Hackers stole cryptocurrencies worth more than $600 million from Poly Network, a decentralized finance, or DeFi, platform, in one of the largest crypto heists of recent years. In a surprise turn, whoever stole the money then returned over one-third of the pilfered assets.

Poly Network, which uses digital assets for lending and other financial transactions, disclosed the hack in a series of Twitter posts Tuesday. Blockchain security company SlowMist estimated that the stolen cryptocurrencies were worth over $610 million at the time.

The hackers made away with digital currencies including ether and tokens backed by bitcoin, as well as tether, a coin designed to mimic the value of the U.S. dollar, and the Shiba Inu coin, a novelty spinoff of the joke cryptocurrency dogecoin inspired by the Shiba Inu breed of dog.

Poly Network said Wednesday that assets worth around $260 million have been returned.

In a series of lengthy question-and-answer posts about the heist on a blockchain account used to hijack the funds, the purported hacker or hackers claimed that they were always planning to return the funds.

“I am not very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” one of the posts said. The hacker or hackers said they were negotiating with the Poly Network team and that they “would like to give them tips on how to secure their networks.”

The Poly Network hack is on par in size with infamous breaches at Coincheck in 2018 and Mt. Gox in 2014, where digital assets valued at around $550 million and $400 million, respectively, went missing. The incident highlights the risks of trading in the unregulated market, where theft, fraud and scams are common.

Cryptocurrency trading has come under increased scrutiny from regulators in recent months. Securities and Exchange Commission Chairman Gary Gensler recently called the rapidly growing area a Wild West, rife with “fraud, scams and abuse” in need of regulation and investor protection.

Poly Network was founded by Da Hongfei, a China-based entrepreneur who has set up several blockchain-related companies, according to his LinkedIn account and online interviews. It is one in a burgeoning DeFi sector, which includes companies that offer financial services on public blockchains, the digital ledgers that underpin cryptocurrencies.

China’s recent warning on cryptocurrency sent the market in a tailspin. WSJ’s Aaron Back explains why the recent shake-ups in the value of bitcoin, dogecoin, ether and other cryptocurrencies may point to obstacles in mainstream acceptance. Photo: Dado Ruvic/Reuters The Wall Street Journal Interactive Edition

Similar to regular banks, DeFi outfits lend out assets and write derivative contracts, among other services. Investors often use DeFi services to borrow against their crypto holdings and amplify their bets.

Poly Network’s system allows users to operate between multiple blockchains and transfer assets across the chains, the company has said in public postings.

A big difference with mainstream financial institutions is that everything revolves around the use of privately generated digital currencies rather than ones issued by governments. There is no central bank through which transactions are processed and limited oversight or regulation.

Shortly after the hack occurred on Tuesday, Poly Network pleaded with the hackers to return the money. “It is very unwise for you to do any further transactions. You should talk to us to work out a solution,” the company wrote in a letter posted on Twitter. “The amount of money you hacked is the biggest one in defi history. Law enforcement in any country will regard this as a major economic crime and you will be pursued.”

The hackers may have returned the funds because of complications around liquidating stolen cryptocurrencies and the ease of tracing transactions on the blockchain, which is open to public view, according to Joel Kruger, a currency strategist at LMAX Group, a platform for foreign exchange and cryptocurrency trading.

“You’re going to have to find a way to get it out to cash in—it becomes a greater impossibility given how things are tracked from wallet to wallet and exchange to exchange,” Mr. Kruger said.

The Poly Network hack rippled to other platforms. Paolo Ardoino, chief technology officer of Tether, tweeted that his company froze $33 million of its cryptocurrency in one of the hackers’ addresses.

Changpeng Zhao, chief executive of Binance, the largest cryptocurrency exchange in the world, tweeted, “We are coordinating with all our security partners to proactively help.”

The breach of Poly Network didn’t appear to hit the value of the coins that were stolen. Ether, the second most used cryptocurrency after bitcoin, traded around $3,242 on Wednesday, up 2.7% from its level at 5 p.m. ET on Tuesday. The Shiba Inu coin was little changed as well, according to CoinMarketCap.

The hacker was able to access the assets by exploiting a vulnerability between “contract calls,” according to Poly Network.

Aby Huang, chief executive of security company SlowMist, said this means the hackers found vulnerabilities when two programs that automatically execute transactions on the blockchain were running at the same time.

Write to Anna Hirtenstein at anna.hirtenstein@wsj.com