In what is likely to be one of the largest cryptocurrency thefts ever, hackers have returned nearly half of the $600 million they stole.

The cybercriminals took advantage of a flaw in Poly Network, a platform that aims to connect different blockchains so that they can collaborate.

Poly Network announced the attack on Tuesday and requested communication with the hackers, pleading with them to “return the hacked assets.”

A blockchain is a public ledger of transactions that serves as the foundation for various cryptocurrencies. Each digital coin has its own blockchain that is distinct from the others. Poly Network claims to be able to integrate these various blockchains. Poly Network is a platform for decentralized finance. DeFi is a broad term that refers to financial applications that use blockchain technology to eliminate intermediaries such as brokerages and exchanges. As a result, it is referred to as decentralized.

Proponents argue that this can make financial applications like lending and borrowing more efficient and cost-effective.

In a tweet, Poly Network stated, “The amount of money you hacked is the largest in defi history.”

In an unusual turn of events on Wednesday, the hackers started returning some of the money they stole.

They said they were “ready to return” the funds and sent a message to Poly Network embedded in a cryptocurrency transaction. The DeFi platform responded by requesting that the funds be sent to three different crypto addresses.

More than $4.8 million had been returned to Poly Network addresses as of 7 a.m. London time. By 11 a.m. ET, approximately $258 million had been returned.

“I think this demonstrates that even if you can steal cryptoassets, laundering and cashing out is extremely difficult due to the transparency of the blockchain and the use of blockchain analytics,” said Tom Robinson, chief scientist at blockchain analytics firm Elliptic, in an email.

“In this case, the hacker concluded that returning the stolen assets was the safest option.” After stealing the money, the hackers began sending it to various cryptocurrency addresses. SlowMist researchers reported that a total of more than $610 million in cryptocurrency was transferred to three addresses.

SlowMist researchers said in a tweet that they had “grasped the attacker’s mailbox, IP, and device fingerprints” and are “tracking possible identity clues related to the Poly Network attacker.”

The researchers came to the conclusion that the theft was “likely a long-planned, organized, and prepared attack.”

Poly Network urged cryptocurrency exchanges to “blacklist tokens” originating from the hackers’ addresses. According to the stablecoin’s issuer, approximately $33 million of Tether involved in the theft has been frozen.

Changpeng Zhao, CEO of major cryptocurrency exchange Binance, confirmed the attack.

Binance is “coordinating with all of our security partners to proactively assist,” he said, but “there are no guarantees.”

“We will take legal action, and we strongly urge the hackers to return the assets,” Poly Network said on Twitter.

DeFi has become a popular target for cyber-attacks.

According to cryptocurrency compliance company CipherTrace, DeFi-related hacks totaled $361 million from the start of the year until July — a nearly threefold increase from all of 2020. DeFi-related fraud is also on the rise. In the first seven months of the year, it accounted for 54% of total crypto fraud volume versus 3% for all of last year.