Open the vault: ‘Mr. White Hat’ Returns Almost All Stolen Funds.
Updated: Sep 6, 2021
The cybercriminals behind one of the world's largest cryptocurrency heists have returned almost of the hacked assets to Poly Network. Around AUD$823 million of digital assets were stolen from the DeFi platform last week after hackers exploited a vulnerability in the Poly Network system. The Poly Network is a little known blockchain system largely based in China and so the hack had little impact on digital currency markets globally.
The hackers exposed a weakness in the digital contracts Poly Network uses to move assets, according to Chainalysis. A person claiming to have instigated the attack wrote they did it “for fun” and wanted to “expose the vulnerability” before others could exploit the weakness, according to a notation on an Ether transaction. The hacker went on to say returning the tokens was “always the plan” and that they were “not very interested in money.”
The stolen assets includes hundreds of millions of dollars in Ethereum, Polygon and Binance Smart Coin. Before long however, small amounts of the assets began being returning to wallets under the control of the Poly Network platform. This could be due to the involvement of a blockchain security firm SlowMist, engaged within hours of the hack and a statement saying the hacker's email, IP address and device fingerprints had been identified.
Within 24-hours, the hackers contacted Poly Network via an encrypted message in a cryptocurrency transaction stating: “ready to return”. Before long, almost half of the stolen assets, were returned and communication has continued between Poly Network and the person they are calling ‘Mr. White Hat’, a reference to a "White Hat Hacker" which is an ethical hacker who does not steal or break into systems maliciously, as distinct from a "Black Hat Hacker" who does the opposite.
It appears now that almost all of the assets have been return, save for the AUD$44.8 million that cryptocurrency firm Tether froze using built in freezing switches within Tether tokens once the attack occurred, and several hundred million dollars worth of assets still within a wallet which requires both the Poly Network operators and Mr White Hat to sign a transaction to release those assets.
Could it be that the hacker truly is a White Hat as suggested, seeking to highlight only the flaws in smart contract code to promote stronger cyber security? Some suggest the headache of laundering almost AUD$1B may have proven too much and the absence of a contemporaneous message proving the hack was ethical is suspicious. Others have speculated that the combined effort off a virtual army and SlowMist would eventually track him or her down.
Even if Poly Network decide not to pursue the mysterious figure involved in the heist, the public nature of blockchains may mean others, including law enforcement, may not take such a polite view. This is not the first time that a theft of digital assets has resulted in a return of assets or discussions between the victim and the hacker, with the DAO hack in 2016 remaining one of the most well known.