PolyNetwork Hired the Hacker Who Robbed Them

Imagine you’re robbing a bank, see? You’ve stolen upwards of $600 Million and you’re on the run! It’s looking like you’re going to get away, that you’re going to escape with bundles of money when–

They catch you. You’re caught. You’re cuffed. All is over. As the police officer strolls up to you, swinging their club with impudence, they say:

“We’d like to offer you a job” 

That’s what happened recently when a hacker stole over $600 million in cryptocurrency from PolyNetwork. The hacker, known as Mr. White Hat, exploited a vulnerability in the cryptocurrency platform and walked away with digital suitcases full of cash. Or digital bags with dollar signs on them. 

However, once some transactions were flagged, Mr. White Hat-in-hand returned nearly all of the $600 million. But, instead of pressing charges against the digital Danny Ocean, PolyNetwork offered him a job as Chief Security Advisor. 

This is a plot twist right out of an M. Night Shyalaman film. 

Rewarding the Robber

PolyNetwork claims that the hacker shared his concerns about their security and overall strategy. It’s not unheard of for hackers to test big companies’ digital security for a fee. What is unheard of is a hacker being offered a job after getting caught stealing. It would be like hiring John Dillinger to be head security of the Federal Reserve. 

“We are also counting on more experts like Mr. White Hat to be involved in the future development of PolyNetwork since we believe that we share the vision to build a secure and robust distributed system,” the company said in a public statement.

“Also, to extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with PolyNetwork, we cordially invite Mr. White Hat to be Chief Security Advisor of PolyNetwork.” 

Oooh, cordially. Fancy. 

If none of this made you go, “whaaaaat?” thus far, PolyNetwork offered Mr. White Hat a bounty of $500,000 for discovering the exploit in their security. When Mr. White Hat allegedly turned the bounty down, PolyNetwork gave it to him anyway. Just for giggles. 

PolyNetwork also stated that they will not charge the hacker legally because they’re “confident that Mr. White Hat will promptly return full control of the assets to PolyNetwork and its users.” 

Sure, Jan. 

The Bug Bounty Program

In a creative effort to save face, PolyNetwork also launched the Bug Bounty Program. Hackers with an itch for exposing digital defense flaws can earn up to $100,000 for discovering any vulnerabilities on the company’s platform. 

So, if you’re a hacker and you’re looking for a mark, it appears that PolyNetwork has drawn a big, red target on themselves. Kind of seems like a trap, no? 

Cyber security is all the rage right now in the digital universe and for good reason. As technology launches us forward we find ourselves storing more and more in the cloud. All of our social interactions, finances, whathaveyou are all vulnerable to hackers. We need to be able to protect those assets. 

PolyNetwork has the right idea in using their resources not to punish but to reward hackers for exposing flaws. If they went down a punitive path, they risk more hackers hacking. Instead, they’ve taken all the fun out of hacking by throwing money at the problem. If you’re able to give away $500,000 to the guy who robbed you, you probably have a wealth of resources in your back pocket. 

For the users of PolyNetwork reasonably worried about security, rest assured that their response to a major hack is proactive as opposed to reactive. That kind of thinking is what moves us forward and should be celebrated. 

John Dillinger must be rolling over in his grave.