Cryptocurrency investors have been transfixed over the past few days by the antics of a mysterious hacker who stole more than US$600 million — before gradually giving it back.
Was the thief a good Samaritan who stole the money to expose a dangerous security flaw, or did they simply realize they were about to be caught?
The hacker on Tuesday struck Poly Network, a company that handles cryptocurrency transfers, in one of the biggest thefts of digital money in history.
Photo: AFP
However, by Thursday the perpetrator had given back almost all of the stolen funds in a slow trickle of transactions.
In messages embedded in the transfers, the thief said that the money had been stolen with good intentions.
“I am not very interested in money,” the hacker wrote, adding that it was “always the plan” to return the funds.
Despite their volatility and concerns over the huge waste of electricity they generate, cryptocurrencies such as bitcoin and Ethereum have soared in popularity in the past few years.
Their combined market value stands at nearly US$2 trillion, creating alluring prospects for hackers. Most notoriously, thieves stole 850,000 bitcoins from Japanese exchange Mt. Gox in 2014. Worth about US$470 million at the time, the coins would today be worth a staggering US$38 billion.
Another Japanese exchange, Coincheck, was hacked for nearly US$500 million in 2018.
Yet in both cases, the technology that cryptocurrency uses allowed some of the funds to be traced — even though for Mt. Gox, it came too late to save the company.
Cryptocurrencies use blockchains, digital ledgers that record every transaction made.
Pawel Aleksander, an expert in tracking stolen cryptocurrency, said that thieves typically try to cover their tracks by splitting the money up and moving it around — “sometimes using hundreds of thousands of consecutive transactions.”
However, his company Coinfirm is among a growing number that specialize in following dizzyingly complicated blockchain transactions, helping law enforcement agencies and investors to trace stolen assets. While many crypto aficionados are hailing the Poly Network hacker as a principled hero, others suspect they began handing the money back because sleuths were on their trail.
The returns began after Xiamen SlowMist Technology Co Ltd (廈門慢霧科技有限公司), another investigative firm, said that it had identified some of the hacker’s personal details, including their e-mail address.
“It’s hard to say what the hacker’s initial intention was,” said Aleksander’s colleague, Roman Bieda.
“The hacker could be simply afraid of action taken against him,” he said, although he added that “white hat” ethical hackers do often seek to publicly shame companies for their security flaws.
In an encrypted exchange with the hacker dubbed “Mr White Hat,” Poly offered US$500,000 as a reward and promised: “We assure you that you will not be accountable for this incident.”
The hacker wrote that they had refused the bounty, saying: “I will send all of their money back.”
Crimes involving cryptocurrencies are on a downward trend, despite spectacular thefts such as this one and concerns about their use by criminal gangs.
A report this month by security firm CipherTrace Inc estimated global crypto crime losses at US$1.9 billion last year, down from US$4.5 billion in 2019.
Yet it did warn of an alarming rise in hacking and fraud linked to decentralized finance, or “defi” — a form of crypto-financing, including loans, designed to cut out intermediaries such as banks. The Poly Network heist is part of that trend, with the company calling it the biggest hack “in defi history.”
“The imagination of fraudsters in this industry is constantly developing,” said Syedur Rahman, a British lawyer who specializes in cases involving cryptocurrencies.
However, he added that tighter regulations are increasingly forcing cryptocurrency exchanges to verify users’ identities, while law enforcement agencies are growing more experienced in handling crypto crimes.
Hackers extracted a US$4.4 million ransom in bitcoin from oil company Colonial Pipeline in May, but the FBI was able to track down most of the coins and seize them.
However, retrieving stolen crypto assets can still be difficult.
“Criminal activities in crypto are very much multinational,” Aleksander said. “It’s typical that the victims sit in different jurisdictions, and the exchanges are registered in different jurisdictions.”
Victims’ battle to claw back money stolen in the Mt. Gox hack has been bogged down in years of international litigation, and hiring sleuths to trace stolen assets is an expensive option that is often out of reach for individual investors.
“When you have a consumer who has lost a nominal sum, there’s not much that can be done,” Rahman said.
CAUTIOUS RECOVERY: While the manufacturing sector returned to growth amid the US-China trade truce, firms remain wary as uncertainty clouds the outlook, the CIER said The local manufacturing sector returned to expansion last month, as the official purchasing managers’ index (PMI) rose 2.1 points to 51.0, driven by a temporary easing in US-China trade tensions, the Chung-Hua Institution for Economic Research (CIER, 中華經濟研究院) said yesterday. The PMI gauges the health of the manufacturing industry, with readings above 50 indicating expansion and those below 50 signaling contraction. “Firms are not as pessimistic as they were in April, but they remain far from optimistic,” CIER president Lien Hsien-ming (連賢明) said at a news conference. The full impact of US tariff decisions is unlikely to become clear until later this month
GROWING CONCERN: Some senior Trump administration officials opposed the UAE expansion over fears that another TSMC project could jeopardize its US investment Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) is evaluating building an advanced production facility in the United Arab Emirates (UAE) and has discussed the possibility with officials in US President Donald Trump’s administration, people familiar with the matter said, in a potentially major bet on the Middle East that would only come to fruition with Washington’s approval. The company has had multiple meetings in the past few months with US Special Envoy to the Middle East Steve Witkoff and officials from MGX, an influential investment vehicle overseen by the UAE president’s brother, the people said. The conversations are a continuation of talks that
CHIP DUTIES: TSMC said it voiced its concerns to Washington about tariffs, telling the US commerce department that it wants ‘fair treatment’ to protect its competitiveness Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday reiterated robust business prospects for this year as strong artificial intelligence (AI) chip demand from Nvidia Corp and other customers would absorb the impacts of US tariffs. “The impact of tariffs would be indirect, as the custom tax is the importers’ responsibility, not the exporters,” TSMC chairman and chief executive officer C.C. Wei (魏哲家) said at the chipmaker’s annual shareholders’ meeting in Hsinchu City. TSMC’s business could be affected if people become reluctant to buy electronics due to inflated prices, Wei said. In addition, the chipmaker has voiced its concern to the US Department of Commerce
STILL LOADED: Last year’s richest person, Quanta Computer Inc chairman Barry Lam, dropped to second place despite an 8 percent increase in his wealth to US$12.6 billion Staff writer, with CNA Daniel Tsai (蔡明忠) and Richard Tsai (蔡明興), the brothers who run Fubon Group (富邦集團), topped the Forbes list of Taiwan’s 50 richest people this year, released on Wednesday in New York. The magazine said that a stronger New Taiwan dollar pushed the combined wealth of Taiwan’s 50 richest people up 13 percent, from US$174 billion to US$197 billion, with 36 of the people on the list seeing their wealth increase. That came as Taiwan’s economy grew 4.6 percent last year, its fastest pace in three years, driven by the strong performance of the semiconductor industry, the magazine said. The Tsai
RSS