After it suffered a historic exploit, the cross-chain bridging protocol taunts its attacker with an attractive job position.
In the aftermath of the Poly Network exploit, in which the attacker stole more than $600 million worth of crypto, just to return the biggest portion of the take, the network continues mitigating the damage and fixes its vulnerabilities, while continuing a dialogue with the responsive hacker.
The exploited cross-chain bridging protocol that enables flexible interaction between multiple chains, invited the anonymous individual responsible for the biggest decentralized finance (DeFi) heist to fill the team’s lead security advisor position.
Reward and a job offer
The network claimed it has no intention of holding the hacker legally responsible while putting a “Chief Security Adviser” position on the table.
We have made constant efforts to establish an understanding with Mr. White Hat and genuinely hope that Mr. White Hat will transfer the private keys as soon as possible so that we can return full asset control back to the users at the earliest,” said the protocol in the latest update, since a portion of the stolen funds remains locked in a multi-signature wallet, with the hacker withholding his key.
Poly Network has pleaded with the attacker to provide the private key and already offered him/her a substantial $500,000 reward, while referring to the individual as “Mr. White Hat,” which is supposed to reflect his/her ethical motives.
“I am considering taking the bounty as a bonus for public hackers if they can hack the Poly Network,” the attacker responded, while the network claims it will have no objections with “whatever Mr. White Hat chooses to do with the bounty in the end.”
We have fixed the cross-chain contract vulnerability that resulted in the keeper address being modified to the address specified by Mr. Whitehat. The fix involves whitelisting the contracts and methods that can be invoked via external calls,” said the protocol on Twitter.
Since the incident, the exploited protocol has made “asset recovery the team’s first priority,” while engaging with multiple security firms that helped them perform contract auditing.
As the new patch went through reviews and the mainnet upgrade went live, the team announced a new $500,000 reward program on a bug bounty platform Immunefi, offering $100,000 per critical vulnerability reporting.