ABCDEFGIJKLMNOPQRSTUVWXYZAAABACAD
1
d
2
Twitter Polynetworkhttps://twitter.com/PolyNetwork2
3
Telegram Grouphttps://t.me/O3LabsOfficial
4
Lasttime RefundChainHacker AddressHackToken TransactionToken HoldingsBalanceEthereum assetsBSC assetsPolygon assets
5
11/8/2021 20:34:29ETH Chain
0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
272 milhttps://etherscan.io/address/0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963#tokentxnshttps://etherscan.io/tokenholdings?a=0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
ETH, DAI, USDC, BTC, UNI, renBTC
26.109 WETH6613 BNB85,089,719 USDC
6
BSC Chain
0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71
253milhttps://bscscan.com/address/0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71#tokentxnshttps://bscscan.com/tokenholdings?a=0x0D6e286A7cfD25E0c01fEe9756765D8033B32C711,032 WBTC26,629 ETH
7
Polygon Chain
0x5dc3603c9d42ff184153a8a9094a73d461663214
85 milhttps://polygonscan.com/address/0x5dc3603c9d42ff184153a8a9094a73d461663214#tokentxnshttps://polygonscan.com/tokenholdings?a=0x5dc3603c9d42ff184153a8a9094a73d46166321433,431,197 USDT (Locked)1,023 BTCB
8
673,227 DAI32,107,854 BUSD
9
Still waiting more FundChainReceive Address (Polynetwork Multisig)BalanceToken TransactionToken HoldingsBalance96,389,444 USDC87,603,671 USDC
10
27620,93 HoursETH Chain
0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f
Some Tokenshttps://etherscan.io/address/0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f#tokentxnshttps://etherscan.io/tokenholdings?a=0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142fSHIBA, FEI, renBTC, UNI43,023 UNI
11
BSC Chain
0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc
ALLhttps://bscscan.com/address/0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc#tokentxnshttps://bscscan.com/tokenholdings?a=0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fcBTCB, ETH, BNB, BUSD259,737,345,149 SHIBA
12
Polygon Chain
0xA4b291Ed1220310d3120f515B5B7AccaecD66F17
ALLhttps://polygonscan.com/address/0xA4b291Ed1220310d3120f515B5B7AccaecD66F17#tokentxnshttps://polygonscan.com/tokenholdings?a=0xA4b291Ed1220310d3120f515B5B7AccaecD66F17USDC14.47 renBTC
13
616,082 FEI
14
Time zone UTCRound05/10/2024 17:30:15PassDelayfromContentHashAmountTokenChainRefundRefundRefund
15
Aug-10-2021 02:36:01 PM +UTC
110/8/2021 14:36:01
27650,9 Hours
PolyNetworkCan you connect us? contact@poly.network
https://etherscan.io/tx/0xf6488e1efacd9c280eb91133d04ba357beca8016df8b0b0524b9a2e207b2ad7f
616.082 FEI23.88 BTCB100 USDC
16
Aug-10-2021 03:26:28 PM +UTC
210/8/2021 15:26:28
27650,06 Hours
51 MinsWhite HackerWonder why tornado? Will miner stop me? Teach me plz!
https://etherscan.io/tx/0x3a09c98f99edd9601ed017ff269652fd80c7e9aedcea57126990031128851043
259,737,345,149 SHIBA1000 BTCB1.000 USDC
17
Aug-10-2021 04:05:47 PM +UTC
310/8/2021 16:05:47
27649,41 Hours
39 MinsWhite HackerIt would have been a billion hack if i had moved remaining shitcoins! Did I just save the project?
Not so interested in money, now considering returning some tokens or just leaving them here
https://etherscan.io/tx/0x552bc0322d78c5648c5efa21d2daa2d0f14901ad4b15531f1ab5bbe5674de34f
14.47 renBTC26629 ETH 1.000.000 USDC
18
Aug-10-2021 04:25:57 PM +UTC
410/8/2021 16:25:57
27649,07 Hours
20 MinsPolyNetworkWe can offer you a security bounty when you return all the remaining assets.We will provide a secure address through e-mail.
