Ethical hacking on crypto-steroids? The bizarre story of Mr. White Hat’s $600m heist


Share on facebook
Share on twitter
Share on linkedin

An intriguing recent “ethical hacking” incident has everyone stumped. Was the actor really bona-fide, or did he back out of a huge $600m heist because it was TOO big to be practical?

Key takeaways

  • A recent $600m “heist that wasn’t” has experts stumped
  • An actor by the epithet “Mr. White Hat” first initiated then later backed down from a $600mn “robbery”
  • He claimed he did it to show Poly Network the vulnerabilities in their system
  • As yet, he hasn’t claimed the money, and it isn’t certain that he will

The plot sounds straight out of a Mr. Robot episode: a mysterious masked hacker dubbed “Mr. White Hat” exploits a software vulnerability in a cryptocurrency transfer platform to drain US$600 million from users’ wallets. 

But almost two weeks later, down a weaving path of unexpected twists and turns, most of the money is now back where it came from. 

The saga began on the afternoon of August 10, when Poly Network revealed thousands of cryptocurrency tokens had been stolen from its decentralised finance platform. 

Poly Network lets people exchange cryptocurrency tokens across different blockchains. The hacker had managed to exploit a weakness in the smart contracts used to facilitate these transactions to pull off the daring heist.

The company immediately published the details of the wallets to which the tokens had been illicitly redirected, calling on its users to block any transactions from those locations. Other cryptocurrency exchanges similarly worked to stop the funds from being moved around.

But at the same time, a number of users were taking matters into their own hands.

They used a feature that allows comments to be attached to trades to tip off the hacker that the stolen assets were being blocked, accompanying their messages with a small amount of funds designed as a plea for the loot to be returned.

Poly Network lets people exchange cryptocurrency tokens across different blockchains

Poly Network spotted this secretive communication channel and used it to leave a message for the hacker to get in contact. 

It was then that the so-called Mr. White Hat first surfaced. 

Claiming to be driven by a desire to highlight the vulnerabilities of Poly Network’s platform for the public good, Mr. White Hat kept up an ongoing public conversation with the company that provided clues as to his motivation. 

“I know it hurts when people are attacked, but shouldn’t they learn something from those hacks?” 

“I have been exploring the meaning of life for a while.” 

“Not so interested in money, now considering returning some tokens or just leaving them here.” 

In a desperate appeal to the hacker’s ego, Poly Network offered the thief a US$500,000 reward for identifying the software flaw and to return the stolen assets. 

“We hope it will be remembered as the biggest white hat hack in history,” the company said. 

The tactic worked.

The next day, tokens began appearing in Poly Network’s nominated account. The hacker hadn’t confirmed he would accept the bounty, but as the company noted, things were moving “in the right direction”. 

Just a few days later, most of the stolen funds were back in safe hands and on their way back to the rightful owners. Despite his silence on the bounty offer, Poly Network transferred the US$500,000 reward to the hacker’s account. 

The company says it has no intention of holding the hacker legally responsible for the theft, and has since taken the unusual step of offering him a job as its chief security advisor. 

Mr. White Hat is yet to accept the role.  

The hacker’s identity remains unknown, and many continue to be stumped by Mr. White Hat’s motives and actions, despite his supposedly claimed altruistic intentions.

Would a legitimate ethical hacker steal such a large amount of money just to raise awareness, leaving them open to law enforcement action? Could Mr. White Hat instead have returned the funds solely because of the difficulty involved in converting the money into usable cash without detection? 

The hacker, however, is sticking to his story, claiming to have saved Poly Network’s platform from bad guys by “hacking for good”. 

And he seems to have won the company over, at least in what it is saying publicly: 

“While there were certain misunderstandings in the beginning due to poor communication channels, we now understand Mr. White Hat’s vision for [decentralised finance] and the crypto world, which is in line with Poly Network’s ambitions from the very beginning — to provide interoperability for ledgers in Web 3.0.” 

Whatever comes next in this unusual tale, the caper is likely to turn regulators’ attention to activity in this nascent industry, regulation consultant Charlie Steele told FT

“I don’t think regulators would be too comfortable relying on Robin Hoods out there to police the system.” 

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.