Hackers successfully exploited a vulnerability in the Poly Network, a popular cryptocurrency exchange platform, and absconded with $600 million worth of tokens. But things may turn out to be a win-win for all parties involved.
The Poly Network Hack
In early August, CNBC reported on a blockchain attack that’s “likely to be one of the biggest cryptocurrency thefts ever” — aka the Poly Network attack.
What is the Poly Network?
The Poly Network is a decentralized finance platform — or DeFi project — that serves as a connection hub for different networks. Users can use the service to transfer coins from one blockchain to another.
August 2021 Poly Network Attack
On August 10, Poly announced the breach and posted an open message to the responsible party via social media. The company revealed a $600 million loss, dubbed the hacker “Mr. White Hat,” and even highlighted the person’s GOAT status by tweeting, “The amount of money you hacked is the biggest in defi history.” (The other two big crypto attacks were the 2018 Coincheck heist, resulting in a $534.8 million bounty, and the 2014 Mt. Gox job, where an estimated $450 million worth of Bitcoin disappeared.)
But is it fair to call the Poly incident a hack? After all, Mr. White Hat didn’t actively crack anything. Conversely, he discovered and exploited a flaw in Poly’s code. Instead of swapping tokens from one ledger to another, Mr. White Hat figured out he could simply move tokens into personal wallets.
Connect With a Cryptocurrency Attorney
Plot Twist: Hacker Returns Funds
Upon discovering the missing tokens, Poly offered a $500,000 “bug bounty.” Mr. White Hat initially turned it down, but embedded negotiation salvos within crypto transactions on the network. Notably, he said he would consider “taking the bounty as a bonus for public hackers if they can hack the Poly Network.”
In a somewhat surprising move, days after the attack, the hacker contacted Poly and began to return the tokens. At the time of this writing, the person who pulled it off has given back all but around $33 million. However, about $200 million is locked in a wallet, of which Poly is aware, that cannot be accessed without a private key still held by Mr. White Hat. Although, he’s cryptically sent word that he will hand over the key once “everyone is ready.”
Read More Cryptocurrency Law Posts, Tips, and News
Tom Robinson, a blockchain scientist at Elliptic, told CNBC via email:
“I think this demonstrates that even if you can steal crypto assets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics. In this case the hacker concluded that the safest option was just to return the stolen assets.”
Poly Network Hack Results in Job Offer
As of now, Poly Network has announced plans for a system upgrade. But the company admits it can’t get started until the funds are returned. To that end, Poly extended another olive branch to Mr. White Hat: a job as the company’s “chief security advisor.” In a statement, Poly Network explained:
“To extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network.
“Poly Network previously promised to reward Mr. White Hat with a $500,000 bug bounty, but he did not accept it and has publicly stated that he has considered offering it to the technical community who have made contributions to blockchain security.
“We fully respect Mr. White Hat’s thoughts, and to express our gratitude, we will still transfer this $500,000 bounty to a wallet address approved by Mr. White Hat for him to use it at his own discretion for the cause of cybersecurity and supporting more projects and individuals.”
Contact a Cryptocurrency Attorney Today.
Poly Network also said that it will not hold Mr. White Hat legally responsible for the attack.
Connect With a Cryptocurrency Lawyer in Arizona
Based in Arizona, the Kelly Law Firm works with blockchain and cryptocurrency startups and established businesses around the world. Additionally, managing attorney Aaron Kelly was an early adopter and has worked with several businesses in the space.
Our firm handles everything from smart contract auditing to hacking litigation. If you’re in need of a cryptocurrency lawyer, get in touch today.