https://etherscan.io/tx/0x6b174ace1a83530bd2f33f07b213536699418b533cf2d3685556cf126e7061d8
43.023 UNI119,664,866 BUSD84.089.719 USDC
19
Aug-10-2021 04:39:03 PM +UTC
510/8/2021 16:39:03
27648,85 Hours
13 MinsWhite HackerWhat if I make a new token and let the dao decide where the tokens go
https://etherscan.io/tx/0x4c102e972301b999318df70e3d3a067994dcc83951f07f7f37c45ff7e922beec
1,032 WBTC10+6610 BNB
20
Aug-10-2021 04:48:57 PM +UTC
610/8/2021 16:48:57
27648,69 Hours
10 MinsPolyNetworkThe decision made by DAO can't changed the fact that the assets are stolen from crypto believers.We want to offer a security bounty and we hope it will be remembered as the biggest white hat hack in the history.
https://etherscan.io/tx/0xe72e56fa6392b5cae82997aa24d3b668b8a0fba04afb543ea4e7f50295d439d2
96,942,062.859 DAI
21
Aug-11-2021 03:48:18 AM +UTC
711/8/2021 03:48:18
27637,7 Hours
662 MinsWhite HackerREADY TO RETURN THE FUND!
https://etherscan.io/tx/0x7b6009ea08c868d7c5c336bf1bc30c33b87a0eedd59dac8c26e6a8551b20b68a
22
Aug-11-2021 03:49:11 AM +UTC
811/8/2021 03:49:11
27637,68 Hours
1 MinsWhite HackerFailed to contact the poly. I need a secured multisig wallet from you
https://etherscan.io/tx/0x79245fb1d1ae48a214118e25d6ad2f9324f514ec6708135a19ba9d4cfa6344f6
23
Aug-11-2021 04:02:06 AM +UTC
911/8/2021 04:02:06
27637,47 Hours
13 MinsWhite HackerIt's already a legend to win so much fortune. It will be an eternal legend to save the world. I made the decision, no more dao
https://etherscan.io/tx/0xd239b01026c49b234d075e3d23a07efd1c3234239cfb440c0f90d5e84836fbe2
24
Aug-11-2021 04:07:48 AM +UTC
1011/8/2021 04:07:48
27637,37 Hours
6 MinsPolyNetworkWe are preparing a multi-sig address controlled by known Poly addresses
https://etherscan.io/tx/0x910b00b2b60b76d7c29a1855f9a1ebf204356eed22498334ddd46e46d96e06c2
25
Aug-11-2021 04:59:05 AM +UTC
1111/8/2021 04:59:05
27636,52 Hours
51 MinsPolyNetworkHope you will transfer assets to addresses below:
ETH: 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142f
BSC: 0xEEBb0c4a5017bEd8079B88F35528eF2c722b31fc
Polygon: 0xA4b291Ed1220310d3120f515B5B7AccaecD66F17
https://etherscan.io/tx/0xf25ad2da525da68e7e254ecb5d780ae2c64f4df442baa14832fcbdff65dfb193
26
Aug-11-2021 07:50:12 AM +UTC
1211/8/2021 07:50:12
27633,67 Hours
172 MinsWhite HackerAccept donations to "the hidden signer" now. Encrypt your msg with his pubkey.
https://etherscan.io/tx/0x160231043b80c7824f658b3621163ebcc537ff29ad1dfb3572e658ebf0ddc2fd
27
Aug-11-2021 08:43:57 AM +UTC
1311/8/2021 08:43:57
27632,77 Hours
54 MinsWhite Hacker100$ To Polygon (By USDC)
https://polygonscan.com/tx/0x74403d359c6eb79acbfe24ddbbab60cccdf4cc8db64709576ed972f707ce52eb
100USDCPolygon
28
Aug-11-2021 08:46:43 AM +UTC
1411/8/2021 08:46:43
27632,73 Hours
3 MinsWhite Hacker1.000$ To Polygon (By USDC)
https://polygonscan.com/tx/0x444561661539983b434f064dbaf1f0ef160def0baf201e61946384f111109910
10.000USDCPolygon
29
Aug-11-2021 08:58:23 AM +UTC
1511/8/2021 08:58:23
27632,53 Hours
12 MinsWhite Hacker1.000.000$ To Polygon (By USDC )
https://polygonscan.com/tx/0x7033942dde965ad6ee5acbd16e068df8c6187d7c0782055f870994a95cb058c4
1.000.000USDCPolygon
30
Aug-11-2021 09:45:52 AM +UTC
1611/8/2021 09:45:52
27631,74 Hours
48 MinsPolyNetworkYou are moving things to the right direction. We received 1+M USDC on Polygon. Did you ask us to encrypt the receiving addresses with your BookKeeper public key?
