The Poly Network hacker, or hackers, have returned the final piece of the $610 million they had stolen from the DeFi network nearly two weeks ago.
Via a blog post on Monday, Poly Network confirmed that they had successfully retrieved the remaining 28,953 ETH and 1,032 WBTC, worth about $141 million. This was possible only after the hacker, dubbed “Mr. White Hat,” shared a private key to the multi-signature wallet holding the funds through an on-chain message.
Poly Network was hit by a major hack earlier this month, resulting in the loss of over $600 million in crypto-funds. This was by far the costliest hack in the history of the DeFi space, albeit one with a happy ending.
Some analysts have claimed that the hackers were able to exploit a vulnerability on the network. A vulnerability that gave them access to the transfer of these funds to their own accounts. Others, however, have suggested that “Mr. White Hat” was able to obtain Poly Network’s private keys.
While the hackers asserted that the exercise was only recreational, experts believe that it is simply too difficult for them to launder such a huge amount of money. Especially since all of the transactions would have been stored on the blockchain.
Nevertheless, the hackers had immediately promised to return all the stolen funds after opening a dialogue with their victim. In the last transaction, they even embedded a long note apologizing for the heist and calling it “one of the most wild adventures in our lives.”
Even as they returned a part of the stolen funds, $200 million were trapped in a multi-signature account which required keys possessed by both the hackers and the network. The hackers had initially refused to return the key, saying they would do so only when “everyone is ready.”
Poly Network had previously offered the hackers a $500,000 “security bug bounty” for recognizing the security flaw. It even offered the hacker a job as the network’s Chief Security Officer. Moreover, a stream of donations has been going the hacker’s way since.
However, while access to most of the funds has been granted to the DeFi network, $33 million in Tether remains inaccessible after they were frozen by their issuers last week. The blog post claimed that “the final unfreezing process” is already underway.
While thanking “Mr. White Hat for his cooperation and for keeping his promise,” the network added,
“At this point, all the user assets that were transferred out during the incident have been fully recovered. We are in the process of returning full asset control to users as swiftly as possible.”