Hackers have now returned more than half of the $610m (£517m) they stole in one of the biggest ever cryptocurrency heists.
Poly Network, a platform that facilitates peer-to-peer transactions, said it has recovered $342m (£247m) – but $268m (£194m) is still missing.
The company, which allows users to swap tokens across different blockchains, announced the hack on Twitter on Tuesday, calling on those responsible to return the money and threatening legal action.
The decentralised finance platform posted details of digital wallets to which it said the money was transferred and urged people to blacklist tokens from those addresses.
A person claiming to be the hacker said they did it “for fun” and wanted to “expose the vulnerability” before others could exploit it, according to digital messages shared by Elliptic, a crypto tracking firm, and Chainalysis.
The purported culprit said it was “always the plan” to return the tokens, claiming they are “not very interested in money”.
But blockchain experts cast doubt on this claim, suggesting that the hackers may have found it too difficult to launder such a large amount of stolen cryptocurrency.
Tom Robinson, co-founder of Elliptic, said the “transparency of the blockchain and the broad use of blockchain analytics by financial institutions” make it hard to cash out cryptoassets.
The attackers stole funds in more than 12 different cryptocurrencies, including Binance Smart Chain, Ethereum and Polygon, according to blockchain forensics company Chainalysis.
Poly Network allows users to swap tokens between blockchains using a smart contract that contains instructions on when to release the assets to the counterparties.
The company said the hackers exploited a vulnerability in this contract.
The hackers appear to have overridden the contract instructions for each of the blockchains and diverted the funds to three digital wallet addresses, according to an analysis of the transactions by Kelvin Fichter, an Ethereum programmer.
An executive from cryptocurrency firm Tether said on Twitter the company had frozen $33m (£23.85m) linked to the hack as other crypto exchanges pledged to help.
The heist is comparable to the $530m (£383m) in cryptocurrency stolen from Tokyo-based bitcoin exchange Coincheck in 2018.
Mt Gox, also based in Tokyo, collapsed in 2014 after losing half a billion dollars in bitcoin.
The theft underscores the vulnerabilities of decentralised finance platforms, which are mostly unregulated and allow users to conduct transactions without using banks or exchanges.
Proponents of decentralised finance say that by offering people and businesses free access to financial services, the technology will cut costs and boost economic activity.