About a week after a hacker stole $610 million from PolyNetwork in what was likely the biggest heist in the history of so-called decentralized finance, the victim has offered its attacker a job.<\/p>\n
The hacker claimed the attack against the PolyNetwork platform – which lets users swap tokens across multiple blockchains – was an act of \u201chacking for good\u201d to \u201csave the project.\u201d<\/p>\n
The attacker has since promised to return the money and so far delivered about half of it.<\/p>\n
PolyNetwork has responded by lavishing praise on the hacker, who it dubbed \u201cMr. White Hat,\u201d a term used to describe \u201cethical\u201d hackers who find vulnerabilities in computer networks and alert companies and organizations to fix them.<\/p>\n
On Tuesday, in an act of gratitude or perhaps exasperation, PolyNetwork offered Mr. White Hat a job as \u201cChief Security Adviser.\u201d<\/p>\n
The identify of the hacker isn\u2019t yet known, nor is it clear if Mr. White Hat is a single individual or a group of attackers.<\/p>\n
\u201cTo extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with PolyNetwork, we cordially invite Mr. White Hat to be the Chief Security Adviser of PolyNetwork,\u201d the company said in a statement.<\/p>\n
\u201cAgain, it is important to reiterate that PolyNetwork has no intention of holding Mr. White Hat legally responsible, as we are confident that Mr. White Hat will promptly return full control of the assets to PolyNetwork and its users.\u201d<\/p>\n
In the meantime, PolyNetwork is still struggling to get all of its clients\u2019 money back. After returning half of the network\u2019s assets, the hacker deposited the rest – around $235 million – into a joint account that is protected by two keys needed to unlock the funds. One of the keys was given to PolyNetwork, and the hacker has kept the other.<\/p>\n
PolyNetwork has been pleading with Mr. White Hat to turn in his key so the funds could be accessed ever since. The hacker has yet to do so, despite the job offer and another offer that would allow the hacker to keep $500,000 of the funds.<\/p>\n
The hacker\u2019s behavior has stumped experts, who\u2019ve been trying to trace the funds since they were initially stolen.<\/p>\n
\u201cThere have been plenty of DeFi hacks, but there haven\u2019t been any ongoing conversations between the hacker and the project,\u201d Tom Robinson, co-founder of blockchain forensics firm Elliptic Enterprises Ltd, said in an interview. \u201cIt seems like the hacker wants to retain some control over the funds. It just feels to me like the hacker has a bit of an ego. He wants to retain some attention.\u201d<\/p>\n
Researchers at the cryptocurrency research firm Chainalysis Inc speculated that PolyNetwork\u2019s posture may be a tactical decision aimed at getting all of their funds back by appeasing Mr. White Hat with money, accolades and titles.<\/p>\n
\u201cPerhaps PolyNetwork is implying trust in the attacker in an attempt to convince them to do the right thing and return the funds as soon as possible so they can begin the process of restarting their business,\u201d said Gurvais Grigg, global public sector chief technology officer of Chainalysis, in a text message.<\/p>\n
\u201cWhile it still remains to be seen how this strange story will play out, I can say that this is not typical behavior of true white hat hacker(s). The good news is that the blockchain is transparent, and we, along with the cryptocurrency community, have our eyes on the funds.\u201d<\/p>\n
DeFi apps – which let people lend, borrow and trade coins without using intermediaries – have become frequent targets of attacks lately as they gain in popularity. Some $156 million has been netted from DeFi hacks in the first five months of this year, surpassing the $129 million stolen in such attacks in all of 2020, according to crypto security firm CipherTrace Inc.<\/p>\n