• Office Hours : 08:00 - 17:30

Poly Network offers up $500k bug bounty reward to its own hacker

Poly Network has offered its own hacker a $500,000 bug bounty reward for finding the vulnerability which allowed them to orchestrate what is now considered to be the largest cryptocurrency heist to date.

The blockchain platform reportedly offered up the prize after the hacker returned the remainder of the $610 million (£440 million) worth of Ether, Binance, and USDC tokens, stolen in a hack on the platform on Wednesday.

This is according to a Q&A published by the hacker and shared online by Tom Robinson, the co-founder of the London-based blockchain analytics and compliance company Elliptic. Robinson had found the messages “embedded in ethereum transactions sent from the account controlled by the hacker”.

In a note meant for the hacker, Poly Network is quoted as saying: “We appreciate you sharing your experience and we believe your action constitutes white hat behaviour”.

“We plan to offer you a $500,000 bug bounty after you complete the refund fully,” the company told the hacker, before adding that they won’t face any legal repercussions for the heist, describing it as “very helpful”.

The hacker stated that they hadn’t responded to Poly Network’s bug bounty offer, yet added that all the stolen assets will be sent back.

Related Resource

IT Pro 20/20: Does cyber security’s public image need a makeover?

Issue 18 of IT Pro 20/20 looks at recent efforts to retire the ‘hacker’ stereotype, and how the threat landscape has changed over the past 20 years

IT Pro 20/20 Issue 18: Does cyber security's public image need a makeover?IT Pro 20/20 Issue 18: Does cyber security's public image need a makeover?DOWNLOAD NOW

Elliptic analysts had previously speculated that the decision to return the assets could have been motivated by their traceability: the hacker could be “pursued by the authorities” due to leaving “numerous digital breadcrumbs on the blockchain for law enforcement to follow, aided by blockchain analytics tools”.

On Thursday evening, Poly Network stated that “all the remaining assets on Ethereum (except for the frozen USDT) had been transferred to the multisig[nature] wallet controlled by Mr. White Hat and Poly Network”.

“The repayment process has not yet been completed. To ensure the safe recovery of user assets, we hope to maintain communication with Mr. White Hat and convey accurate information to the public,” it said, before adding that “any unfounded allegations and speculation may damage the extremely important process of asset recovery”.

The identity of the hacker continues to be unknown. However, in their Q&A, they had hinted that they do not come from an English-speaking country and had been engaged in hacking from a young age. They also described themselves as a “high profile hacker in the real world” working in the “security industry”.

Featured Resources

From zero to hero: The path to CIAM maturity

Your guide to the CIAM journey

Download now

The total economic impact of the Intel vPro® platform

Cost savings and business benefits enabled by the Intel vPro® Platform, commissioned by Intel

Download now

X-Force Threat Intelligence Index

Top security threats and recommendations for resilience

Download now

How to reduce the risk of phishing and ransomware

Top security concerns and tips for mitigation

Download now

See the original article here: ITPro