Considered the biggest crypto-currency theft in history, the attack on Poly Network’s decentralized finance (DeFi) and digital asset trading platform seemed to be over when the hacker allegedly returned nearly all of the $600 million he took. However, the story still lingers and the criminal has now made new demands and threats.
Hacker backs off and still hasn’t returned the funds
The attacker wants to extend the process, saying he has changed his mind and is considering accepting the $500,000 upfront reward that was originally declined, offered by Poly Network as an incentive to return the stolen funds. In addition, he claims he will use the money to pay “anyone who can hack the platform” of decentralized finance (DeFi).
The saga of this Poly Network cyberattack has already dragged into its second week as the hacker or hackers (it is uncertain whether we are talking about just an individual or a group) have not yet provided the private key for the digital wallet with the signatures to complete the return of stolen funds. In total, $600 million was taken from the platform through a bug in the network’s main smart contract.
Because the platform operates on Binance Smart Chain, Ethereum and Polygon blockchains, digital assets such as ether (ETH) are exchanged across networks using smart contracts that contain instructions on when to release the assets to counterparties. It turns out that one of these contracts is responsible for maintaining a liquidity pool to allow users to transfer and exchange tokens more efficiently. Therefore, this contract was the target of criminals.
Of the $600 million stolen, almost everything would have been returned to this digital wallet that the Poly network would later have access to, with the exception of the $33 million worth of stablecoin USDT that was frozen by its Tether network.
Hacker Now Wants $500K Reward
Desperate after the robbery, the DeFi platform made an appeal on Twitter, asking for the funds to be returned and even offering a $500,000 incentive to the attacker as a reward for their “act of good faith.” The hack or hackers acknowledged receipt of the offer and initially said they had turned it down, but instead began (and eventually concluded) returning the stolen funds to a multi-signature wallet created by Poly Network. However, the funds are still inaccessible without this wallet’s private key, which has not yet been sent by the criminal.
According to the attacker, he would not be a thief, but a “White Hat” hacker, who is supposedly a benefactor who exposes vulnerabilities in networks and programs so they can be identified and fixed before really malicious people find them. However, increasingly this does not seem to be the case. The criminal may have had difficulty converting such a large sum into cryptocurrencies without arousing suspicion, so he donned this disguise.
Now, with the original $500,000 compensation requirement demanded, he doesn’t seem to want to leave empty-handed. “Money means little to me, some people get paid to hack, I’d rather get paid for the fun,” wrote the attacker in messages within transactions on Ethereum. He adds that if he doesn’t receive compensation, he will have the “resources to keep the show going”.
“I will provide the final key when everyone is ready. My idea hasn’t changed, but I’m worried this could be an endless war,” the hacker said in an ultimatum to Poly Network to pay him.
“We made constant efforts to establish an understanding with “Mr. White Hat” and we really hope it transfers private keys as quickly as possible so we can return full control of assets to users,” the DeFi platform said in a statement.
with informations: CoinDesk