The cross-chain protocol told the hacker dubbed Mr. White Hat he ‘would not be held accountable” and offered a $500,000 white hat bug bonus that has apparently been rejected.
Poly Network told the hacker who briefly stole $612 million in cryptocurrency that he would not be prosecuted in a message attached to an Ethereum transaction.
The August 12 message thanked “Mr. White Hat,” saying “[s]ince we believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully.” [See 0xbd66349e77b8d4e493e3a13ae146557a72e8585650b6ec3a71c402c66e2d3882 on https://etherscan.io/]
Poly Network went on to add, “Also we assure you that you will not be accountable for this incident.” Which, you’ll note, does not affect law enforcement authorities from pursuing their own charges.
The August 10 hack was the latest in a string of DeFi protocol hacks that have been pulled off as the decentralized finance sector has exploded in the past two years. It was also by far the largest.
While it had not said the full repayment was received as of 2 p.m. UTC on August 13, it did note in a tweet that all the funds stolen from its Ethereum blockchain had been returned, other than the USDT stablecoins frozen shortly after the attack by issuer Tether.
But, Poly Network also tweeted out a plea to the user community, saying “[a]ny unfounded allegations and speculation may damage the extremely important process of asset recovery.”
For his part, Mr. White Hat said he had “never responded” to the bug bounty offer, adding “Instead, I will send all of their money back.”
In an earlier message, the hacker had claimed he did the hack “for fun” and to teach Poly Network a lesson.
Mr. White Hat also claimed he’d “always” planned to return the funds, saying “I am _not_ very interested in money!”
Security Firm Closing In
Meanwhile, a Chinese cybersecurity firm, SlowMist, claimed that “the mailbox, IP and device fingerprint of the Poly Network attacker have been found through on-chain and off-chain information tracking.”
SlowMist also said it discovered that the hacker used top privacy coin Monero as the source of the Binance Coin (BNB), Ether (ETH), and Polygon protocol’s MATIC used to initiate the hack against Poly Network on those three blockchains.
"Combined with the flow of funds and multiple fingerprint information ...this is likely to be a long-planned, organized and prepared attack,” SlowMist added.
