- Poly Network has welcomed its hacker to be part of its team as “Chief Security Adviser.”
- The DeFi platform is still making efforts to gain full control of the remaining $235 million of the stolen funds.
It’s been about a week since Poly Network suffered the biggest heist in DeFi history, a $610M crypto assets theft. The network has now offered its attacker a job as “Chief Security Adviser”, out of either gratitude or exasperation.
During initial communication with the Poly Team, the attacker claimed good intentions saying he wanted to “save the project.” The hacker also promised to return the stolen money, albeit in bits as negotiations ensue. Poly Network responded by showering the hacker with praise and even dubbing him/her “Mr. White Hat.”
Since then, Poly Network has received about half of the assets. The rest, about $235 million, have been placed in a “shared multisig” Ethereum account that requires two keys to unlock. Already the hacker has given the DeFi platform one of the keys, but still holds the other.
Poly Network and hacker dealings
Consequently, Poly Network has been pleading with the hacker to hand in his key so that clients can be refunded. Other than the recently offered position, the Poly Team allowed the hacker to keep $500,000 of the funds. Moreover, the team assured the hacker that they will make no legal pursuits as “we are confident that Mr. White Hat will promptly return full control of the assets to Poly Network and its users.”
Nevertheless, the hacker remains anonymous and it is unclear if Mr. White Hat is an individual or a group. Mr. White Hat’s behavior has also baffled experts who have been trying to track the stolen funds all through.
“It seems like the hacker wants to retain some control over the funds. It just feels to me like the hacker has a bit of ego. He wants to retain some attention,” remarked Tom Robinson, co-founder of blockchain forensics firm Elliptic Enterprises Ltd.
Crypto intelligence firm Chainalysis speculates that Poly Network is appeasing the hacker with money and accolades. Poly Team’s end goal is to get all their funds back. Additionally, the hacker’s behavior does not reflect their supposed “white hat” nature, says Chainalysis CTO Gurvais Grigg.
DeFi ecosystem vulnerabilities
Nonetheless, a verified white-hat hacker has prevented the potential loss of 109,000 Ether from the SushiSwap decentralized exchange. Paradigm firm security researcher, also Twitter user “samczsun”, discovered an “obvious” exploit while examining a MISO Dutch auction smart contract.
After confirming his findings, the firm contacted SushiSwap CTO Joseph Delong, saving SushiSwap from a $350 million loss. A tweet on the BitDAO token sale later confirmed that the event proceeded later on without a hitch.
As cross-chain DeFi platforms gain popularity, they have become a common target of attacks, indicating overall system susceptibility. In the first five months of this year alone, roughly $256 million has been drained from DeFi hacks. This surpasses the $129 million stolen from the same platforms in all of 2020.