-
The cryptocurrency platform Poly Network suffered a major attack last week, and hackers obtained tokens worth more than 600 million U.S. dollars.
-
The strange thing is that the hacker has now returned most of the stolen funds, but withheld more than $200 million in funds before "everyone is ready".
-
Poly Networks promised hackers a $500,000 bonus to recover user funds, and even invited them to become its "chief security advisor."
The cryptocurrency platform that targets mass robberies now invites the hackers behind it to become the company's consultants and promises to provide a reward of $500,000 to restore user funds.
Poly Network is a so-called decentralized finance or "DeFi" project that suffered a major attack last week. Hackers stole more than $600 million in tokens.
Poly Network allows users to exchange tokens from one digital ledger to another. Someone took advantage of a vulnerability in the Poly Network code that allowed them to transfer assets to their encrypted wallets.
It is considered to be the largest crypto robbery in history, surpassing the $534.8 million digital coins stolen from the Japanese exchange Coincheck in 2018 and the $450 million bitcoin value lost on the Tokyo exchange Mt. Gox in 2014.
In the case of Poly Networks, the hacker took an unusual step and returned most of the stolen funds. Except for the $33 million cryptocurrency, all other cryptocurrencies have now been returned.
However, there are currently more than $200 million in funds locked in an account that requires Poly Network and hacker passwords to access.
Poly Networks has pleaded with hackers, calling him "Mr. White Hat," and providing the password (called the "private key") necessary to retrieve the money.
"Sir. "White hats" refer to ethical hackers who look for vulnerabilities in the organization's systems that might expose them to attacks. Security researchers questioned labeling Poly Network attackers as white hat hackers.
It is not clear why the hacker refused to access the last batch of assets. An anonymous person who claimed to be a hacker simply said that once "everyone is ready" they will provide the key.
Last week, it was revealed that Poly Networks provided a "vulnerability bounty" of US$500,000 to return all funds. Such bounties are usually awarded to the person who reports the error to help the company find and resolve the defect before disclosing it to the public.
The hacker initially rejected the bounty offer. However, in a message embedded in a digital currency transaction on Monday, the hacker stated: "If a public hacker can hack into the Poly Network, I am considering a bounty as a reward."
Poly Networks said on Tuesday that it hopes to implement "major system upgrades" to prevent such attacks from recurring in the future, but cannot do so until all remaining assets are returned.
The group stated that it promised to reward "Mr. White Hat with a $500,000 reward" and even invited hackers to become its "chief security advisor."
"In order to thank and encourage Mr. White Hat to continue to contribute to the security progress of the blockchain world with Poly Networks, we sincerely invite Mr. White Hat to serve as the Chief Security Advisor of Poly Networks," the company said in a statement.
"Poly Network previously promised to reward Mr. White Hat with a $500,000 bug bounty, but he did not accept it and publicly stated that he has considered providing it to the technical community that contributes to blockchain security," Poly Network added.
"We fully respect Mr. White Hat’s ideas. In order to express our gratitude, we will still transfer the $500,000 bounty to the wallet address approved by Mr. White Hat for his own decision to use for cyber security and support more Projects and individuals."
Poly Network stated that it "has no intention of making Mr. White Hat take legal responsibility for this hacking."
发表评论 取消回复