Poly Network Declares the Hacker a “White Hat” After He Returns Almost All the Stolen $610 Mln
What remains to be recovered is the $235 million of funds that have been sent to a “shared multisig” account which requires the keys from both the Poly Network and the hacker to access and the $33 million USDT frozen by Tether.
Poly Network, a little-known project which is not connected to Ethereum sidechain protocol Polygon (MATIC), declared its hacker as a “white hat,” referring to ethical hackers who aim to expose vulnerability upon the return of most of the stolen $610 million funds.
The last $235 million has been sent to a “shared multisig” account which requires the keys from both the Poly Network and the hacker to access the funds, said Tom Robinson, chief scientist and co-founder of Elliptic, a crypto tracking firm.
According to the hacker's message, they will “provide the final key when everyone is ready.”
Additionally, $33 million USDT is also yet to be returned as Tether froze them on the day of the attack. Poly Network said on Twitter,
“The repayment process has not yet been completed. To ensure the safe recovery of user assets, we hope to maintain communication with Mr. White Hat and convey accurate information to the public.”
The hacker claims to have been offered a $500k bounty to return the stolen assets by Poly Network and the promise of not being accountable for the incident.
While the hacker turned down the offer of a bounty, they did ask for donations from the general public as a reward for doing the right thing. The hacker's donation account has so far received 1.475 ETH worth nearly $4,800.
Do we really want to normalize and reward this behavior?
Someone offers 50k bounty for proof of concept exploit
You no like
You hack them and return the funds
They offer you 500k bounty for "white hat behavior"
— banteg (@bantg) August 12, 2021
Earlier this week, on Tuesday, in the biggest ever DeFi hack, the hacker attacked the cross-chain network and stole $610 million worth of crypto assets, including stablecoins from three different blockchains Ethereum, Binance Smart Chain, and Polygon.
Founded last year in August by Chinese entrepreneur Da Hongfei, the chief executive of another blockchain platform, NEO, the hack of Poly Network mainly affected the Chinese individuals.
Less than 24 hours after the hack, crypto security firm SlowMist said that it had identified the attacker’s email id, IP addresses, and device fingerprints, adding the hack was “likely to be a long-planned, organized and prepared attack.”
In a series of Q&As, which the hacker did by sending transactions to themselves with text embedded within them, they said the attack was “for fun” and that they just wanted to “expose the vulnerability” before others could exploit it. They also said the plan was “always” to return the funds.
But not everyone believes that, as Gurvais Grigg, CTO at blockchain forensics company Chainalysis and former FBI veteran, said, it was likely that white hat hackers may have returned the money due to difficulties of laundering it.
While the hacker has returned the funds, they may still be pursued by the authorities as “their activities have left numerous digital breadcrumbs on the blockchain for law enforcement to follow, aided by blockchain analytics tools,” said Robinson.