A | B | C | D | E | F | G | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | AB | AC | AD | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | d | ||||||||||||||||||||||||||||
2 | Twitter Polynetwork | https://twitter.com/PolyNetwork2 | |||||||||||||||||||||||||||
3 | Telegram Group | https://t.me/O3LabsOfficial | |||||||||||||||||||||||||||
4 | Lasttime Refund | Chain | Hacker Address | Hack | Token Transaction | Token Holdings | Balance | Ethereum assets | BSC assets | Polygon assets | |||||||||||||||||||
5 | 11/8/2021 20:34:29 | ETH Chain | 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 | 272 mil | https://etherscan.io/address/0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963#tokentxns | https://etherscan.io/tokenholdings?a=0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963 | ETH, DAI, USDC, BTC, UNI, renBTC | 26.109 WETH | 6613 BNB | 85,089,719 USDC | |||||||||||||||||||
6 | BSC Chain | 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71 | 253mil | https://bscscan.com/address/0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71#tokentxns | https://bscscan.com/tokenholdings?a=0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71 | 1,032 WBTC | 26,629 ETH | ||||||||||||||||||||||
7 | Polygon Chain | 0x5dc3603c9d42ff184153a8a9094a73d461663214 | 85 mil | https://polygonscan.com/address/0x5dc3603c9d42ff184153a8a9094a73d461663214#tokentxns | https://polygonscan.com/tokenholdings?a=0x5dc3603c9d42ff184153a8a9094a73d461663214 | 33,431,197 USDT (Locked) | 1,023 BTCB | ||||||||||||||||||||||
8 | 673,227 DAI | 32,107,854 BUSD | |||||||||||||||||||||||||||
9 | Still waiting more Fund | Chain | Receive Address (Polynetwork Multisig) | Balance | Token Transaction | Token Holdings | Balance | 96,389,444 USDC | 87,603,671 USDC | ||||||||||||||||||||
10 | 27620,93 Hours | ETH Chain | 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f | Some Tokens | https://etherscan.io/address/0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f#tokentxns | https://etherscan.io/tokenholdings?a=0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f | SHIBA, FEI, renBTC, UNI | 43,023 UNI | |||||||||||||||||||||
11 | BSC Chain | 0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc | ALL | https://bscscan.com/address/0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc#tokentxns | https://bscscan.com/tokenholdings?a=0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc | BTCB, ETH, BNB, BUSD | 259,737,345,149 SHIBA | ||||||||||||||||||||||
12 | Polygon Chain | 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 | ALL | https://polygonscan.com/address/0xA4b291Ed1220310d3120f515B5B7AccaecD66F17#tokentxns | https://polygonscan.com/tokenholdings?a=0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 | USDC | 14.47 renBTC | ||||||||||||||||||||||
13 | 616,082 FEI | ||||||||||||||||||||||||||||
14 | Time zone UTC | Round | 05/10/2024 17:30:15 | Pass | Delay | from | Content | Hash | Amount | Token | Chain | Refund | Refund | Refund | |||||||||||||||
15 | Aug-10-2021 02:36:01 PM +UTC | 1 | 10/8/2021 14:36:01 | 27650,9 Hours | PolyNetwork | Can you connect us? contact@poly.network | https://etherscan.io/tx/0xf6488e1efacd9c280eb91133d04ba357beca8016df8b0b0524b9a2e207b2ad7f | 616.082 FEI | 23.88 BTCB | 100 USDC | |||||||||||||||||||
16 | Aug-10-2021 03:26:28 PM +UTC | 2 | 10/8/2021 15:26:28 | 27650,06 Hours | 51 Mins | White Hacker | Wonder why tornado? Will miner stop me? Teach me plz! | https://etherscan.io/tx/0x3a09c98f99edd9601ed017ff269652fd80c7e9aedcea57126990031128851043 | 259,737,345,149 SHIBA | 1000 BTCB | 1.000 USDC | ||||||||||||||||||
17 | Aug-10-2021 04:05:47 PM +UTC | 3 | 10/8/2021 16:05:47 | 27649,41 Hours | 39 Mins | White Hacker | It would have been a billion hack if i had moved remaining shitcoins! Did I just save the project? Not so interested in money, now considering returning some tokens or just leaving them here | https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f | 14.47 renBTC | 26629 ETH | 1.000.000 USDC | ||||||||||||||||||
18 | Aug-10-2021 04:25:57 PM +UTC | 4 | 10/8/2021 16:25:57 | 27649,07 Hours | 20 Mins | PolyNetwork | We can offer you a security bounty when you return all the remaining assets.We will provide a secure address through e-mail. | https://etherscan.io/tx/0x6b174ace1a83530bd2f33f07b213536699418b533cf2d3685556cf126e7061d8 | 43.023 UNI | 119,664,866 BUSD | 84.089.719 USDC | ||||||||||||||||||
19 | Aug-10-2021 04:39:03 PM +UTC | 5 | 10/8/2021 16:39:03 | 27648,85 Hours | 13 Mins | White Hacker | What if I make a new token and let the dao decide where the tokens go | https://etherscan.io/tx/0x4c102e972301b999318df70e3d3a067994dcc83951f07f7f37c45ff7e922beec | 1,032 WBTC | 10+6610 BNB | |||||||||||||||||||
20 | Aug-10-2021 04:48:57 PM +UTC | 6 | 10/8/2021 16:48:57 | 27648,69 Hours | 10 Mins | PolyNetwork | The decision made by DAO can't changed the fact that the assets are stolen from crypto believers.We want to offer a security bounty and we hope it will be remembered as the biggest white hat hack in the history. | https://etherscan.io/tx/0xe72e56fa6392b5cae82997aa24d3b668b8a0fba04afb543ea4e7f50295d439d2 | 96,942,062.859 DAI | ||||||||||||||||||||
21 | Aug-11-2021 03:48:18 AM +UTC | 7 | 11/8/2021 03:48:18 | 27637,7 Hours | 662 Mins | White Hacker | READY TO RETURN THE FUND! | https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a | |||||||||||||||||||||
22 | Aug-11-2021 03:49:11 AM +UTC | 8 | 11/8/2021 03:49:11 | 27637,68 Hours | 1 Mins | White Hacker | Failed to contact the poly. I need a secured multisig wallet from you | https://etherscan.io/tx/0x79245fb1d1ae48a214118e25d6ad2f9324f514ec6708135a19ba9d4cfa6344f6 | |||||||||||||||||||||
23 | Aug-11-2021 04:02:06 AM +UTC | 9 | 11/8/2021 04:02:06 | 27637,47 Hours | 13 Mins | White Hacker | It's already a legend to win so much fortune. It will be an eternal legend to save the world. I made the decision, no more dao | https://etherscan.io/tx/0xd239b01026c49b234d075e3d23a07efd1c3234239cfb440c0f90d5e84836fbe2 | |||||||||||||||||||||
24 | Aug-11-2021 04:07:48 AM +UTC | 10 | 11/8/2021 04:07:48 | 27637,37 Hours | 6 Mins | PolyNetwork | We are preparing a multi-sig address controlled by known Poly addresses | https://etherscan.io/tx/0x910b00b2b60b76d7c29a1855f9a1ebf204356eed22498334ddd46e46d96e06c2 | |||||||||||||||||||||
