I was offered $500k as a thank-you bounty for pilfering $600m from Poly Network, says crypto-thief The mysterious miscreant who exploited a software vulnerability in Poly Network to drain $600m in crypto-assets, claims the Chinese blockchain company offered them $500,000 as a reward for discovering the weakness. Most of the digital funds have been returned over several transactions. “We appreciate you sharing your …
So many unknowns here, it's really impossible to know if this was really a joke\lark\prank for white hat purposes... Comments in previous articles relating to this story here on El Reg bring up a lot of good questions.
https://forums.theregister.com/forum/all/2021/08/10/poly_networks_cryptocurrency_theft/
https://forums.theregister.com/forum/all/2021/08/11/poly_network_funds_returned/
I'm dubious...
Indeed this is not the way a white hat or “a high-profile hacker in the real world” work. Professionals don't steal $600m then take their time giving it back, but only after their wallet address has been released publicly. Strikes me as more likely they are a child in the real world.
It can take some time to transact in cryptocurrency, especially if the original thief wants to ensure they're returned safely. Merely reversing the original theft could mean putting the tokens back into a system which is now known vulnerable, and so someone else could steal it soon afterward. So, assuming the thief is honest about their desire to return the funds, that could explain it. That is a very big assumption though, and there are other options available which are less favorable to the intent of the thief.
"In other words, the net may have been closing in on the thief. Poly Network had threatened legal action, and warned that police forces around the world would not allow this mega-heist to stand. The thief may have also found it tricky to launder or fence their huge pile of purloined assets."
Or the two parties worked together and got cold feet as suspicion was heaped on their project, together with the mechanisms of the alleged exit-scam were spelled out.
It's worth pointing out to people foolish enough to buy crypto, the details of the major scam that crypto is here:
Claims:
1) Crypto cannot be blocked by a central authority. FALSE. Here is it blocked simply by a company putting out an account number and saying "block this". It is trivial to block on mere allegation alone.
2) Crypto is private... long a LIE, its literally a blockchain, every transaction comes with a long history of every previous transaction done on it linked to wallets that can be linked to you if ever you buy anything. It's the ultimate in marked money.
3) Crypto is secure.... that's like saying bank notes can't be forged, therefore nobody can steal your bank notes. It's false logic.
4) Crypto is in limited supply. BUY NOW WHILE STOCKS LAST.... it's non-inflationary, some sort of protection against inflation, yet miners are inflating it, even as new tokens are launched and new block chains, hundreds of hundreds of them, an unlimited supply of magic numbers. It is not protection against inflation.
You bought nothing, you are sold the idea that it has some sort of vague properties that give it value. The properties above, "blockchain something or other". That is a lie, it has no inherent value.
You think you will profit, as other come to realize the inherent value you were sold on. There is no inherent value, you were conned.
This is a con, the properties claimed are a con. The players selling you this crap are con-artists, when one collapses they move onto the next con, the next crypto token. You are sold the next token, and the next con starts.
You are being conned. It is a Ponzi scheme and you can only exit it, if you can sucker in more people to join the scheme, and sell them your magic numbers.
"You are being conned. It is a Ponzi scheme and you can only exit it, if you can sucker in more people to join the scheme, and sell them your magic numbers."
If people value something, I say sell it to them. I have a Commodore Pet 2001 8-C restoration planned, it has no value to me, except the opportunity for the experience. If a collector wants to buy it off me, I'll sell and only charge them for my time. They are welcome to pay in crypto or cash or perhaps in some chickens, which will lay eggs, and later be eaten after the eggs grow into replacements or are consumed or sold.
It's a fraud, a ponzi scheme, a *deception*.
I buy your Commodore Pet and it has none of the properties you claimed, it is not made by Commodore, it is not a Commodore Pet and it is not the model 2001 8-C.
The value I attributed to it, was based on a deception by you and your buddies.
i.e. the deception element of the ponzi scheme.
Not secure, not private, not unblockable, not in limited supply. A magic number with a valuation that is impossible to cover without drawing more people into the scheme.