https://etherscan.io/tx/0x59451c04dd5809958100c20a1263b7c1c6fc5080b38163b5117557418a473c47
31
Aug-11-2021 09:47:55 AM +UTC
1711/8/2021 09:47:55
27631,71 Hours
2 MinsWhite Hacker0.6$ To BSC ( by USDC )
https://bscscan.com/tx/0xd19b96776e7e321ce1b03ccb8f96dcbceae0c4ef3e52f0eaf644b540e683b707
1USDCBSC
32
Aug-11-2021 09:48:28 AM +UTC
1811/8/2021 09:48:28
27631,7 Hours
1 MinsWhite Hacker38$ To BSC ( by BUSD )
https://bscscan.com/tx/0x222e665ed61d9c722c5fdfaa6330d9fbd919c77e1edc6534be1650cf926668b0
38BUSDBSC
33
Aug-11-2021 09:49:10 AM +UTC
1911/8/2021 09:49:10
27631,68 Hours
1 MinsWhite Hacker1.000.000$ To BSC ( by BTCB )
https://bscscan.com/tx/0x8537ce0fb13a9aae72a531b14838a59b9232bb3db8d65857f5e9b55bfbf3108d
23,88BTCBBSC
34
Aug-11-2021 10:54:38 AM +UTC
2011/8/2021 10:54:38
27630,59 Hours
66 MinsWhite Hacker622.000$ To ETHCHAIN ( by FEI )
https://etherscan.io/tx/0xd3327a266add4ec655ef5fe00fd042bdcdf1b886c26af3b5dd21b2e4ec9bde49
616.082FEIETH Chain
35
Aug-11-2021 10:59:14 AM +UTC
2111/8/2021 10:59:14
27630,52 Hours
5 MinsWhite Hacker2.000.000$ To ETHCHAIN ( by SHIBA )
https://etherscan.io/tx/0x4d0c93ca9746d1c8a80c0ecf58bd5bba66654fefae3df320b4d138405d0cbc0e
259.737.345.149SHIBAETH Chain
36
Aug-11-2021 12:07:35 PM +UTC2211/8/2021 12:07:35
27629,38 Hours
69 MinsWhite HackerDonate to 0xA87fB85A93Ca072Cd4e5F0D4f178Bc831Df8a00B if you support my decision, encrypt your msg with his pubkey if you want to talkhttps://etherscan.io/tx/0x87715ad26621431c2c27f44d9214798e0c81a97d938ba5d4580dcd72f07ec6a8
37
Aug-11-2021 12:12:16 PM +UTC2311/8/2021 12:12:16
27629,3 Hours
5 MinsWhite HackerDumping shitcoins first!
How about unlocking my usdt after returning enough usdc?		https://etherscan.io/tx/0xa7cd9cb0211942998602e22ad6f7fd7d9c1eef9515f4e4154a76237d5fd71aa3
38
Aug-11-2021 01:15:56 PM +UTC2411/8/2021 13:15:56
27628,24 Hours
64 MinsWhite Hacker{"iv":"be1fb3ba513b8779f7a38525cf118fae","ephemPublicKey":"04a35ba379dc4922a7fbf2f7d64be16b8096c78d3a17f40dab1c07928c178f8476663d032f6920a3f9467af8908a5de3594779e59a32fa320286a4ba028554c076","ciphertext":"d8d60653f3fa30b31f2ebb40cc8ba697e45f59f4e976f1b84d7382a3a1aced6b","mac":"393423c5f65ffa52e09d97dda25acd32d39efe157a1a334539ae047d0397043d"}https://etherscan.io/tx/0x64eb495eba8b2000181498910748614dbd2c4bd7d6997af20cdb92c2518b2bce
39
Aug-11-2021 01:17:08 PM +UTC2511/8/2021 13:17:08
27628,22 Hours
1 MinsWhite Hacker0b156682321ad8b4307c76b60dac7650022f314a319f3e17d5e83718dbc305d6a1bcf0461b0eeb1c15b24994ae1deca1305f99dc9d294b926c4b9ade2718478a1f364a395f6a253da2a1561807540a2193974b134ba2be616b810e899c5df21aa2https://etherscan.io/tx/0x69534e330c5f8529759272b86e90bbacf7a5c4082683064c471e5539eacf53ba
40
Aug-11-2021 02:01:41 PM +UTC2611/8/2021 14:01:41
27627,48 Hours
45 MinsWhite Hacker1000 BTC To BSC https://bscscan.com/tx/0x933dc403b49fb5ed26b364d181ecc036b1ab2056ed3f43b37391b0c6509633c01.000BTCBBSC
41
Aug-11-2021 02:03:37 PM +UTC2711/8/2021 14:02:37
27627,46 Hours