25 | Aug-11-2021 04:59:05 AM +UTC | 11 | 11/8/2021 04:59:05 | 27636,52 Hours | 51 Mins | PolyNetwork | Hope you will transfer assets to addresses below: ETH: 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f BSC: 0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17 | https://etherscan.io/tx/0xf25ad2da525da68e7e254ecb5d780ae2c64f4df442baa14832fcbdff65dfb193 | |||||||||||||||||||||
26 | Aug-11-2021 07:50:12 AM +UTC | 12 | 11/8/2021 07:50:12 | 27633,67 Hours | 172 Mins | White Hacker | Accept donations to "the hidden signer" now. Encrypt your msg with his pubkey. | https://etherscan.io/tx/0x160231043b80c7824f658b3621163ebcc537ff29ad1dfb3572e658ebf0ddc2fd | |||||||||||||||||||||
27 | Aug-11-2021 08:43:57 AM +UTC | 13 | 11/8/2021 08:43:57 | 27632,77 Hours | 54 Mins | White Hacker | 100$ To Polygon (By USDC) | https://polygonscan.com/tx/0x74403d359c6eb79acbfe24ddbbab60cccdf4cc8db64709576ed972f707ce52eb | 100 | USDC | Polygon | ||||||||||||||||||
28 | Aug-11-2021 08:46:43 AM +UTC | 14 | 11/8/2021 08:46:43 | 27632,73 Hours | 3 Mins | White Hacker | 1.000$ To Polygon (By USDC) | https://polygonscan.com/tx/0x444561661539983b434f064dbaf1f0ef160def0baf201e61946384f111109910 | 10.000 | USDC | Polygon | ||||||||||||||||||
29 | Aug-11-2021 08:58:23 AM +UTC | 15 | 11/8/2021 08:58:23 | 27632,53 Hours | 12 Mins | White Hacker | 1.000.000$ To Polygon (By USDC ) | https://polygonscan.com/tx/0x7033942dde965ad6ee5acbd16e068df8c6187d7c0782055f870994a95cb058c4 | 1.000.000 | USDC | Polygon | ||||||||||||||||||
30 | Aug-11-2021 09:45:52 AM +UTC | 16 | 11/8/2021 09:45:52 | 27631,74 Hours | 48 Mins | PolyNetwork | You are moving things to the right direction. We received 1+M USDC on Polygon. Did you ask us to encrypt the receiving addresses with your BookKeeper public key? | https://etherscan.io/tx/0x59451c04dd5809958100c20a1263b7c1c6fc5080b38163b5117557418a473c47 | |||||||||||||||||||||
31 | Aug-11-2021 09:47:55 AM +UTC | 17 | 11/8/2021 09:47:55 | 27631,71 Hours | 2 Mins | White Hacker | 0.6$ To BSC ( by USDC ) | https://bscscan.com/tx/0xd19b96776e7e321ce1b03ccb8f96dcbceae0c4ef3e52f0eaf644b540e683b707 | 1 | USDC | BSC | ||||||||||||||||||
32 | Aug-11-2021 09:48:28 AM +UTC | 18 | 11/8/2021 09:48:28 | 27631,7 Hours | 1 Mins | White Hacker | 38$ To BSC ( by BUSD ) | https://bscscan.com/tx/0x222e665ed61d9c722c5fdfaa6330d9fbd919c77e1edc6534be1650cf926668b0 | 38 | BUSD | BSC | ||||||||||||||||||
33 | Aug-11-2021 09:49:10 AM +UTC | 19 | 11/8/2021 09:49:10 | 27631,68 Hours | 1 Mins | White Hacker | 1.000.000$ To BSC ( by BTCB ) | https://bscscan.com/tx/0x8537ce0fb13a9aae72a531b14838a59b9232bb3db8d65857f5e9b55bfbf3108d | 23,88 | BTCB | BSC | ||||||||||||||||||
34 | Aug-11-2021 10:54:38 AM +UTC | 20 | 11/8/2021 10:54:38 | 27630,59 Hours | 66 Mins | White Hacker | 622.000$ To ETHCHAIN ( by FEI ) | https://etherscan.io/tx/0xd3327a266add4ec655ef5fe00fd042bdcdf1b886c26af3b5dd21b2e4ec9bde49 | 616.082 | FEI | ETH Chain | ||||||||||||||||||
35 | Aug-11-2021 10:59:14 AM +UTC | 21 | 11/8/2021 10:59:14 | 27630,52 Hours | 5 Mins | White Hacker | 2.000.000$ To ETHCHAIN ( by SHIBA ) | https://etherscan.io/tx/0x4d0c93ca9746d1c8a80c0ecf58bd5bba66654fefae3df320b4d138405d0cbc0e | 259.737.345.149 | SHIBA | ETH Chain | ||||||||||||||||||
36 | Aug-11-2021 12:07:35 PM +UTC | 22 | 11/8/2021 12:07:35 | 27629,38 Hours | 69 Mins | White Hacker | Donate to 0xA87fB85A93Ca072Cd4e5F0D4f178Bc831Df8a00B if you support my decision, encrypt your msg with his pubkey if you want to talk | https://etherscan.io/tx/0x87715ad26621431c2c27f44d9214798e0c81a97d938ba5d4580dcd72f07ec6a8 | |||||||||||||||||||||
37 | Aug-11-2021 12:12:16 PM +UTC | 23 | 11/8/2021 12:12:16 | 27629,3 Hours | 5 Mins | White Hacker | Dumping shitcoins first! How about unlocking my usdt after returning enough usdc? | https://etherscan.io/tx/0xa7cd9cb0211942998602e22ad6f7fd7d9c1eef9515f4e4154a76237d5fd71aa3 | |||||||||||||||||||||
38 | Aug-11-2021 01:15:56 PM +UTC | 24 | 11/8/2021 13:15:56 | 27628,24 Hours | 64 Mins | White Hacker | {"iv":"be1fb3ba513b8779f7a38525cf118fae","ephemPublicKey":"04a35ba379dc4922a7fbf2f7d64be16b8096c78d3a17f40dab1c07928c178f8476663d032f6920a3f9467af8908a5de3594779e59a32fa320286a4ba028554c076","ciphertext":"d8d60653f3fa30b31f2ebb40cc8ba697e45f59f4e976f1b84d7382a3a1aced6b","mac":"393423c5f65ffa52e09d97dda25acd32d39efe157a1a334539ae047d0397043d"} | https://etherscan.io/tx/0x64eb495eba8b2000181498910748614dbd2c4bd7d6997af20cdb92c2518b2bce | |||||||||||||||||||||
39 | Aug-11-2021 01:17:08 PM +UTC | 25 | 11/8/2021 13:17:08 | 27628,22 Hours | 1 Mins | White Hacker | 0b156682321ad8b4307c76b60dac7650022f314a319f3e17d5e83718dbc305d6a1bcf0461b0eeb1c15b24994ae1deca1305f99dc9d294b926c4b9ade2718478a1f364a395f6a253da2a1561807540a2193974b134ba2be616b810e899c5df21aa2 | https://etherscan.io/tx/0x69534e330c5f8529759272b86e90bbacf7a5c4082683064c471e5539eacf53ba | |||||||||||||||||||||
40 | Aug-11-2021 02:01:41 PM +UTC | 26 | 11/8/2021 14:01:41 | 27627,48 Hours | 45 Mins | White Hacker | 1000 BTC To BSC | https://bscscan.com/tx/0x933dc403b49fb5ed26b364d181ecc036b1ab2056ed3f43b37391b0c6509633c0 | 1.000 | BTCB | BSC | ||||||||||||||||||
41 | Aug-11-2021 02:03:37 PM +UTC | 27 | 11/8/2021 14:02:37 | 27627,46 Hours | 1 Mins | White Hacker | 26,629.17 ETH To BSC | https://bscscan.com/tx/0x6e2317a437e7804b211ab03a11d61bf68d4fd3b87a5d0deb76d87febddca262b | 26.629 | ETH | BSC | ||||||||||||||||||
42 | Aug-11-2021 02:17:35 PM +UTC | 28 | 11/8/2021 14:17:35 | 27627,21 Hours | 15 Mins | White Hacker | 119mil BUSD To BSC | https://bscscan.com/tx/0xec9507edd4c928eb64e59fe2c6dd605ac58792729ff30b0911939bfef0ad6278 | 119,664,866 | BUSD | BSC | ||||||||||||||||||
43 | Aug-11-2021 02:19:33 PM +UTC | 29 | 11/8/2021 14:19:33 | 27627,18 Hours | 2 Mins | White Hacker | 10 BNB To BSC | https://bscscan.com/tx/0xb5a0f3787d56d6b71d711659d070b13a506710e7a6d06487fbb57f9f953770c2 | 10 | BNB | BSC | ||||||||||||||||||
44 | Aug-11-2021 02:23:47 PM +UTC | 30 | 11/8/2021 14:23:47 | 27627,11 Hours | 4 Mins | White Hacker | 6610 BNB To BSC | https://bscscan.com/tx/0xc1fb5ab331cb90b6efd55f86d41e400c1119e3d077dfc059f6999c875f1e6360 | 6.610 | BNB | BSC | ||||||||||||||||||
45 | Aug-11-2021 02:37:21 PM +UTC | 31 | 11/8/2021 14:37:21 | 27626,88 Hours | 14 Mins | White Hacker | 01c1d99be69552fad96069174147a8f5022e526cfb3644d2bcd07adccdd55a00b4e7f3c63273713f4c1839276b56a0f8a4e1928c2b9831bbd6442734752d96a5c28dcbc7a7e5c29c23f7aff6e49e2fe9b37881876756924ea9050392fe847e700abb5db4064270862f35df23b5aa14278e80814a873b1d0c23665b08f757fc081d716f64c344a17126b56232a9476c9542695e5fefdb676c9a1c16879b088bf32b7e2afa123a53e3373366f36db7a5cacde1246ba160c455b249077a21cce40df894054fbc996c9f1cb1ef5d71ba621c5485cb411c77953adbf7ecbc0040b5c28a | https://etherscan.io/tx/0x62d376fbb95367ba95d046c0c041531e320e93526fc282da5a1a65dacc885f47 | |||||||||||||||||||||
