Poly Network, a decentralized finance (DeFi) interoperability protocol that was hacked for over $600 million last week, has announced that it will launch a $500,000 bug bounty program to prevent such exploits from happening again.
“In addition to the previous 500k proposal for MrWhiteHat, PolyNetwork officially announces a separate 500k bounty program open for top security agencies,” the protocol’s developers announced on Twitter today.
The project has referred to the attacker as “MrWhiteHat” following several exchanges between them and Poly Network.
#PolyNetwork system is soon about to be relaunched as the team gets things in order to proceed as per the #roadmap . In addition to the previous 500k proposal for #MrWhiteHat, #PolyNetwork officially announces a separate 500k #bounty program open for top #security agencies https://t.co/esvKZsd1IP
— Poly Network (@PolyNetwork2) August 16, 2021
A bug bounty is a common practice in the tech world where companies offer monetary rewards to tech-savvy individuals—including hackers—for discovering vulnerabilities in their software. The idea is to create an incentive for coders to not publicly disclose or exploit any “bugs” but rather to report them and get the corresponding reward.
Poly Network developers also offered a similar $500,000 bounty to the hacker who recently stole $600 million worth of cryptocurrencies from their protocol.
“Since we believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully. Also we assure you that you will not be accountable for this incident,” they wrote in a message attached to an Ethereum transaction.
The hacker later said that while they saw the offer, they decided to ignore it and just send the remaining funds back.
“The Poly did offered (sic) a bounty, but I have never responded to them. Instead, I will send all of their money back,” the hacker noted in another transaction.
The hacker returned all of the stolen funds—minus $33 million in USDT stablecoins frozen by Tether—last Friday as promised.
Per today’s announcement, Poly Network’s reward program will launch on DeFi bug bounty platform ImmuneFi on August 17 and will offer coders up to $100,000 for individual bugs, totaling $500,000.
Meanwhile, Poly Network developers also published a new roadmap today, highlighting the steps the platform plans to take after the record-breaking hack. These include patching existing vulnerabilities, a mainnet upgrade, and returning lost funds back to users.