The Poly Network cyberattack saga has dragged into its second week with the hacker or hackers yet to provide the key for the multi-signature wallet needed to complete the full return of the roughly $600 million that was stolen, with the exception of the $33 million worth of the stablecoin USDT (+0.03%) that was frozen by Tether.
- China-based Poly Network had previously offered $500,000 to the attacker or attackers as a reward for returning the money taken on the Binance Smart Chain (BSC), Ethereum and Polygon platforms in what is likely the largest-ever hack of a decentralized finance (DeFi) site.
- The hack or hackers acknowledged receiving the offer and initially said they had declined it, but had instead begun (and eventually completed) returning the stolen funds to a multi-signature wallet set up by Poly Network. The hacker or hackers haven’t turned over the final key for the wallet, though.
- In a message posted to the Ethereum blockchain at 1:45 p.m. UTC on Monday, the attacker, who the Poly Network is calling “Mr. White Hat” but who some others doubt is a true white hat hacker, said that they were considering taking the bounty and using it to reward anyone else who can hack the cross-chain platform. A “white hat” attacker is one who tries to exploit vulnerabilities in a protocol to help expose and ultimately fix bugs or loopholes in the underlying code.
- ”MONEY MEANS LITTLE TO ME, SOME PEOPLE ARE PAID TO HACK, I WOULD RATHER PAY FOR THE FUN,” the attacker or attackers wrote. “IF THE POLY DON’T GIVE THE IMAGINARY BOUNTY, AS EVERYBODY EXPECTS, I HAVE WELL ENOUGH BUDGET TO LET THE SHOW GO ON.”
- ”I TRUST SOME OF THEIR CODE, I WOULD PRAISE THE OVERALL DESIGN OF THE PROJECT, BUT I NEVER TRUST THE WHOLE POLY TEAM,” the attacker added.
- ”I WILL PROVIDE THE FINAL KEY WHEN _EVERYONE_ IS READY. MY IDEA IS NOT CHANGED, BUT I DO WORRY IT MIGHT BE AN ENDLESS WAR. SO I MIGHT RELEASE IT EARLIER AS LONG IF THE COMMUNITY UNDERSTANDS EVERYTHING.”