Straitstimes.com header logo

Hackers behind big crypto heist return over a third of stolen coins

Sign up now: Get ST's newsletters delivered to your inbox

Google Preferred Source badge
SHANGHAI • The hackers behind one of the biggest cryptocurrency heists have returned more than a third of the digital coins they stole, the company at the centre of the hack said.
Poly Network, a decentralised finance platform that facilitates peer-to-peer transactions, said on Twitter that US$260 million (S$353 million) of the stolen funds had been returned but US$353 million was outstanding.
The company, which allows users to swop tokens across different blockchains, said on Tuesday it had been hacked and urged the culprits to return the stolen funds, threatening legal action.
The hackers exploited a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains, according to blockchain forensics company Chainalysis.
A person claiming to have perpetrated the hack said they did it "for fun" and wanted to "expose the vulnerability" before others could exploit it, according to messages shared by Elliptic, a crypto tracking firm, and Chainalysis.
It was "always the plan" to return the tokens, the purported hacker wrote, adding: "I am not very interested in money." The hacker has not been identified.
Mr Tom Robinson, co-founder of Elliptic, said returning the money could have been prompted by the headache of laundering stolen crypto on such a scale. He said: "Even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the broad use of blockchain analytics by financial institutions."
The theft's size is comparable to the US$530 million in digital coins stolen from Tokyo-based exchange Coincheck in 2018. The Mt Gox exchange, also based in Tokyo, collapsed in 2014 after losing US$500 million in bitcoins.
Poly Network was founded by Mr Da Hongfei, a China-based entrepreneur who set up several blockchain companies, according to the Wall Street Journal.
The attack comes as losses from theft, hacks and fraud related to decentralised finance (DeFi) hit an all-time high, according to crypto intelligence firm CipherTrace.
At over US$600 million, however, the Poly Network theft far outstripped the US$474 million in criminal losses CipherTrace said were registered by the entire sector from January to July this year.
DeFi platforms allow users to conduct transactions directly, usually in cryptocurrency, without traditional gatekeepers such as banks. The sector has boomed over the last year, with platforms handling more than US$80 billion worth of digital coins.
Proponents of DeFi say it offers people and businesses free access to financial services, cutting costs and boosting economic activity. But technical flaws and weaknesses in their computer code can make them vulnerable to hacks.
REUTERS
See more on

Cryptocurrencies

Theft/burglary

Cyber security

E-paper

Newsletters

Podcasts

RSS Feed

About Us

Terms & Conditions

Personal Data Protection Notice

Need help? Reach us here.

Advertise with us

Download the app

Get unlimited access to exclusive stories and incisive insights from the ST newsroom
Subscribe Placeholder
MDDI (P) 046/10/2025. Published by SPH Media Limited, Co. Regn. No.202120748H. Copyright © 2026 SPH Media Limited. All rights reserved.