Decentralized finance protocol Poly Network has offered the person behind a $610 million hack an advisery position and $500,000 — whether they like it or not.
In a Tuesday update, the Poly Network team said, in a seeming attempt to gain access to the hacker’s expertise, that it would be inviting them to the position of chief security adviser. In addition, the project will be sending a $500,000 bounty for the attacker, whom Poly dubbed "Mr. White Hat," despite the fact they have previously refused any payment.
“Poly Network has no intention of holding Mr. White Hat legally responsible, as we are confident that Mr. White Hat will promptly return full control of the assets to Poly Network and its users,” said the team. “As we have stated in previous announcements and encrypted messages that have been made public, we are grateful for Mr. White Hat’s outstanding contribution to Poly Network’s security enhancements.”
The hack was reported on Aug. 10, when analysts noted that roughly $610 million had been removed from the Polygon network, the Binance Smart Chain and Ethereum. The hacker subsequently communicated with the Poly Network team and others through embedded messages in Ethereum transactions, agreeing to return the funds. Poly Network said it determined that the attack constituted “white hat behavior” and offered Mr. White Hat a $500,000 bounty.
The Poly Network team said it was “counting on more experts like Mr. White Hat to be involved” in the future development of the project, “since we believe that we share the vision to build a secure and robust distributed system.” The hacker returned all the funds with the exception of $33 million in frozen Tether (USDT), but has not yet turned over the key to the multisig wallet Poly set up for the transfer.
It’s a somewhat surprising turn for the individual responsible for the largest hack in decentralized finance, or DeFi, to be offered a reward and a — presumably — paid position at the company which was the target of their attack. Though the hacker’s identity has yet to be made public, Chinese cybersecurity firm SlowMist posted an update shortly after news of the hack broke, saying its analysts had identified the attacker's email address, IP address and device fingerprint.
“We are grateful for Mr. White Hat’s outstanding contribution to Poly Network’s security enhancements,” said the Poly Network. “While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr. White Hat’s vision for Defi and the crypto world, which is in line with Poly Network’s ambitions from the very beginning.”
With the exception of thousands of users being temporarily unable to access their funds, the events of the last week seem to have had a net result of additional media attention over the Poly Network. Data from Google shows interest in the DeFi project reached an all-time high on Wednesday and is still well above what it had been since Poly launched last year.