Crypto Hacker Offered Reward Of $500,000 After $600m Heist

In the latest twist on the hack on Poly Network which leads to the loss of $600 Million. The cryptocurrency platform has offered the hacker or hackers a “bug bounty” of $500,000. The hack which took place a few days ago witnessed the hackers’ breach of the blockchain-based platform. Right after the hack, the company initially took to Twitter to announce plans to establish communication with the hackers while urging them to “return the hacked assets.” The hacker’s pledge to send back the money led to Poly Network making a controversial offer of a $500,000 reward. The attack was reported to have been one of the largest hacking heists in history, this heist was aided through a vulnerability detected on Poly Network’s system.

In a statement, Poly Network referred to the hacker as “white hat” which is in reference to his status as an ethical hacker. Reports say most of the money has now been refunded, although the hacker made it clear they were not interested in the bounty reward. As of Friday reports say $340 million worth of assets has been repaid into a digital wallet. Poly Network said most of these assets paid were transferred to a digital wallet controlled by both the hacker and the company.  The remainder, held in tether, was frozen by the cryptocurrency firm behind the coin. Other money outstanding also includes a 13.37 Ether tip ($40,000), which the hacker sent to a user who warned them that the Tether tokens had been frozen by its developer. Poly Network says it is still waiting for the repayment process to be fully completed but that it is working with the hacker.

It’s still unclear what prompted the hacker to backtrack to return the stolen assets. Experts say it may be because they found it hard to launder and cash out a large amount of stolen crypto. Others suggest that the hacker was afraid of being exposed and prosecuted given that researchers discovered a trove of identifying info, including an email and IP address. More broadly, the bizarre series of events further illustrates the pitfalls involved with cryptocurrency, an unregulated domain where hacks and scams are rife.

A three-page Q&A posted online by the anonymous hacker claimed to have carried out the heist for fun and also as a medium to encourage the cryptocurrency firm to improve on its penetrable security system. The hackers say “When spotting the bug, I had a mixed feeling, Ask yourself what to do had you facing so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!” He continues “I can trust nobody! The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.” The hacker gave a reason for returning the funds, he says, “That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” Poly Network remains thankful to the hacker who generally aims to expose cyber vulnerabilities and is helping to improve her security. Although the cryptocurrency firm did not specify the form in which it would pay the $500,000. This confirms that the hacker had responded to the offer but did not say if it was accepted.

Tom Robinson, co-founder of Elliptic, London-based blockchain analytics, and compliance firm said the person wh wrote the Q&A was “definitely” the hacker behind the Poly Network attack. Robinson says “The messages are embedded in transactions sent from the hacker’s account,” Robinson added, “Only the holder of the stolen assets could have sent them.” In the Q&A, the hacker claimed to have taken care to ensure being “untracable.”

Charlie Steele, Partner at Forensic Risk Alliance, and former Department of Justice and FBI officials are quite concerned about the alleged offer from Poly Network. Steele says “Private companies have no authority to promise immunity from criminal prosecution,” He added, “In this event where a hacker stole $600m ‘for fun’ and then returned most of it, all while remaining anonymous, is not likely to lessen regulators’ concerns about the variety of risks posed by crypto-currencies.” The alleged move by Poly Network to not press charges as well as give the hacker a $500,000 bounty reward has angered some in the security world who are worried that there might be a need to set a precedent for criminal hackers to white-wash their actions.