By Mary-Ann Russon Business reporter, BBC News
image sourceGetty Images
The hacker behind one of the largest cryptocurrency heists to date has returned almost half of the $600m (£433m) stolen assets.
On Tuesday, the firm affected, Poly Network wrote a letter on Twitter, asking the individual to get in touch "to work out a solution".
The hacker then posted messages pledging to return funds, claiming to be "not very interested in money".
On Wednesday, Poly Network said it had received $260m back.
The company, a blockchain platform which lets users swap different types of digital tokens, posted on Twitter that it had been sent back three cryptocurrencies, including $3.3m worth of Ethereum, $256m worth of Binance Coin and $1m worth of Polygon.
A total of $269m in Ether tokens and $84m in Polygon tokens has yet to be recovered.
A blockchain is a ledger, or log, of every single transaction made of a cryptocurrency, such as Bitcoin.
The ledger is distributed to all the users in the network to verify all new transactions when they occur, instead of being held by any one single authority.
The hacker published a three-page-long QA session on one of the blockchains essentially in the form of a self-interview, according to Tom Robinson, co-founder of Elliptic, a London-based blockchain analytics and compliance firm.
The hacker claimed to have always planned to return the tokens and said the heist was carried out to highlight vulnerabilities in Poly Network software.
"I know it hurts when people are attacked, but shouldn't they learn something from those hacks?" the hacker wrote in the notes embedded on the Ethereum blockchain.
image sourceGetty Imagesimage captionThe technology underpining all crypto-currencies is blockchain - a distributed log of every single transaction made of a digital currency, that is sent to all users on the network
The hacker claimed to have spent all night looking for a vulnerability to exploit. They said they were worried that Poly Network would patch the security flaw quietly without telling anyone, so they decided to take millions of dollars in cryptocurrency tokens to make a point.
But they stressed that they did not want to cause a "real panic [in] the crypto-world", so they only took "important coins", leaving behind Dogecoin, the cryptocurrency that started off as a joke.
"Either they just intended to commit theft and steal the assets, or they were acting like a white hat hacker to expose a bug, to help Poly Network make themselves more strong and secure," Mr Robinson, who routinely advises governments and law enforcement agencies about crypto-related crimes, told the BBC.
He added that the nature of blockchain technology makes it hard for cyber-criminals to profit from stealing digital currencies, because everyone can see the money being moved across the network into the hackers' wallets.
"I wonder whether this hacker stole the funds, realised how much publicity and attention they were getting, realised wherever they moved the funds they would be watched, and decided to give it back," said Mr Robinson.
"The blockchain itself has operated here flawlessly, but the problem is on blockchains like Ethereum, you can write your own smart contracts. Various services have started offering this, including Poly Network.
"So whenever a human being writes code, there's a chance they will make a mistake."
How it works
image sourceGetty Imagesimage captionDespite the volatility in prices and frequent news of cryptocurrency heists, more and more young people are buying and selling crypto-currencies online
Poly Network's platform works by facilitating movement between several blockchains when people trade one cryptocurrency for another, such as trading Binance Coin for Ether.
"The Poly Network is the thing that facilitates the movement between these chains - ultimately, it's software, it's code, and code always has imperfections and defects in it," James Chappell, co-founder of London-based cyber-security firm Digital Shadows, told the BBC.
"And that's true of banks, or any financial system. Unfortunately, what seems to have happened here is a party has spotted a weakness in the implementation and exploited it to fool the network into transferring these tokens incorrectly."
Similar attacks have happened to several other services in the last 12 months. These include:
- Yearn Finance, which had $11m stolen by hackers in February;
- Alpha Finance, which had $37m stolen in the same month;
- and Meerkat Finance, which was drained of $32m by hackers in March.
After a rollercoaster 24 hours for the crypto community, it seems the hacker intends to return all or most of the stolen money.
As the criminal posted online: "The pain suffered is temporary, but memorable."
The claim that it was all an elaborate way to force Poly Network to fix security failings is being treated with scepticism.
Why the taunting and boasting online if the motive was honourable?
There's some suggestion that the net may have been closing in, as one cyber-security company says it was close to working out the identity of a suspect.
It might have been the case that the hacker bit off way more than they could chew and got scared, so returned the money.
Regardless, the authorities will still no doubt be working hard to find them.
But what this story mostly points to is just how powerful hackers can be and how powerless the unregulated, decentralised cryptocurrency world is when someone swipes a large fortune from under its nose.