Close this search box.

Ethical hacking on crypto-steroids? The bizarre story of Mr. White Hat’s $600m heist


An intriguing recent “ethical hacking” incident has everyone stumped. Was the actor really bona-fide, or did he back out of a huge $600m heist because it was TOO big to be practical?

Key takeaways

  • A recent $600m “heist that wasn’t” has experts stumped
  • An actor by the epithet “Mr. White Hat” first initiated then later backed down from a $600mn “robbery”
  • He claimed he did it to show Poly Network the vulnerabilities in their system
  • As yet, he hasn’t claimed the money, and it isn’t certain that he will

The plot sounds straight out of a Mr. Robot episode: a mysterious masked hacker dubbed “Mr. White Hat” exploits a software vulnerability in a cryptocurrency transfer platform to drain US$600 million from users’ wallets. 

But almost two weeks later, down a weaving path of unexpected twists and turns, most of the money is now back where it came from. 

The saga began on the afternoon of August 10, when Poly Network revealed thousands of cryptocurrency tokens had been stolen from its decentralised finance platform. 

Poly Network lets people exchange cryptocurrency tokens across different blockchains. The hacker had managed to exploit a weakness in the smart contracts used to facilitate these transactions to pull off the daring heist.

The company immediately published the details of the wallets to which the tokens had been illicitly redirected, calling on its users to block any transactions from those locations. Other cryptocurrency exchanges similarly worked to stop the funds from being moved around.

But at the same time, a number of users were taking matters into their own hands.

They used a feature that allows comments to be attached to trades to tip off the hacker that the stolen assets were being blocked, accompanying their messages with a small amount of funds designed as a plea for the loot to be returned.

Poly Network lets people exchange cryptocurrency tokens across different blockchains

Poly Network spotted this secretive communication channel and used it to leave a message for the hacker to get in contact. 

It was then that the so-called Mr. White Hat first surfaced. 

Claiming to be driven by a desire to highlight the vulnerabilities of Poly Network’s platform for the public good, Mr. White Hat kept up an ongoing public conversation with the company that provided clues as to his motivation. 

“I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” 

“I have been exploring the meaning of life for a while.” 

“Not so interested in money, now considering returning some tokens or just leaving them here.” 

In a desperate appeal to the hacker’s ego, Poly Network offered the thief a US$500,000 reward for identifying the software flaw and to return the stolen assets. 

“We hope it will be remembered as the biggest white hat hack in history,” the company said. 

The tactic worked.

The next day, tokens began appearing in Poly Network’s nominated account. The hacker hadn’t confirmed he would accept the bounty, but as the company noted, things were moving “in the right direction”. 

Just a few days later, most of the stolen funds were back in safe hands and on their way back to the rightful owners. Despite his silence on the bounty offer, Poly Network transferred the US$500,000 reward to the hacker’s account. 

The company says it has no intention of holding the hacker legally responsible for the theft, and has since taken the unusual step of offering him a job as its chief security advisor. 

Mr. White Hat is yet to accept the role.  

The hacker’s identity remains unknown, and many continue to be stumped by Mr. White Hat’s motives and actions, despite his supposedly claimed altruistic intentions.

Would a legitimate ethical hacker steal such a large amount of money just to raise awareness, leaving them open to law enforcement action? Could Mr. White Hat instead have returned the funds solely because of the difficulty involved in converting the money into usable cash without detection? 

The hacker, however, is sticking to his story, claiming to have saved Poly Network’s platform from bad guys by “hacking for good”. 

And he seems to have won the company over, at least in what it is saying publicly: 

“While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr. White Hat’s vision for [decentralised finance] and the crypto world, which is in line with Poly Network’s ambitions from the very beginning — to provide interoperability for ledgers in Web 3.0.” 

Whatever comes next in this unusual tale, the caper is likely to turn regulators’ attention to activity in this nascent industry, regulation consultant Charlie Steele told FT

“I don’t think regulators would be too comfortable relying on Robin Hoods out there to police the system.” 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →