\/a>. The total damage amounted to $611 million in various cryptocurrencies. Some of the stolen funds, for example in USDT, were blocked.<\/p>\n<p>Part of the assets were moved by the hacker to the Ellipsis Finance liquidity pool.<\/p>\n<p>On August 11 the hacker announced his intent to return the funds. At the time of writing he had transferred to Poly Network wallets $1 million in USDC, $1.1 million in BTCB, $2 million in Shiba Inu, 622 243 in FEI, 1000 BTC, 26 629 ETH and 119 664 866 BUSD.<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"pIvwUhBAJD\">\n<p><a href=\"https:\/\/u1f987.com\/en\/news\/hacker-who-stole-611-million-from-poly-network-begins-returning-funds\">The hacker who stole $611 million from Poly Network began returning funds<\/a><\/p>\n<\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"\u201cThe hacker who stole $611 million from Poly Network began returning funds\u201d \u2014 ForkLog\" src=\"https:\/\/u1f987.com\/news\/pohitivshij-u-poly-network-611-mln-haker-soobshhil-o-gotovnosti-vernut-sredstva\/embed#?secret=rddpXSTOCW#?secret=pIvwUhBAJD\" data-secret=\"pIvwUhBAJD\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Earlier, developer Kelvin Fichter thoroughly analyzed the mechanism of the Poly Network attack.<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"KglO0gEw8u\">\n<p><a href=\"https:\/\/u1f987.com\/en\/news\/expert-explains-mechanism-behind-poly-network-hack-worth-611-million\">An expert explained the mechanism of the $611 million Poly Network hack<\/a><\/p>\n<\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; visibility: hidden;\" title=\"\u201cAn expert explained the mechanism of the $611 million Poly Network hack\u201d \u2014 ForkLog\" src=\"https:\/\/u1f987.com\/news\/ekspert-obyasnil-mehanizm-masshtabnogo-vzloma-poly-network-na-611-mln\/embed#?secret=XX3B6fldbU#?secret=KglO0gEw8u\" data-secret=\"KglO0gEw8u\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Follow ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener\">ForkLog Feed<\/a> \u2014 all the news, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener\">ForkLog<\/a> \u2014 essential news, infographics and opinions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The organizer of the largest attack in cryptocurrency history against Poly Network decided to return the $611 million stolen less than a day later. ForkLog&#8217;s experts suggested what might have prompted the hacker to make such a move.<\/p>\n","protected":false},"author":1,"featured_media":47547,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1138,2231],"class_list":["post-47546","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-opinions","tag-poly-network"],"aioseo_notices":[],"amp_enabled":true,"views":"32","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/47546","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=47546"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/47546\/revisions"}],"predecessor-version":[{"id":47548,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/47546\/revisions\/47548"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/47547"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=47546"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=47546"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=47546"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}