1 MinsWhite Hacker26,629.17 ETH To BSC https://bscscan.com/tx/0x6e2317a437e7804b211ab03a11d61bf68d4fd3b87a5d0deb76d87febddca262b26.629ETHBSC
42
Aug-11-2021 02:17:35 PM +UTC2811/8/2021 14:17:35
27627,21 Hours
15 MinsWhite Hacker119mil BUSD To BSC https://bscscan.com/tx/0xec9507edd4c928eb64e59fe2c6dd605ac58792729ff30b0911939bfef0ad6278119,664,866BUSDBSC
43
Aug-11-2021 02:19:33 PM +UTC2911/8/2021 14:19:33
27627,18 Hours
2 MinsWhite Hacker10 BNB To BSC https://bscscan.com/tx/0xb5a0f3787d56d6b71d711659d070b13a506710e7a6d06487fbb57f9f953770c210BNBBSC
44
Aug-11-2021 02:23:47 PM +UTC3011/8/2021 14:23:47
27627,11 Hours
4 MinsWhite Hacker6610 BNB To BSC https://bscscan.com/tx/0xc1fb5ab331cb90b6efd55f86d41e400c1119e3d077dfc059f6999c875f1e63606.610BNBBSC
45
Aug-11-2021 02:37:21 PM +UTC3111/8/2021 14:37:21
27626,88 Hours
14 MinsWhite Hacker01c1d99be69552fad96069174147a8f5022e526cfb3644d2bcd07adccdd55a00b4e7f3c63273713f4c1839276b56a0f8a4e1928c2b9831bbd6442734752d96a5c28dcbc7a7e5c29c23f7aff6e49e2fe9b37881876756924ea9050392fe847e700abb5db4064270862f35df23b5aa14278e80814a873b1d0c23665b08f757fc081d716f64c344a17126b56232a9476c9542695e5fefdb676c9a1c16879b088bf32b7e2afa123a53e3373366f36db7a5cacde1246ba160c455b249077a21cce40df894054fbc996c9f1cb1ef5d71ba621c5485cb411c77953adbf7ecbc0040b5c28ahttps://etherscan.io/tx/0x62d376fbb95367ba95d046c0c041531e320e93526fc282da5a1a65dacc885f47
46
Aug-11-2021 02:39:22 PM +UTC3211/8/2021 14:39:22
27626,85 Hours
2 MinsWhite HackerJust dumped all assets on bsc & polygon.
Hacking for good, I did save the project		https://etherscan.io/tx/0x3de5a4eb6c1953ce2d0422bc5d0d16b2d9e54316cf0784bb793b3c67f09387b7
47
Aug-11-2021 03:08:15 PM +UTC3311/8/2021 15:08:15
27626,37 Hours
29 MinsWhite Hacker4e7ebea396547cae74d0dea5f6d60e3c02e04ee7f52b31936d56c19bef1c619301765f766a4a879dc089302f2623bbaa50c390932141773bff1a83b6140b8bab73c4a768f0526e5b1be79d1893b608548fc759108f374eccdfab9401f89b77915c2b70b031388b515891567456348008c6e520cb80d7d4daddf3dcac9ee164b73515ac57a88da0470a9e9f6b1b0c634aa1https://etherscan.io/tx/0x4d6490b47a82e548236b4448713a973d833e439ad9fff76513d38ad2f7cb4fa5
48
Aug-11-2021 03:19:39 PM +UTC3411/8/2021 15:19:39
27626,18 Hours
11 MinsWhite Hacker14.47 renBTC To ETH Chain https://etherscan.io/tx/0xd916036ed3f4fd356e32faf7a0849834e54d7555383c372058226cb32705916b14.47renBTCETH Chain
49
Aug-11-2021 03:24:33 PM +UTC3511/8/2021 15:24:33
27626,09 Hours
5 MinsPolyNetwork0x35b6fd7cab004eb2f3c225982540189f028057d66e3f07a46547b2de92c68750bd53ddf6290b016f1d8d1d9bccb124d691f5cf6737a105006bf00cea4aa421555ab11b03e8a39b369436977abbbd1260b827efd9a269c7fdb9e2773f6c9f4f861fb47e337bd5b045a87bd734c2c772b5a2f8f841678e0826342f56cc201594d3ddf5f91fbebeb6c4431fe929adebce701669a33e0b5c36866c9e49a1e0ba09188chttps://etherscan.io/tx/0x7a924cf530150ba0d0d8b063f33a812ccf7564d347c193d03ad3b728c5fc6ab2
50
Aug-11-2021 03:57:28 PM +UTC3611/8/2021 15:57:28
27625,55 Hours
