Poly Network, the victim of a $610-million hack, has now offered the hacker a job. Poly Network became the victim of the largest cryptocurrency heist when the hacker exploited vulnerabilities in the platform to run away with $610 million in cryptocurrency assets.

Share Market Live

NSE

Poly Network is a decentralised finance (DeFi) platform, but it is not known where the platform is based out of and whether law enforcement is already involved. DeFi platforms function as financial forums without traditional middlemen like banks and institutions being involved, theoretically making lending and borrowing easier for everyone involved.

Since the hack, events have taken some unexpected twists and turns.

The company strangely took to Twitter to ask the hacker to return the stolen assets, when announcing the hack. Surprisingly, the hacker responded to the message and returned quite a large portion of the loot to the platform while keeping the rest in a joint cryptocurrency wallet that requires two passwords. The hacker, who is being called ‘Mr White Hat’ on Twitter, even conducted a Q&A by encrypting messages within transactions and said he did the hack for fun.

What is white hacking?

In cybersecurity terminology, white hat hackers are ethical hackers who test the weakness of platforms by trying to hack into their systems and then reveal those flaws to the companies to make the systems secure. With cyberattacks becoming uncomfortably frequent, white hacking has become a lucrative profession, with several large tech companies offering huge bug bounties for their platforms and services.

The inscrutable Mr White Hat

But Mr White Hat, whose identity remains unknown, is still to return the $235 million that has been held in the joint account. To access the funds, Poly Network needs two keys. While the platform received one of the keys from the hacker, he has not relinquished the other key yet. The company has been trying to get access to the funds but has not had much luck so far.

So, the company offered the hacker the title of ‘chief security advisor’ and has repeatedly said he can receive $500,000 as part of the bug bounty programme and will not be held legally liable.

Cybersecurity experts have been puzzling over the strange behaviour of the hacker. While many had initially believed that the assets were being returned since it has become increasingly harder to launder cryptocurrency, especially such large amounts, they now believe that the hacker is doing it for the attention.

“There have been plenty of DeFi hacks, but there haven't been any ongoing conversations between the hacker and the project,” Tom Robinson, Co-Founder of Elliptic Enterprises Ltd, a blockchain forensics firm, said in an interview. “It seems like the hacker wants to retain some control over the funds. It just feels to me like the hacker has a bit of an ego. He wants to retain some attention.”

“Perhaps PolyNetwork is implying trust in the attacker in an attempt to convince them to do the right thing and return the funds as soon as possible so they can begin the process of restarting their business,” Gurvais Grigg, Global Public Sector Chief Technology Officer of Chainalysis told Bloomberg.

(Edited by : Shoma Bhattacharjee)

First Published:Aug 18, 2021 7:57 PM IST