The DeFi hacker who stole $600 million in crypto is... giving it back?

Well that was unexpected.

The hacker responsible for one of the largest cryptocurrency thefts in history made waves Wednesday by returning (at least some of) the stolen funds. That's according to Poly Network, the decentralized finance (DeFi) platform that announced the $600 million heist the day before.

Late Wednesday morning, Poly Network confirmed that $260 million of the stolen funds had been transferred back to wallets it controls.

This Tweet is currently unavailable. It might be loading or has been removed.

To be fair, $260 million is a lot of money, but it's a far cry from the approximately $600 million in assorted cryptocurrencies reported stolen.

In a public plea for a return of the funds on Tuesday, Poly Network listed three cryptocurrency addresses it controls and asked the hacker to send the purloined assets there.

This Tweet is currently unavailable. It might be loading or has been removed.

Looking at the Binance Chain, Ethereum, and Polygon wallets believed to be controlled by the hacker, it's possible to spot at least one large transaction moving from one of those wallets to a wallet Poly Network identified.

So why the abrupt change of heart? Why steal millions one day, only to return the bulk of it the next?

While there's at least one famous 2017 incident where so-called white hat hackers preemptively stole, then returned, vulnerable funds, it's not clear that's the case this time around. Indeed, the reversal comes after SlowMist, a blockchain security company, said it had identified key details about the thief.

"The SlowMist security team has discovered the attacker's mailbox, IP, and device fingerprints through on-chain and off-chain tracking, and is tracking possible identity clues related to the Poly Network attacker," reads a (Google translated) post from the company.

That hasn't stopped the hacker from claiming the moral high ground.

According to Tom Robinson, the cofounder of the blockchain analytics company Elliptic, the hacker embedded a winding statement in ether transactions (from wallets associated with the hack) that paints themself as a noble hero swooping in to save the funds.

"Q: WHY TRANSFER TOKENS?" reads the all-caps post. "A: TO KEEP IT SAFE."

This Tweet is currently unavailable. It might be loading or has been removed.

The hacker writes that when they first spotted the bug, which Poly Network identified as a "vulnerability between contract calls," they had a "mixed" feeling.

The message also claims that returning the money was "always the plan," and adds that at least Poly Network got a lot of Twitter followers out of this mess.

This Tweet is currently unavailable. It might be loading or has been removed.

Much like the aforementioned 2017 white hat hack, the Poly Network hacker insists they initially stole the money to keep it safe from other potential thieves.

SEE ALSO: We spoke to the vigilante hackers who stole $85 million in ether to save it

"I prefer to stay in the dark and save the world," they write.

Of course, legal authorities might not care what the hacker prefers.