back to article OK, so you stole $600m-plus from us, how about you be our Chief Security Advisor, Poly Network asks thief

The mysterious thief who stole $600m-plus in cryptocurrencies from Poly Network has been offered the role of Chief Security Advisor at the Chinese blockchain biz. It’s been a rollercoaster ride lately for Poly Network. The outfit builds software that handles the exchange of crypto-currencies and other assets between various …

  1. NoneSuch Silver badge
    Joke

    268 Mil to Spend or an IT Job With Possible Jail Time?

    Which would you choose?

    1. Mike007

      Re: 268 Mil to Spend or an IT Job With Possible Jail Time?

      I chose whatever they were smoking when they thought that calling the thief "Mr White Hat" would get them their money back.

    2. tmTM

      Re: 268 Mil to Spend or an IT Job With Possible Jail Time?

      I smell.....................desperation in the air at Poly

  2. HildyJ Silver badge
    WTF?

    Farce

    This story has gone from a popcorn friendly tale to a farce in record time.

  3. IceC0ld

    although the old country tale of setting a poacher as game keeper DOES spring to mind

    the sheer size of this 'draining of resources' does actually beggar belief

    and maybe Mr White Hat IS a true old school gentleman, who has no interest in money from others

    OR

    Mr White Hat just banked an additional 500K for his 'troubles' :o)

    1. Lil Endian

      Poacher Turned Gamekeeper

      In the '80s this happened with a major UK bank, one of the big five.

      They knew one of their DP guys had fled the country with £Oodles. It was certainly "real money" and they knew he'd been putting it in a holding account before exiting-stage-left. But they had no idea where the funds had originated - there were no ledgers/transactions showing a loss, all balanced.

      He was tracked down to Spain (I think). It was agreed the whole case would be dropped, he could keep the dosh and have a job as chief security bod at the bank if he spilled the beans and blocked whatever exploit he'd used. He accepted, and both parties held up their end of the deal.

      How did he do it? He had noticed that in transactions involving exchange rates or interest etc, fractions of pennies [1] were being truncated not rounded - the fractions were disappearing into thin air. So rather than them evaporating he put those fractions in to an account he controlled. All real money, no trace.

      [1] Many decimal places, word length I think.

      PS. Does anyone else get pissed off with languages using "round half to even", aka bankers' rounding? It's crap for anything other than averaging out financial transactions, such as *anything using mathematics*. Fekkin bankers!

      1. Anonymous Coward
        Anonymous Coward

        Re: Poacher Turned Gamekeeper

        Wasn't that in one of the Superman movies?

        1. Lil Endian
          Pint

          Re: Poacher Turned Gamekeeper

          I can't stop imagining a programmer sitting at his console in shiny red pants!

          And I know there are those of you out there WFH doing just that!

        2. Anonymous Coward
          Anonymous Coward

          Re: Poacher Turned Gamekeeper

          Yes, I'd really like to see a link with an source for this that's not on imdb...

        3. Cederic Silver badge

          Re: Poacher Turned Gamekeeper

          I'm not sure, but it was in Office Space.

          It's also just not a realistic scenario. Reconciliation and settlements would fail.

      2. gandalfcn Silver badge

        Re: Poacher Turned Gamekeeper

        I remember it well.

      3. Mike 137 Silver badge

        Re: Poacher Turned Gamekeeper

        Two problems with this kind of poacher being turned into gamekeeper (in this case chief gamekeeper):

        [1] as the starting point is inadequate ethics, loyalty can only be assumed until a better offer comes along (however that offer may be couched)

        [2] just because this person carried out one breach successfully, there's no guarantee that they have the breadth of knowledge and expertise to protect the organisation against an entire threat landscape.

        1. Lil Endian

          Re: Poacher Turned Gamekeeper

          I don't disagree Mike. I may be incorrect in stating the post was head gamekeeper - unsurprisingly there's not a blog or Guardian article covering this. I've seen it in print somewhere, but dust in the wind.

          [1] In security loyalty should always be assumed absent. No agent, double- or triple- should be trusted. But they exist and are used. Loyalties do change genuinely. This case is unusual in that, even though it's almost certainly a crime there really was no victim as the bank was just evaporating the cash anyway.

          [2] Agreed. I don't comment (or have info, referenced or hearsay) regarding other aspects of his skill set. There was no (security) breach.

          As I can't cite any references, it's understandable if the anecdote is treated as myth. I personally accept it, both as plausible and through those that have relayed it to me.

      4. BOFH in Training

        Re: Poacher Turned Gamekeeper

        This reminds me of Office Space. Been a while since I last watched it, but I think it involved something about a decimal point being placed wrongly in the end.

    2. Richard Boyce

      Everything time he sends a message or uses his wallet, he increases the odds that he will be identified. Then it's game over.

  4. Anonymous Coward
    Anonymous Coward

    Charade

    While this is going on, see what transactions people connected to Poly Networks are doing. You're busy looking at this ridiculous nonsense, and not looking at the exit scam scenarios.

    Poly Networks would close down now, they've lost a huge amount of other peoples fluff-stuff, their network is not secure, and the cloud of suspicion is over them.

