Crypto platform asks hacker to become security advisor

The Poly Network logo displayed on a phone screen with a physical representation of some cryptocurrencies.

Jakub Porzycki | NurPhoto via Getty Images

The cryptocurrency platform targeted by a massive heist is now inviting the hacker behind it to become an advisor to the company and promising a $ 500,000 reward for recovering user funds.

Poly Network, a so-called decentralized finance or “DeFi” project, was hit by a major attack last week in which the hacker or hackers got away with tokens valued at more than $ 600 million.

With Poly Network, users can exchange tokens from one digital ledger to another. Someone took advantage of a bug in Poly Network’s code that allowed them to transfer the assets to their own crypto wallets.

It is believed to be the biggest crypto heist ever, surpassing the $ 534.8 million digital coins stolen from Japan’s Coincheck exchange in an attack in 2018, and an estimated 450 Million US dollars in Bitcoin that was lost on Tokyo’s Mt. Gox Exchange in 2014.

In the case of Poly Network, the hacker took the unusual step of returning most of the stolen money. All cryptocurrencies except for 33 million US dollars have now been returned.

However, more than $ 200 million of the money is currently locked in an account that requires Poly Network and the hacker passwords to gain access.

Poly Network asked the hacker it calls “Mr. White Hat” to provide the password – known as the “private key” – needed to retrieve the money.

“Mr. White Hat” refers to ethical hackers who look for vulnerabilities in organizations’ systems that could expose them to attack. Security researchers have questioned the labeling of the Poly Network attacker as a white hat hacker.

It’s not clear why the hacker denied access to the final tranche of assets. An anonymous person claiming to be the hacker simply said they would provide the key as soon as “everyone is ready”.

It was announced last week that Poly Network had offered a $ 500,000 bug bounty to return all of the money. Such rewards are usually awarded to people who report bugs to help companies find and fix bugs before they are announced to the public.

The hacker initially turned down the bounty offer. However, in a message embedded in a digital currency transaction on Monday, the hacker said, “I am considering taking the bounty as a bonus for public hackers if they can hack the poly network.”

Read more about cryptocurrencies from CNBC Pro

Poly Network said Tuesday that it hopes to do a “significant system upgrade” to prevent such an attack in the future, but that it will not be able to do so until all remaining assets have been returned.

The group said their promise to reward Mr. White Hat with a $ 500,000 bounty was still standing and even invited the hacker to become their chief security advisor.

“To express our gratitude and to encourage Mr. White Hat to continue to contribute to the advancement of security in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to become Chief Security Advisor of Poly Network,” it says in one Company statement.

“Poly Network previously promised to reward Mr. White Hat with a bug bounty of $ 500,000, but has not accepted it and has publicly stated that it is considering offering it to the technical community that will contribute to the blockchain -Security has done, “added Poly Network.

“We fully respect the thoughts of Mr. White Hat, and to express our gratitude, we will continue to transfer this $ 500,000 bounty to a Mr. White Hat approved wallet address for his sole discretion Can use cybersecurity and support more projects and individuals. “

Poly Network said it had “no intention of holding Mr. White Hat legally responsible” for the hack.

Comments are closed.