In context: Last week, a hacker who stole more than $600 million in various cryptocurrencies began returning the ill-gotten gains. The hacker had exploited a weakness in the Poly Network platform of multiple blockchains to pull off the heist. At the time, he had returned almost half of the funds stolen.
This week nearly all of the crypto stolen from Poly Network has been returned, but then something bizarre happened. Instead of turning the thief, who Poly Network refers to as Mr. White Hat, over to authorities, the company hired him to be its Chief Security Advisor and gave him a $500,000 bug bounty for finding the exploit.
Poly Network said that it maintained constant communication with Mr. White Hat as he returned the crypto. He expressed concerns with the platform's "security and overall development strategy." The company was impressed enough with his abilities that it offered him a senior-level position at Poly Network.
#PolyNetwork has no intention of holding #mrwhitehat legally responsible and cordially invites him to be our Chief Security Advisor. $500,000 bounty is on the way. Whatever #mrwhitehat chooses to do with the bounty in the end, we have no objections. https://t.co/4IaZvyWRGz--- Poly Network (@PolyNetwork2) August 17, 2021
"We are also counting on more experts like Mr. White Hat to be involved in the future development of Poly Network since we believe that we share the vision to build a secure and robust distributed system," Poly Network wrote in a blog post. "Also, to extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with Poly Network, we cordially invite Mr. White Hat to be the Chief Security Advisor of Poly Network."
At first glance, it may appear that Mr. White Hat was trying to undo his actions since there was no way to convert the already flagged cryptocurrency. However, when Poly Network offered him the $500,000 bounty, he turned it down. The company sent it to him anyway and told him to do whatever he wanted with it. The company said he had expressed that he may give it to the blockchain security community.
Regardless of whether Mr. White Hat was a benevolent security researcher or an actual black hat hacker that screwed up, hiring black and white hats is not uncommon. The general philosophy seems to be one of, who better to protect your network than the one who broke into it.
Image credit: B_A