Poly Network offers bug bounty to hacker who stole $600 million worth of cryptocurrency

Written by

Poly Network is offering the hacker that stole $600 million worth of virtual currencies from the company a half-million dollars as a bug bounty, the company said Friday.

Poly Network said that as of early Friday morning the hacker had returned roughly $340 million worth of assets they stole from the company. The remaining cryptocurrency assets have been transferred to a wallet jointly controlled by Poly Network and the hacker.  The company is also still trying to retrieve $33 million worth of Tether cryptocurrency frozen by Tether.

A hacker, who the company is now calling “Mr. White Hat,” stole $600 million worth of virtual currencies from Poly Network on Tuesday. Less than 24 hours later, he began to return it.

The hacker claimed in blockchain messages shared by cryptocurrency compliance firm Elliptic that he stole the money “for fun” and to keep it safe from others who might exploit a vulnerability he found. He has denied any involvement with Poly Network, but said he would receive a bug bounty for his efforts.

“We would now like to thank his commitment for helping us improve Poly Network’s security and hope he will help contribute to the blockchain sector’s continued development upon accepting the Bug Bounty,” the company confirmed in a statement. 

Poly Network offers a service that promises interoperability between different chains of cryptocurrency, which each have their own digital ledger and act independently of one another. It operates as a decentralized exchange, meaning that it uses nodes controlled by multiple parties rather than those owned and operated by the company.

When asked about the nature of the vulnerability, Poly Network pointed to a preliminary investigation by cybersecurity firm SlowMist which found that the hacker exploited a vulnerability that allowed them to replace the address of the manager of the funds and withdraw currency at will.

The company said it will “further optimize our smart contract system along with cross-chain services before resuming services” and it is committed to making sure every user’s assets are recovered.

Prior to the Poly Network hack, cryptocurrency thefts, hacks and fraud had totaled $681 million by the end of July 2021, according to cryptocurrency risk intelligence firm CipherTrace. Hacks related to decentralized platforms like Poly Network made up 75% of the total hack volume against the cryptocurrency industry.