Sunday, September 19, 2021

Japanese cryptocoin alternate robbed of $100,000,000 – Bare Safety

Another week, another cryptocurrency catastrophe.

Last week’s story was about Chinese cryptocoin smart contract company Poly Networks, which was robbed of about $600 million’s worth of various cryptocurrencies.

That heist has turned into an ongoing saga in which, mirabile dictu, the hacker ultimately seems to have agreed to return as much of the stolen cryptocurrency as he can.

In a bizarre stream of messages transmitted as “additional data” in zero-value transactions on the Ethereum blockchain, the thief claimed, ALL IN CAPS, to have acted out of altruism.

The hacker, now dubbed Mr. White Hat in an act of obeisance by Poly Networks, suggested that he’d taken the money for safe keeping before disclosing the bug, so that no one else could exploit it in the meantime.

(The implication was that the coders who would be working to fix the bug – who would inevitably need to know how the bug could be exploited in order to repair it properly – might themselves be rogues, and therefore needed protecting from their own baser instincts by a nobler form of cybercriminality.)

The money hasn’t all been recovered yet – that is expected to take a few days more – but Poly Networks seems confident [2021-08-20T15:00Z] that it will get back most of it in the end.

The company has also said that it will dig into its own pockets “to compensate for any slippage loss and fees that are incurred.”

Amusingly, if not amazingly, Poly Networks has “rewarded” Mr. Hat with 160 Ethereum coins (about $525,000 at today’s price), and offered him a role as Chief Security Advisor.

In one of the company’s own blockchain messages back to Hat, Poly Networks went so far as to invite him to be a co-approver of any future upgrades to the system.

That might seem like an alarming amount of control to offer to someone who once ran off with all your funds and deliberately shut down your whole network for two weeks, even if they decided to give back most of the money in the end:

We decided to use [a] multi-signature of relay chain validators to authorize upgrades. We also hope to invite you to participate in the future development of the Poly Network. If you want, your address […] can be one of the validators.

Hat, for his part, has been on the receiving end of numerous blockchain spam messages of his own, with a mixture of admirers, detractors and opportunists letting him know how they feel and what they expect from him.

YOU SAID YOU WILL GIVE ME A PERSONAL GIFT. I WOULD LIKE 32 ETH, insisted one commenter, who claimed to know the name of the company where Hat used to work and threatened to reveal the details.

Another noted, contrarily eschewing Hat’s ALL CAPS style and letter spacing, that Nowitseems­thatmoneyis­stillveryimportant.­Stillsupportyou!

Truth, as the truism goes, can sometimes be stranger than fiction.