33 MinsWhite Hackerhttps://sites.google.com/view/hackersconfession/home/refund-wallethttps://etherscan.io/tx/0x1fb7d1054df46c9734be76ccc14fa871b6729e33b98f9a3429670d27ec692bc0
51
Aug-11-2021 04:18:39 PM +UTC3711/8/2021 16:18:39
27625,19 Hours
21 MinsPolyNetworkWe appreciate your returning of assets and the explanation of your motivation. We would like to work with you to resolve the current and future security issues of PolyNetwork. Please complete the returning of assets as you promised and let's move on.https://etherscan.io/tx/0xf59c47f47e6f19acc60bea81f6bde2ca41ecefaddc797bdb7fa6a8651aede384
52
Aug-11-2021 04:31:12 PM +UTC
3811/8/2021 16:31:12
27624,98 Hours
13 MinsWhite Hackerhttps://sites.google.com/view/hackersconfession/home/refund-wallethttps://etherscan.io/tx/0xd4ee4807c07702a3202f45666983855d7fa22eb1c230e4c1e840fc9389e54729
53
Aug-11-2021 04:37:37 PM +UTC3911/8/2021 16:37:37
27624,88 Hours
6 MinsPolyNetwork0xb46f70e398420809e6a1e73274459e720358a1e2d042329883f15fb07d51e51d26fe2be672681b38ad06813ded3f6ae2215b883b73be75b359260a53cdf2ef0135ac60be8d46a15e842ea7398ed0f27ac9a58193bce8a35578af93b8225590a6c33f7054f56e09a434f0c1d5ec8c843904e4d35317000d152159312de0f6416b4chttps://etherscan.io/tx/0x339bee245002f1c41eff7469fe51424d48d6ef856cc81e81d66135e40968f53f
54
Aug-11-2021 04:50:45 PM +UTC4011/8/2021 16:50:45
27624,66 Hours
13 MinsPolyNetworkPlease confirm your email is polyhacker@yandex.com, not negotiations@cock.li, too many fake emails.https://etherscan.io/tx/0x588732ed9ec2861e6300710a9a3dcad20d8da591e7e93da3b556d351da697477
55
Aug-11-2021 04:55:54 PM +UTC4111/8/2021 16:55:54
27624,57 Hours
5 MinsWhite Hackerhttps://sites.google.com/view/hackersconfession/home/refund-wallethttps://etherscan.io/tx/0xe954bed9abc08c20b8e4241c5a9e69ed212759152dd588bb976b47eca353a5bc
56
Aug-11-2021 05:13:37 PM +UTC4211/8/2021 17:13:37
27624,28 Hours
18 MinsWhite HackerI don't use email. Fuck polyhacker@yandex.com & negotiations@cock.lihttps://etherscan.io/tx/0xe926ef4b6f4e3ff1b680df02a6a2456cd9b415d25f051bb894ea3e24cfa864f0
57
Aug-11-2021 06:05:57 PM +UTC4311/8/2021 18:05:57
27623,4 Hours
53 MinsWhite HackerDisclaimer: I have never asked for bounty from poly network
what I have said is on the chains		https://etherscan.io/tx/0xa5371eda3e56a614cdecc2b875f4236c7651e8ab3822f798b108e14b2659aaaa
58
Aug-11-2021 06:59:00 PM +UTC4411/8/2021 18:59:00
27622,52 Hours
53 MinsWhite Hackerhttps://sites.google.com/view/hackersconfession/home/refund-wallethttps://etherscan.io/tx/0xde330cbd5484e9ce808c60d3a76739f224eb8390b6b891a8e4d29dbdaeab826d
59
Aug-11-2021 07:03:37 PM +UTC4511/8/2021 19:03:37
27622,44 Hours
5 MinsPolyNetworkWe appreciate you sharing your experience and believe your action constitutes white hat behavior. But we can't touch user assets and Poly Network doesn't have its own token. Since , we believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully. Also we assure you that you will not be accountable for this incident.

