skip to Main Content
bitcoin
Bitcoin (BTC) $ 96,343.81 1.55%
ethereum
Ethereum (ETH) $ 3,328.24 2.75%
tether
Tether (USDT) $ 1.00 0.01%
solana
Solana (SOL) $ 249.00 2.79%
bnb
BNB (BNB) $ 652.18 0.58%
xrp
XRP (XRP) $ 1.36 7.74%
dogecoin
Dogecoin (DOGE) $ 0.416896 2.61%
usd-coin
USDC (USDC) $ 1.00 0.15%
cardano
Cardano (ADA) $ 0.984803 6.55%
staked-ether
Lido Staked Ether (STETH) $ 3,327.69 2.90%

Poly Network hacker returns nearly all funds, refuses $500K white hat bounty

“The poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back,” said the hacker.

291 Total views

138 Total shares

Poly Network hacker returns nearly all funds, refuses $500K white hat bounty

The hacker behind a $610 million attack on the cross-chain decentralized finance protocol Poly Network has returned almost all of the stolen funds amid the project saying their actions constituted “white hat behavior.”

According to a Thursday update on the attack from Poly Network, all of the $610 million in funds taken in an exploit which used “a vulnerability between contract calls” have now been transferred to a multisig wallet controlled by the project and the hacker. The only remaining tokens are the roughly $33 million in Tether (USDT) frozen immediately following news of the attack.

The hacker had been communicating with the Poly Network team and others through embedded messages in Ethereum transactions. They seemed to have not had a plan to transfer the funds after successfully stealing them, and claimed to do the hack “for fun” because “cross-chain hacking is hot.”

Related: DAO Maker crowdfunding platform loses $7M in latest DeFi exploit

However, after speaking with the project and users, the hacker returned $258 million of the funds on Aug. 11. Poly Network said it determined that the attack constituted “white hat behavior” and offered the hacker, whom it dubbed “Mr. White Hat,” a $500,000 bounty:

“We assure you that you will not be accountable for this incident. We hope that you can return all the tokens as soon as possible […] We will send you the 500k bounty when the remainings are returned except the frozen USDT.”

“The poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back,” said the hacker.

With the remainder of the funds with the exception of the frozen USDT now returned, the biggest hack in decentralized finance, or DeFi, seems to be coming to an end. Though the hacker’s identity has yet to be made public, Chinese cybersecurity firm SlowMist posted an update shortly after news of the hack broke, saying its analysts had identified the attacker’s email address, IP address, and device fingerprint.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top