Cryptocurrency firm asks hacker who stole $610m to become its chief security adviser

Poly Network has got most of money back from ‘Mr White Hat’ and offered him $500,000 ‘bug bounty’

Graeme Massie
Los Angeles
Tuesday 17 August 2021 16:38 EDT
Comments
What is cryptocurrency and the technology behind bitcoin and its rivals?

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A cryptocurrency firm that had $610m stolen from it has offered the hacker responsible a job as the company’s chief security adviser.

Poly Network also proposed giving “Mr White Hat” a $500,000 “bug bounty” to return the hacked cryptocurrency, as well as inviting them to work for the company.

“Poly Network no intention of holding #mrwhitehat legally responsible and cordially invites him to be our Chief Security Adviser. $500,000 bounty is on the way. Whatever #mrwhitehat  chooses to do with the bounty in the end, we have no objections,” the company tweeted.

A bug bounty rewards “friendly” hackers who demonstrate security vulnerabilities in a company’s systems or software, while “White Hat” is a term for someone who hacks for ethical reasons.

Poly Network said that the hacker did not accept the bounty but may give it to the technical community who have worked on blockchain security.

The platform publicly revealed the huge hack on 10 August and asked for the money to be returned to them.

That process began the next day with the money being slowly returned to the company, which said that it had seen all but $33m in frozen Tether coins given back.

But more than $200m of the funds was left by the hacker in a locked account that required a password to access it, which they still have not received.

“We have made constant efforts to establish an understanding with Mr. White Hat and genuinely hope that Mr. White Hat will transfer the private keys as soon as possible so that we can return full asset control back to the users at the earliest,” the company said on Twitter.

And they added: “Again, it is important to reiterate that Poly Network has no intention of holding Mr. White Hat legally responsible, as we are confident that Mr. White Hat will promptly return full control of the assets to Poly Network and its users.

“As we have stated in previous announcements and encrypted messages that have been made public, we are grateful for Mr. White Hat’s outstanding contribution to Poly Network’s security enhancements.”

The hacker later said that they took the money “to keep it safe” after spotting a bug and that they intended to show Poly Network’s vulnerability.

The firm says that it has now created a patch to fix the security issue.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in