    It was never *their* fluff-stuff, so they could never make such a promise of 'no-prosecution', they know that, he knows that, that makes no sense.

    Sending back fluff-stuff and creating more IP and fingerprint data makes no sense.

    Sending more fluff-stuff while asking for the return of old fluff-stuff, again makes no sense.

    Stealing it in the first place, every transaction logged forever and public to everyone, again makes no sense.

    You're focussing on ONE receiving account and been told this is the ONE thiefs account, that claim came from Poly Networks, a participant in this little dance going on! Poly says 'look over there' and you look!

    It should be clear to everyone here, that this is worthless shit we're talking about. It is the value of monopoly money, in a game. At some point the Chinese authorities have to pull the plug on these crypto scams, and at some point the Chinese police have to start raiding these companies and ending these scams.

    You want to be world leader China? Stop the chest-beating, start the leading....Start here, with a full crypto ban.

    1. amanfromMars 1 Silver badge

      Re: Charade

      Many will be following China and Mr White Hat to discover the result and reward for a successful and virtually remote and relatively anonymous and failsafe secure penetrations test, for such appears to be case here which you have considered a charade, Anonymous Coward. Others however would ponder on it and wonder where it will lead for it is certainly unusual and quite different and sure to be generating a lot of monied interest interested in seeing/learning how such a charade/shenanigans can provide and guarantee a mutually beneficial profitable outcome.

      That is China being a world leader, is it not?

      Your posted negativity is rewarded with a downvote which is richly deserved.

      Ps .... Given the utter hash the Five Eyed West and its allies are making with their warrior incursions and ill conceived foreign interventions on the global geo-political stage in support of status quo arrangements, a different lead to follow elsewhere would surely be extremely welcome, methinks.

      1. Anonymous Coward
        Anonymous Coward

        Re: Charade

        Tagman,

        See the future here. China will pull the plug on this crap, police raids will follow, and given the giant size of China's "fluff-stuff mines", the rest of the world will follow *their* more decisive lead.

        You call him "Mr White Hat", I call him "Mr Poly in a different hat, with a stuck on moustache".

        His hat only became white, when Mr Poly invented a bug bounty, and they/him pretended it was a bounty after the fact.

      2. gandalfcn Silver badge

        Re: Charade

        Good analysis. "a downvote which is richly deserved" As opposed to yours which most definitely wasn't. sore loser springs to mind.

      3. Fruit and Nutcase Silver badge

        Re: Charade

        Given the recent news from Afghanistan, it would appear the five eyes are not pointing the right way/but are up where the sun doesn't shine to have not noticed the outcome

        1. gandalfcn Silver badge

          Re: Charade

          The whole thing has been wishful thinking because they don't learn from history. For a start the 3 Anglo-Ahghan Wars were totally ignored.

    2. gandalfcn Silver badge

      Re: Charade

      Bless.

  5. Pascal Monett Silver badge
    Stop

    Mr White Hat ?

    No.

    An actual white hat would never have taken any money (or maybe just a few cents, to prove the possibility). He would have contacted the company and told them how it would be possible to take some.

    This asshole took the money, got caught (well, detected and blocked), and only then pretended it was all in good faith.

    Calling that scum a white hat is an egregious insult to actual, honest white hats everywhere.

    1. Lil Endian

      Re: Mr White Hat ?

      An actual white hat would never have taken any money...

      I fully agree.

      However, it does seem more and more like an inside job, either a theft attempt or a publicity stunt.

      ---

      Mr WH takes funds.

      Mr Poly gets cosy with Mr WH.

      Mr WH climbs into bed with Mr Poly and secures their systems "to infinity and beyond".

      Mr Poly claims "We're so safe! Run with us!"

      ---

      If Mr WH does not go onboard with Poly it was probably a theft gone wrong, if he does it's more likely publicity IMHO.

      1. doublelayer Silver badge

        Re: Mr White Hat ?

        That was on my list of options too, but it really doesn't make sense. They've nicely publicized that they could be hacked and all the cash stolen. Some people might assume that it's better to employ someone who at least detected and prevented the attack, but others will decide that working with someone who has already been hacked once is a bad sign. In which case the publicity isn't very useful.

  6. Anonymous Coward
    Anonymous Coward

    I'm a bit curious: who is PolyNetwork exactly? They've been vaguely described as "Chinese", but that doesn't say much, and I've not been able to find any information: no link on their website that I can see, and all searches only return articles about the hack.

    So, where are they headquartered, who are their executives, that sort of thing? Thanks!

    1. Falmari Silver badge

      @AC I am curious now I did a search which found no information on who they are.

      1. Anonymous Coward
        Anonymous Coward

        And people really give them hundreds of millions? This to me is like, WTF?

    2. eyestwice

      Their origin is clear

      According to:

      https://github.com/polynetwork

      they're based on Mars. Now, who do we know from there?

  7. Aussie Doc Bronze badge
    Pint

    Wow

    To coin a phrase: "Well, that escalated quickly."

    Cider O' clock somewhere.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021