In an unusual turn of events Wednesday, an anonymous person claiming to be the hacker said they were “ready to return” the funds. The identity of the hacker, or hackers, is not yet known.

Poly Network requested they send the money to three digital currency wallets. And, sure enough, the hacker had returned more than $342 million of the funds to those wallets by Thursday.

Nearly All of the $600 Million Stolen in a Huge Crypto Heist Has Been Returned

But there’s a catch. While almost all of the haul has been sent back to Poly Network, the last $268 million of assets is currently locked in an account that requires passwords from both Poly Network and the hacker to gain access.

“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Tom Robinson, chief scientist of blockchain analytics firm Elliptic, said in a blogpost Friday.

In a message embedded in a digital currency transaction, the suspected hacker said they would “provide the final key when _everyone_ is ready.” Poly Network called it “the biggest in defi history.”

“Offering immunity may have sounded like a smart move from Poly Network to dangle a carrot, but it is unlikely that the authorities would agree with this decision nor even allow it,” said Jake Moore, a specialist at cybersecurity firm ESET.

“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks.”

Robinson said the hacker “might well still find themselves being pursued by the authorities.”

“Their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow.”