Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Crypto platform offers $500,000 “bug bounty” to hacker for returning stolen assets

August 13, 2021, 4:31 PM UTC

The cryptocurrency platform that lost, and later mostly recovered, more than $600 million from a hacker earlier this week said Friday it offered the person or people who stole the money a $500,000 “bug bounty.”

In a statement, the cryptocurrency platform Poly Network said the hacker had responded to the request but did not specify whether the person had accepted. The statement did not specify how the bounty would be paid out.

The chief scientist and cofounder of crypto tracking firm Elliptic, Tom Robinson, later posted on Twitter a series of messages embedded in Ethereum transactions, which he said were sent from the account controlled by the hacker. In the messages, the hacker said they were offered a $500,000 reward from Poly Network, but that they would not be claiming it.

In a statement, Poly Network thanked the hacker, which the company referred to in tweets as “Mr. White Hat,” a reference to “white hat” ethical hackers who expose vulnerabilities in programs to test their security.

In the days since the hacker stole the digital currency, in what is believed to be the largest cryptocurrency hack in history (the Mt. Gox hack was worth $450 million at the time), they have returned nearly all the cryptocurrency to the Poly Network platform. This includes millions in Ether, Binance Smart Chain, and Polygon, according to the crypto platform’s Twitter.

In an anonymous self-Q&A posted on Twitter by Robinson, the hacker said the attack was carried out “For fun :)” and that they always meant to return the coins. Some cybersecurity experts believe the hacker ultimately changed course because they found it difficult to launder the stolen cryptocurrency. The hacker has even asked the public for donations.

All that is left to be returned to Poly Network is about $33 million in Tether, which was frozen by the company that runs the cryptocurrency. Despite having returned the funds to a shared wallet with Poly Network, the coins likely still require keys held by both Poly Network and the hacker to be released, according to Elliptic.

It is yet to be seen whether authorities will continue to pursue the hacker.

On Friday, Poly Network apologized to its users for the hack in a Tweet, saying, “…it is truly unfortunate that a system vulnerability has come forward in this way.” The platform also posted its plan for fixing vulnerabilities in its platform and recovering user assets, which includes creating a global bounty program to encourage security agencies to audit its core functions.

Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.