Poly Network recovers full $610m of stolen crypto

24 Aug 2021

Image: © Igor Faun/Stock.adobe.com

The platform had been waiting for the thief to give it access to the final $141m in assets, which will now be returned to users as a ‘first priority’.

Crypto platform Poly Network said it has recovered the $610m of cryptocurrencies stolen from it two weeks ago.

Return of the assets began less than 48 hours after the initial disclosure of the attack, with the thief saying at the time that returning the funds was “always the plan”. But the decentralised finance platform has now confirmed that it recovered the full amount.

The final $141m of assets, mostly Ethereum, remained trapped in a wallet until yesterday morning (23 August) when the hacker finally transmitted the key to Poly Network. The “first priority” is now returning control of these assets to the users to whom they belong, according to the company.

“Thanks to the users’ patience and support for the past 10 days, the Poly Network team will proceed with accurate accounting of the assets and return them to the users within the shortest time frame possible.”

Once that has occurred, the platform will “gradually resume cross-chain functionality for all the assets”, subject to security checks.

Approximately $33m of Tether, which is a stablecoin tied to the US dollar, remains frozen. Poly Network said it is “in close communication” with Tether to complete the necessary checks to release those funds.

The crypto platform has also been in constant contact with the thief, who it refers to as “Mr White Hat”. The company offered him a job as its chief security adviser as well as a $500,000 bounty for discovering the security flaw that enabled the theft.

In a note attached to one of the final transactions, the hacker apologised “for the inconvenience” but described the events as a “wild adventure”. He said that his “last request” was that the bounty money, as well as the donations he previously solicited from the public, be distributed to the “survivors” of the theft.

Poly Network said it plans to introduce a security bounty programme, offering $500,000 to anyone who reports serious security flaws in their platform.

The exact nature of the exploit that enabled this theft has not been made public. Some believe the hacker was able to use a flaw in the Poly Network system to execute transactions for which he should not have had permission.

Jack Kennedy is a freelance journalist based in Dublin

editorial@siliconrepublic.com