Last week, over $600M in cryptocurrency was stolen in an elaborate digital heist when a hacker exploited a vulnerability in Poly Network, a platform used to make cryptocurrency transactions across different blockchains. If that wasn’t a wild enough story, the hacker later returned nearly all of the stolen currency after the illegal transactions were flagged (which made the money nearly impossible to convert to US dollars anyway).
In yet another bizarre twist to this story, Poly Network announced today in a Medium post that it has maintained daily contact with the hacker referred to as Mr White Hat. Poly Network claims that the hacker shared his concerns about “Poly Network’s security and overall development strategy” in the post.
Poly Network then offered Mr. White Hat a job as Chief Security Advisor of Poly Network. It’s not uncommon for hackers to make living testing out the digital defense of large companies for a fee. The idea is: Who better to run your security than the person who robbed you?
#PolyNetwork has no intention of holding #mrwhitehat legally responsible and cordially invites him to be our Chief Security Advisor. $500,000 bounty is on the way. Whatever #mrwhitehat chooses to do with the bounty in the end, we have no objections. https://t.co/4IaZvyWRGzAugust 17, 2021
“We are also counting on more experts like Mr. White Hat to be involved in the future development of Poly Network since we believe that we share the vision to build a secure and robust distributed system,” the company wrote. “Also, to extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network.”
Poly Network also promised Mr. White Hat a $500,000 bug bounty for discovering the exploit that resulted in the massive theft, although the hacker initially turned it down. Poly Network still sent him the $500K for him to do as he pleases. The company also stated that it is not holding Mr. White Hat legally responsible because it’s “confident that Mr. White Hat will promptly return full control of the assets to Poly Network and its users.”
Though his name is Mr. White Hat, some users have found it hard to believe that the theft was an unexpected security test and not simply a messy heist that both sides are now trying to recover from.
And if you’re still keeping count, as of Friday, $340M was returned along with $238M to a multi-signature wallet with a remainder of $33M that’s currently waiting to be unfrozen. Poly Network also took this moment to turn lemons into lemonade and announce the launch of a bug bounty program. Discovering vulnerabilities on their platform can score you up to $100,000.