In a press release published on August 17, 2021, Poly Network looks back on the biggest hack in the history of decentralized finance. A few days ago, an anonymous hacker embezzled more than $600 million by exploiting a security flaw in the protocol.
Completely unimaginable from a large traditional financial institution, this proposal has something to surprise even in the world of cryptos. On August 10, the company specializing in crypto transfers Poly Network had reported that about ten thousand members had been victims of theft.
Fortunately, the hacker has pledged to return the entirety of the stolen funds. He transferred all of the stolen cryptocurrencies to a multi-signature wallet. According to Poly Network, the mysterious hacker, known as Mr. White Hat, only needs to “transfer the private keys”. Once this last step is finalized, the multi-chain protocol will be able to “return full control of assets to users.”
As promised, Poly Network will not pursue the hacker. Instead, the project team would like to thank the hacker for exposing a security breach. In order to take advantage of Mr. White Hat’s expertise, Poly Network finally offered him a job as an IT security consultant. The hacker’s response to this job offer is not yet known.
In the same vein, Poly Network offered Mr.White Hat a $500,000 bonus. Claiming he was not interested in money, he refused the reward. Despite his equivocal refusal, Poly Network committed to paying the bonus into a wallet held by Mr.White Hat. According to the project team, the hacker would like to offer this unexpected reward to “the community that contributes to the security of the blockchain”. Nevertheless, Poly Network assures that the hacker is free to do whatever he wants with the bounty.
It’s not uncommon for cybersecurity experts to hire hackers. But the case of Mr. White Hat and Poly Network remains quite surprising. Shortly after the announcement of the theft, and before Poly Network and Mr. White Hat started to communicate, several actions of the hacker seemed to confirm the fact that he was not really a white hat, i.e. an ethical hacker. For example, he rewarded an Internet user who had warned him that some of the funds he had stolen had been frozen, and he did not immediately announce that he wanted to return the money.