Poly Network tries to persuade hacker to return stolen assets

‘Mr White Hat’ has yet to make good on vow to return millions in crypto tokens

The overture by Poly on Tuesday is the latest twist in a saga that began about a week ago and which has captivated the world of digital assets. Photograph:  Fred Tannau/AFP/Getty
The overture by Poly on Tuesday is the latest twist in a saga that began about a week ago and which has captivated the world of digital assets. Photograph: Fred Tannau/AFP/Getty

Poly Network has launched a charm offensive focused on the mystery hacker who stole more than $600 million (€512.4 million) in cryptocurrencies in a bid to persuade the alleged thief dubbed Mr White Hat to relinquish control over the outstanding assets.

The overture by Poly on Tuesday is the latest twist in a saga that began about a week ago and which has captivated the world of digital assets. Mr White Hat absconded with the digital tokens after exploiting a vulnerability in Poly’s system and later vowed to return them.

Days later, however, the hacker, who has still not been publicly identified, has declined to relinquish full control over $235 million of crypto assets.

Poly on Tuesday called on Mr White Hat to transfer the “keys” - alphanumeric strings - to the account holding the other tokens “as soon as possible”. It offered a handful of sweeteners, including the opportunity for the hacker to become its chief security adviser and renewed an offer to provide a bounty totalling half a million dollars.

READ MORE

The hacker has claimed to be an ethical attacker - a so-called “white hat” who looks for weaknesses in computer networks to improve them, rather than being motivated by money.

Mr White Hat moved some of the virtual loot to a joint account last week, but has yet to hand over the key that would give Poly control of around $235 million of coins so it can hand them back to their owners. Poly is in control of around $330 million of the stolen assets, while stablecoin operator Tether has frozen $33 million of them pending a legal process.

“We are grateful for Mr White Hat’s outstanding contribution to Poly Network’s security enhancements,” Poly said on Tuesday. However, it said the return of funds was still its priority. “Thus, we sincerely hope Mr White Hat can understand our appeal and continue to actively co-operate with us,” it added.

Poly claimed it “has no intention of holding Mr White Hat legally responsible” for the hack - a climbdown from its initial response after the attack in which it said it would take legal action.

The network also said it would donate a $500,000 bounty to a crypto wallet approved by Mr White Hat. It had originally offered the sum in return for discovering the flaw in the system, but the hacker said they would not accept it. “We truly hope that no future projects and industry successors have to experience any similar incidents,” Poly said.

The hacker and Poly have been communicating through messages accompanying transactions executed on the Ethereum blockchain. The messages can be seen in public by anyone with basic software.

Developers who are building automated networks that can bypass institutions like banks and exchanges have argued this type of decentralised finance can make transactions faster, safer and easier. However, the Poly incident has also illustrated the difficulty for hacked networks in retrieving their assets because the computer code on which the networks rely has no legal status.

“It means there is little law enforcement can do ‘post-hack’ to disrupt operations. Once a token or currency has been stolen, there is no way to recover it, it’s gone,” said Andrew Tsonchev, director of technology at Darktrace, the cyber security company. – Copyright The Financial Times Limited 2021