- The Poly Network hacker has sent all the stolen funds to a multi-signature wallet, though he is yet to reveal the final key.
- Without the key, the Poly Network team won’t be able to transfer the funds.
- The hacker is apparently not interested in money, rather he enjoys unveiling breaches.
The Poly Network hacker has sent all the stolen funds into a multi-signature wallet, though he is yet to reveal the private key. Poly Network was exploited for over $600 million worth of digital assets on August 10, which unfolded to be the largest hack in DeFi history.
The Poly Network team claimed that the hacker used a vulnerability between contract calls to exploit the network. The team shared that the hacker stole more than $250 million from Binance Smart Chain, over $85 million from Polygon Network, and more than $270 million from Ethereum.
Poly Network is a cross-chain interoperability protocol among three major protocols. These include Neo, the so-called “Ethereum of China,” Ontology, an open-source blockchain providing cross-chain and Layer 2 scalability, and Switcheo, a non-custodial DEX that enables the exchange of sixty cross-chain pairs.
However, in a dramatic turn of events, the hacker revealed intentions to return all the stolen funds. Within the first 24 hours, the hacker returned about half of the $600 million stolen funds. Before starting to return the fund, the hacker asked for a multi-sig wallet. “Failed to contact the poly. I need a secured multisig wallet from you,” the hacker said in a transaction.
Multisig, or multi-signature, wallets are a specific type of digital wallets that enable two or more users to lock funds as a group. To transfer the funds locked in a multisig wallet, all private keys are required.
After Poly Network set up a multisig wallet, the hacker transferred all the stolen funds minus the $33 million in USDT that was frozen by Tether to the wallet. However, the hacker hasn’t revealed the final key yet, without which the Poly Network team won’t be able to transfer the funds.
Hacker is Not Interested in the Money
Poly Network offered a $500,000 bounty to the hacker as a reward for returning the stolen funds. Surprisingly, the hacker initially acknowledged the offer but rejected it. However, he then asserted that he might accept the prize and use it to reward anyone who can hack the cross-chain platform.
The hacker said:
MONEY MEANS LITTLE TO ME, SOME PEOPLE ARE PAID TO HACK, I WOULD RATHER PAY FOR THE FUN. IF THE POLY DON’T GIVE THE IMAGINARY BOUNTY, AS EVERYBODY EXPECTS, I HAVE WELL ENOUGH BUDGET TO LET THE SHOW GO ON.
“I TRUST SOME OF THEIR CODE, I WOULD PRAISE THE OVERALL DESIGN OF THE PROJECT, BUT I NEVER TRUST THE WHOLE POLY TEAM,” the hacker embedded the message in a transaction.
“I WILL PROVIDE THE FINAL KEY WHEN _EVERYONE_ IS READY. MY IDEA IS NOT CHANGED, BUT I DO WORRY IT MIGHT BE AN ENDLESS WAR. SO I MIGHT RELEASE IT EARLIER AS LONG IF THE COMMUNITY UNDERSTANDS EVERYTHING,” the hacker said.