We hope that you can return all tokens as soon as possible. You can reserve the equivalent value of 500,000 USD in any assets to the current owner address. We will make up this part of the assets to Poly Network users.

Your contribution is very helpful to us. Again, we think this behavior is white hat behavior, therefor this 500,000 USD will be seen as completely legal bounty reward. We will also ensure that you will not be held accountable for this incident, and we will publicly express our gratitude to you.		https://etherscan.io/tx/0x98b6316d3004be81c5d1b06c27472bef8097c9c922345876cd36111495ccf32a
60
Aug-11-2021 07:06:22 PM +UTC4611/8/2021 19:06:22
27622,4 Hours
7 MinsWhite Hacker84 mil USDC To Polygonhttps://polygonscan.com/tx/0xc32f8501c62a69218b4cdaae93cffcf7b214f331942af9ecca7c35be49e796b684.079.620USDCPolygon
61
Aug-11-2021 07:12:14 PM +UTC4711/8/2021 19:12:14
27622,3 Hours
6 MinsWhite HackerThe _polygon_ network is so unreliable
for many times I thought I had sent the transaction but it vanished. Lol 		https://etherscan.io/tx/0xd2750ac3aad70c0a73fd4cd5aa854770f3253026526ab3cdc88fd561b8ccd5a0
62
Aug-11-2021 07:34:30 PM +UTC4811/8/2021 19:34:30
27621,93 Hours
22 MinsWhite HackerGuys, ask yourself, is the poly team the owner of the assets? They are just the manager of the fund! Will you teach them how to trigger their "backdoor"? In the defi world, you can trust nobody but the code and youself.
To the "victims": I don't mean the poly team is not trustworthy, but none of you have the chance to challenge their code which should be the law. Don't worry, you are not real victimes. I saved you!		https://etherscan.io/tx/0x078063e9574e1937a64b6552919b9fc0035429df1e601d79e200bf211e75f337
63
Aug-11-2021 08:34:29 PM +UTC4911/8/2021 20:34:29
27620,93 Hours
60 MinsWhite Hacker42k UNI to ETH Chainhttps://etherscan.io/tx/0x09fe1ec4a9ad2c159362e7ec23b0410de34d71db5f314c4b04247c48d812fcbf43.023UNIETH Chain
64
Aug-11-2021 10:09:27 PM +UTC5011/8/2021 22:09:27
27619,35 Hours
95 MinsWhite HackerHello beggars, why not asking money from the poly multisig wallet? 0x71Fb9dB587F6d47Ac8192Cd76110E05B8fd2142fhttps://etherscan.io/tx/0x05ddbcc01736dfe478526b33837f54ccf4f0e1e8abf06276d0a3fb18b8751ea9
65
Aug-11-2021 11:33:51 PM +UTC5111/8/2021 23:33:51
27617,94 Hours
85 MinsWhite HackerTo supporters: do not donate to this address. It's mixing with the poly tokens. Please send it to 0xA87fB85A93Ca072Cd4e5F0D4f178Bc831Df8a00Bhttps://etherscan.io/tx/0x9dedb07cb1dc30e176b78be45c37787ce8f1b0ecc96228d82c451cc52e074154
66
Aug-12-2021 01:46:42 AM +UTC5212/8/2021 01:46:42
27615,73 Hours
133 MinsWhite HackerYou guys should have enough fund and credit to start the recovering phase. For the rest of assets, I’m considering building a multisig wallet shared between us. I will transfer the remainings to that wallet. I will provide the final key after it's settled. You can claim that you have collected the assets early. Let the crypto talks. (I may disclose this message later)https://etherscan.io/tx/0xdef85ff964015bbb4634f414b1f52228569912657932fa7db5c3365609befb10
67
Aug-12-2021 02:06:00 AM +UTC5312/8/2021 02:06:00
27615,4 Hours
19 MinsWhite HackerYou guys should have enough fund and credit to start the recovering phase. For the rest of assets, I’m considering building a multisig wallet shared between us. I will transfer the remainings to that wallet. I will provide the final key after it's settled. You can claim that you have collected the assets early. Let the crypto talks. (I may disclose this message later)https://etherscan.io/tx/0x2f47a23f49ea52a21d44e41937362a55d8addcbe2dbe13f1536da2e16fc41448
68
Aug-12-2021 03:33:33 AM +UTC5412/8/2021 03:33:33
27613,94 Hours
88 MinsWhite HackerThe poly has well enough assets to start the recovering phase. I have asked the poly to setup a new multisig wallet. I can move the funds asap. I will provide the final key when _everyone_ is ready.https://etherscan.io/tx/0x0e26a5b2c59ce2da821a353cea99720014e3d13ddc4f84af6ba01dd714c62d8d
69
Aug-12-2021 05:00:14 AM +UTC5512/8/2021 05:00:14
27612,5 Hours
87 MinsPolyNetworkWe've had a fix. It had been cross-checked internally and reviewed by a well known security audit team. (?)

