The Poly Network team has announced that all the stolen Ethereum assets (amounting to over $600 million worth of cryptocurrencies) have been returned. 

“All the remaining user assets on Ethereum (except for the frozen USDT) had been transferred to the multisig wallet controlled by Mr. White Hat and Poly Network team,” the team tweeted yesterday. 

The Poly Network team also clarified that the repayment process “has not yet been completed,” but that they hope to continue communicating with the hacker to “ensure the safe recovery of user assets,” and to “convey accurate information to the public.” 

Prior to sending the funds back to the Poly Network team, the attacker was offered a $500,000 bounty. The message was attached to an Ethereum transaction sent by the Poly Network team, which read, "We plan to offer you a $500,000 bug bounty after you complete the refund fully."


Just seven minutes later, the attacker responded, "The Poly [Network team] did offer a bounty, but I have never responded to them. Instead, I will send all of their money back."

What was the Poly Network hack? 

The Poly Network hack was the single biggest hack the cryptocurrency industry has seen in its relatively short history. 

Eclipsing even Mt. Gox in 2014, the Poly Network hacker managed to steal roughly $600 million worth of cryptocurrencies after attacking the project’s deployments on Binance Smart Chain, Ethereum, and Polygon

In the ensuing days and hours since the hack earlier this week, it came to light that the hacker had begun returning some of the stolen funds. 


Two days ago, the Poly Network team created a multisig address and notified the hacker (via a message attached to an Ethereum transaction) that they could return said funds to that address. The hacker started doing so, later saying the hack was “just for fun.” 

“I am not very interested in money! I know it hurts when people are attacked, but shouldn’t they learn something from those attacks?” the hacker said yesterday. 

What did we learn? 

The Poly Network hack reminded the crypto community that decentralized finance (DeFi) remains a risky and unpredictable subculture. 

DeFi is a series of applications that perform many of the same functions as traditional financial institutions. The key difference, however, is that instead of banks and brokers, users interact with code via smart contracts

Following the hack, the industry is facing renewed questions about investor protection and centralization. 

“Running contrary to the promises of DeFi, the best hope in such situations are centralized players, namely law enforcement and stablecoin providers,” Ingo Fiedler, co-founder of the Blockchain Research Lab, told Decrypt earlier this week.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.