Poly Network Hacker Offered $500,000 To Return Stolen Tokens

Blockchain site Poly Network is now calling the hacker who stole $611m worth of digital tokens earlier this week, a white hat hacker (i.e. an ethical hacker or security expert, who carries out penetration testing).

Poly Network on Tuesday this week took an unusual approach and published a letter appealing directly to the ‘hacker’ to return the stolen digital assets, worth an eyewatering $611m.

“The amount of money you hacked is the biggest one in the defi (sic) history,” it wrote. “Law enforcement in any country will regard this as a major economic crime and you will be pursued…You should talk to us to work out a solution.”

White Hat Hacker?

Over the course of the week, the hacker gradually began to return the stolen tokens to three crypto addresses supplied by the DeFi platform for the hacker to use.

By Thursday morning the hacker had returned assets worth $342 million.

But by Friday morning Poly Network posted an update saying that most of the remaining assets in the hacker’s possession had been transferred to a digital wallet controlled by both the hacker and the company.

That said, the hacker still reportedly holds $33.4m of stolen Tether [tokens], but that is reportedly because the tokens have been frozen by Tether itself.

Bug bounty

The returning of most of the stolen assets was an unexpected development.

But perhaps even more surprising was the anonymous hacker claiming in an Q&A within a transaction, that he had stolen the tokens “for fun”.

He also said he had done it to encourage the cryptocurrency exchange firm to improve its security.

Poly Network then confirmed on Friday it had offered what it called ‘the white hat hacker’ a $500,000 ‘bug bounty’, if he returned the stolen assets, as well as a promise of immunity from prosecution.

The hacker has reportedly refused to accept the bug bounty offer.

Expert reaction

The decision by Poly Network to offer a bug bounty, and promise immunity has raised some eyebrows within the cybersecurity community.

“In a rather bizarre turn of events, most of the money returning reveals that the process of cashing out and laundering many cryptocurrencies can prove difficult for the lesser professional career criminal,” noted Jake Moore, cybersecurity specialist at ESET.

“Offering immunity may have sounded like a smart move from Poly Network to dangle a carrot, but it is unlikely that the authorities would agree with this decision nor even allow it,” Moore added.

“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks,” he said.

“However, next time, the attackers may plan an exit strategy involving cryptocurrencies that aren’t so well monitored,” Moore concluded.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

20 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

21 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

22 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

24 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago