You are here
Home > All Crypto > Poly Community hacker returns practically all funds, refuses $500K white hat bounty

Poly Community hacker returns practically all funds, refuses $500K white hat bounty



The hacker behind a $610 million assault on the cross-chain decentralized finance (DeFi) protocol Poly Community has returned virtually the entire stolen funds amid the mission saying their actions constituted “white hat conduct.”

In line with a Thursday replace on the assault from Poly Community, the entire $610 million in funds taken in an exploit that used “a vulnerability between contract calls” have now been transferred to a multisig pockets managed by the mission and the hacker. The one remaining tokens are the roughly $33 million in Tether (USDT), which had been frozen instantly following information of the assault.

The hacker had been speaking with the Poly Community group and others via embedded messages in Ethereum transactions. They appeared to haven’t deliberate to switch the funds after efficiently stealing them, and claimed to do the hack “for enjoyable” as a result of “cross-chain hacking is sizzling.”

Associated: DAO Maker crowdfunding platform loses $7M in newest DeFi exploit

Nevertheless, after talking with the mission and customers, the hacker returned $258 million of the funds on Wednesday. Poly Community mentioned it decided that the assault constituted “white hat conduct” and supplied the hacker, whom it dubbed “Mr. White Hat,” a $500,000 bounty:

“We guarantee you that you’ll not be accountable for this incident. We hope that you could return all of the tokens as quickly as potential […] We are going to ship you the 500k bounty when the remainings are returned besides the frozen USDT.”

“The poly did supplied a bounty, however I’ve by no means responded to them. As an alternative, I’ll ship all of their a refund,” mentioned the hacker.

With the rest of the funds, except for the frozen USDT, now returned, the greatest hack in decentralized finance appears to be coming to an finish. Although the hacker’s id has but to be made public, Chinese language cybersecurity agency SlowMist posted an replace shortly after information of the hack broke, saying its analysts had recognized the attacker’s electronic mail deal with, IP deal with and gadget fingerprint.