46 | Aug-11-2021 02:39:22 PM +UTC | 32 | 11/8/2021 14:39:22 | 27626,85 Hours | 2 Mins | White Hacker | Just dumped all assets on bsc & polygon. Hacking for good, I did save the project | https://etherscan.io/tx/0x3de5a4eb6c1953ce2d0422bc5d0d16b2d9e54316cf0784bb793b3c67f09387b7 | |||||||||||||||||||||
47 | Aug-11-2021 03:08:15 PM +UTC | 33 | 11/8/2021 15:08:15 | 27626,37 Hours | 29 Mins | White Hacker | 4e7ebea396547cae74d0dea5f6d60e3c02e04ee7f52b31936d56c19bef1c619301765f766a4a879dc089302f2623bbaa50c390932141773bff1a83b6140b8bab73c4a768f0526e5b1be79d1893b608548fc759108f374eccdfab9401f89b77915c2b70b031388b515891567456348008c6e520cb80d7d4daddf3dcac9ee164b73515ac57a88da0470a9e9f6b1b0c634aa1 | https://etherscan.io/tx/0x4d6490b47a82e548236b4448713a973d833e439ad9fff76513d38ad2f7cb4fa5 | |||||||||||||||||||||
48 | Aug-11-2021 03:19:39 PM +UTC | 34 | 11/8/2021 15:19:39 | 27626,18 Hours | 11 Mins | White Hacker | 14.47 renBTC To ETH Chain | https://etherscan.io/tx/0xd916036ed3f4fd356e32faf7a0849834e54d7555383c372058226cb32705916b | 14.47 | renBTC | ETH Chain | ||||||||||||||||||
49 | Aug-11-2021 03:24:33 PM +UTC | 35 | 11/8/2021 15:24:33 | 27626,09 Hours | 5 Mins | PolyNetwork | 0x35b6fd7cab004eb2f3c225982540189f028057d66e3f07a46547b2de92c68750bd53ddf6290b016f1d8d1d9bccb124d691f5cf6737a105006bf00cea4aa421555ab11b03e8a39b369436977abbbd1260b827efd9a269c7fdb9e2773f6c9f4f861fb47e337bd5b045a87bd734c2c772b5a2f8f841678e0826342f56cc201594d3ddf5f91fbebeb6c4431fe929adebce701669a33e0b5c36866c9e49a1e0ba09188c | https://etherscan.io/tx/0x7a924cf530150ba0d0d8b063f33a812ccf7564d347c193d03ad3b728c5fc6ab2 | |||||||||||||||||||||
50 | Aug-11-2021 03:57:28 PM +UTC | 36 | 11/8/2021 15:57:28 | 27625,55 Hours | 33 Mins | White Hacker | https://sites.google.com/view/hackersconfession/home/refund-wallet | https://etherscan.io/tx/0x1fb7d1054df46c9734be76ccc14fa871b6729e33b98f9a3429670d27ec692bc0 | |||||||||||||||||||||
51 | Aug-11-2021 04:18:39 PM +UTC | 37 | 11/8/2021 16:18:39 | 27625,19 Hours | 21 Mins | PolyNetwork | We appreciate your returning of assets and the explanation of your motivation. We would like to work with you to resolve the current and future security issues of PolyNetwork. Please complete the returning of assets as you promised and let's move on. | https://etherscan.io/tx/0xf59c47f47e6f19acc60bea81f6bde2ca41ecefaddc797bdb7fa6a8651aede384 | |||||||||||||||||||||
52 | Aug-11-2021 04:31:12 PM +UTC | 38 | 11/8/2021 16:31:12 | 27624,98 Hours | 13 Mins | White Hacker | https://sites.google.com/view/hackersconfession/home/refund-wallet | https://etherscan.io/tx/0xd4ee4807c07702a3202f45666983855d7fa22eb1c230e4c1e840fc9389e54729 | |||||||||||||||||||||
53 | Aug-11-2021 04:37:37 PM +UTC | 39 | 11/8/2021 16:37:37 | 27624,88 Hours | 6 Mins | PolyNetwork | 0xb46f70e398420809e6a1e73274459e720358a1e2d042329883f15fb07d51e51d26fe2be672681b38ad06813ded3f6ae2215b883b73be75b359260a53cdf2ef0135ac60be8d46a15e842ea7398ed0f27ac9a58193bce8a35578af93b8225590a6c33f7054f56e09a434f0c1d5ec8c843904e4d35317000d152159312de0f6416b4c | https://etherscan.io/tx/0x339bee245002f1c41eff7469fe51424d48d6ef856cc81e81d66135e40968f53f | |||||||||||||||||||||
54 | Aug-11-2021 04:50:45 PM +UTC | 40 | 11/8/2021 16:50:45 | 27624,66 Hours | 13 Mins | PolyNetwork | Please confirm your email is polyhacker@yandex.com, not negotiations@cock.li, too many fake emails. | https://etherscan.io/tx/0x588732ed9ec2861e6300710a9a3dcad20d8da591e7e93da3b556d351da697477 | |||||||||||||||||||||
55 | Aug-11-2021 04:55:54 PM +UTC | 41 | 11/8/2021 16:55:54 | 27624,57 Hours | 5 Mins | White Hacker | https://sites.google.com/view/hackersconfession/home/refund-wallet | https://etherscan.io/tx/0xe954bed9abc08c20b8e4241c5a9e69ed212759152dd588bb976b47eca353a5bc | |||||||||||||||||||||
56 | Aug-11-2021 05:13:37 PM +UTC | 42 | 11/8/2021 17:13:37 | 27624,28 Hours | 18 Mins | White Hacker | I don't use email. Fuck polyhacker@yandex.com & negotiations@cock.li | https://etherscan.io/tx/0xe926ef4b6f4e3ff1b680df02a6a2456cd9b415d25f051bb894ea3e24cfa864f0 | |||||||||||||||||||||
57 | Aug-11-2021 06:05:57 PM +UTC | 43 | 11/8/2021 18:05:57 | 27623,4 Hours | 53 Mins | White Hacker | Disclaimer: I have never asked for bounty from poly network what I have said is on the chains | https://etherscan.io/tx/0xa5371eda3e56a614cdecc2b875f4236c7651e8ab3822f798b108e14b2659aaaa | |||||||||||||||||||||
58 | Aug-11-2021 06:59:00 PM +UTC | 44 | 11/8/2021 18:59:00 | 27622,52 Hours | 53 Mins | White Hacker | https://sites.google.com/view/hackersconfession/home/refund-wallet | https://etherscan.io/tx/0xde330cbd5484e9ce808c60d3a76739f224eb8390b6b891a8e4d29dbdaeab826d | |||||||||||||||||||||
59 | Aug-11-2021 07:03:37 PM +UTC | 45 | 11/8/2021 19:03:37 | 27622,44 Hours | 5 Mins | PolyNetwork | We appreciate you sharing your experience and believe your action constitutes white hat behavior. But we can't touch user assets and Poly Network doesn't have its own token. Since , we believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully. Also we assure you that you will not be accountable for this incident. We hope that you can return all tokens as soon as possible. You can reserve the equivalent value of 500,000 USD in any assets to the current owner address. We will make up this part of the assets to Poly Network users. Your contribution is very helpful to us. Again, we think this behavior is white hat behavior, therefor this 500,000 USD will be seen as completely legal bounty reward. We will also ensure that you will not be held accountable for this incident, and we will publicly express our gratitude to you. | https://etherscan.io/tx/0x98b6316d3004be81c5d1b06c27472bef8097c9c922345876cd36111495ccf32a | |||||||||||||||||||||
60 | Aug-11-2021 07:06:22 PM +UTC | 46 | 11/8/2021 19:06:22 | 27622,4 Hours | 7 Mins | White Hacker | 84 mil USDC To Polygon | https://polygonscan.com/tx/0xc32f8501c62a69218b4cdaae93cffcf7b214f331942af9ecca7c35be49e796b6 | 84.079.620 | USDC | Polygon | ||||||||||||||||||
61 | Aug-11-2021 07:12:14 PM +UTC | 47 | 11/8/2021 19:12:14 | 27622,3 Hours | 6 Mins | White Hacker | The _polygon_ network is so unreliable for many times I thought I had sent the transaction but it vanished. Lol | https://etherscan.io/tx/0xd2750ac3aad70c0a73fd4cd5aa854770f3253026526ab3cdc88fd561b8ccd5a0 | |||||||||||||||||||||
