The anonymous person or people who pulled off the PolyNetwork hack by exploiting a fatal security hole have returned all of the stolen funds.
The obscure cross-chain DeFi protocol was successfully attacked in early August, which resulted in a colossal $610 million worth of crypto being stolen across Binance Smart Chain, Ethereum and Polygon.
Because of the scope of the hack, which is believed to be the largest cryptocurrency heist ever, the incident instantly became the talk of the town. Widespread interest in the attack started heating up because of the hacker's ludicrous behavior.
Initially, they sent a $42,000 tip to a random Ethereum user recommending avoiding using centralized stablecoins because they tend to block criminally-tainted addresses. Tether, for instance, quickly moved to freeze 33 million USDT associated with the heist.
Shortly after the breach, the hacker(s) signaled that they were ready to return the stolen funds to become "an eternal legend" after receiving a "Dear Hacker" letter from the project.
The hacker initially returned roughly half of the funds drained from the cross-chain protocol.
In another bizarre twist, Poly Network offered the bad actor the position of the project's chief security advisor along with a $500,000 bug bounty. The white hat did not take the money.
Mr. White Hat
After initially threatening the hacker with legal action, Poly Network is no longer planning to hold "Mr. White Hat" legally responsible.
The Poly Network team says that it is ready for "a new journey" in its celebratory tweet.
There has been a lot of speculation about what prompted the hacker to return the fortune. The most plausible version is that the white hat only wanted to teach the project a lesson and never intended to keep the money.
There is also a theory that the hacker had a more sinister motive in mind, but he found it difficult to launder that much money.
Some also believe that the hacker became a white hat out of fear of being caught. In a Twitter thread, blockchain security firm SlowMist announced that it had managed to get the attacker's IP, email and device fingerprints.