The largest cryptocurrency heist of all time comes to a very unusual end. It was resolved by the hacker himself.
This month, Poly Network, a decentralized finance (DeFi) platform, had reported on August 10th that $611 million worth of cryptocurrency was stolen in an attack. The thief apparently exploited a vulnerability in their code, allowing them to transfer the funds into his own accounts.
However, instead of running off with the money, the hacker, known as Mr. White Hat, immediately reached out to the Network and began returning the funds he stole, with two exceptions: roughly $33 million in USDT tokens, which were blacklisted by their issuing company, and $200 million in assets that remained trapped by the hacker.
Why? It seems unclear. The company had been pleading with the hacker to return the funds, offering him a $500,000 bounty for identifying the flaw, and offering him a job as “chief security advisor”.
Mr. White Hat had placed these funds in an account that required users from both ends to enter the password so the funds can be transferred. He finally gave them access on Monday to the remainder of the stolen funds.
“At this point, all the user assets that were transferred out during the incident have been fully recovered,” Poly Network said. “We are in the process of returning full asset control to users as swiftly as possible.”