62 | Aug-11-2021 07:34:30 PM +UTC | 48 | 11/8/2021 19:34:30 | 27621,93 Hours | 22 Mins | White Hacker | Guys, ask yourself, is the poly team the owner of the assets? They are just the manager of the fund! Will you teach them how to trigger their "backdoor"? In the defi world, you can trust nobody but the code and youself. To the "victims": I don't mean the poly team is not trustworthy, but none of you have the chance to challenge their code which should be the law. Don't worry, you are not real victimes. I saved you! | https://etherscan.io/tx/0x078063e9574e1937a64b6552919b9fc0035429df1e601d79e200bf211e75f337 | |||||||||||||||||||||
63 | Aug-11-2021 08:34:29 PM +UTC | 49 | 11/8/2021 20:34:29 | 27620,93 Hours | 60 Mins | White Hacker | 42k UNI to ETH Chain | https://etherscan.io/tx/0x09fe1ec4a9ad2c159362e7ec23b0410de34d71db5f314c4b04247c48d812fcbf | 43.023 | UNI | ETH Chain | ||||||||||||||||||
64 | Aug-11-2021 10:09:27 PM +UTC | 50 | 11/8/2021 22:09:27 | 27619,35 Hours | 95 Mins | White Hacker | Hello beggars, why not asking money from the poly multisig wallet? 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f | https://etherscan.io/tx/0x05ddbcc01736dfe478526b33837f54ccf4f0e1e8abf06276d0a3fb18b8751ea9 | |||||||||||||||||||||
65 | Aug-11-2021 11:33:51 PM +UTC | 51 | 11/8/2021 23:33:51 | 27617,94 Hours | 85 Mins | White Hacker | To supporters: do not donate to this address. It's mixing with the poly tokens. Please send it to 0xA87fB85A93Ca072Cd4e5F0D4f178Bc831Df8a00B | https://etherscan.io/tx/0x9dedb07cb1dc30e176b78be45c37787ce8f1b0ecc96228d82c451cc52e074154 | |||||||||||||||||||||
66 | Aug-12-2021 01:46:42 AM +UTC | 52 | 12/8/2021 01:46:42 | 27615,73 Hours | 133 Mins | White Hacker | You guys should have enough fund and credit to start the recovering phase. For the rest of assets, I’m considering building a multisig wallet shared between us. I will transfer the remainings to that wallet. I will provide the final key after it's settled. You can claim that you have collected the assets early. Let the crypto talks. (I may disclose this message later) | https://etherscan.io/tx/0xdef85ff964015bbb4634f414b1f52228569912657932fa7db5c3365609befb10 | |||||||||||||||||||||
67 | Aug-12-2021 02:06:00 AM +UTC | 53 | 12/8/2021 02:06:00 | 27615,4 Hours | 19 Mins | White Hacker | You guys should have enough fund and credit to start the recovering phase. For the rest of assets, I’m considering building a multisig wallet shared between us. I will transfer the remainings to that wallet. I will provide the final key after it's settled. You can claim that you have collected the assets early. Let the crypto talks. (I may disclose this message later) | https://etherscan.io/tx/0x2f47a23f49ea52a21d44e41937362a55d8addcbe2dbe13f1536da2e16fc41448 | |||||||||||||||||||||
68 | Aug-12-2021 03:33:33 AM +UTC | 54 | 12/8/2021 03:33:33 | 27613,94 Hours | 88 Mins | White Hacker | The poly has well enough assets to start the recovering phase. I have asked the poly to setup a new multisig wallet. I can move the funds asap. I will provide the final key when _everyone_ is ready. | https://etherscan.io/tx/0x0e26a5b2c59ce2da821a353cea99720014e3d13ddc4f84af6ba01dd714c62d8d | |||||||||||||||||||||
69 | Aug-12-2021 05:00:14 AM +UTC | 55 | 12/8/2021 05:00:14 | 27612,5 Hours | 87 Mins | PolyNetwork | We've had a fix. It had been cross-checked internally and reviewed by a well known security audit team. (?) The multi-sig address we provided is safe, please send the remainings to that address. We will send you the 500k bounty when the remainings are returned except the frozen USDT. | https://etherscan.io/tx/0x05f90618be1e7f64230618476912dccb0091f6eb011dd983f4ac7239e846d422 | |||||||||||||||||||||
70 | (Aug-12-2021 11:16:53 AM +UTC) | White Hacker | d8cd85a08a41d32fd7f9ea34e03e4c37027183eb4ca2a819907fa18f72115db29ace316ecab1c057ec035f996a8b51f02f58dfad08a82a165c6cc407231e8928f614c4f74776c7feb54b70e816534ae7a337b5a27ccf497966d61ef8b434cdceb1b7793e2ddc996420ac4c71ab5f700a8b328b48be08c05c3e648fefe2d45012aaa4a5cc54dfa25aac1eb9d39170bb0f57c1654354d067a7030a4193b79eba42b7e0408e47dec1c262e6be73cf3aa34e7df6c1abc9b46b164fccdc107dca054e1b49eb693bef8bbe42448114e06096d92aa4c735838aeca0c7ad52b83e928c44509526bd0cad81d76f321f5e429c721ec8c48c6618de02506012a5702abdca6ac94e578125cc415e1bd1ae27ca812f1202a8be2eda74546c8d88dc417d7514728d12c0919d74ce356b0365ab8b5f66918d | https://etherscan.io/tx/0x64c237d37a39662c8386a6f4893c5852486c3d1bbc68605465c603061ddf7d13 | |||||||||||||||||||||||||
71 | (Aug-12-2021 12:02:50 PM +UTC) | White Hacker | To defi noobs: my initial attempt was depositing the stables for interests, its benign and safe. I didnt even want to cause imbalance of the stable pools by swapping. My plan was holding 3crv until I realized withdrawing into usdc would be stupid, then I had no choice but to convert them into dai. Its clearly tracable, why is it laundering? | https://etherscan.io/tx/0xc02baa06d4e446c725aeda4878ea2f7a3ecf770f73dcfb330b6bae7fedf48013 | |||||||||||||||||||||||||
72 | (Aug-12-2021 12:13:23 PM +UTC) | White Hacker | To defi noobs: why do you think I have no way to transfer the money? Because its too much? Tornado is powerful enough, I could just transfer 100eth every month, how would you identify the cash flow? I teased the crowd, but I never tried | https://etherscan.io/tx/0x5fbd4fe7e3d36b75e8f8f05a1e003e9e4d254bfe8242e33af166eecc2f29d839 | |||||||||||||||||||||||||
73 | (Aug-12-2021 12:25:53 PM +UTC) | White Hacker | To crypto noobs: in the defi world, code is law. Then who is the arbitrator? We, the hackers, are the armed forces. If you are given weapons and guarding billions from the crowd while being _anonymous_, will you be a terrorist or the batman? | https://etherscan.io/tx/0xc0d284617a1805dafddf8e8d71d10acbdec8e2ed679c66ea97c7f928e97f7605 | |||||||||||||||||||||||||
74 | (Aug-12-2021 12:42:47 PM +UTC) | White Hacker | To security noobs: cex or dex, which one is safer? It dpends on whether you know how to protect yourself. In my case, the total cost is hunderds of usd. No kyc. Everything in the dex is temporary. I would call it _the bait_. | https://etherscan.io/tx/0xd73daf995a2aab071560f14555beca73b6dce9c3cac01085e2c372d29e012c66 | |||||||||||||||||||||||||
75 | (Aug-12-2021 01:04:04 PM +UTC) | White Hacker | To security noobs: cex or dex, which one is safer? It dpends on whether you know how to protect yourself. In my case, the total cost is hunderds of usd. No kyc. Everything in the dex is temporary. I would call it _the bait_. | https://etherscan.io/tx/0x6eeeb4ea8566707b3e9a18934ab0258ddcd474faa91d5e8f2bf74a20171feb1b | |||||||||||||||||||||||||
