A firm specialising in transferring cryptocurrency said Thursday that a hacker they are calling “Mr White Hat” was giving back all US$613 million in digital loot from a record haul.
Poly Network had put out word previously that nearly half of the digital assets swiped early this week had been returned.
“As our communication with Mr White Hat is going on, the remaining user assets on Ethereum are gradually transferred,” Poly Network said in a tweet.
“We look forward to Mr White returning all the remaining user assets, as stated by him.”
Polygon had urged the thief to return the stolen fortune.
A person claiming to be the hacker told their side of the story in a question-and-answer style post on Twitter.
The hacker said the heist was pulled “for fun” to expose a flaw that could have cost Poly Network dearly and undermined faith in cryptocurrencies.
“I would say figuring out the blind spot in the architecture of Poly Network would be one of the best moments in my life,” the post read.
“To be honest, I did have some selfish motives to do something cool but not harmful… then I realised being the moral leader would be the coolest hack I could ever archive.”
The return of the digital loot came as the thief was tracked by “white hat” hackers who use their software skills for good.
Their nefarious counterparts are referred to as “black hat” hackers in the cyber security world.
The heist had sparked debate about whether it would be fair to let the hacker keep some of the loot as reward for uncovering a Poly Network security weakness.
Open source developers alliance BinomialPool in a tweeted exchange proposed a bounty of 5% to 10% for pulling off such crypto-hacks.
“This could be a win-win,” tweeted @BinomialPool.
“Hackers don’t go into jail. The community faces acceptable losses. Code gets better.”
In an exchange on Twitter, Poly Network promised to pay a US$500,000 bug bounty after the stolen assets are returned.
Poly Network also assured the hacker they would not be held accountable.
“We think this behaviour is white hat behaviour, therefore this US$500,000 will be seen as completely legal bounty reward,” Poly Network said in the exchange.
Paying hackers bounties for uncovering and reporting bugs in software is common practice in the tech world.
Early on, Poly Network threatened police involvement, but also offered the hacker a chance to “work out a solution”.
The purported hacker said in the post that returning the digital haul was always the plan.
“I know it hurts when people are attacked, but shouldn’t they learn something from those hacks,” the post maintained.
The US Department of Justice and FBI did not respond to requests for comment.