In the latest twist to the Poly Network crypto hack, the perpetrator who returned most of the $611 million in stolen digital tokens is being offered a $500,000 reward. The prize is a bug bounty to be precise, an incentive offered by tech organizations to those who report security vulnerabilities. In a statement, Poly Network referred to the culprit as a "white hat" in reference to his status as an ethical hacker. The decentralized finance platform thanked the hacker for "helping to improve" its security, but did not mention how it would pay the reward or whether it had been accepted.
$342 million (As of 12 Aug 08:18:29 AM +UTC) of assets had been returned:
— Poly Network (@PolyNetwork2) August 12, 2021
Ethereum: $4.6M
BSC: $252M
Polygon: $85M
The remaining is $268M on Ethereum
A person claiming to be the perpetrator confirmed that Poly Network had offered him a $500,000 bounty to return the stolen assets and promised that he would not be held accountable for the incident, according to messages shared on Twitter by Tom Robinson, the chief scientist and co-founder of Elliptic, a crypto tracking firm.
It's not over yet! The PolyNetwork hacker seems to have sent the last $235m to a "shared multisig" account. Keys from both Poly & hacker are required to access them. The hacker says they will "PROVIDE THE FINAL KEY WHEN _EVERYONE_ IS READY". Full story:https://t.co/ifku7VUoqu
— Tom Robinson (@tomrobin) August 13, 2021
Poly Network connects different blockchains, the ledgers upon which cryptocurrencies are based, so they can work together. The company revealed on Tuesday that it was the victim of a massive crypto heist that saw a hacker make away with about $611 million in Ethereum, Shiba Inu and other digital currencies.
On Wednesday, the hacker began returning the stolen funds after claiming they were ready to surrender. Poly Network said on Friday that the hacker had repaid $340 million worth of assets into a digital wallet. All that remains is the $33 million in tether frozen by the company behind the cryptocurrency.
It's still unclear what prompted the hacker to backtrack. Some experts believe that they may have found it hard to launder and cash out the large amount of stolen crypto. While others suggest that the hacker was afraid of being exposed and prosecuted after researchers discovered a trove of identifying info, including an email and IP address. More broadly, the bizarre series of events further illustrates the pitfalls involved with cryptocurrency, an unregulated domain where hacks and scams are rife.