Poly Network offers up $500k bug bounty reward to its own hacker

The reward has been offered following the successful return of $610 million in stolen tokens

Poly Network has offered its own hacker a $500,000 bug bounty reward for finding the vulnerability which allowed them to orchestrate what is now considered to be the largest cryptocurrency heist to date.

The blockchain platform reportedly offered up the prize after the hacker returned the remainder of the $610 million (£440 million) worth of Ether, Binance, and USDC tokens, stolen in a hack on the platform on Wednesday.

This is according to a Q&A published by the hacker and shared online by Tom Robinson, the co-founder of the London-based blockchain analytics and compliance company Elliptic. Robinson had found the messages “embedded in ethereum transactions sent from the account controlled by the hacker”.

In a note meant for the hacker, Poly Network is quoted as saying: “We appreciate you sharing your experience and we believe your action constitutes white hat behaviour”.

“We plan to offer you a $500,000 bug bounty after you complete the refund fully,” the company told the hacker, before adding that they won’t face any legal repercussions for the heist, describing it as “very helpful”.

The hacker stated that they hadn’t responded to Poly Network’s bug bounty offer, yet added that all the stolen assets will be sent back.

Related Resource

IT Pro 20/20: Does cyber security's public image need a makeover?

Issue 18 of IT Pro 20/20 looks at recent efforts to retire the 'hacker' stereotype, and how the threat landscape has changed over the past 20 years

IT Pro 20/20 Issue 18: Does cyber security's public image need a makeover?DOWNLOAD NOW

Elliptic analysts had previously speculated that the decision to return the assets could have been motivated by their traceability: the hacker could be “pursued by the authorities” due to leaving “numerous digital breadcrumbs on the blockchain for law enforcement to follow, aided by blockchain analytics tools”.

On Thursday evening, Poly Network stated that “all the remaining assets on Ethereum (except for the frozen USDT) had been transferred to the multisig[nature] wallet controlled by Mr. White Hat and Poly Network”.

“The repayment process has not yet been completed. To ensure the safe recovery of user assets, we hope to maintain communication with Mr. White Hat and convey accurate information to the public,” it said, before adding that “any unfounded allegations and speculation may damage the extremely important process of asset recovery”.

The identity of the hacker continues to be unknown. However, in their Q&A, they had hinted that they do not come from an English-speaking country and had been engaged in hacking from a young age. They also described themselves as a “high profile hacker in the real world” working in the “security industry”.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Russia's "politically motivated" REvil raid could be used as leverage, experts warn
ransomware

Russia's "politically motivated" REvil raid could be used as leverage, experts warn

17 Jan 2022
Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp
phishing

Meta files lawsuit to uncover hackers targeting Facebook, WhatsApp

21 Dec 2021
Five things to consider before choosing an MFA solution
Security

Five things to consider before choosing an MFA solution

17 Dec 2021
Australia and US sign CLOUD Act data-sharing deal to support criminal investigations
cyber crime

Australia and US sign CLOUD Act data-sharing deal to support criminal investigations

16 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022