Poly Network Offers Chief Security Officer Role to Hacker That Stole $600M
While devastating, hacks like Poly Networks can actually strengthen the ecosystem because they expose vulnerabilities, according to Michael Tant, an analyst at Inside and an angel investor.
- “Mr. White Hat” has returned roughly $400 million of the stolen assets, but Poly Network has offered the hacker a $500,000 bounty if they give back the rest of the stolen funds
- The crypto market capitalization touched $2 trillion since the massive cyberattack last week
In a strange turn of events, Poly Network has offered the hacker who exploited its protocol to steal $611 million in crypto a job as chief security officer.
Poly Network offered the hacker (or hackers), dubbed “Mr. White Hat”, a role as the protocol’s chief security advisor on Tuesday. “Mr. White Hat” is a common reference for a hacker who receives a bounty or award for exposing a system’s security flaws.
On August 10, “Mr. White Hat” breached the security of DeFi exchanges like Polygon, Binance Smart Chain and Ethereum and stole $266 million in Ethereum, $253 million in tokens on Binance Smart Chain and $85 million in USDC on Poly Network.
In response, Poly Network urged crypto exchanges to “blacklist tokens” that were connected to the alleged hacker. Poly Network tweeted following the massive cybercrime that the company would “take legal action” and “urge[d] the hackers to return the assets.”
On August 12, Poly Network offered up $500,000 to the hacker to return all funds. The hacker declined the bounty the same day, but has since returned $400 million of the stolen assets.
Poly Network offered the hacker the chief security advisor role so that “Mr. White Hat” could continue “contributing to security advancement in the blockchain world,” according to a Medium post. Poly Network also doubled down on their offer of a $500,000 bounty if the hacker returns the remaining stolen funds.
Following the hack, addresses (later proven to be connected to the hacker) responded publicly via a series of encrypted messages through crypto exchanges. On returning the stolen assets, they responded, “That’s always the plan! I am _not_ very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?”
While devastating, hacks like Poly Networks can actually strengthen the ecosystem because they expose vulnerabilities, according to Michael Tant, an analyst at Inside and an angel investor. “Now that the hack has happened and funds are being sent back, we can catch it [next time]. It’s one less way the protocol can theoretically be hacked,” he told Blockworks.
Despite the tumultuous journey for Poly Network, crypto markets have not been significantly impacted by the security breach. Ethereum is up 0.20% over the past seven days. Bitcoin has dipped less than 1% over the past week as of press time. Similarly, the crypto market capitalization has since touched $2 trillion the following Monday.
“You almost would rather have those vulnerabilities exposed earlier when it’s $600 million instead of 10 years when it’s $600 billion,” Tant said. “It’s not to say that hacks are bullish, but it is to say that DeFi is still very early. People are still writing new code. It’s probably good to get the bad code out of the way now so that people can keep building.”