1) if someone else holds the keys to your crypto, you can loose it. If there is a security hole in your crypto, you can loose it. Make sure you know your tolerance to risk, and dont go out there with an inherant trust of everything.
2) mostly correct, except there are supposedly some privacy coins, but I havnt looked in to them (eg monero).
3) correct... its mostly secure, but nothing is completely certain.
4) money has no value either, the value comes from traditional money the same as it comes for crypto. That is people agree to use it, trust it, its worth what someone will pay for it, swap for it, etc. That value can change, the same as traditional money.
Always do your own research. The truth is that its not as valuable as some people would have you believe, but its also not a ponzi scheme and its worth more than nothing. It is early days for crypto and smart contracts, and the value is speculative, but I think if it was going to fail anytime soon, it'd have failed already. Sure its probably not going to replace how your employer pays you any time soon, but I think it is going to continue to grow over time.
I wouldnt suggest anyone buys it on promises of making a quick buck without understanding of what it is and how it works. I think we know which cryptos are the big players now, I wouldnt bother with any new startups using forked code and some vague promises.
4) Money has the benefit of having a government backing it, sometimes a government with really big bombs and an itchy trigger finger if someone tries to mess with their currency valuation in any meaningful way.
Crypto lacks this feature, but otherwise the two are roughly the same.
@Ropewash "Money has the benefit of having a government backing"
Whilst that is true it is not always enough there have been cases of country's suffering hyper-inflation and their currency being render relatively worthless, Germany in the early 1920s is a good example.
Also China has or is in the process of releasing a government backed crypto-currency.
Yes I agree with you but there can be exceptions.
Real coins have value because the bank "promises to pay the bearer on demand..."
In theory, you trust the central bank, in practice, in most states, retailers are obliged to accept the local currency. Often you are not permitted to accept other currencies. It's not so much trust as the alternatives are illegal.
No one is obliged to accept xxxcoin, its tulips all the way down.
"Real coins have value because the bank 'promises to pay the bearer on demand...'"
No, it doesn't. We left the gold standard a long time ago. If you go to a bank bearing currency, they will invite you to make a deposit, but otherwise they won't have anything else for you. You can't get anything of objective value in exchange, because the thing holding value is the currency you brought there. It has value because the central bank hasn't printed too much of it yet. This isn't necessarily a problem, but the days are gone when the currency represented some other asset.
"If it is that easy to steal, it isn't worth $600m."
No, that's not it. If it's that easy to steal, then the holder isn't worth your trust. For example, if it turns out that your bank holds your savings in one place without security, then you shouldn't entrust them with the job, but your savings aren't worth any less.
1) they've been found out and their identity will be leaked if they try to keep it - because odds are pretty much 100% that some of that stolen loot was owned by organized crime
2) it was intended as an inside job but they realized they screwed up somewhere and might be identified (see #1)
3) nothing at all was stolen, and this was just a publicity stunt for Poly Network on the theory of "there's no such thing as bad publicity"
DS999,
4) They 'bit off more than they could chew' and found that 'cashing out' could be more literal than they wanted !!!
NB:
If organised crime is involved, returning the money is not known to be the 'end of the matter'.
Leaking their identity is the 'BEST' option you could hope for ..... the 'WORSE' also involves 'leaking' ..... of fluids, some embarassing & Yellow, some somewhat more vital & Red !!!
:=)
Sounds to me like a deal the Chinese gov made with the company/hacker,
in order to get that hacker under their PRC womg. China being well known
in its hire of hackers, and this story being so weird (obviously
We all know there was no need to take 600 millions in this "White hat process",
how about none or just 100 million? they're taking us for dumbsht)
I wonder if you could get away with this sort of crime is you just took a million or two and told them how you did it.
A small enough amount that the exchange/bank/whatever could swallow it, large enough to be a nice pay day and potentially worrying enough that it could cost the company far more than the couple of million if the customers were scared off.
There has to be a point where the potential PR disaster would cost more than the theft.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
