Poly Network Hacker Returns Stolen $610 million, Not interested in $500K Bounty
"The poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back," the hacker commented.
The hacker behind a $610 million attack on Poly Network, the cross-chain decentralized finance (DeFi) protocol, has returned almost all of the stolen funds. Poly Network project credited hacker’s actions as “white hat behavior.”
Thursday update on the attack from Poly Network revealed that all of the $610 million in funds taken in an exploit that used “a vulnerability between contract calls” have now been transferred to a multisig wallet controlled by the project and the hacker. $33 million in Tether (USDT), were frozen immediately following news of the attack.
Poly Network team has been in communication with the hacker through embedded messages in Ethereum transactions. The hacker seemed to have not planned to transfer the funds after successfully stealing them, and claimed to do the hack “for fun” because “cross-chain hacking is hot.”
However, after speaking with the project and users, the hacker returned $258 million of the funds on Wednesday. Poly Network said it determined that the attack constituted “white hat behavior” and offered the hacker, now dubbed “Mr. White Hat,” a $500,000 bounty:
“We assure you that you will not be accountable for this incident. We hope that you can return all the tokens as soon as possible […] We will send you the 500k bounty when the remainings are returned except the frozen USDT.”
“The poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back,” said the hacker in an Ethereum message.
With the remainder of the funds, with the exception of the frozen USDT, now returned, the biggest hack in decentralized finance seems to be coming to an end.
The hacker’s identity has yet to be made public, bubt Chinese cybersecurity firm SlowMist posted an update shortly after news of the hack broke, saying its analysts had identified the attacker’s email address, IP address and device fingerprint.
Source: Poly Network Hacker Returns Stolen Funds, Doesn’t Want $500K Bounty – Fintechs.fi