On August 10, 2021, in the heat of the bull run, the Poly Network (not to be confused with Polygon) was hit with the biggest crypto hack to ever occur at that time (now surpassed only by the $625 million Ronin Network hack).
The hacker(s) was apparently able to exploit a weakness in the smart contract that the Poly Network was using to bridge between Ethereum, BSC, and Polygon, allowing them to divert the bridge liquidity to their 3 personal wallets. They made away with around $611 million in 12+ different cryptos including ETH, WBTC, USDT, USDC, and DAI.
That same day, the Poly team made a public request on Twitter for the hacker to open a dialogue, and urged them to return the assets. The hacker replied the next day by embedding a message into the data field of an Ether transaction that he sent to the Poly team:
PLEASE BE PATIENT. JUST SIGNED TRANSACTIONS OF USDC & DAI A FEW HOUR AGO.
The Poly Network received a large amount of returned assets that day.
Using the same communication technique, the attacker held a Q & A. He declared that he had always intended to return the stolen assets, and that he merely wanted to demonstrate a security flaw in Poly's protocol so that it would be fixed. Over the following few days, he returned over half of the coins, and put the majority of the remaining coins into a multisig wallet controlled by himself and the Poly team. Around this time the Poly team started to publicly refer to the hacker as “Mr. White Hat”.
Over the next week, Mr. White Hat and the Poly team communicated back and forth, with the Poly team eventually seeming to use transaction messages as well. Mr. White hat threatened to delay the return of the assets if the Poly Network's vulnerabilities weren't fixed. Some notable messages were:
YOUR ESSAYS ARE VERY CONVINCING WHILE YOUR ACTIONS ARE SHOWING YOUR DISTRUST, WHAT A FUNNY GAME,
I AM NOT READY TO PUBLISH THE KEY IN THIS WEEK
The Poly Network sent him 160 ETH (then worth a little under half a million dollars) as a bounty in hopes he would return the remaining assets. They also offered him a job as chief security advisor.
On August 25, 15 days after the hack, Mr .White Hat returned all of the remaining stolen crypto. It is not known whether he accepted the job, or just faded back into obscurity with his 160 Ether.
Whether or not the hacker was truly “White Hat” is disputed, with some prominent voices criticizing the Poly team for “whitewashing” the criminal actions of the hacker with the moniker they chose. Chainalysis CTO Gurvais Grigg suggested that Mr. White Hat returned the assets due to the difficulty of laundering them.
In the aftermath, the Poly Network launched a bug bounty program called Immunifi which pays people rewards for finding bugs in their code.