After stealing crypto coins worth $600 million from Poly Network, the hacker has completed returning them. The process began almost two weeks ago. Poly Network stated in a blog that it is now beginning to return the stolen assets (e.g. Binance tokens and Dogecoin) to their rightful owners. Poly Network states that it still has work to do. It is currently working to unlock approximately $33 Million worth of assets. Poly Network continues to restore the functionality to its Poly Bridge service which allows users to transfer crypto between different blockchains.
The hacker claimed that he had stolen the funds in order to keep them safe. He also stated that putting the coins into a trusted account was a way of highlighting the bug and not giving anyone else the chance to take them. Poly Network was able to have a fairly constant banter with him, even calling him Mr. In their update notes, White Hat referred to him as Mr. Poly Network invited the hacker as their chief security adviser. The hacker (seemingly jokingly) also acknowledged that it was possible to spend stolen funds without being caught.
Poly Network is now officially in the fourth phase, Asset Recovery, thanks to the cooperation of Mr. White Hats.
There was much speculation after the hack that took place earlier in the month. Some analysts suggested that the hacker might have been able even to get Poly Networks private keys. However, further analysis shows that the hacker was not able exploit the security flaws in the Poly Network to execute transactions he shouldn't be able.
I'M SORRY! It must be one of the most wild adventures in our lives.
In one of the last transactions, the hacker includes a lengthy note in which he apologizes, calls the hacking and the process of returning funds a wild experience, and promises to return more than he stole. He also requests that the money be distributed to survivors (presumably referring to people who have had their money stolen). The hackers note claims that the extra funds are a result of the $500,000 bounty Poly Network paid him to find the security flaw. He also received a stream of donations since then (which he is still receiving according to his wallet transaction records).
This man would not want to distribute the extra assets to the survivors.
Poly Network stated in another blog that it would launch a $500,000 bug bounty program in order to encourage researchers and others to discover (and responsibly disclose!) other vulnerabilities in its software. The maximum bounty listed on Immunefi for the company is currently $100,000.
The company claims that the funds will be returned to customers of Poly Networks within the shortest possible time.