Skip to main content

Poly hacker offered $500K reward for return of stolen millions

Cryptocurrencies
(Image credit: Pexels)

The hacker who perpetrated the largest ever cryptocurrency theft, supposedly for altruistic purposes, has been offered a $500,000 bounty by Poly Network, the victim of the hack.

After the incident came to light, the hacker began to return the ill-gotten stash. They also attempted to clear the air about their intentions, in the form of a detailed Q&A embedded in the Ethereum transactions sent from the hacker’s account, and shared by Tom Robinson, CEO of blockchain analysis company Elliptic.

The hacker claimed they had always intended to return the funds and took the crypto in order to expose the vulnerability before it could be exploited by others with malicious intent.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

“Since, we believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully,” the hacker quoted Poly Network as saying.

The hacker has now returned pretty much all of the stolen assets, with the exception of roughly $33 million in USDT that has been blacklisted by Tether.

Bug Bounty

Last week, Poly Network revealed that a hacker exploited a “vulnerability between contract calls” in its protocol to make away with over $600 million in various cryptocurrencies.

But within thirty hours of the heist, the apparent white hat hacker started to refund the loot, albeit slowly because of the steps they have had to undertake to hide their identity.

While announcing their reward for the hacker, now referred to as Mr. White Hat, Poly Network assured that it doesn’t intend to hold the hacker accountable for the incident. From the hacker’s response, though, it appears they aren’t interested in claiming the offer.

On the heels of the reward offer, Poly Network has also launched an official bug bounty program on Immunefi, a platform for reporting bugs designed specifically for the decentralized finance (DeFi) space. 

Poly Network has assured that it will begin the process of returning the stolen cryptocurrencies and tokens to their rightful owners, once all the loot has been recovered.

“Once all the assets have been recovered, PolyNetwork will make every effort to return full asset control to users as soon as possible and will resume cross-chain services and transaction pairs after the smart contract upgrade is complete,” said the network on Twitter.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.