Poly Network has offered its own hacker a $500,000 bug bounty reward for finding the vulnerability which allowed them to orchestrate what is now considered to be the largest cryptocurrency heist to date.
The blockchain platform reportedly offered up the prize after the hacker returned the remainder of the $610 million (£440 million) worth of Ether, Binance, and USDC tokens, stolen in a hack on the platform on Wednesday.
This is according to a Q&A published by the hacker and shared online by Tom Robinson, the co-founder of the London-based blockchain analytics and compliance company Elliptic. Robinson had found the messages “embedded in ethereum transactions sent from the account controlled by the hacker”.
In a note meant for the hacker, Poly Network is quoted as saying: “We appreciate you sharing your experience and we believe your action constitutes white hat behaviour”.
“We plan to offer you a $500,000 bug bounty after you complete the refund fully,” the company told the hacker, before adding that they won’t face any legal repercussions for the heist, describing it as “very helpful”.
The hacker stated that they hadn’t responded to Poly Network’s bug bounty offer, yet added that all the stolen assets will be sent back.
RELATED RESOURCE
IT Pro 20/20: Does cyber security's public image need a makeover?
Issue 18 of IT Pro 20/20 looks at recent efforts to retire the 'hacker' stereotype, and how the threat landscape has changed over the past 20 years
Elliptic analysts had previously speculated that the decision to return the assets could have been motivated by their traceability: the hacker could be “pursued by the authorities” due to leaving “numerous digital breadcrumbs on the blockchain for law enforcement to follow, aided by blockchain analytics tools”.
On Thursday evening, Poly Network stated that “all the remaining assets on Ethereum (except for the frozen USDT) had been transferred to the multisig[nature] wallet controlled by Mr. White Hat and Poly Network”.
“The repayment process has not yet been completed. To ensure the safe recovery of user assets, we hope to maintain communication with Mr. White Hat and convey accurate information to the public,” it said, before adding that “any unfounded allegations and speculation may damage the extremely important process of asset recovery”.
The identity of the hacker continues to be unknown. However, in their Q&A, they had hinted that they do not come from an English-speaking country and had been engaged in hacking from a young age. They also described themselves as a “high profile hacker in the real world” working in the “security industry”.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Why the Space Force wants white hats to attack a satelliteCase study Authorities hope the first-of-its-kind competition could bring benefits to the cyber sector
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
New ‘DarkBit’ ransomware gang shuts down Technion, demands $1.7 million ransomNews A politically charged ransom note suggests DarkBit are one of the newest hacktivist gangs to emerge in recent months
-
Research: Luxury cars and emergency services vehicles vulnerable to remote takeoverNews A "global API issue" has been highlighted through months-long research into brands such as Ferrari and Mercedes-Benz, leaving owners open to hacking, account takeovers, and more
-
Podcast transcript: Meet the cyborg hackerIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
The IT Pro Podcast: Meet the cyborg hackerIT Pro Podcast Resistance is futile - offensive biotech implants are already here
-
SpaceX bug bounty offers up to $25,000 per Starlink exploitNews The spacecraft manufacturer has offered white hats immunity to exploit a wide range of Starlink systems, with a dedicated report page
-
Nomad happy to forgive hackers if they return 90% of $190 million that was stolenNews The crypto bridge is offering 'white hat hackers' a 10% bounty following the attack earlier this week
