Crypto platform rewards hacker with $500,000 'Bug Bounty'

By Laura Berrill
Cryptocurrency platform which lost $610 million offers hacker or hackers a $500,000 "bug bounty"

In a statement, the Poly Network thanked the hacker, who it dubbed a "white hat", which is sector jargon for an ethical hacker who generally aims to expose cyber vulnerabilities. The hacker had returned the bulk of the funds and the network said it was thanks for "helping us improve Poly Network’s security".

The network also said it hoped "Mr White Hat" would contribute to the blockchain sector’s continued development upon accepting the $500,000 reward, which it had offered as part of negotiations around the return of the digital coins.

In the statement the network did not specify the form in which it would pay the $500,000 but added that the hacker had responded to the offer, but did not reveal if it was accepted.

Lesser known decentralised finance platform

Yesterday, digital messages shared on social media by Tom Robinson, the chief scientist and co-founder of crypto tracking firm Elliptic, showed a person claiming to have perpetrated the hack and had said Poly Network had offered him the bounty to return the stolen assets. Poly Network is a lesser-known name in the crypto world but is a decentralised finance platform, or DeFi. This type of platform facilitates peer-to-peer transactions with a focus on allowing its users to transfer, or swap, tokens across the different blockchains.

According to blockchain forensics company, Chainalysis, the hacker or hackers, who have not been identified yet, appear to have exploited a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains.

According to today's statement, the hacker has returned $340 million worth of assets and transferred the bulk of the rest to a digital wallet jointly controlled by them and Poly Network. The remainder of the amount stolen has been held in tether and frozen by the cryptocurrency firm behind the stablecoin.

The statement read: "After communicating with Mr White Hat, we have also come to a more complete understanding regarding how the situation unfolded as well as Mr White Hat’s original intention," the statement said.

Hacked ‘for fun’

Poly Network had announced the hack on Tuesday, but the following day said the hackers had begun returning the digital coins they had taken. The hackers then said in digital messages shared by Elliptic that they had perpetrated the attack ‘for fun’ and that it was always the plan to return the tokens.

Some blockchain analysts have speculated however they might have found it too difficult to launder stolen cryptocurrency on such a scale.



Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation