Poly Network, the China-based blockchain protocol that was exploited earlier this month for more than $600 million, announced Thursday that it had sent a nearly $500,000 bounty to the attacker and that the majority of the looted cryptocurrency had been fully recovered.
However, it appears that the attacker has yet to provide the key required to unlock the remaining $141 million.
“There are users who are worried that they will lose control of their assets, and we want to minimize the impact on them, so restoring our network and our users’ assets in a secure manner as soon as possible is our top priority,” the Poly Network team wrote in an email early Thursday.
The latest twist in the saga that began with the Aug. 10 exploit comes a day after the attacker, identified as “Poly Network Exploiter 1” on the Ethereum-blockchain explorer website Etherscan, threatened to delay the return of the funds until at least next week.
The hack is thought to be the largest in the history of decentralized finance, or DeFi, and has highlighted the risks for cryptocurrency traders of using experimental software protocols that haven’t been fully battle-tested. The transparency of blockchain data has transformed the back-and-forth negotiations between the attacker and the Poly Network team into a suspenseful public drama.
A bounty of 160 ETH has been transferred.
The attacker had previously returned the majority of the looted digital assets to a special wallet created for the purpose, but had withheld the key required to return them to the Poly Network. Dollar-linked stablecoins USD coin (USDC) and dai are among the tokens (DAI).
Late Wednesday, the Poly Network Exploiter 1 wallet address used a data field within an Ethereum blockchain transaction to send the following message to the Poly Network team: “PLEASE BE PATIENT. JUST SIGNED USDC & DAI TRANSACTIONS A FEW HOURS AGO.”
Meanwhile, the Poly Network team pointed to an Ethereum transaction record in an email update on Thursday, indicating that approximately 160 units of the cryptocurrency ether (ETH), worth approximately $480,000 at current prices, had been sent to a wallet address identified as “Poly Network Exploiter 2.” According to a related transaction record, the 160 ETH were withdrawn from the Binance exchange on August 12.
According to the email, the attacker, known as “Mr. White Hat” by the Poly Network team, has now returned assets worth approximately $427 million. Among these assets is 96.9 million DAI, which was “received today,” according to the team.
“We will convert the DAIs back to USDC to be used to recover the users’ assets, and we will compensate for any slippage loss incurred in the transactions with our own funds,” according to the email.
However, a significant portion of the funds have yet to be returned in full.
“There are still 28,953 ETH and 1,032 WBTC (approximately $141 million) remaining in 3/4 multi-signature wallets for which we await Mr. Whitehat’s private key authorization,” the Poly Network team wrote. WBTC stands for “wrapped bitcoin,” and it represents a version of bitcoin (BTC) that has been digitally retrofitted to move on the Ethereum blockchain.
According to Poly Network, about 33 million dollars worth of the dollar-linked stablecoin tether (USDT) has been frozen.
The Poly Network team wrote, “Poly Network is actively communicating with Tether on how to deal with this USDT is also a serious and careful decision-making process for Tether.” “We are confident that a clear result will be forthcoming soon, as we require these assets in order to complete full asset recovery.”
“Mr. White Hat” is a fictional character.
The attacker’s motivations are unknown. The term “white hat” is commonly used to describe an attacker who scouts for bugs or loopholes in the underlying code in order to assist developers in plugging any vulnerabilities. Bounties are frequently paid to these hackers as a thank you for their contributions to the network or protocol’s security.
“Although we did not receive a positive response from Mr. White Hat, we kept our promise and credited 160 ETH (approximately $500,000) to the address Mr. White Hat had made public,” the Poly Network team wrote in an email.
According to the team, the Poly Network project is gradually resuming suspended operations, with full functionality restored for at least 31 assets, including binance coin (BNB), uniswap (UNI), and shiba inu coin (SHIB).
“We will continue to maintain proactive contact with Mr. White Hat,” Poly Network wrote in an email. “We believe that the sooner we can assure him that Poly Network is recovering in a safe and orderly manner, the sooner we can gain his trust and eventually obtain his private key.”