Poly Network Attacker Threatens to Delay Return of Funds

"WHAT A FUNNY GAME," the Poly Network attacker wrote into a transaction on the Ethereum blockchain.

AccessTimeIconAug 18, 2021 at 8:40 p.m. UTC
Updated Sep 14, 2021 at 1:42 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The hacker who carried out a $600 million-plus exploit on the blockchain protocol Poly Network has threatened to delay the full return of funds until at least next week.

"YOUR ESSAYS ARE VERY CONVINCING WHILE YOUR ACTIONS ARE SHOWING YOUR DISTRUST, WHAT A FUNNY GAME," the attacker, identified on the blockchain-tracking website Etherscan as "Poly Network Exploiter 1," wrote Wednesday in a transaction data field on the Ethereum blockchain. 

The saga has already dragged into its second week, as executives behind the project plead with the attacker to return the looted funds from the Aug. 10 attack. They have created a destination account for the return of the funds, but it requires multiple signatures to unlock the funds, and the attacker's cooperation is needed.

"I AM NOT READY TO PUBLISH THE KEY IN THIS WEEK," the attacker wrote. 

In what appeared to be a reply, a subsequent message posted on Ethereum and signed "Poly Network Team" said that "we still hope you can provide the key to us this week, because thousands of users are waiting to get their assets back."

"The sooner the asset recovery can be carried out, the more negative emotions will be avoided," the message read. "We are unlikely to get a proper rest until we fully return the user assets."

The Polygon Network negotiators have referred to the attacker as “Mr. White Hat” – ostensibly a reference to a  “white hat” attacker who tries to exploit vulnerabilities in a protocol to help expose and ultimately fix bugs or loopholes in the underlying code. 

Bounty paid in ETH?

They have also promised to send the attacker a $500,000 bounty for helping to identify a vulnerability in the protocol.

And in the message on Wednesday, the Poly Network Team address wrote that "we still decided to go ahead and transfer 160 ETH" to an address associated with the attacker. The dollar equivalent of 160 units of ether (ETH) works out to roughly $500,000. 

But as of press time, CoinDesk could not independently confirm that such a transfer had been made. 

Poly Network officials didn't immediately reply to a request for comment on the latest blockchain banter. 

The transparency of blockchain data has turned the back-and-forth negotiations between the attacker and Poly Network's staff into a surprisingly suspenseful drama playing out in public.

As reported previously by CoinDesk, cryptocurrency users have sent dozens of complimentary messages to the attacker pleading for a share of the loot, and some of them have even used the Ethereum blockchain to send small increments of cryptocurrency as tips. 

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.