As per a Thursday post from Poly Network on the assault, all $610 million in money stolen via a hack that exploited “a vulnerability between contractual calls” have now been moved to a multisig wallet owned by the venture and the hacker.
The only surviving tokens are approximately $33 million in Tether (USDT), which were locked soon after the hack was discovered. Through encrypted messages in Ethereum trades, the hacker communicated with the Poly Network’s core team and others.
They did not seem to intend to move the funds after eventually taking them, and professed to have done the attack “for fun” since “cross-chain hacking is trendy.”
The hacker, nevertheless, repaid $258 million of the money on Wednesday after communicating with the venture and users. Poly Network decided that the assault represented “white hat conduct,” and it gave the hacker, nicknamed “Mr. White Hat,” a $500,000 bounty: “We promise you that you’ll never face any consequences as a result of this event.
We hope you will be able to return all of the tokens as early as possible […] We will pay you the 500k reward after the remaining funds, less the frozen USDT, have been restored. The poly actually offered me a reward, but I never replied. Instead, I will refund all of their funds,” the hacker said.
— Poly Network (@PolyNetwork2) August 12, 2021
The largest breach in decentralized finance appears to be drawing to a close, with the rest of the money, barring the frozen USDT, being recovered. Though the hacker’s profile has not yet been revealed, the Chinese cybersecurity company SlowMist issued an update soon after the report of the breach emerged, stating that its experts have detected the hacker’s email address, IP address, and gadget fingerprint.