The hacker behind a $610 million attack on the
cross-chain decentralized finance (DeFi) protocol Poly Network has returned
almost all of the stolen funds amid the project saying their actions
constituted “white hat behavior.”
According
to a Thursday update on the attack from Poly Network, all of the $610 million
in funds taken in an exploit that used "a vulnerability between contract
calls” have now been transferred to a multisig wallet controlled by the
project and the hacker. The only remaining tokens are the roughly $33 million
in Tether (USDT), which were frozen
immediately following news of the attack.
The
hacker had been communicating with the Poly Network team and others through
embedded messages in Ethereum transactions. They seemed to have not planned to
transfer the funds after successfully stealing them, and claimed to do the hack
“for fun” because “cross-chain hacking is hot.”
However,
after speaking with the project and users, the hacker returned $258
million of the funds on Wednesday. Poly Network said it determined that
the attack constituted “white hat behavior” and offered the
hacker, whom it dubbed “Mr. White Hat,” a $500,000 bounty:
"We assure you that you will not be accountable for this incident. We hope that you can return all the tokens as soon as possible [...] We will send you the 500k bounty when the remainings are returned except the frozen USDT.”
"The poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back," said the hacker.
With the remainder of the funds, with the exception of the frozen USDT, now returned, the biggest hack in decentralized finance seems to be coming to an end. Though the hacker’s identity has yet to be made public, Chinese cybersecurity firm SlowMist posted an update shortly after news of the hack broke, saying its analysts had identified the attacker's email address, IP address and device fingerprint.
0 Comments