This $600 Million Crypto Heist Is the Most Bizarre Hack in Recent Memory

After stealing around $600 million in cryptocurrency, and returning most of it, a hacked cryptocurrency platform rewarded the hacker with half a million dollars.
Image: Jakub Porzycki/NurPhoto via Getty Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The saga of the largest cryptocurrency heist in history by dollar value may be coming to an unexpected end. The hacker, who stole $600 million in various cryptocurrencies last week, has reportedly started returning the last batch of stolen funds, and the company that was hacked has rewarded them with around $500,000 as a "bug bounty." 

The cross-blockchain cryptocurrency platform Poly Network disclosed a hack last week, saying a hacker—or hackers—had stolen around $600 million in different cryptocurrencies like Ethereum, Bitcoin, and Tether. This was the largest heist in the emerging decentralized finance (DeFi) space to date, but what made it truly bizarre is that the hacker began to return the funds after Poly Network published an open letter pleading them to give the money back, addressing them as "Dear Hacker." 


The last week has been a strange back-and-forth between Poly Network and the hacker, who sent the majority of the stolen funds to multi-signature wallets jointly controlled by the platform and the hacker. The hacker has also posted lengthy missives to the Ethereum blockchain,  threatening to delay returning the funds, describing the whole process as a "funny game."

"For the past few days the hacker had been refusing to let the funds be moved, despite Poly Network promising the hacker a $500k 'bug bounty,'" said Tom Robinson, the co-founder of blockchain analysis firm Elliptic, in an email to Motherboard. "However, that seems to have changed as of last night."

Now, according to an update from Poly Network, the hacker has returned all but around $141 million, which is still stored in multi-signature wallets that require the hacker's cooperation to empty. In response, Robinson said, Poly Network sent the hacker a $486,000 payment, as a reward. 

"Although we did not receive a positive response from Mr. White Hat, we still fulfilled our promise and credited 160 ETH," Poly Network wrote in a blog post.


Last week, Poly Network said that they offered $500,000 as a "bug bounty" to the hacker, for having found the vulnerability that allowed them to steal funds. Even more bizarrely, Poly Network also offered the hacker a job. 

“To extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network,” Poly Network said in a statement, according to CNBC.

Do you research vulnerabilities on cryptocurrencies and their networks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at, or email

Poly Network did not immediately respond to a request for comment. 

It's not uncommon for hackers who commit crimes to eventually land in the cybersecurity industry. But, usually, it doesn't happen in a matter of days, nor during a negotiation to recover stolen money. 

In the 1990s, Kevin Mitnick went on a hacking spree, and ended up in prison. Years later, he became a so-called white hat hacker and has since worked for several companies, including founding his own cybersecurity firm. Marc Maiffret went from being raided by the FBI at 17 to working at FireEye, one of the most well-known cybersecurity companies in the world. Before he became a cybersecurity journalist and author, Kevin Poulsen was arrested in 1991 after 18 months as a fugitive, and then pleaded guilty, getting a 5 year sentence, the highest at the time for hacking in the US.  

With millions yet to be returned, the strange saga of the Poly Network hack may have more twists to come. Or, as users hope, it may come to a quick conclusion.

Subscribe to our cybersecurity podcast, CYBER.