76 | (Aug-12-2021 01:30:31 PM +UTC) | White Hacker | Just confirmed the shared multisig wallet with the poly!!! | https://etherscan.io/tx/0xf391ec8d5935d4ec11efb2c8b99ba3586cb0b0f05c5e0b9c44c74a1c40386bd7 | |||||||||||||||||||||||||
77 | (Aug-12-2021 01:33:19 PM +UTC) | White Hacker | ($13.89) USD Coin (USDC) | https://etherscan.io/tx/0xb60940615e750d404fdc56e2ba1fe001585b5cc9545ec49d6e9b0aa414005455 | ($13.89) USD Coin (USDC) | ||||||||||||||||||||||||
78 | (Aug-12-2021 01:39:08 PM +UTC) | White Hacker | ($48,902,089.28) Wrapped BTC (WBTC) | https://etherscan.io/tx/0xbe3b80a14d27115aab572e64511f292ef9b2f68455ecdb8ed3894ccae46be7a5 | ($48,902,089.28) Wrapped BTC (WBTC) | ||||||||||||||||||||||||
79 | (Aug-12-2021 02:32:55 PM +UTC) | White Hacker | TX 0x98b6316d3004be81c5d1b06c27472bef8097c9c922345876cd36111495ccf32a DECRYPTED: 'We appreciate you sharing your experience and believe your action constitutes white hat behavior. But we can't touch user assets and Poly Network doesn't have its own token. Since , we believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully. Also we assure you that you will not be accountable for this incident. We hope that you can return all tokens as soon as possible. You can reserve the equivalent value of 500,000 USD in any assets to the current owner address. We will make up this part of the assets to Poly Network users. Your contribution is very helpful to us. Again, we think this behavior is white hat behavior, therefor this 500,000 USD will be seen as completely legal bounty reward. We will also ensure that you will not be held accountable for this incident, and we will publicly express our gratitude to you.' | https://etherscan.io/tx/0xbd66349e77b8d4e493e3a13ae146557a72e8585650b6ec3a71c402c66e2d3882 | |||||||||||||||||||||||||
80 | (Aug-12-2021 02:34:33 PM +UTC) | White Hacker | TX 0x05f90618be1e7f64230618476912dccb0091f6eb011dd983f4ac7239e846d422 DECRYPTED: 'We've had a fix. It had been cross-checked internally and reviewed by a well known security audit team.The multi-sig address we provided is safe, please send the remainings to that address. We will send you the 500k bounty when the remainings are returned except the frozen USDT.' | https://etherscan.io/tx/0x5a17cb912b9a0a1bf12a1ced9a8d108ce7c1de3355df7826d47dc13ba44fadce | |||||||||||||||||||||||||
81 | (Aug-12-2021 02:36:09 PM +UTC) | White Hacker | The poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back. | https://etherscan.io/tx/0x962d0df8f580051bb53e4fa2a2570073a0cd4c5c719c1936e707101e735ceee1 | |||||||||||||||||||||||||
82 | (Aug-12-2021 02:52:12 PM +UTC) | White Hacker | ($96,942,062.86) Dai | https://etherscan.io/tx/0x7a026bf79b36580bf7ef174711a3de823ff3c93c65304c3acc0323c77d62d0ed | ($96,942,062.86) Dai | ||||||||||||||||||||||||
83 | (Aug-12-2021 03:25:04 PM +UTC) | White Hacker | Now comes the last token, eth! However, I am terrified for the first time! They are calling me mr. 600 million, but the price of eth is going down recently, what if my balance can not cover the debt? Eth to the moon plz! | https://etherscan.io/tx/0xdeb4d7ddc2e921e999214e78879ae5afb6f7c268d6643b19d20ca64c398de7ca | |||||||||||||||||||||||||
84 | (Aug-12-2021 03:40:04 PM +UTC) | White Hacker | ($94,987,844.28) 28,953 Ether | https://etherscan.io/tx/0xf91e43dceeb80cd2d5fbf2c5cf94ea364929515bbac29f57270163c3de812271 | 28,953 Ether ($94,987,844.28) | ||||||||||||||||||||||||
85 | (Aug-12-2021 06:05:23 PM +UTC) | White Hacker | I would say its a bit risky to relaunch the original mainnet in this week. After this incident, the poly is exposed to many greedy hackers. You may provide a decent bounty to other security experts so that they will stand on your side. In the meanwhile, offering a new token for compensation seems to be the standard procedure in the defi world. I think people will understand the situation. | https://etherscan.io/tx/0x34699571b73a2ab00b4ab966d48146ff54079b1d52845cd7c72e0b55c6003909 | |||||||||||||||||||||||||
86 | (Aug-12-2021 07:18:17 PM +UTC) | White Hacker | I felt sorry for any innocent people who were affected by my wild adventure. I tried to avoid introducing any noises to the crypto world: no touching shitcoins, no doing huge swap, no dumping valuable assets. However, even the avengers have to face endless lawsuits from the civilians. Seriously I am considering taking the limited bounty as one source of the compensation fund for unexpected victims, but it's hard to prove that your loss is my fault especially when you are already gambling beyond your capability. Another embarassing fact is that refugees have already taken over my message list, it's hard for you to compete against them with your true story. Any way, I will try to do something. Donations are accepted at 0xa87fb85a93ca072cd4e5f0d4f178bc831df8a00b, it will be the main source of the fund. | https://etherscan.io/tx/0x78b8d13618af4d1b8facfde5906cb40972ff70b04574de3aa6b2b403329c7b44 | |||||||||||||||||||||||||
87 | (Aug-12-2021 10:18:45 PM +UTC) | White Hacker | Q & a, part five: q: why ama? Your confession? A: it's more like a diary. Something I am proud of. Q: why all capital? A: as I said, I don't care about money or capital. Q: garbage english? A: not native speaker. (leaking identity 1) I just expressed my true feelings without polishing. Typing while holding the "shift" is not easy. Q: black hat or white hat? A: I also enjoy the feeling of superiority by judging others, but it's never easy. Not only lawful good can be the white hat. So called black hat can also be a nice guy. People are variable. Have you heard of grayscale? Q: shouldn't a white hat just notify the devs? A: read p1q1234. Defi is a dark forest, hundreds of projects ran away every year. I dont trust anyone. Q: why hiding at the beginning? A: you might be in danger for any reason even if you are lawful good. Security guys do care about security. Q: why explain so much? A: read p4q2. The guiding part means a lot to me. I would like to share how I pwned my mind to overcome the arrogant and greed. I think the mental challenge is not easier than the hacking part. To be honest, I was so excited when the expolit worked that I almost forgot my original plan, because there was too much guessing and it's unexpected (see p2q1). The first message(see p3q1) sparked my interest in doing some creative things. I