Poly Network Sends Bounty as Attacker Holds $141M Hostage

Ethereum blockchain transaction records confirm the transfer of 160 ETH (about $480,000) to the "Poly Network Exploiter 2" wallet address.

AccessTimeIconAug 19, 2021 at 1:45 p.m. UTC
Updated Sep 14, 2021 at 1:42 p.m. UTC

Poly Network, the China-based blockchain protocol exploited earlier this month for more than $600 million, said Thursday it had sent a bounty worth nearly $500,000 to the attacker and that most of the looted cryptocurrency has now been fully recovered. 

But the attacker apparently has yet to provide a key needed to unlock the remaining $141 million.

"There are users who are panicking that they might lose control of their assets, and we want to minimize the impact on them, so restoring our network and our users’ assets in a secure manner as quickly as possible is our top priority," the Poly Network team wrote early Thursday in an email. 

The latest twist in the saga that began with the Aug. 10 exploit comes a day after the attacker, identified in the Ethereum-blockchain explorer website Etherscan as "Poly Network Exploiter 1," threatened to delay the return of the funds until at least next week.

The hack is considered the biggest-ever in decentralized finance, (DeFi) and has highlighted the risks for cryptocurrency traders of using experimental software protocols that haven't been fully battle-tested. The transparency of blockchain data has turned the back-and-forth negotiations between the attacker and Poly Network team into a suspenseful drama playing out in public.   

Bounty of 160 ETH transferred

The attacker previously had returned most of the looted digital assets to a special wallet set up for the purpose but had withheld a key needed to release them back to the Poly Network. The tokens include the dollar-linked stablecoins USDC and dai.   

Late Wednesday, the Poly Network Exploiter 1 wallet address used a data field within a transaction on the Ethereum blockchain to send a message to the Poly Network team: "PLEASE BE PATIENT. JUST SIGNED TRANSACTIONS OF USDC & DAI A FEW HOUR AGO." 

Meanwhile, the Poly Network team, in the email update on Thursday, pointed to a transaction record on Ethereum showing that some 160 units of the cryptocurrency ether, worth about $480,000 at current prices, had been sent to a wallet address identified as "Poly Network Exploiter 2." A related transaction record shows that the 160 ETH had been withdrawn from the Binance exchange on Aug. 12. 

According to the email, the attacker, referred to by the Poly Network team as "Mr. White Hat," has now returned assets worth about $427 million. Such assets include 96.9 million DAI "received today," the team wrote. 

"We will convert the DAIs back to USDC to be used to recover the users’ assets, and we will compensate for any slippage loss incurred in the transactions with our own funds," the email said. 

But a significant chunk of the funds has yet to be fully returned.

"There are still 28,953 ETH and 1,032 WBTC (about $141 million) left in 3/4 multi-signature wallets for which we await Mr. White Hat to provide his private key authorization," the Poly Network team wrote. The wrapped bitcoin represents a version of bitcoin that's been digitally retrofitted to move on the Ethereum blockchain.

About 33 million of the dollar-linked stablecoin tether is frozen, according to Poly Network. 

"Poly Network is actively communicating with Tether on how to deal with this USDT is also a serious and careful decision making process for Tether," the Poly Network team wrote. "We are confident there will be a clear result soon, as we need this assets in order to perform full asset recovery."

'Mr. White Hat'

The attacker's motives remain unknown. The term "white hat" is typically used to denote an attacker who scouts for bugs or loopholes in the underlying code with the intent of helping developers plug any vulnerabilities. Bounties are often paid to these hackers as a gratuity for their contributions to the security of the network or protocol. 

"Although we did not receive a positive response from Mr. White Hat, we still fulfilled our promise and credited 160 ETH (worth about $500,000) to the address Mr. White Hat had made public," the Poly Network team wrote in the email. 

The Poly Network project is gradually restarting suspended operations, with full functionality restored for at least 31 assets including binance coin (BNB), uniswap and shiba inu coin (SHIB), according to the team. 

"We will still proactively stay in communication with Mr. White Hat," Poly Network wrote in the email. "We believe that the sooner we assure him that Poly Network is recovering with security as the top priority, and in an organized manner, the sooner we can gain his trust and eventually obtain his private key."


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.