The hacker behind the biggest ever DeFi exploit has been returning some of the stolen assets to the cross-chain protocol Poly Network, and supposedly some of the motivation for the hack was… for “fun”.

The US$611 million theft is being described as a “heist” in several media reports, and while that’s not exactly inaccurate, it does kind of conjure up this…

… as opposed to this…


At the time of writing, the hacker has returned more than half of the stolen assets – roughly US$342 million according to a Coindesk report, including USDC, BUSD, SHIB and FEI.

It’s a start, but it seems unlikely Poly Network will get it all back, especially as the hacker seems to have tipped the odd rando on Twitter here and there. That said, this is still a developing, and highly unusual, story that’s been taking a few plot twists.

The blockchain data platform Chainalysis, which specialises in “building trust in blockchains among people, businesses and governments”, but also investigating this sort of thing, has been following it all closely.

It’s provided an excellent breakdown of the hack’s aftermath, and the movement of the pilfered assets, in a detailed blog that you can read here.


All just a bit of fun… what’s $611 million between friends?

According to Chainalysis, the attacker has allegedly conducted a Q&A directly on the Ethereum blockchain (see below). Some other reports, meanwhile, have even been calling it a “white-hat” hack.

The TLDR on that is essentially as follows…

The hacker’s supposed motivation for conducting the exploit was because it was “fun”, and because they felt a responsibility to expose a vulnerability in the network “before any insiders” could see it and exploit it themselves. Maybe they think they’re even some kind of hero.

The attacker also claimed that they considered informing the Poly Network team about the bug/vulnerability but were afraid of a possible “traitor” within the Poly Network system. “I can trust nobody!”

Insofar as how the actual hack took place, this breakdown covers it extremely well, although it’s somewhat technical. But if you can understand it, please try to refrain from using the information to exploit another DeFi protocol for hundreds of millions of dollars and ruining several lives in the process. Also, we’d rather be writing about NFTs.

If you can’t wrap your head round it all, though (and we wouldn’t blame you), this is probably the best representation of what happened that we’ve seen so far…