Poly Network Hack Not Over as Attacker Prolongs Return of Funds

Poly Network Hack Not Over as Attacker Prolongs Return of Funds

The Poly Network exploit saga has dragged into its second week with the attacker yet to provide the key for the multisignature wallet needed to complete the full return of the roughly $600 million that was stolen, with the exception of the $33 million worth of the stablecoin USDT that was frozen by Tether.

  • The China-based Poly Network had previously offered $500,000 to the attacker as a reward for returning the money taken via the Binance Smart Chain (BSC), Ethereum and Polygon platforms in what is likely the largest hack of a decentralized finance site (DeFi) in history.
  • The attacker acknowledged receiving the offer and initially said they had declined it, but had instead begun (and eventually completed) returning the stolen funds to a multisignature wallet set up by Poly Network. The hacker has not yet turned over the final key for the wallet, though.
  • In a message posted to the Ethereum blockchain at 1:45 PM UCT on Monday, the attacker, who the Poly Network is calling “Mr. White Hat” but who some others doubt is a true white hat hacker, said that they were considering taking the bounty and using it to reward anyone else who can hack the cross-chain platform. A "white hat" attacker is one who tries to exploit vulnerabilities in a protocol to help expose and ultimately fix bugs or loopholes in the underlying code.
  • ”MONEY MEANS LITTLE TO ME, SOME PEOPLE ARE PAID TO HACK, I WOULD RATHER PAY FOR THE FUN,” the attacker wrote. “IF THE POLY DON'T GIVE THE IMAGINARY BOUNTY, AS EVERYBODY EXPECTS, I HAVE WELL ENOUGH BUDGET TO LET THE SHOW GO ON."
  • ”I TRUST SOME OF THEIR CODE, I WOULD PRAISE THE OVERALL DESIGN OF THE PROJECT, BUT I NEVER TRUST THE WHOLE POLY TEAM,” the attacker added.
  • "I WILL PROVIDE THE FINAL KEY WHEN _EVERYONE_ IS READY. MY IDEA IS NOT CHANGED, BUT I DO WORRY IT MIGHT BE AN ENDLESS WAR. SO I MIGHT RELEASE IT EARLIER AS LONG IF THE COMMUNITY UNDERSTANDS EVERYTHING."
  • Source