Photo: Jack Taylor (Getty Images)
A cryptocurrency platform that was hacked and had hundreds of hundreds of thousands of dollars stolen from it has now supplied the thief a “reward” of $500,000 after the criminal returned almost all of the cash.
A few days ago a hacker exploited a vulnerability in the blockchain expertise of decentralized finance (DeFi) platform Poly Community, pilfering a whopping $611 million in various tokens—the crypto equivalent of a gargantuan bank theft. It’s far understanding to be the largest theft of its kind in DeFi history.
The company due to this fact posted an absurd open letter to the thief that began “Dear Hacker” and proceeded to beg for its cash back whereas also insinuating that the criminal would ultimately be caught by police.
Amazingly, this tactic gave the impact to work—and the hacker (or hackers) began returning the crypto. As of Friday, almost the entirety of the massive haul had been returned to blockchain accounts controlled by the company, though a sizable $33 million in Tether coin aloof remains frozen in an account solely controlled by the thief.
After this, Poly weirdly started calling the hacker “Mr. White Hat”—essentially dubbing them a virtuous penetration tester rather than a disruptive criminal. Great extra strange, on Friday Poly Community confirmed to Reuters that it had supplied $500,000 to the cybercriminal, dubbing it a “worm bounty.”
G/O Media may get a charge
Malicious program bounties are programs wherein a company will pay cyber-professionals to find holes in its IT defenses. Alternatively, such programs are typically commissioned by companies and addressed by well-identified infosec professionals, no longer carried out unprompted and ad-hoc by rogue, anonymous hackers. Similarly, I’ve never heard of a penetration tester stealing hundreds of hundreds of thousands of dollars from a company as part of their take a look at.
On the alternative hand, Poly Community apparently told the hacker: “Since, we (Poly Community) mediate your action is white hat behavior, we plan to give you a $500,000 worm bounty after you total the refund absolutely. Also we assure you that you won’t be accountable for this incident.” We reached out to the company to are trying to independently affirm these studies.
The hacker reportedly refused to take the crypto platform up on its provide, opting instead to post a series of public messages in one among the crypto wallets that was extinct to return funds. Dubbed “Q & A sessions,” the posts purport to explain why the heist took place. The self-interviews were shared over social media by Tom Robinson, co-founder of crypto-tracking firm Elliptic. In one among them, the hacker explains:
Q: WHY HACKING?
A: FOR FUN 🙂
Q: WHY POLY NETWORK?
A: CROSS CHAIN HACKING IS HOT
Q: WHY TRANSFERRING TOKENS
A: TO KEEP IT SAFE.
In another post, the hacker purportedly proclaimed, “I’m no longer interested in cash!” and said, “I would care for to give them pointers on how to glean their networks,” apparently referencing the blockchain provider.
So, yeah, what enact we think here, folks? Is the hacker:
A) a appropriate samaritan who stole the greater part of a billion dollars to teach a crypto company a lesson?B) a spineless weasel who realized they were in large ranges of shit and made up our minds to engineer a way out of their criminal deed? The answer is unclear at the moment, but gee, does it make for quality entertainment. Tune in subsequent week for a contemporary episode of Misadventures in De-Fi Cybersecurity. Thrilling stuff, no?