Poly Network Hacker Returns All Stolen Tokens, Offered Job

The hacker who stole approximately $610m of digital tokens from Blockchain site Poly Network earlier this month, has now returned it all.

Upon discovery of the theft, Poly Network took an unusual approach and published an open letter appealing directly to the ‘hacker’ to return the stolen digital assets.

And somewhat surprisingly, the hacker responded and gradually began to return most of the stolen tokens to three crypto addresses supplied by the DeFi platform for the hacker to use.

Unexpected developments

A week later Poly Network began calling the attacker, a white hat hacker (i.e. an ethical hacker or security expert, who carries out penetration testing).

The anonymous hacker claimed in an Q&A within a transaction, that he had stolen the tokens “for fun”.

However others point out that the transparency of blockchain tech can make it difficult to get away with spending stolen funds.

The hacker also said he (or she) had done it to encourage the cryptocurrency exchange firm to improve its security.

There was another twist, when Poly Network then confirmed it had offered ‘the white hat hacker’ a $500,000 ‘bug bounty’, if he returned all the stolen assets, as well as a promise of immunity from prosecution.

The hacker initially refused to accept the bug bounty offer.

However, in a message embedded in a digital currency transaction last week, the hacker said “I am considering taking the bounty as a bonus for public hackers if they can hack the Poly Network.”

Now this week, the story has taken another turn, after Poly Network said in a blog post said that it is now beginning the process of returning the stolen assets, which include Ethereum, Binance tokens, and Dogecoin, to their rightful owners.

Poly Network also said it is still working on getting $33.4m of stolen Tether [tokens] unfrozen (the tokens had been frozen by Tether itself).

It is also continuing to restore the functionality of its Poly Bridge service, which lets users transfer crypto between blockchains.

“As of now, Poly Network has regained control of the $610 million (not including the frozen $33 million USDT) in assets that were overall affected in this attack,” blogged Poly Network. “Once again, we would like to thank Mr. White Hat for keeping his promise, as well as the community, partners and the multiple security agencies for their assistance.”

Job offer

The returning of all the stolen assets was not the only unexpected development in this story.

Besides Poly Network calling the hacker a white hat hacker, and offering him or her a bug bounty reward, the Blockchain site also last week offered the hacker a job according to CNBC.

Poly Network invited the hacker to act as the company’s chief security advisor, which the hacker has (seemingly cheekily) acknowledged, signing off a message to the company with “your chief security advisor.”

“To extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network,” Poly Network was quoted by CNBC as saying in a statement.

“Poly Network previously promised to reward Mr. White Hat with a $500,000 bug bounty, but he did not accept it and has publicly stated that he has considered offering it to the technical community who have made contributions to blockchain security,” Poly Network added.

“We fully respect Mr. White Hat’s thoughts, and to express our gratitude, we will still transfer this $500,000 bounty to a wallet address approved by Mr. White Hat for him to use it at his own discretion for the cause of cybersecurity and supporting more projects and individuals.”

Poly Network said it “has no intention of holding Mr. White Hat legally responsible” for the hack.