spent some time looking for funny but rational ideas from my message list. I am (still) strongly confident about my hiding, so I think I can handle the game as long as I dont cause unaffordable loss. Later I started to calm down because of those refugees. Yes, I realized that even taking over the money temporarily is still an unforgiven joke, it's causing too much pain. For the "one billion shitcoin" joke, I meant the headline of this incident could be more eyecatching, but the ending would be the same: I would not dump the shitcoins. It turned out to be a terrible joke. For the "dao" joke, I was asking the community how and when to refund. It was a irresponsible joke. I was not terrified because of exposure or laundering trouble at all (read my noob lessons). I just realized I should be cautious because my decision would change the lives of many people! If I left tokens there and quit the game, I could enjoy the life of being a millionaire and continue my exploration as usual, but thousands of people would lose control of their fate. This is against my personal philosophy (see p4q2). _soon_ I wrote an _email_ to the poly attaching a signed eth transaction from an anonymous mailbox. If they had got the mail, they would be able to broadcast a transaction from my address. This was not a wise move, since I can not broadcast any new message before them. That mail must be lost, I was not acknowledged from the eth, but I waited a few hours because of that mistake. The next part of the story is what you already know. I stopped my game and returned the money, as I promised, as I planned. Q: you are not exposed, but they have got the clues, so you are terrified! A: I am more confident than any others. I am a high profile hacker in the real world (leaking identity 2). I work in the security industry and have been devoted to hacking career since young (leaking identity 3). Seriously, as security researchers, our job is to save the hidden world. I know security consulting is a hard job, and public relation and reputation mean a lot. I don't mind security teams making advertisements based on my incident, especially when it's helpful to them. Raising concerns about security is also the mission of our career. If any hacker can find my social identity in one month, I would like to send him my personal gift. Otherwise, I may or may not leak another clue of my identity. Shall we play the game? Even if I am identified, I am still proud of my integrity :) | https://etherscan.io/tx/0xf34ee3551be7be57df6643d4ec7e4bdf9fd047d925c3c32a74e64e7428e5f8a9 | |||||||||||||||||||||||||
88 | (Aug-13-2021 12:13:03 PM +UTC) | White Hacker | Q & A, part six: Q: special force? A: do you mean they have called the fbi? Where is the claim? In fact, I don't think they have tried to contact me. I will go through my message list later. (just start processing the huge list today, sorry) I am glad that they and other security teams might be beneficial from the game. Even the exploit itself could be a tasty food for the researchers. Q: anything about security teams? A: it's fun for me wathcing the emergency responses from top tier security teams (only in blockchain of course). _notice: the following timeline could be wrong!_ at the beginning, most experts were talking about the single keeper of the insider conspiracy. Based on what I have seen, @kelvinfichter was the first guy pointing out the most crucial but obvious bug about the eth contract. (I got your encrypted inquiry ;) ) then the slow mist team got excited about the bait and announced the good news about the traces. Didn't they think it's too obvious since the source of my funding was already labeled "hoo"? Any way, they took the responsibility to let the community calm down. It's an unexpected side effect, but it's very important. Later they seemed busy hanlding inquiries and doubts from the media and the community. I am very happy that they are helping me to finish the guiding or education part. The dark knight finds his harvey dent! Thank you, the slow mist team. The other security teams did not seem as active as the slow mist, but they contributed to explaining more details of the exploit. I think certik was the first to publish the missing part about the ontology invocation. Peckshield also mentioned about the kicking off transaction and the special signer. Kudos! Q: anything about the defi/blockchain security? The security is a tough job, no matter if it's in classic or crypto world. In most cases, we security experts are only summoned as the medical examiners after the incidents. What we do is just writing postmortems, sometimes tracing the bad guys. It's almost the same in the crypto world, except that some project are not very urgent getting the money back since it's not their money, they would just tell the real victims that "sorry we tried but never guranteed the extreme security". Another funny fact is that it's unusual to see any professional security teams report those crucial bugs of live contracts! Sure, they can always teach you why you were killed after your death! Why don't you see any cases that the security teams spot the vulnerability that affects millions usd, let alone cases in billions? Because they are not paid? I guess most teams are even richer than me, and some of them might be more capable than me, do you believe that they have never faced the similar temptation? Or some of them just surrendered to the evil? It reminds of the film, "searching". Just my conspiracy, and that's the reason I don't trust anyone, but you can always believe in me. | https://etherscan.io/tx/0x42446ccc66bb48eac7bd905ae7d79708f303849802b280eb4d65770c1bfc0997 | |||||||||||||||||||||||||
89 | (Aug-14-2021 11:28:45 AM +UTC) | White Hacker | Wow I like your typing style so much! Though your doubts do not deserve any responses go reading my lessons and diaries. Really appreciate teaching me how to be more retarded! | https://etherscan.io/tx/0x2a6e7fe5385e2524eecb370fb27bef5da68287251fb73d0d354f52b323def113 | |||||||||||||||||||||||||
90 | (Aug-15-2021 02:11:07 PM +UTC) | White Hacker | :) | https://etherscan.io/tx/0xddd4131d6ce0d1c05951560c71843d61bb14222bc2990ee830b5ec2b990c1065 | |||||||||||||||||||||||||
