cryptobriefing.com
The Poly Network hack saga has come to an end, as the anonymous hacker dubbed “Mr. Whitehat” has given away the private key to a multi-sig wallet containing over $140 million in stolen funds.
Poly Network Accesses Hacker’s Private Key
The Poly Network hacker has openly published the private key to a multi-sig wallet containing over $140 million in WBTC and ETH that they stole from the project.
A final message addressed to the team admitted that their “wild or mad” behavior led to a major crisis. The incident has been called the biggest DeFi hack in history, with over $600 million stolen from the cross-chain interoperability protocol.
Last week, after negotiations with the Poly Network team, the hacker deposited most of the stolen funds into a multi-sig wallet controlled by both parties. This wallet was controlled by different private keys held by the hacker and the Poly Network team.
Soon after, with the hacker’s cooperation, the team started the recovery process. But, the full recovery of the stolen assets was delayed last week as the hacker still withheld the private key to the multi-signature wallet.
Over $140 million remained in the wallet, including 28,953 ETH and 1,032 WBTC, for which the team awaited private key authorization from the hacker. Today, after the hacker dubbed “Mr. Whitehat” handed over the private key to the multi-sig wallet, the team can fully recover the funds.
In an Ethereum transaction, the hacker wrote a message that brought much-awaited closure to the security incident. The hacker said they never considered taking the multi-sig walet as hostage for ransom. They added:
“SORRY FOR THE INCONVENIENCE! IT MUST BE ONE OF THE MOST WILD ADVENTURES IN OUR LIVES.”
In an earlier “Q&A” discussion on Ethereum, the hacker said they had conducted the attack in good faith, both “for fun” and to expose Poly Network’s security vulnerability.
In response, the Poly Network team described the hacker as a “whitehat,” and offered a bounty of $500,000. The hacker initially accepted the bounty but decided to send that to the same multi-sig wallet to be used for compensating the victims of the hack.
In a Monday tweet, the Poly Network team thanked the hacker and said that it was “ready for a new journey.”
Dear "Hacker",
Thank You! We are ready for a new journey.
Poly Network Teamhttps://t.co/djwsVJRXrN
— Poly Network (@PolyNetwork2) August 23, 2021
Besides the funds within the shared multi-sig wallet, an additional $33 million in USD Tether (USDT) in the hacker’s wallet were frozen. The Poly Network team confirmed it was in the process of recovering those funds too.