Hackers returned about half of the $610 million or so they pilfered Tuesday in what was likely one of the biggest cryptocurrency thefts on record in the burgeoning DeFi sector.
In a unusual twist, the online thieves pledged to return the entire amount stole from a decentralized finance, or DeFi, protocol known as PolyNetwork that lets users swap tokens across multiple blockchains. It isn’t clear from the PolyNetwork website who runs the protocol.
In a message the unidentified hackers said that they “just dumped all the assets,” adding, “hacking for good, I did save the project.” About $260 million has been returned so far, according to Tom Robinson, co-founder of blockchain forensics firm Elliptic.Subscribe to The Ledger for expert weekly analysis on fintech’s big stories, delivered free to your inbox.
Even more brazen, the hackers are asking for donations as a reward for returning the funds. So far, they’ve garnered $200, Robinson said.
The hackers also posted a Q&A online, explaining motivations for the attack as “for fun:).” The online pirates said they took the funds “to keep it safe” after spotting a bug in the computer code. The hackers ended the missive saying they will be impossible to trace. “I prefer to stay in the dark and save the world.”
Blockchain security researcher SlowMist had said that it’s found the attackers’ email address, IP address and device fingerprint.
Elliptic, as well as scores of cryptocurrency exchanges and trackers, have been on the hunt for the hackers. Thousands of people were affected by the attack, PolyNetwork said in a letter posted Tuesday on Twitter.
“This demonstrates that even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics,” Robinson said. “In this case the hacker concluded that the safest option was just to return the stolen assets.”
The heist netted 11 different cryptocurrencies, including $93 million in Ether, according to blockchain researcher Chainalysis, which tracked some of the hackers’ transactions. The attacker had attempted to launder part of the money by using PolyNetwork to cash in Dai and USDC coins and converting them all back to Dai, Chainalysis said.
DeFi apps—which let people lend, borrow and trade coins without using intermediaries—have become frequent targets of attacks lately, as they gain in popularity. Some $156 million was netted from DeFi-related hacks in the first five months of the year, surpassing the $129 million stolen in such attacks through all of 2020, according to crypto security firm CipherTrace.
Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.