A security-conscious ethical hacker identified a vulnerability in Poly Network.
Earlier this week, a significant amount of Tether cryptocurrency was stolen from Poly Network, a decentralized finance system known as DeFi that leverages blockchain technology to provide services such as loans and trading. The total value of the stolen Tether coins was $600 million, marking it as one of the largest cryptocurrency thefts to date. Fortunately, for Poly Network, the individual responsible for the theft apparently had no ill intentions and was willing to return the funds.
Today, the large majority of the pilfered Tether coins have been successfully returned to Poly Network’s possession. The hacker, who remains unidentified, contacted Poly Network, identifying themselves as a “white hat” hacker. White hat hackers engage in ethical hacking activities by identifying vulnerabilities in systems and alerting the owners of those vulnerabilities. As per the hacker, the breach was carried out as a recreational endeavor, and the intention to return the funds was present from the outset. In recognition of identifying this critical vulnerability in their system, Poly Network extended a $500,000 bug bounty offer to the hacker, which was declined.
‘White hat’ hacker returns most of $600 mln crypto tokens taken -Poly Network https://t.co/mI25tM4ANo pic.twitter.com/iCIS7l7k72
— Reuters (@Reuters) August 13, 2021
However, an approximate value of $268 million in stolen Tether remains unrecovered. This is due to a unique aspect of Tether as a cryptocurrency, where the funds were placed in a separate account requiring specific passwords from both Poly Network and the hacker for access. The hacker declined the bug bounty offered by Poly Network due to the desire for legal immunity concerning the incident and is withholding the remaining Tether until this guarantee is provided.
“It is probable that accessing the funds would necessitate keys held by both Poly Network and the hacker – allowing the hacker the ability to render the funds inaccessible at will,” suggested Tom Robinson, the chief scientist of Elliptic, a blockchain analytics company.