One hour after the world was discovered that a suspected hacker had stolen $600 million in the largest cryptocurrency theft in history, the thief paid $42,000 to bystanders, warning that some assets would be frozen.
The apparent act of generosity is only the first unexpected turn in a virtual robbery, which has swept the cryptocurrency industry and left many observers confused.
The target of the mysterious hacker is an obscure organization called Poly Network, a project in the field of decentralized finance called DeFi, which links together some of the most widely used digital ledgers. DeFi is cutting edge The world of digital assets. Developers are building automated networks to allow individuals and companies to skip charging intermediaries such as banks and exchanges.
In the crypto market, all transactions can be seen on the digital ledger. Poly uses this feature in the same way that banks can alert authorities to the serial number of stolen cash. It calls on other industry participants to “blacklist” the stolen loot, which makes it more difficult for hackers to move it without being caught.
As the escape route quickly closed to transfer such a large amount of money, hackers began to prove that they were a selfless thief, went out to have a good time, and showed Poly’s vulnerabilities for the greater good.
“I want my life to be composed of unique adventures, so I like to learn and crack everything to fight fate,” the hacker wrote in a message that can be viewed on the blockchain. Solving the blind spots of Poly Network “will be one of the best moments in my life,” said the unidentified hacker.
“Mr. White Hat” speech
As the events unfolded this week, the hacker known as “Mr. White Hat” sent a publicly viewable bulletin through the Ethereum blockchain. The blockchain conversation revealed part of the hacker’s negotiations with Poly Network and provided some clues to the motives behind the theft.
Here are some excerpts from these messages:
“Not very interested in money, now consider returning some tokens, or just leave them here.” — Mr. White Hat
“When you return all remaining assets, we can provide you with a security reward. We will provide a secure address via email.” — Poly Network
“I have been exploring the meaning of life.” — Mr. White Hat
“I know it hurts when people are attacked, but shouldn’t they learn something from those hackers?” — Mr. White Hat
“Q: Why hack? A. For fun :)” — Mr. White Hat
After quoting the words of the German philosopher Martin Heidegger, the hacker adopted the Batman-like attitude of a voluntary police officer. “I prefer to work in the dark and save the world,” they wrote.
To some, a naive philosophy that mixes high-level culture and popular culture to justify $600 million seems far-fetched. In the largely unregulated world of cryptocurrencies, the DeFi market has become known as the craziest market in the “Wild West.” According to data from the encrypted data company Chainalysis, last year, DeFi accounted for only 6% of all cryptocurrency activities, but accounted for one-third of all digital asset theft.
But as the dust settled, many cryptocurrency enthusiasts, a community that has long championed liberal ideals, have begun to sympathize with him. It even gave hackers a nickname-“Mr. White Hat”-referring to the so-called “ethical” hacking.
“So far, the world has been too tolerant of people deploying insecure systems that are managed by companies rather than repaired. The beauty of DeFi is that it will not be tolerant in this way,” said Mark Agoric, chief technology officer who provides software for DeFi transactions. Miller said.
“We have an ecosystem here. In this ecosystem, unsafe participants will be quickly killed, so the survivors of this process will live in it.”
The sudden fame of the anonymous hacker began on Tuesday when he discovered a weakness in Poly’s system.
Poly has developed a computer protocol or set of rules that allows users to transfer tokens bound to a blockchain to a different network. Many of the most widely used blockchains in the world, such as Binance Smart Chain and Ethereum, operate independently. Their tokens act as an incentive to users and use different technologies to operate.
This means that investors cannot easily transfer tokens to different blockchains for trading elsewhere. Poly played a bridge role, but Mr. White Hat discovered a loophole that allowed him to directly access the ledger.
Shortly after 1:30 pm London time, Poly reminded the world on Twitter that thousands of tokens had been removed from its network. Its response is to publish the unique alphanumeric address of the wallet to which the tokens are sent, so that other cryptocurrency players can identify and possibly prevent further transactions.
Exchanges such as Binance and OKEx said they are monitoring the situation. The stablecoin operator Tether stated that it has frozen tokens worth approximately $33 million. As the exchange at the core of the encryption system began to prevent hackers from intruding, the risk has changed again.
Users of the Ethereum blockchain can create encrypted transactions and attach comments for the world to view. Useful informants of hackers use this function to warn Mr. White Hat that his assets have been locked. Others started to tip Mr. White Hat with tokens and attached information requesting a refund of funds. Although most tips are worth less than $1, a small number of more than 1,300 transactions involve tokens worth hundreds of dollars in hopes of getting more generous returns.
Poly left a message on Ethereum and asked the hacker to contact them. Less than an hour later, Mr. White Hat responded on the same channel. The attacker and the target are communicating openly.
In more moderate language, Poly offered a bounty worth $500,000 as a reward for discovering errors and returning assets. The organization said: “We hope it will be remembered as the largest white hat hacking incident in history.”
The call to hacker vanity worked. He did not indicate that he would accept the money, but began to transfer small sums to a joint account the next day.Just like the police negotiator in the movie, Poly encourages the hacker to continue saying: “You are moving things [in] right direction. ”
By Friday, Poly stated that almost all the funds had been returned and that he was ready to fully control the assets to return to the owners. When the hacker surrendered, the thief was still stunned; he wrote via Ethereum: “Forever hacker, I did save the project”.
For some, this episode represents an important lesson about the error-proneness of systems, especially protocols that wish to connect to blockchains like Poly. “Blockchain can be very secure, but only in its own world. When it needs to talk to something other than the blockchain, it can cause problems,” said Kevin Wei, a scholar at the Wharton School of the University of Pennsylvania. Bach (Kevin Werbach) said.
Lawyers said that it is not yet clear whether users whose funds are involved in the scam will or may even initiate legal challenges. Poly’s website does not provide terms governing its use, nor does it mention legal entities.
The DeFi system uses software programs called smart contracts to transfer encrypted currency, eliminating any human intermediaries and complicating the task of assigning responsibilities to any party. Some developers believe that the rules created by software programs constitute “laws”-a concept that many lawyers oppose.
But Charlie Steele, a former US government attorney and partner of the regulatory consulting firm Forensic Risk Alliance (Forensic Risk Alliance), said that hackers may have the greatest impact on the supervision of DeFi activities by regulators. “I don’t think regulators will be too comfortable relying on Robin Hood to oversee the system.”