91 | (Aug-15-2021 03:29:07 PM +UTC) | White Hacker | a73aacd02b1bf2e56b4c397b0f0082f00210389b5e4c695037185cc1bab20adaa823d407668bc37d7906a02ade403727640202cdc02ca882e95df8ade3f6eb8f2a0c9c7421c7b20986babee79a65ee012d307733efe3346e723ae02e63e354751d8df20b6faed565325485105a0be7bb6ea46c59f6322fd17fcc730404e8bc99f9f35397e1521e8e45f4f35f914b409579d2d67cc5ed969279e0e21791ab1d80bb4e827a585a16eedafed38b0eed50b8ccd9a478dc014134258b28ad4c73c814675aaf4622a729247dd76f711c2f1b7a4310a888ad7488fd44904b1495e7a2ed4b23709b7f0ff2bac404bdd4e2a4a0d2e3db5c6a5dc4e10dba6ba2a90122e47f314e3c51a396a47789ced74d4f660ecbae89202835eee3cd508c76d840dba0a45b5eb2a774d3abf5d8dbba8803532020296a8840f0e8f683fc165cc70815a63fa22482ab38e318217d9ea1a4855222cb1977e23a712ae59d0a9dbde153b2466c6ec71f3afbc7d123ddf8ab4f3976144d58a2d5a1f771bbed6c9d9aea29db6c3e03e05c24e15f75fb4988062c414a047a9ef976568519d67a3731bb77ee5d07de945a6e1f28c64fe7b2cf147cc6c657d8413762b3e0c146de48d45c8f4af8ebb6d8d3b0affc381e106d071abe83f0fa2756014161b587f399f52b8943df4a810e78e800b96f8571848672f2af0a254dadfc8c539c67647045639e6c3279e752e7f434f13e9e458ccc8952b392c40d9742ad3840172e48a0ff8b0d042299f58f788c6f0cbc1c8e6a597c8cdcc4d264a19388b139d231da43940fb434338f3cd8508eb91a2e69ca7325f068dbc3c7775bb61413847cec776b5edc52cc900a18a452afb2c9545c20785f4b896885c60325e86964f29166fd882e0d0cbbdff60978fb4fe154f6ba850d9aed785558b301f8acc743e0dca0ce2b81a62124816b3f31b8f2ecb49d2a6748ba89f0156ccfd324ebe0c6593ae14ac9bcea2184a7567499264461d8cd6a5a241e6bc6becfa52fdeb7fe273b97e503caff04d8fbc1b23b5503f45c050bef23b6ac443b1b7b0315b09fd06bcdb71bd6736b8c635e496087945ca04dafd606707786d37ae16df75c0b20e7938ea5af468aab6fa8f5839c3d4c8781296e4ab7f0625b296cb276004b7d34bf6e4e819e7501215345b19127836ba5c38e8cabf626566277a828819e455d34a7adcdef3a13efb1152502e8587e8c4d2e8314cf37efb64f6863672bd00d264cf2af946e3235ffcb9c9c8bc88f502f15e41fbf02a80babbba1316e4050fbd1a5b829faebefdc3184c941dbefce1f972b5609f16b030094edefb6cd99e5aae82931a400d0a261c44bcae6b43a9b607716d918a0ab51221c36032f567707a5a68b4f674bc162975788ddb3ee8701a76a56fed5759aefc2a0c1744ad083dd433ad7f7922fe1ecf850b457fa8c2fe6d1cc0dc26e4133550b9db6181780fdec973d610d6b83941f651e00c7dd687fc5e13c8002061247e5f776b65b112fb1503391e59776287ec9ea71f798231d9627135abe5e19c0859a4121531c97e67c37753ad8b9fb62984a2f49b852078f8c95472a7b3032b3f168f24271fa3412dc19ca6fd7b136de8f4c82a3f58c3560188b76aa640cd8f878248514cb414d2c94facb0ab40651db0fec38642907de51577dea6e7adfc697c124b50c3c8e26c3b4afc462425a19551fda96a88fa1118f1cc64af586cbb7f28ffdcd6e415f7cef858e532a57073609e3a5100d0e200434627e4bd64d992848bcfe225c3acb586e1cdecce49a885b079b7f02fa7db410e256c3bf423626055b5433ba027ce5a86dc40a0b0357e5c3b18918638c5cabd799127de90e92f7f44a3e27b52f39a2e890826c14baedd8 | https://etherscan.io/tx/0x578da109df18e8bc472ea2461b4977420ef0585d3f8fec252ecb8e5d681cb0ea | |||||||||||||||||||||||||
92 | (Aug-15-2021 04:51:43 PM +UTC) | White Hacker | I am so flattered. I have always been looking for _funny_ and _rational_ ideas, let me share them with you: 1. Turnning the ethereum network to be a real anonymous twitter or whatsapp! It has been witnessed that the obstacles of my negotiation with the poly was the major cause of the latency: we have spent hours reaching a consensus on communication protocal! The ethereum has the potential to be a secured and anonymous communication channel, but its not friendly to average users. The extraction of message requires some thequinies, the encryption of message is a more advanced skill. I have no research on existing projects. And the gas fee stops most users, though it does not stop refugees. Is it possible to ultilize the eth network for free by using extremely low gas? A snapchat on chain? 2. Wandering in the defi world. Impact and difficulty are the two key factors that drive my hacking journey. As I said hacking in defi is not as exciting as hacking the real hardcore world, its so hot thanks to the crypto bubble and the risk taking crowd. I will invest most time in learning & hacking other stuffs which are also important in the real world, but I may hang out at night to see if there are the potential vulnerable people. Given the credit of this address, I think people dont need to worry when their assets are secured by this address. For security noobs, you have to know the difference among hackings: some activities are definitely crimes, like rug pulling or stealing some private keys. Sometimes exploiting a vulnerability is like whispering a magic spell to be the owner of the beast. In the poly hack, I just triggered the intrinsic behaviour of the wild system by legimate instructions and proved its destructiveness. In the meanwhile, this process does not hurt the economy of those tokens. In contrast, some hackings make profit from dumping the shitcoin (which is usually the rewarding token of that shit project) and they cause unrecoverable damage to the whole project! That is to say, my future adventure, if that happens, will not be as delightful as the poly hack, since protecting the assets is always my first priority | https://etherscan.io/tx/0x0ae3d3ce3630b5162484db5f3bdfacdfba33724ffb195ea92a6056beaa169490 | |||||||||||||||||||||||||
93 | (Aug-15-2021 05:22:20 PM +UTC) | White Hacker | Quick Q & A, part (incredible) seven: a: I am fairly confident of their desire and capability to recover and secure the project which has been designed as a robust system. My only concern is that the poly chain, the core part of the whole network, is _not very decentralized_, and that is not something I can contribute to. Maybe I am _wrong_. A: I prepared two keys for that wallet, one will be published and the other is the backup. Ask the poly for more details. A: this story has its happy ending, but it may not be the end of my wild adventure. Do you think the credit of this address will be helpful for the dark knight? A: no. I will check it later. It's weekend. A: it's weekend. I just watched wrath of man. (leaking identity 4?) | https://etherscan.io/tx/0x1f3ff47b612f2c92a8bda39ba310c38b22a32dca94a38d7073abbc9bb53c1dbc | |||||||||||||||||||||||||
