Poly Network has provided its have hacker a $500,000 bug bounty reward for locating the vulnerability which allowed them to orchestrate what is now thought of to be the largest cryptocurrency heist to date.
The blockchain system reportedly presented up the prize after the hacker returned the remainder of the $610 million (£440 million) well worth of Ether, Binance, and USDC tokens, stolen in a hack on the system on Wednesday.
This is in accordance to a Q&A released by the hacker and shared online by Tom Robinson, the co-founder of the London-based mostly blockchain analytics and compliance organization Elliptic. Robinson experienced located the messages “embedded in ethereum transactions despatched from the account managed by the hacker”.
In a note intended for the hacker, Poly Network is quoted as stating: “We respect you sharing your expertise and we consider your motion constitutes white hat behaviour”.
“We plan to supply you a $500,000 bug bounty just after you complete the refund thoroughly,” the organization told the hacker, in advance of adding that they won’t facial area any lawful repercussions for the heist, describing it as “very helpful”.
The hacker stated that they hadn’t responded to Poly Network’s bug bounty offer you, yet additional that all the stolen assets will be sent back.
Elliptic analysts experienced beforehand speculated that the final decision to return the property could have been motivated by their traceability: the hacker could be “pursued by the authorities” owing to leaving “numerous electronic breadcrumbs on the blockchain for regulation enforcement to abide by, aided by blockchain analytics tools”.
On Thursday night, Poly Network stated that “all the remaining property on Ethereum (except for the frozen USDT) experienced been transferred to the multisig[nature] wallet managed by Mr. White Hat and Poly Network”.
“The repayment system has not nevertheless been done. To make sure the safe recovery of person property, we hope to manage communication with Mr. White Hat and express accurate facts to the community,” it stated, ahead of including that “any unfounded allegations and speculation may perhaps problems the really crucial method of asset recovery”.
The id of the hacker proceeds to be unidentified. However, in their Q&A, they had hinted that they do not occur from an English-speaking region and had been engaged in hacking from a young age. They also explained them selves as a “high profile hacker in the true world” doing work in the “security industry”.
Some areas of this report are sourced from: