Crypto platform Poly Network rewards hacker with $500,000 'bug bounty'

By Alun John and Tom Westbrook

HONG KONG (Reuters) - Poly Network, the cryptocurrency platform which lost $610 million in a hack earlier this week, confirmed on Friday it had offered the hacker or hackers a $500,000 "bug bounty".

In a statement it thanked the hacker - who it dubbed a "white hat", sector jargon for an ethical hacker who generally aims to expose cyber vulnerabilities - who had returned the bulk of the funds for "helping us improve Poly Network's security".

The network also said it hoped "Mr. White Hat" would contribute to the blockchain sector's continued development upon accepting the $500,000 reward, which it had offered as part of negotiations around the return of the digital coins.

The statement did not specify the form in which it would pay the $500,000. It said the hacker had responded to the offer but did not say if it was accepted.

On Thursday digital messages shared on Twitter by Tom Robinson, chief scientist and co-founder of crypto tracking firm Elliptic, showed a person claiming to have perpetrated the hack had said Poly Network offered him the bounty to return the stolen assets.

A lesser-known name in the world of crypto, Poly Network is a decentralized finance (DeFi) platform that facilitates peer-to-peer transactions with a focus on allowing users to transfer or swap tokens across different blockchains.

The as-yet unidentified hacker or hackers appear to have exploited a vulnerability in the digital contracts Poly Network uses to move assets between different blockchains, according to blockchain forensics company Chainalysis.

According to Friday's statement, the hacker has returned $340 million worth of assets and transferred the bulk of the rest to a digital wallet jointly controlled by them and Poly Network.

The remainder, held in tether, was frozen by the cryptocurrency firm behind the stablecoin.

"After communicating with Mr. White Hat, we have also come to a more complete understanding regarding how the situation unfolded as well as Mr. White Hat's original intention," the statement said, without giving further details.

Poly Network announced the hack on Tuesday, but the following day said the hackers had begun returning the digital coins they had taken.

The hackers said in digital messages shared by Elliptic that they had perpetrated the attack for fun and that it was always the plan to return the tokens.

Some blockchain analysts have speculated however they might have found it too difficult to launder stolen cryptocurrency on such a scale.

 

(Reporting by Alun John in Hong Kong and Tom Westbrook in Singapore; Editing by David Holmes)