By Feuer
The company that lost more than $600 million in a massive crypto heist last week has offered its hacker the position of chief security adviser after the cyber bandit returned most of the stolen funds and said they only stole the crypto “for fun.”
In a Tuesday blog post on Medium, Poly Network, the decentralized finance platform that was the victim of the hacking, called the hacker “Mr. White Hat,” a reference to hackers who receive awards for attacking companies to highlight security vulnerabilities.
The hacker has returned more than $340 million worth of the stolen crypto.
Over $200 million worth of crypto, though, appears to still be in a separate wallet and hasn’t been returned, though Poly Network said it’s in daily contact with the hacker.
In the Tuesday post, Poly Network wrote: “To extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network.”
Poly Network said the hacker exposed several security vulnerabilities in its system and it’s now working to patch those gaps, adding that the repair won’t “take place overnight.”
The company said it “has no intention of holding Mr. White Hat legally responsible, as we are confident that Mr. White Hat will promptly return full control of the assets to Poly Network and its users.”
Poly Network said it has offered a “$500,000 bug bounty” to the hacker “to use it at his own discretion for the cause of cybersecurity and supporting more projects and individuals.”
Immediately after the hack last week, Poly Network publicly begged the hackers to return the coins, warning that “law enforcement in any country will regard this as a major economic crime and you will be pursued.”
The hacker later responded publicly in a blockchain-based question-and-answer session held through encrypted exchanges of cryptos that had typed messages attached.
“Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!” one of the messages read.
“I can trust nobody!” the messages continued. “The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.”
On returning the money, this person said: “That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”
Cybersecurity experts last week confirmed that the person sending those messages was tied to an account that was used in the hacking, but some questioned the hackers’ claims that they planned to return the stolen crypto all along.
Critics questioned whether the hackers returned the crypto only because they risk getting arrested if they converted the money into usable cash.
But Poly Network is putting its faith in the hacker – who’s still holding onto hundreds of millions of dollars worth of crypto.
“While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr. White Hat’s vision for Defi and the crypto world, which is in line with Poly Network’s ambitions from the very beginning – to provide interoperability for ledgers in Web 3.0,” Poly Network said Tuesday.
