Cryptocurrency Platform Asks Hacker to Become Its Chief Security Advisor
Aug 18, 2021
The cryptocurrency company that was the subject of a major robbery is now asking the perpetrator to join the firm as an advisor and providing a $500,000 prize for the recovery of user cash.
Last week, Poly Network, a so-called decentralized finance or "DeFi" initiative, was struck by a big hacker, or hackers, who made off with more than $600 million in tokens.
Poly Network allows users to move tokens between digital ledgers. Someone took advantage of a vulnerability in Poly Network's code to move the funds to their own crypto wallets.
It is believed to be the biggest cryptocurrency theft of all time, exceeding the $534.8 million in digital currencies stolen from Japanese exchange Coincheck in a 2018 hack and the estimated $450 million in bitcoin stolen from Tokyo-based exchange Mt. Gox in 2014.
In the instance of Poly Network, the hacker took the extraordinary step of returning the majority of the stolen funds. The crypto has now been returned in its entirety, with the exception of $33 million.
More than $200 million of the assets, however, are now locked in an account that requires keys from Poly Network and the hacker to access. Poly Network has appealed with the hacker, dubbed "Mr. White Hat," to supply the password — also known as a "private key" — needed to recover the funds.
Mr. White Hat is a term used to describe ethical hackers who look for flaws in companies' systems that might allow them to be attacked. The Poly Network attacker's designation as a white hat hacker has been questioned by security experts.
It's unclear why the hacker is preventing the final batch of assets from being released. The key will be provided once "everyone is ready," according to an anonymous source claiming to be the hacker.
Poly Network offered a $500,000 "bug reward" to return all of the funds last week, according to reports. People that submit bugs to assist firms identify and fix problems before they're revealed to the broader public are usually compensated with such bounties.
The hacker originally declined the reward offer. “I am considering accepting the reward as a bonus for public hackers if they successfully breach the Poly Network,” the hacker wrote in a message contained in a digital currency transaction Monday.
Poly Network said Tuesday that it intended to undertake a "major system upgrade" to avoid future attacks, but that it wouldn't be able to do so until all of the remaining assets were recovered.
The organisation claimed it stands by its pledge to pay a $500,000 bounty to "Mr. White Hat," and even asked the hacker to become its "chief security advisor."
“We gladly welcome Mr. White Hat to be the Chief Security Advisor of Poly Network to express our gratitude and urge him to continue contributing to security progress in the blockchain industry with Poly Network,” the business said in a statement.
“Poly Network had previously offered Mr. White Hat a $500,000 bug bounty, but he declined and has publicly indicated that he is considering awarding it to members of the technical community who have contributed to blockchain security,” Poly Network noted.
“We completely respect Mr. White Hat's viewpoints, and to show our appreciation, we will send the $500,000 bounty to a wallet address designated by Mr. White Hat, where he may spend it as he sees fit for the cause of cybersecurity and to promote other projects and individuals.”
Mr. White Hat will not be held legally liable for the hack, according to Poly Network.