In the aftermath of the Poly Network exploit, in which the attacker stole more than $600 million worth of crypto, just to return the biggest portion of the take, the network continues mitigating the damage and fixes its vulnerabilities, while continuing a dialogue with the responsive hacker.
The exploited cross-chain bridging protocol that enables flexible interaction between multiple chains, invited the anonymous individual responsible for the biggest decentralized finance (DeFi) heist to fill the team’s lead security advisor position.
Reward and a job offer
The network claimed it has no intention of holding the hacker legally responsible while putting a “Chief Security Adviser” position on the table.
#PolyNetwork has no intention of holding #mrwhitehat legally responsible and cordially invites him to be our Chief Security Advisor. $500,000 bounty is on the way. Whatever #mrwhitehat chooses to do with the bounty in the end, we have no objections. https://t.co/4IaZvyWRGz
— Poly Network (@PolyNetwork2) August 17, 2021
“We have made constant efforts to establish an understanding with Mr. White Hat and genuinely hope that Mr. White Hat will transfer the private keys as soon as possible so that we can return full asset control back to the users at the earliest,” said the protocol in the latest update, since a portion of the stolen funds remains locked in a multi-signature wallet, with the hacker withholding his key.
Poly Network has pleaded with the attacker to provide the private key and already offered him/her a substantial $500,000 reward, while referring to the individual as “Mr. White Hat,” which is supposed to reflect his/her ethical motives.
“I am considering taking the bounty as a bonus for public hackers if they can hack the Poly Network,” the attacker responded, while the network claims it will have no objections with “whatever Mr. White Hat chooses to do with the bounty in the end.”
“We have fixed the cross-chain contract vulnerability that resulted in the keeper address being modified to the address specified by Mr. Whitehat. The fix involves whitelisting the contracts and methods that can be invoked via external calls,” said the protocol on Twitter.
We have fixed the cross-chain contract vulnerability that resulted in the keeper address being modified to the address specified by Mr. Whitehat. The fix involves whitelisting the contracts and methods that can be invoked via external calls,which has been reviewed by @peckshield https://t.co/V5bChgT9Yr
— Poly Network (@PolyNetwork2) August 15, 2021
Since the incident, the exploited protocol has made “asset recovery the team’s first priority,” while engaging with multiple security firms that helped them perform contract auditing.
#PolyNetwork mainnet upgrade goes live. As stated in our #roadmap, the next step is Phase 3 Project Launch. For security reasons,#PolyBridge has taken down all assets, and users will freely execute cross-chain transactions after the projects’ applications. https://t.co/G2iWI7J4ez
— Poly Network (@PolyNetwork2) August 16, 2021
As the new patch went through reviews and the mainnet upgrade went live, the team announced a new $500,000 reward program on a bug bounty platform Immunefi, offering $100,000 per critical vulnerability reporting.
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.
Like what you see? Subscribe for updates.