Update: Poly Network has now hired, who they refer to as Mr. White Hat, to be their Chief Security Advisor after giving him a $500,000 bug bounty for finding the exploit. He is the same person who stole more than $600 million last month in the biggest crypto heist of all time.
Update: Poly Network, which lost $610 million in a hack earlier this week, is now offering the hacker or hackers a $500,000 “bug bounty,” reports Reuters.
In a statement, the company thanked the hacker – dubbed as “white hat” – who had returned the bulk of the funds for “helping us improve Poly Network’s security” and also hoped that “Mr. White Hat” would contribute a $500,000 reward to the blockchain sector’s continued development.
As Reuters notes, the statement did not specify which form the company would pay the $500,000. And it is said that, “the hacker had responded to the offer but did not say if it was accepted.”
Original Article: The decentralized Poly Network finance platform was hacked due to a vulnerability in their contract system on August 10th and it was reported that the hacker has stolen over $611 million of cryptocurrency – making it one of the biggest hacks in the history of decentralized finance, or DeFi, space. But surprisingly, whoever stole it appears to be having the second thoughts, as the intruder has sent a token stating they are “ready to surrender” and has now started to return the stolen cryptocurrency, according to CNBC and Chainalysis.
The Poly Network is a protocol through which people can transfer cryptocurrencies between blockchains and because it acts as a bridge, the hundreds of different types of tokens — from Ethereum to Binance’s BNB to Dogecoin were stolen.
Blockchain ecosystem security company Slow Mist stated that a total of $611 million cryptocurrencies was transferred to three addresses and it appears to be “long-planned, organized and prepared”.
The company mentioned the massive amount of money stolen in a message to the hacker, which was posted on Twitter with the message that the attacker would be in trouble with law enforcement for stealing from “the people”.
In context to Poly Network’s message, the hacker unexpectedly posted a string of messages by embedding text in transactions sent to themselves, claiming that they were ready to return the stolen funds but needed some way to return them to Poly Network. Then the comapny provided addresses to hackers to returning the crypto, and the coins have started to come back.
Till 10 AM ET on Wednesday, around $4.7 million worth assets — $2.6 million to Ethereum address, $1.1 million to Binance address, and $1 million, have been returned and it seems that the hacker is first returning lower-value cryptos and embedded a message saying they were “DUMPING SHITCOINS FIRST”.
However, nothing can be said how the attack was carried out, until an investigation is completed. Probably the crypto community might blacklist the stolen tokens now, and make them worthless. As per The Block, the frozen assets were USDT coins, which are controlled by a company Tether, and a lot of the other stolen coins though are decentralized.
In a post by hackers, there was a line that read, “not so interested in money, now considering returning some tokens or just leaving them here,” but at the same time, another message they posted, asking for donations from those who support their decision to return the funds, which arises the question of hacker not really being interested in money.
Maybe they’re just returning the funds out of fear that they wouldn’t be able to use them, as analyics firm Elliptic’s Tom Robinson told CNBC, “It can be difficult to launder or otherwise cash out cryptocurrency without leaving a trail of clues.” However, it’s still not completely clear what prompted the change of heart, but one reseaon could the fear of being caught.