94 | (Aug-15-2021 06:28:58 PM +UTC) | White Hacker | Not just AMA but my warning sincerely! Since I have no way hearing all your voice, I am very worried that some of you guys may not understand the real danger of this wild world of crypto! Hope the media could broadcast my voice seriously: I have spent a lot of time explaining the security stuff. I claimed that I was super anonymous and secure, why? Boasting myself? Some people reads it as "he is bluffing because of fear and the security teams who have traced him are on the way". Wake up boys! They are not the god, they can not save you! I can not save you! You should learn to protect yourself! I have explained the situation of security industry (see p6q1q3), as experienced security experts, we know all the ways of tracing the bad guys, that is to say, we know all the ways of hiding from good guys. In the real world, the government and police may stand on your side, but there is no such a utopia in the crypto world! The point of claiming my anonymity, along with the lessons about fearless laundering, is to convince you that there are always perfect hacks that cause permenant damage for real! Don't be naive! Don't believe in so called experts, escpecially those who conclude that "it's the evidence that the cryptoworld is still something can be regulated"! Protect yourself, or just leave the casino! | https://etherscan.io/tx/0x0cf3678a08c93947a7e08f6f0d07609aef4f25bbe27215914bc46e12074fed8f | |||||||||||||||||||||||||
95 | (Aug-16-2021 02:25:30 PM +UTC) | White Hacker | Thanks for your sincere advice! You are 99% correct about the story but you are missing the key point: you don't know me. Money means little to me, some people are paid to hack, I would rather pay for the fun. I am considering taking the bounty as a bounus for public hackers if they can hack the poly network. (they can win double if they feel the current plan is awkward). If the poly don't give the imaginary bounty, as everybody expects, I have well enough budget to let the show go on. Just some funny thoughts but I may probably make them come true. If you are still confused, ask some richer friends, what is money for? I trust some of their code, I would praise the overall design of the project, but I never trust the whole poly team. My only guilty was triggered from the refugees. All of my actions were determined since I made the final decision to be the eternal. I am a little bit surprised that you call them professional negotiators, just look at their tense and repetitive words. If the poly really got my initial idea, they could be less embarassed. I published their request so that they got the chance to be a winner. Who do you think is dominating the game? | https://etherscan.io/tx/0xea8ffdabd3dc2a43b643640be59a93953fa25d273d5beaa34ed96b7fc5f3d033 | |||||||||||||||||||||||||
96 | (Aug-16-2021 04:56:11 PM +UTC) | White Hacker | Q & A, part (technically) eight: Q: when will you publish the key? A: `I will provide the final key when _everyone_ is ready.` my idea is not changed, but I do worry it might be an endless war. So I might release it earlier as long if the community understands everything. See next question. Q: how is the security of current contracts? A: it's hard to say. I leave it as a challenge along with the hints from p1q3q4/p2q1 to the security teams. Maybe they pretended not knowing the subtle facts. If you were willing to understand my behavior, and had read my diary and the code, you should be able to answer the question: why transfering import tokens is keeping it safe? In this hack, I convinced the keepers to approve an execution that will update the keeper's pubkey in the manager contract. Then the manager who is authorized to operate on the vault is under my control. Some snow white hackers would say that: I controlled the key, lets report to the devs, otherwise I am no longer good boy and dad will blame me. My operation continued, not only for fun, which was the major reason, but also for the trust issues. Their audits and claims are mitigations around the cross chain manager(eccm). Is it the most privileged contract? No! The vault asks the cross chain manager proxy(eccmp) for the real manager. The eccmp can be configured by the owner of vault. In short, the privileged owner account of the vault is so powerful that it can bypass all the security mechanisms built in the eccm. It sounds like a common scenario of defi world. Many devs design similar systems like that, they never expect the system have to deal the trust issues in billion dollars someday. I would like to see a billion dollar project can be built on a trustless setup, and hopefully it does not require a private chain as relayers. Trusting the singer dev's key is roughly equivalent to trusting the multisig wallet. Now the whole project has been monitored by the huge crowd, if everyone is ready to accept the final key, I will be relieved for not being the supervisor. | https://etherscan.io/tx/0xe28a27546b3b7b0910d16d47352e27edd1541bccf817c2d938079504a1a3dc66 | |||||||||||||||||||||||||
97 | (Aug-16-2021 11:30:05 PM +UTC) | White Hacker | Thanks for pointing out my mistake of the timeline! Maybe I just got kelvins message earlier since his tweet was much hotter. I think both of them have figured out the puzzle independently, and the slow mist might be the real champion! Brilliant! | https://etherscan.io/tx/0x92bb3ad48ac5609f10538b681255c78050b38640260f8a1d6439dd1c47aa3a91 | |||||||||||||||||||||||||
98 | (Aug-16-2021 11:30:05 PM +UTC) | White Hacker | My bad joke today: P: sir, could you please unlock the account we screwed up last week? T: which one? P: the white hat hacker. He is the savior. T: no. We were told that he was a bad guy. P: who said that? T: it's you. P: ... P: but how could I pay him in t? T: ... T: any way you should not trust any anonymous guy in the crypto world. P: sure, but I prefer trusting my chief security advisor rather than a dictator. Just for fun | https://etherscan.io/tx/0x8ad83154b2e80390f3b7d2d7eb0b21e94c0e20f80d78ab614a5b7f019d31e645 | |||||||||||||||||||||||||
99 | (Aug-18-2021 12:16:49 PM +UTC) | White Hacker | Dear poly, Glad to see that you are moving things to the right direction! Your essays are very convincing while your actions are showing your distrust, what a funny game. You don't even think to unlock my usdt account. I am not ready to publish the key in this week. If you are worry about the interest, I could sign the transaction of dai token to the previous multisig wallet, then you can deposit the stables like what I did last week. Now it's the same situation with a few days ago: if you trust me, you can have a good rest and focus on the repairing and restoring process. Here is one thing that you can always trust me: holding btc & eth is better than trading them. | https://etherscan.io/tx/0x3598218cba95e97d805eeaead681ec11738245ee9d3b4d99162419b6b74f3042 | |||||||||||||||||||||||||
100 | (Aug-18-2021 12:25:35 PM +UTC) | White Hacker | 5: a fan of Guy Ritchie. No spoiler here, but I see a lot of similarities in the story. | https://etherscan.io/tx/0x363d0f2270d3b854b94f37aaa76e69730a5c1474d3556cd76630dc1494a8a887 |