Blockchain site Poly Network is now calling the hacker who stole $611m worth of digital tokens earlier this week, a white hat hacker (i.e. an ethical hacker or security expert, who carries out penetration testing).
Poly Network on Tuesday this week took an unusual approach and published a letter appealing directly to the ‘hacker’ to return the stolen digital assets, worth an eyewatering $611m.
“The amount of money you hacked is the biggest one in the defi (sic) history,” it wrote. “Law enforcement in any country will regard this as a major economic crime and you will be pursued…You should talk to us to work out a solution.”
Over the course of the week, the hacker gradually began to return the stolen tokens to three crypto addresses supplied by the DeFi platform for the hacker to use.
By Thursday morning the hacker had returned assets worth $342 million.
But by Friday morning Poly Network posted an update saying that most of the remaining assets in the hacker’s possession had been transferred to a digital wallet controlled by both the hacker and the company.
That said, the hacker still reportedly holds $33.4m of stolen Tether [tokens], but that is reportedly because the tokens have been frozen by Tether itself.
The returning of most of the stolen assets was an unexpected development.
But perhaps even more surprising was the anonymous hacker claiming in an Q&A within a transaction, that he had stolen the tokens “for fun”.
He also said he had done it to encourage the cryptocurrency exchange firm to improve its security.
Poly Network then confirmed on Friday it had offered what it called ‘the white hat hacker’ a $500,000 ‘bug bounty’, if he returned the stolen assets, as well as a promise of immunity from prosecution.
The hacker has reportedly refused to accept the bug bounty offer.
The decision by Poly Network to offer a bug bounty, and promise immunity has raised some eyebrows within the cybersecurity community.
“In a rather bizarre turn of events, most of the money returning reveals that the process of cashing out and laundering many cryptocurrencies can prove difficult for the lesser professional career criminal,” noted Jake Moore, cybersecurity specialist at ESET.
“Offering immunity may have sounded like a smart move from Poly Network to dangle a carrot, but it is unlikely that the authorities would agree with this decision nor even allow it,” Moore added.
“This attack is likely to have been watched closely by cybercriminals and law enforcement alike, potentially opening up the possibility of copycat attacks,” he said.
“However, next time, the attackers may plan an exit strategy involving cryptocurrencies that aren’t so well monitored,” Moore concluded.
Beijing reportedly begins blocking the use of Intel and AMD chips in government computers, and…
Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…
Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…
Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…
Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…