Yesterday, Hackread.com reported how a Chinese lending platform named Lendf.me using a lending protocol by dForce was hacked resulting in a loss of $24.36 million worth of Ethereum, Bitcoin and USD Stablecoins. Now, in a shocking twist of events, the entire sum has been returned back by the hacker.
The money was returned over the course of 2 days. On 20 April, $2.79 million was returned whereas today on the 21st of April, the remaining $22 million has been returned. This revelation comes as a result of examining the flow of transactions on the blockchain.
How these events unfolded is no mystery.
After the attack, a series of transactions occurred, in which a “threatening-tease” reply was issued in return by Lendf.me stating “Contact us, for your better future.”
Shortly afterward, it can be seen in the image below that the funds were returned due to obvious reasons by the hacker.
According to Sergej Kunz who is the CEO of 1inch.exchange.com which was used by the hacker to exchange a certain proportion of the funds, the hacker left behind important metadata giving away crucial information such as his IP address and the fact that they were using a MAC with the system language set to US English.
Further, the exchange was using its content delivery network (CDN) which helped the investigator’s even further.
Our statement to the hacker: Pay back what is not yours and sleep well, instead to be a thief. White hacking makes more fun and helps people instead of destroying their lives. #DeFi https://t.co/7YQf0tSfWs
— 1inch.exchange (@1inchExchange) April 20, 2020
Reporting the incident to The Block, he states:
“We got a request from Singapore police and we were helping dForce. Based on the request, we delivered to the police the IP addresses and sensitive meta information, which the hacker speeded by using our CDN….the The idea was to make pressure as much possible to the hacker.”
However, the value of these funds has gone down a bit to $24.3 million due to the money lost to transaction costs when the hacker was converting them.
To sum up:
Hacker steals $25m from an Ethereum contract.
CEO of the company behind the contract messages him to return the money “for his better future”.
Turns out the hacker’s Chinese IP was exposed in the hack.
Hacker returns all $25m.
Could they even do anything to him in China? https://t.co/hbgXjBggE1
— Under the Breach 🦠 (@underthebreach) April 21, 2020
To conclude, this is definitely something of a rare incident in the cybersecurity community and would send out a precautionary message to other criminals out there. Cryptocurrency exchanges have been a long-standing target of cyberattacks due to the high riches associated with them.
Nonetheless, administrators should take strong security measures such as trying to place the largest amount possible in cold wallets disconnected from the internet. These could greatly mitigate the potential impacts of such attacks.