Poly Network to Relaunch With $500K Bug Bounty After Funds Returned
In an announcement on August 16, Poly Network stated that it will soon be going live again. Additionally, Poly has teamed up with bug bounty platform Immunefi to offer $500,000 for white hats that discover smart contact flaws and code bugs.
The bug bounty went live a couple of hours ago, according to Immunefi, which stated there would be $100K up for grabs for discovering specific vulnerabilities.
The bounty program focuses on addressing possible theft or loss of users’ funds in the Poly Network ecosystem, it stated. Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System.
#PolyNetwork system is soon about to be relaunched as the team gets things in order to proceed as per the #roadmap . In addition to the previous 500k proposal for #MrWhiteHat, #PolyNetwork officially announces a separate 500k #bounty program open for top #security agencies https://t.co/esvKZsd1IP
— Poly Network (@PolyNetwork2) August 16, 2021
Recovering From Crypto’s Biggest Hack
As reported by CryptoPotato on August 10, the cross-chain DeFi protocol was exploited for more than $600 million. Analysis of the incursion revealed that private keys were compromised in an attack made easier by flaws in Poly Network’s smart contract design.
On August 12, the DeFi protocol announced that it had received $260 million returned from the hacker. The hacker, who Poly now calls ‘Mr. White Hat’ stated it was never his intention to steal the funds, adding, “I would like to give them tips on how to secure their networks so that they can be eligible to manage a billion [dollar] project in the future.”
Last week, Poly Network released a statement announcing that all $610 million of the funds had been transferred to a multisig wallet that is under its control. There was 33 million USDT outstanding, which were frozen immediately following the attack. In a blog post on August 17, Poly Network confirmed:
“Mr. White Hat has returned approximately $340m in user assets and has also transferred approximately $238m to a multi-signature wallet — with the exception of $33m in USDT, which is still frozen.”
Don’t Want a Reward
Once Poly Network had determined the hacker’s motives to be benign, a spokesperson for the protocol said that it was willing to offer the individual a $500,000 bounty. Mr. White Hat refused and subsequently returned all of the funds.
As of August 17, the identity of the mystery white hat remains unknown, and this is one of the very few DeFi hacks that has had a happy ending.