A Deep Dive into the Poly Network Hack

One of the most bizarre cryptocurrency stories in a long time. In the last few days, the crypto community has keenly followed the case of the Poly Network hack, which had all the thrill and drama that one would expect from the biggest cryptocurrency heist to ever be committed.

Up until last month, the largest digital currency fraud to ever be committed was the $534.8 million stolen from Japanese digital currency exchange Coincheck in a 2018 attack. Fast forward 3 years later, and the digital currency ecosystem took another blow when cryptocurrency platform Poly Network was targeted by a hacker who stole more than $600 million worth of tokens. The thief detected and exploited a vulnerability in Poly Network’s code which allowed them to transfer the funds to their own accounts.

However, the 21st century crypto version of a fraud brought with it its own unique twist. The thief did not run away with the funds- instead, he promised the Poly Network via messages embedded in Ethereum transactions that he would return all the funds and true to his word, he did return nearly all of the money. However, more than $200 million worth of assets were frozen in an account that required passwords from the hacker, who refused to share them saying he would only do so once “everyone is ready”. 

Poly Network, calling the hacker “Mr. White Hat”, offered him a $500,000 reward for helping it detect the flaws in its systems and even offered him a job as “chief security officer”. Finally, after days of dramatic and cryptic message exchanges via the Ethereum network, the hacker gave Poly Network access to the remaining stolen funds by sharing the private key needed to regain control of the remaining assets. He even returned the $500k bug bounty, as well as other donations he received!

The best guess is that the hacker did not have ill-intentions and simply detected a flaw in the system and went about exploiting it in the strangest way. In all probability, the hacker must have been smart enough to know it would be difficult to launder the money and cash it out, since all transactions are recorded on the blockchain.

Mr. White Hat concluded the dramatic saga by saying, “My actions, which may be considered weird, are my efforts to contribute to the security of the Poly project in my personal style.” Poly Network thanked the hacker for keeping his promise and restoring the funds securely where they belong.


Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Each investor must do his/her own research or seek independent advice if necessary before initiating any transactions in crypto products and NFTs. The views, thoughts, and opinions expressed in the article belong solely to the author, and not to ZebPay or the author’s employer or other groups or individuals. ZebPay shall not be held liable for any acts or omissions, or losses incurred by the investors. ZebPay has not received any compensation in cash or kind for the above article and the article is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information.

ZebPay Weekly

Subscribe for latest crypto news & stay updated!

    Start Trading Now