Key Takeaways

  • The Poly Network hacker has returned the remainder of the $611 million they stole this week on Ethereum mainnet.
  • The team confirmed that almost all of the funds were recovered, except for $33 million worth of frozen USDT stablecoins.
  • In an onchain message, the team offered the hacker a $500,000 as a thank you for exposing a security bug.

Share this article

Poly Network confirmed that it had received the remaining funds from the attacker in a multi-sig wallet. 

Hacker Returns Assets to Poly Network

The Poly Network hacker who stole $611 million this week has returned the remaining funds on Ethereum mainnet after a day of negotiations.

Poly Network runs a collection of smart contracts that allow cross-chain transactions between Ethereum, Polygon, Binance Smart Chain.

The project made headlines Tuesday after it lost more than $600 million in what was described as biggest crypto hack in history. 

The losses consisted of $272 million worth of tokens on Ethereum, $253 million on Binance Smart Chain, and $85 million on Polygon. 

Following the incident, the hacker decided to return almost all of the funds. In a “Q&A” discussion posted within Ethereum transactions, the hacker told the Poly Network community that they carried out the attack to “for fun” to expose the vulnerability before others could exploit it. 

Yesterday, the hacker—dubbed “Mr. White Hat” by the Poly Network team—returned over half of the stolen assets on Binance Smart Chain and Polygon. 

The team has since confirmed that it’s received the remaining funds, minus $33 million worth of USDT frozen by Tether.

“All the remaining user assets on Ethereum (except for the frozen USDT) had been transferred to the multi-sig wallet controlled by Mr. White Hat and Poly Network team,” a Thursday Twitter note read.

The latest transaction consisted of $230 million worth of digital assets including ETH, DAI, USDC, and WBTC in a multi-sig wallet controlled by the hacker and the team. 

The team also said it plans to negotiate to unfreeze the USDT stablecoins still held in the hacker’s wallet.

In an onchain message, the team thanked the hacker for exposing the bug, before saying that it thought “the action constitutes white hat behavior”. They also offered a $500,000 bounty and assured that no legal action would be taken. 

Contrary to media reports, the hacker’s identity remains anonymous. In the Q&A discussion posted on Ethereum, they said that they were using a “temporary email, IP, or so-called fingerprint, which were untraceable.”

Share this article