Friday 13 August 2021 1:24 pm

Poly Network offers hacker behind biggest ever DeFi attack $500k reward

Poly Network has offered a reward of $500k to a hacker who returned funds stolen in a $600m (£460m) attack earlier this week.

In messages encoded in transactions on the blockchain, Poly Network thanked the hacker for returning the majority of the funds and offered them a bug bounty for identifying a flaw in the protocol which allowed assets to be drained from user accounts.

They said: “We appreciate you sharing your experience and believe your action constitutes white hat behaviour. We plan to offer you a $500,000 bounty after you complete the refund fully.”

The Poly Network team also told the hacker they would not be facing legal action. They said “we assure you that you will not be accountable for this incident. We hope that you can return all tokens as soon as possible.” 

The hacker rejected the offer in an encoded message which read “THE POLY DID OFFERED A BOUNTY, BUT I HAVE NEVER RESPONDED TO THEM. INSTEAD, I WILL SEND ALL OF THEIR MONEY BACK.”

The entirety of the stolen money has now been returned excluding $33m of USDT which was frozen by the Tether network following news of the attack.

Yesterday, the hacker posted a bizarre Q&A with themselves on the Ethereum blockchain claiming they had perpetrated the attack “for fun” and offering the Poly Network “tips” to help them avoid hacks in future.

While the hacker claimed they were never interested in keeping the money the funds were only returned after SlowMist Technology, a blockchain analytics company, announced they had identified the attackers IP address, device fingerprints and email information.

Read more: More than $600m lost in worst ever DeFi hack