Poly Network hacker returned over $ 600 million in stolen crypto
The hacker who stole around $ 600 million in encrypted coins from Poly Network has now finished returning them after initiating the process almost two weeks ago (via CNBC). Poly Network said in a blog post that it is now beginning the process of returning stolen assets, including Ethereum, Binance and Dogecoin tokens, to their rightful owners. Poly Network says there’s still work to be done – it’s working to secure around $ 33 million in unfrozen assets and continues to restore functionality to its Poly Bridge service, which allows users to transfer crypto between blockchains. .
After the attack, the hacker said he stole the funds to protect them, claiming that placing the coins in a “trusted account” was a way to highlight the bug without giving someone any money. other the possibility of getting rid of it. He had a somewhat continuous joke with Poly Network, which even took to calling him “Mr. White Hat ”in their patch notes series. Poly Network also invited the hacker to act as the company’s chief security adviser, which the hacker acknowledged (apparently cheekily), by signing a message to the company with “your chief adviser. safe”. Channel analysis points out that the transparency of blockchain technology can make it difficult to spend stolen funds.
After the hack earlier this month, there was speculation as to how the hacker carried it out, with some analysts suggesting he was even able to obtain Poly Network’s private keys. Further analysis seems to show that this was not the case – instead, the hacker was able to exploit a security hole in the Poly network that allowed him to execute transactions he shouldn’t have been able to.
A long note is built into one of the hacker’s final deals, in which he apologizes for the inconvenience, calls the hack and the fundraising process a “wild adventure” and promises to make more money. money that he originally stole. (which he asks to be distributed to “survivors”, apparently referring to those who had their money stolen). According to the hacker’s note, the additional funds come from the $ 500,000 bounty Poly Network paid him for finding the security hole, as well as the flow of donations he has received since the hack (and that he always receives, depending on the transaction from his portfolio records).
Poly Network said in another blog post that it will launch a $ 500,000 bug bounty program to encourage researchers to find (and responsibly disclose) other vulnerabilities in its software. Currently, the company’s bug bounty list on Immunefi says the maximum bounty is $ 100,000.
As for when Poly Network users will actually see the returned funds hit their wallets, the company says it is working to return them “as soon as possible.”