Hacker steals $600million then returns it… for fun
In a huge breach of security, a hacker was able to steal $600million from the decentralized finance platform, Poly Network. The company facilitates transactions of cryptocurrencies with transparency and efficiency, and their main focuses is to allow users to transfer or swap tokens across varying blockchains. By utilizing a massive security flaw in the company’s system, the hacker pulled off one of the biggest online breaches in history. In a controversial move, Poly Network offered the hacker a reward for the breach after the hacker had pledged to return all the money, claiming he wasn’t in it for the money anyway. The hack occurred on Tuesday last week, and by Thursday most of the stolen funds had been moved into a digital wallet that is shared between the hacker and the company.
The confusing situation allowed the company to find and begin to fix the vulnerability in their system, and in turn wanted to pay the hacker half a million dollars in exchange for alerting them to this major flaw. In an even stranger turn of events, the hacker turned the money down, stating- "I am _not_ interested in money!" and added: "I would say figuring out the blind spot in the architecture of Poly Network would be one of the best moments in my life." It has been known that hackers do these things just for fun sometimes, but never with such a high amount of money at stake from a large company, let alone returning it all after. Poly Network, after offering the reward, also mentioned that they would get the hacker immunity from any prosecution, although a nice gesture, a former FBI official has said "private companies have no authority to promise immunity from criminal prosecution", and immunity from the breach is in no way guaranteed.
Poly Network has dubbed the hacker “Mr White Hat” and seems to be very forgiving and entrusting considering the fact thee hacker pulled off a massive breach, and could be turning down the money purely for the fact that he/she believes it may right the wrongs that he has carried out. White hat hackers -otherwise known as security researchers- are ethical in their approach and use their hacking skills to help organisations find vulnerabilities in their security systems. The fact that Poly Network are referring to the mysterious hacker as a white hat has caused some backlash from people who work in this sector, as it possibly condones the actions from cyber-criminals as long as they say sorry and say it was for fun. A white hat hacker and lecturer at Manchester Metropolitan University, Katie Paxton-Fear has stated that "White hat hacking is all about having a scope, not touching some systems, working with the team, writing professional reports detailing our findings, not going further than we have to todemonstrate risk," adding "Our approach is 'first, do no harm', potentially verifying fixes are put in place and not putting any user’s data at risk."
A Q&A that the anonymous hacker posted online claims they did it purely for fun and to encourage the company to improve its security. not long after the hack was carried out, the mystery hacker posted notes to the publicly available blockchain taunting Poly Network, asking for advice on how to launder the stolen money. On the blockchain there were a few thousand dollars worth of various other tokens being held onto by the hacker, although it’s not certain if these were stolen assets, or donations that the hacker requested as a thanks for returning the money.
Outstanding funds include 13.37 Ether tip (around $40,000), which the hacker sent to a user who told them Tether tokens had been frozen by Tether themselves.
Whether the hacker returned the money in fear of getting prosecuted or out of the goodness in their heart is yet to be known, but Poly Network is grateful to be liaising with the hacker and to have their money returned, which they will in part use to heighten their security measures for the future.
Keep up-to-date with the latest tech industry insights, trends as well as information technologies, app development, and small business content with the Proteams Blog
Follow us on LinkedIn for updates on the latest tech news here