Poly Network Hacker Returns Stolen Crypto. Here’s What Investors Should Know

A photo to accompany a story about cryptocurrency security Getty Images/ Illustration/NextAdvisor
A cryptocurrency network was hacked in August, resulting in $600 million worth of stolen crypto assets. The incident is a reminder of the risks of cryptocurrency investing.

We want to help you make more informed decisions. Some links on this page — clearly marked — may take you to a partner website and may result in us earning a referral commission. For more information, see How We Make Money.

After a hacking theft of more than $600 million in early August, Poly Network reports it has regained control of all stolen assets

The hacker, which Poly Network refers to as “Mr. White Hat,” began returning assets shortly after the hack, before withholding the private key necessary to unlock access to those assets. Poly Network has also offered a bounty to the hacker worth $500,000.

Poly Network isn’t a crypto exchange or digital wallet platform. Instead, it helps facilitate crypto transfers between different cryptocurrencies’ blockchains. This can help people use their cryptocurrency across different networks. 

“We are in the process of returning full asset control to users as swiftly as possible,” Poly Network wrote in its latest update. But recovering stolen digital assets at all is far from a guarantee for crypto investors. Cryptocurrencies are decentralized and largely unregulated across the globe, so there’s historically been very little investors can do if their crypto is stolen by hackers.

The Poly Network incident reinforces concerns many people — and regulators — have about cryptocurrency theft and fraud. This makes the importance of safe and secure investing all the more apparent.

Investing in Crypto Securely

The first line of defense you can make toward investing in crypto safely is choosing a secure platform from which to buy your coins. There are no protections for crypto assets the way that your cash in the bank is protected by institutions like the FDIC, so it’s important to make sure the platforms you use are safe. Look for specific information about security measures, storage, and insurance on any crypto platform’s website.

“Organizations that don’t invest in [cybersecurity] are certainly going to be the low-hanging fruit and they will be more prone to having their data compromised, because they don’t have anything in place,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center.

Look for protections for individual users, like two-factor authentication and practice your own security with strong, unique passwords to all of your online accounts.

You should also be familiar with common scams involving crypto, and approach any unsolicited offers or suspicious activity with skepticism. Here are some ways to spot a crypto scam, according to the Federal Trade Commission:

  • Anyone who will only accept payment for goods or services in cryptocurrency
  • Unsolicited offers to help you earn a lot of money in a short time or guarantee returns on your crypto investment
  • Social media messages asking you to send cryptocurrency — this was the method behind a headline-making 2020 Bitcoin scam in which public figures’ Twitter accounts were hacked

How to Protect Your Crypto

Once you have cryptocurrency in your portfolio, you can also take measures to ensure the safety of your coins. 

You may choose to keep your coins on your account with the exchange you used to buy them, but look closely at that exchange’s security measures to ensure it offers strict security protocols and plans for responding to a security breach. Some exchanges even have insurance policies — which may be internal or third-party — to protect user’s assets against theft in the case of a hack.

You can also store your coins in a hot wallet, or online, software-based storage platform. Because hot wallets are online, they’re still vulnerable to hackers, so it’s important to vet the security measures the platform is using to protect your digital assets. 

“I put a lot of weight into the longevity of the platform or the device,” Nicole DeCicco, founder of CryptoConsultz, a consulting practice for crypto and blockchain technology, recently told NextAdvisor. “You could have holes in the security of the software, and that’s where hackers can get in. If you have a wallet that’s been time-tested, it’s more reliable that their security team is keeping up on the latest in their security practices.”

The most airtight form of security against hacking, though, is keeping your coins in cold storage. This refers to fully offline wallet storage, in which you store the private keys to your cryptocurrency off the network on a device; often, these devices resemble USB flash drives. There are other risks to this form of storage — like loss of or damage to the device — but it’s the safest form of protection against online theft.

Bottom Line

If you choose to invest in cryptocurrency, you should be prepared not only for volatile price swings, but also the inherent risks of a decentralized, largely unregulated asset class. That’s also why it can be useful to follow the rule of thumb experts recommend and dedicate no more than 5% of your total portfolio to speculative investments like crypto.

If the combined risk of crypto’s price fluctuations and security doesn’t align with your own risk tolerance, there are options to invest in crypto without actually buying any coins. But even traditional investments or financial institutions aren’t guaranteed to protect your money from hackers — and it’s still important to evaluate security practices.  

“We should all be concerned about data breaches, and we should all understand that there’s no system that’s truly impenetrable,” Velasquez says, acknowledging that even traditional institutions with the most robust security measures can still be compromised.

The best actions you can take is to ensure any platform you trust with your money or digital assets is upfront about how it guards users against theft and do your own due diligence to protect your accounts with secure passwords, frequent updates, and monitoring.