The Poly Network hackers have returned assets worth around US$427 million, the company announced on Thursday. But hackers accused the company of “incompetency” and are refusing to give back the rest of the loot.

Fast facts

  • The hackers had transferred the stolen assets worth over US$600 million in total to mutli-signature wallets controlled by the hackers and the Poly Network team last week, with the exception of US$33 million worth of Tether that were frozen after the hack. The Poly Network attack was the largest hack in DeFi history where attackers, now dubbed as Mr. White Hat, exploited a loophole in the network that has now been fixed.
  • The hackers have yet to provide the private key authorization for the 28,953 Ether and 1,032 Wrapped Bitcoin tokens, worth about US$141 million, that are still in the mulit-signature wallets.
  • Messages by the exploiters on the Ethereum network shared by blockchain investigation firm Elliptic’s founder Tom Robinson on Twitter shows that they are “not ready to publish the final key in this week.” The hackers said that their “goodwill” of returning assets was “ignored completely” by Poly Network and that they were “a little bit upset about their [Poly Network’s] hipocrisy and incompetency.” They wrote: “I felt inconsistance [sic] from this group of people [Poly Network team] … I have been trying to cooperate with them through Ethereum which should be efficient and elegant, but it’s not as simple as I expected.”
  • The hackers were also dismayed that Poly Network kept “pushing” them to return the assets but showed no urgency in the handling of the frozen Tether tokens, which they believe would have been “much more reasonable if they [Poly Network] had fixed the problem while I was returning other assets.” However, the exploiters lauded Poly Network’s speedy repair of the loophole that led to the biggest DeFi hack.
  • Data from Etherscan shows that Poly Network has transferred the promised bug bounty of 160 Ether, worth around US$517,000, to the hackers. Although the hackers did not initially respond to the bug bounty offer, they had later stated that they wanted to use the amount to compensate the victims of the attack, and had even started accepting donations for the victims. While the address shared for donations contained US$4,000 worth of tokens on Aug. 13, it now contains only about US$200.
  • In its latest update, Poly Network said that it is communicating with Tether, that is yet to reach a decision about how to handle the frozen assets. In the meanwhile, Poly Network has restored cross-chain functionality for 31 assets. The company had offered the job of Chief Security Advisor to the hackers which elicited a joke as a response but it is not yet clear if the offer has been accepted.