The specialized company Poly Network announced, Tuesday, August 10, a theft of more than $ 600 million in cryptocurrency, the largest ever observed by the sector. But, twist two days later: Thursday, August 12, the hacker returned to everyone’s surprise some $ 338 million – still well below the total stolen, but enough to spark speculation about his motives.
What raise questions about the security of this decentralized finance system. In the messages embedded in the transactions, the thief insisted that he was full of good intentions: “I am not very interested in the money! “, he wrote, assuring that returning the stolen funds had ” always [été] the plan “.
A bounty of $ 500,000 for the perpetrator of the theft
Is it the signature of an ethical hacker or white hat (“White hat”)? A practice which consists, for companies or institutions, to offer rewards to these ethical hackers to find the loopholes in their systems and then to reinforce them. Because, despite their volatility and concerns about the enormous waste of electricity they generate, crypto-assets like bitcoin and ethereum have grown in popularity in recent years.
Their combined market value currently stands at nearly $ 2 trillion, creating attractive prospects for both investors and hackers. In addition, crypto-asset transfers rely on a technology – the blockchain or blockchain, sort of digital registers that record each transaction carried out – and a philosophy: to do without intermediaries such as banks, the transactions being made directly from user to user.
The “Poly Network” affair is therefore closely followed by the players in decentralized finance.
According to Pawel Aleksander, an expert in stolen cryptocurrency tracking, thieves usually try to cover their tracks by dividing the money and moving it, “Sometimes using hundreds of thousands of consecutive transactions”. His company Coinfirm is one of a growing number of companies aiming to help law enforcement and investors track down stolen assets. They specialize in monitoring these dizzyingly complex transactions.
While some crypto aficionados view the Poly Network hacker as a hero, others suspect him of having started giving back the money only because digital sleuths were on his trail. SlowMist, another investigative company, has, in fact, claimed to have identified some of the hacker’s personal information, including his email.
In any case, Poly Network seeks to find an arrangement: the platform confirmed, Friday, to have proposed to reward the author (s) of the embezzlement of which it was victim to the tune of 500,000 dollars. However, the press release does not specify in what form this bonus will be paid, or whether the offer has been accepted.
“There is not much to do”
Despite spectacular thefts like the one that hit Poly Network, but also Japanese trading platforms Mt. Gox in 2014 and Coincheck in 2018, cryptocurrency-related crimes are on the decline. A recent report released by security firm CipherTrace estimated global crypto-crime losses at $ 1.9 billion last year, up from $ 4.5 billion in 2019. “The imagination of fraudsters in this industry is constantly evolving”However, Syedur Rahman, a British lawyer specializing in cases involving cryptocurrencies, points out, even as stricter regulations increasingly require users to verify the identity of users, while authorities are increasingly experienced in handling cases. crypto-crimes.
However, the recovery of stolen crypto-assets often proves difficult, because “Criminal activities in cryptography are very transnational”, recalls Pawel Aleksander. “It is typical that victims sit in different jurisdictions and that the exchanges are recorded in different jurisdictions”, adds the expert in the monitoring of stolen cryptocurrencies. Additionally, hiring digital detectives to track down stolen assets is an expensive option, often out of reach for individual investors affected by hackers. “When you have a consumer who has lost a nominal sum, there is not much to do”, summarizes the British lawyer Syedur Rahman.