The hacker claimed the attack against the PolyNetwork platform which lets users swap tokens across multiple blockchains was an act of “hacking for good” to “save the undertaking.”
A couple of weeks after a hacker stole $610 million from PolyNetwork in what was seemingly the biggest heist in the history of so-called decentralized finance, the sufferer has offered its attacker a job.
The hacker claimed the attack against the PolyNetwork platform — which lets customers swap tokens throughout a number of blockchains — was an act of “hacking for good” to “save the undertaking.” The attacker has since promised to return the money and so far delivered about half of it.
PolyNetwork has responded by lavishing rewards on the hacker, who it dubbed “Mr. White Hat,” a time period used to explain “moral” hackers who discover vulnerabilities in computer networks and alert companies and organizations to fix them.
On Tuesday, in an act of gratitude or maybe exasperation, PolyNetwork offered Mr. White Hat a job as “Chief Security Adviser.”
The establish of the hacker is not but recognized, neither is it clear if Mr. White Hat is a single particular person or a gaggle of attackers.
“To increase our thanks and encourage Mr. White Hat to proceed to contribute to security development within the blockchain world along with PolyNetwork, we cordially invite Mr. White Hat to be the Chief Safety Adviser of PolyNetwork,” the corporate mentioned in a press release. “Once more, it is very important to reiterate that PolyNetwork has no intention of holding Mr. White Hat legally accountable, as we’re assured that Mr. White Hat will promptly return full control of the assets to PolyNetwork and its customers.”
In the meantime, PolyNetwork remains to be struggling to get all of its purchaser’s money back. After returning half of the network’s belongings, the hacker deposited the remainder around $235 million — right into a joint account that’s protected by two keys wanted to unlock the funds. One of many keys was given to PolyNetwork, and the hacker has saved the opposite.
PolyNetwork has been pleading with Mr. White Hat to show in his key so the funds could be accessed ever since. The hacker has yet to take action, regardless of the job offer and another offer that would permit the hacker to maintain $500,000 of the funds.
The hacker’s conduct has stumped experts, who’ve been trying to trace the funds since they had been initially stolen.
“There have been plenty of DeFi hacks, but there have not been any ongoing conversations between the hacker and the undertaking,” Tom Robinson, co-founder of blockchain forensics agency Elliptic Enterprises Ltd., mentioned in an interview. “It looks like the hacker desires to retain some management over the funds. It simply feels to me just like the hacker has a little bit of an ego. He desires to retain some consideration.”
Researchers on the cryptocurrency analysis agency Chainalysis Inc. speculated that PolyNetwork’s posture could also be a tactical resolution aimed toward getting all of their funds again by appeasing Mr. White Hat with money, accolades and titles.
“Maybe PolyNetwork is implying trust within the attacker in an attempt to convince them to do the right factor and return the funds as soon as possible so they can start the method of restarting their business,” said Gurvais Grigg, global public sector chief technology officer of Chainalysis, in a text message.
“Whereas it nonetheless stays to be seen how this unusual story will play out, I can say that this isn’t typical conduct of true white-hat hacker(s). The excellent news is that the blockchain is transparent, and we, along with the cryptocurrency neighborhood, have our eyes on the funds.”
DeFi apps which let people lend, borrow and trade cash without utilizing intermediaries have to turn out to be frequent targets of assaults these days as they gain in reputation. Some $156 million has been netted from DeFi hacks within the first five months of this year, surpassing the $129 million stolen in such attacks in all of 2020, based on crypto security agency CipherTrace Inc.