Cryptocurrency platform Poly Network has written an open letter to hackers whom it claims stole $600m (£435m) in digital assets, asking them to return the funds.
The value of the tokens dropped below $400m (£290m) following the news of the theft.
In monetary value, the heist would be one of the biggest to hit the cryptocurrency world, comparable to the theft of 850,000 bitcoin from the Mt Gox exchange in 2014 – worth $450m (£326m) at the time.
Poly allows users to swap cryptocurrency tokens across different blockchains. The company said a vulnerability in its system allowed the attacker to transfer these tokens to public blockchain addresses they controlled.
The stolen tokens amounted to more than $270m (£196m) from the ethereum blockchain, $250m (£181m) on the Binance Smart Chain, and $84m (£61m) on the Polygon network, according to Poly Network’s tweets.
In its open letter addressed “Dear Hacker,” the company said it wanted to establish communication with the thieves and stressed that the stolen funds “are from tens of thousands of crypto community members, hence the people”.
Senior executives at exchanges across the cryptocurrency community are offering to blacklist the addresses which the criminals sent the stolen funds too in an attempt to recover them.
As indicated by the immediate drop in the value of the stolen tokens, the incident highlights the perils of decentralised finance (DeFi) systems which are less regulated than traditional markets.
Poly Network tweeted that it had discovered the vulnerability which allowed the attacker to make the transactions, blaming an issue in a system for contract calls.
The simplest resolution would be for the attacker(s) to simply transfer back the stolen tokens, but as some have already been moved to other accounts this is unlikely.
However by Wednesday afternoon UK time, the Poly Network tweeted that it had received more than $4m back from the addresses to which the hacker transferred the stolen tokens.
Alongside the plea from the Poly Network, a number of people have sent messages to the addresses which have received the stolen tokens.
Many asked for donations, some seriously while others referenced memes. One user warned the attackers that some of their tokens had been blacklisted, a warning for which the attackers sent them $42,000 in ethereum.
Back in June, the Metropolitan Police seized about £114m of cryptocurrency as part of a money-laundering investigation.
The force said the confiscation was the largest of its kind in the UK, and one of the largest in the world.
Last year, US authorities said they had seized around $1bn (£718m) worth of Bitcoin connected to darknet market place the Silk Road, which was shut down in 2013.