Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacker Dubbed ‘Mr White Hat’ to Return Entire Stolen Crypto Fortune

A firm specializing in transferring cryptocurrency said Thursday that a hacker they are calling “Mr White Hat” was giving back all $613 million in digital loot from a record haul.

Poly Network had put out word previously that nearly half of the digital assets swiped early this week had been returned.

A firm specializing in transferring cryptocurrency said Thursday that a hacker they are calling “Mr White Hat” was giving back all $613 million in digital loot from a record haul.

Poly Network had put out word previously that nearly half of the digital assets swiped early this week had been returned.

“As our communication with Mr. White Hat is going on, the remaining user assets on Ethereum are gradually transferred,” Poly Network said in a tweet.

“We look forward to Mr. White returning all the remaining user assets, as stated by him.”

Polygon had urged the thief to return the stolen fortune.

A person claiming to be the hacker told their side of the story in a question-and-answer style post on Twitter.

The hacker said the heist was pulled “for fun” to expose a flaw that could have cost Poly Network dearly and undermined faith in cryptocurrencies.

“I would say figuring out the blind spot in the architecture of Poly Network would be one of the best moments in my life,” the post read.

“To be honest, I did have some selfish motives to do something cool but not harmful… then I realized being the moral leader would be the coolest hack I could ever archive.”

The return of the digital loot came as the thief was tracked by “white hat” hackers who use their software skills for good.

Their nefarious counterparts are referred to as “black hat” hackers in the cyber security world.

The heist had sparked debate about whether it would be fair to let the hacker keep some of the loot as reward for uncovering a Poly Network security weakness.

Open source developers alliance BinomialPool in a tweeted exchange proposed a bounty of 5 percent to 10 percent for pulling off such crypto-hacks.

“This could be a win-win,” tweeted @BinomialPool.

“Hackers don’t go into jail. The community faces acceptable losses. Code gets better.”

In an exchange on Twitter, Poly Network promised to pay a $500,000 bug bounty after the stolen assets are returned.

Poly Network also assured the hacker they would not be held accountable.

“We think this behavior is white hat behavior, therefore this 500,000 USD will be seen as completely legal bounty reward,” Poly Network said in the exchange.

Paying hackers bounties for uncovering and reporting bugs in software is common practice in the tech world.

Early on, Poly Network threatened police involvement, but also offered the hacker a chance to “work out a solution.”

The purported hacker said in the post that returning the digital haul was always the plan.

“I know it hurts when people are attacked, but shouldn’t they learn something from those hacks,” the post maintained.

The US Department of Justice and FBI did not respond to requests for comment.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.