Victim of $813 million cyber attack offers its hacker a job

The hacker's behavior has stumped experts, who've been trying to trace the funds since they were initially stolen.
The hacker's behavior has stumped experts, who've been trying to trace the funds since they were initially stolen.PHOTO: REUTERS

PORTLAND, OREGON (BLOOMBERG) - About a week after a hacker stole US$610 million (S$831 million) from PolyNetwork in what was likely the biggest heist in history of so-called decentralised finance, the victim has offered its attacker a job.

The hacker claimed the attack against the PolyNetwork platform - which lets users swap tokens across multiple blockchains - was an act of "hacking for good" to "save the project". The attacker has since promised to return the money and so far delivered about half of it.

PolyNetwork has responded by lavishing praise on the hacker, who it dubbed Mr White Hat, a term used to describe "ethical" hackers who find vulnerabilities in computer networks and alert companies and organisations to fix them.

On Tuesday (Aug 17), in an act of gratitude or perhaps exasperation, PolyNetwork offered Mr White Hat a job as "chief security adviser".

The identify of the hacker is not yet known, nor is it clear if Mr White Hat is a single individual or a group of attackers.

"To extend our thanks and encourage Mr White Hat to continue contributing to security advancement in the blockchain world together with PolyNetwork, we cordially invite Mr White Hat to be the chief security adviser of PolyNetwork," the company said in a statement.

"Again, it is important to reiterate that PolyNetwork has no intention of holding Mr White Hat legally responsible, as we are confident that Mr White Hat will promptly return full control of the assets to PolyNetwork and its users."

In the meantime, PolyNetwork is still struggling to get all of its clients' money back. After returning half of the network's assets, the hacker deposited the rest - around US$235 million - into a joint account that is protected by two keys needed to unlock the funds. One of the keys was given to PolyNetwork, and the hacker has kept the other.

PolyNetwork has been pleading with Mr White Hat to turn in his key so the funds could be accessed ever since. The hacker has yet to do so, despite the job offer and another offer that would allow the hacker to keep US$500,000 of the funds.

The hacker's behaviour has stumped experts, who have been trying to trace the funds since they were initially stolen.

"There have been plenty of DeFi hacks, but there haven't been any ongoing conversations between the hacker and the project," Dr Tom Robinson, co-founder of blockchain forensics firm Elliptic Enterprises, said in an interview. "It seems like the hacker wants to retain some control over the funds. It just feels to me like the hacker has a bit of an ego. He wants to retain some attention."

Researchers at the cryptocurrency research firm Chainalysis speculated that PolyNetwork's posture may be a tactical decision aimed at getting all of their funds back by appeasing Mr White Hat with money, accolades and titles.

Said Mr Gurvais Grigg, global public sector chief technology officer of Chainalysis: "While it still remains to be seen how this strange story will play out, I can say that this is not typical behaviour of true white hat hacker(s). The good news is that the blockchain is transparent, and we, along with the cryptocurrency community, have our eyes on the funds."

DeFi apps - which let people lend, borrow and trade coins without using intermediaries - have become frequent targets of attacks lately as they gain in popularity. Some US$156 million has been netted from DeFi hacks in the first five months of this year, surpassing the US$129 million stolen in such attacks in all of last year, according to crypto security firm CipherTrace.