A person claiming to be the hacker behind one of the biggest cryptocurrency heists of all time says the theft was done “for fun.”
In a Q&A embedded within a digital currency transaction Wednesday, a person claiming to be the anonymous hacker explained the reasoning behind the hack — “for fun.”
“When spotting the bug, I had a mixed feeling,” the person said. “Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!”
“I can trust nobody!” the person continued. “The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.”
The person also gave a reason for returning the funds, claiming: “That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”
Tom Robinson, chief scientist at blockchain analytics firm Elliptic, said the person writing the Q&A was “definitely” the hacker behind the Poly Network attack.
“The messages are embedded in transactions sent from the hacker’s account,” Robinson told CNBC. “Only the holder of the stolen assets could have sent them.”
“White hat hacking is all about having a scope, not touching some systems, working with the team, writing professional reports detailing our findings, and not going further than we need to in order to demonstrate risk,” she said, emphasising the importance of avoiding the appearance of authority.
As a policy, we adhere to the adage “first, do no damage,” meaning that we won’t put users’ data at danger while verifying that patches have been implemented.
Forensic Risk Alliance Partner and former DOJ and FBI officer Charlie Steele shares similar concerns about Poly Network’s purported offer.
There is no legal basis for private firms to guarantee protection from criminal prosecution, he said.
He continued, “This incident, in which an anonymous hacker stole $600 million “for fun” and subsequently returned most of it, is not going to allay regulators’ concerns about the varying risks posed by crypto-currencies.”