Crypto platform asks hacker to become a security advisor

The cryptocurrency platform targeted in a massive theft is now inviting the hacker behind it to become an advisor to the company and promises a reward of $ 500,000 for restoring user funds.

Poly Network, a so-called decentralized finance or “DeFi” project, was hit by a major attack last week that saw the hacker (s) flee with more than $ 600 million in tokens.

Poly Network allows users to exchange tokens from one digital ledger to another. Someone exploited a loophole in Poly Network’s code that allowed them to transfer assets to their own crypto wallets.

It is believed to be the biggest crypto theft of all time, surpassing the $ 534.8 million in digital coins stolen from the Japanese exchange Coincheck in a 2018 attack and the $ 450 million estimates of bitcoins that disappeared from the Tokyo-based Mt. Gox exchange in 2014.

In the case of Poly Network, the hacker took the unusual step of returning most of the stolen money. Everything but $ 33 million of the crypto has now been returned.

However, over $ 200 million of funds are currently stuck in an account that requires Poly Network and hacker passwords to access them.

Poly Network begged the hacker, whom he calls “Mr. White Hat”, to provide the password – known as the “private key” – needed to collect the money.

“Mr. White Hat” is a reference to ethical hackers who look for vulnerabilities in organizations’ systems that could expose them to attack. Security researchers have questioned the labeling of the Poly Network attacker as a hacker.

It is not known why the hacker is withholding access to the latest tranche of assets. An anonymous person claiming to be the hacker simply said they would provide the key once “everyone is ready”.

Last week it was revealed that Poly Network had offered a “bug bounty” of $ 500,000 to return all the money. Such bounties are usually rewarded to people who report bugs to help companies find and fix bugs before they are released to the general public.

The hacker initially refused the bounty offer. However, in a message embedded in a digital currency transaction on Monday, the hacker said, “I am considering taking the bounty as a bonus for public hackers if they can hack the Poly network.”

Poly Network said on Tuesday that it hoped to implement a “major system upgrade” to prevent such an attack from happening again in the future, but that it could not do so while all assets were remainder would not be returned.

The group said its promise to reward “Mr. White Hat” with a bounty of $ 500,000 still stands, and even invited the hacker to become its “chief security advisor.”

“To express our thanks and encourage Mr. White Hat to continue to contribute to the advancement of security in the blockchain world with Poly Network, we cordially invite Mr. White Hat to serve as Poly’s Chief Security Advisor. Network, “the company said in a statement. .

Poly Network had previously promised to reward Mr. White Hat with a bug bounty of $ 500,000, but he did not accept it and publicly stated that he was considering offering it to the tech community who helped blockchain security, ”added Poly Network.

“We fully respect Mr. White Hat’s thoughts, and to express our gratitude, we will always transfer this $ 500,000 bonus to a wallet address approved by Mr. White Hat for use at his own discretion for the cause of cybersecurity and to support more projects and individuals. “

Poly Network said it “had no intention of holding Mr. White Hat legally responsible” for the hack.