Crypto platform rewards hacker with $500,000 'Bug Bounty'

By Laura Berrill
Cryptocurrency platform which lost $610 million offers hacker or hackers a $500,000 "bug bounty"

In a statement, the Poly Network thanked the hacker, who it dubbed a "white hat", which is sector jargon for an ethical hacker who generally aims to expose cyber vulnerabilities. The hacker had returned the bulk of the funds and the network said it was thanks for "helping us improve Poly Network’s security".

The network also said it hoped "Mr White Hat" would contribute to the blockchain sector’s continued development upon accepting the $500,000 reward, which it had offered as part of negotiations around the return of the digital coins.

In the statement the network did not specify the form in which it would pay the $500,000 but added that the hacker had responded to the offer, but did not reveal if it was accepted.

Lesser known decentralised finance platform

Yesterday, digital messages shared on social media by Tom Robinson, the chief scientist and co-founder of crypto tracking firm Elliptic, showed a person claiming to have perpetrated the hack and had said Poly Network had offered him the bounty to return the stolen assets. Poly Network is a lesser-known name in the crypto world but is a decentralised finance platform, or DeFi. This type of platform facilitates peer-to-peer transactions with a focus on allowing its users to transfer, or swap, tokens across the different blockchains.

According to blockchain forensics company, Chainalysis, the hacker or hackers, who have not been identified yet, appear to have exploited a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains.

According to today's statement, the hacker has returned $340 million worth of assets and transferred the bulk of the rest to a digital wallet jointly controlled by them and Poly Network. The remainder of the amount stolen has been held in tether and frozen by the cryptocurrency firm behind the stablecoin.

The statement read: "After communicating with Mr White Hat, we have also come to a more complete understanding regarding how the situation unfolded as well as Mr White Hat’s original intention," the statement said.

Hacked ‘for fun’

Poly Network had announced the hack on Tuesday, but the following day said the hackers had begun returning the digital coins they had taken. The hackers then said in digital messages shared by Elliptic that they had perpetrated the attack ‘for fun’ and that it was always the plan to return the tokens.

Some blockchain analysts have speculated however they might have found it too difficult to launder stolen cryptocurrency on such a scale.



Featured Articles

How digital twins unlock enterprises’ sustainability efforts

With sustainability increasingly on corporate and government agendas, over half of enterprises believing digital twin technology is critical to ESG efforts

Avast: Cybercriminals use common apps to lure victims

Two out of three cyber threats now leverage social engineering, with attackers using common applications from Microsoft and Adobe to distribute malware

World Password Day: Study shows enthusiasm for passwordless

Over half of global respondents told a study that they are excited about passwordless authentication options like biometrics, passkeys, or security keys

SAP to accelerate AI innovation with IBM Watson

AI & Machine Learning

Half of organisations fell victim to ransomware attacks

Cloud & Cybersecurity

Nike and Cognizant expand their relationship into technology

Digital Transformation