Poly Network hacker returns nearly all stolen funds, rejects $500K white hat bounty

The hackers who launched a $610 million attack on cross-chain decentralized finance (DeFi) protocol Poly Network have returned nearly all of the stolen funds from the project, with Poly Network saying their actions constituted “white hat behavior.”

According to an update from Poly Network on Thursday about the attack, the $610 million in funds gained by exploiting a “vulnerability between contract calls” have now all been moved to multi-signature wallets controlled by the project and the hacker. The only tokens left are about $33 million worth of USDT, which were immediately frozen after news of the attack broke.

The hacker has been communicating with the Poly Network team and others through messages embedded in Ethereum transactions. After successfully stealing the funds, it does not seem to plan to transfer them, and claims that it was done "for fun" because "cross-chain attacks are hot."

However, after speaking with the project and users, the hacker returned $258 million in funds on Wednesday. Poly Network said it determined that the attack constituted a "white hat act" and offered a $500,000 bounty to the hacker, dubbed "Mr. White Hat":

“We assure you that you will not be held responsible for this incident. We hope that you can return all the tokens as soon as possible… After the remaining funds are returned except for the frozen USDT, we will send you a bounty of $500,000.”

The hacker said: "The Poly team did propose a bounty, but I never responded to them. Instead, I will return all their funds."

With the exception of the frozen USDT, the rest of the funds have now been returned, and the largest hack in the decentralized finance space appears to be coming to an end. While the hacker’s identity has not yet been made public, Chinese cybersecurity firm SlowMist released an update shortly after news of the hack broke, saying its analysts had discovered the attacker’s email address, IP address, and device fingerprints.