The multi-sig address we provided is safe, please send the remainings to that address. We will send you the 500k bounty when the remainings are returned except the frozen USDT.		https://etherscan.io/tx/0x05f90618be1e7f64230618476912dccb0091f6eb011dd983f4ac7239e846d422
70
(Aug-12-2021 11:16:53 AM +UTC)White Hackerd8cd85a08a41d32fd7f9ea34e03e4c37027183eb4ca2a819907fa18f72115db29ace316ecab1c057ec035f996a8b51f02f58dfad08a82a165c6cc407231e8928f614c4f74776c7feb54b70e816534ae7a337b5a27ccf497966d61ef8b434cdceb1b7793e2ddc996420ac4c71ab5f700a8b328b48be08c05c3e648fefe2d45012aaa4a5cc54dfa25aac1eb9d39170bb0f57c1654354d067a7030a4193b79eba42b7e0408e47dec1c262e6be73cf3aa34e7df6c1abc9b46b164fccdc107dca054e1b49eb693bef8bbe42448114e06096d92aa4c735838aeca0c7ad52b83e928c44509526bd0cad81d76f321f5e429c721ec8c48c6618de02506012a5702abdca6ac94e578125cc415e1bd1ae27ca812f1202a8be2eda74546c8d88dc417d7514728d12c0919d74ce356b0365ab8b5f66918dhttps://etherscan.io/tx/0x64c237d37a39662c8386a6f4893c5852486c3d1bbc68605465c603061ddf7d13
71
(Aug-12-2021 12:02:50 PM +UTC)
White HackerTo defi noobs: my initial attempt was depositing the stables for interests, its benign and safe. I didnt even want to cause imbalance of the stable pools by swapping. My plan was holding 3crv until I realized withdrawing into usdc would be stupid, then I had no choice but to convert them into dai. Its clearly tracable, why is it laundering?https://etherscan.io/tx/0xc02baa06d4e446c725aeda4878ea2f7a3ecf770f73dcfb330b6bae7fedf48013
72
(Aug-12-2021 12:13:23 PM +UTC)White HackerTo defi noobs: why do you think I have no way to transfer the money? Because its too much? Tornado is powerful enough, I could just transfer 100eth every month, how would you identify the cash flow? I teased the crowd, but I never triedhttps://etherscan.io/tx/0x5fbd4fe7e3d36b75e8f8f05a1e003e9e4d254bfe8242e33af166eecc2f29d839
73
(Aug-12-2021 12:25:53 PM +UTC)White HackerTo crypto noobs: in the defi world, code is law. Then who is the arbitrator? We, the hackers, are the armed forces. If you are given weapons and guarding billions from the crowd while being _anonymous_, will you be a terrorist or the batman?https://etherscan.io/tx/0xc0d284617a1805dafddf8e8d71d10acbdec8e2ed679c66ea97c7f928e97f7605
74
(Aug-12-2021 12:42:47 PM +UTC)White HackerTo security noobs: cex or dex, which one is safer? It dpends on whether you know how to protect yourself. In my case, the total cost is hunderds of usd. No kyc. Everything in the dex is temporary. I would call it _the bait_.https://etherscan.io/tx/0xd73daf995a2aab071560f14555beca73b6dce9c3cac01085e2c372d29e012c66
75
(Aug-12-2021 01:04:04 PM +UTC)White HackerTo security noobs: cex or dex, which one is safer? It dpends on whether you know how to protect yourself. In my case, the total cost is hunderds of usd. No kyc. Everything in the dex is temporary. I would call it _the bait_.https://etherscan.io/tx/0x6eeeb4ea8566707b3e9a18934ab0258ddcd474faa91d5e8f2bf74a20171feb1b
76
(Aug-12-2021 01:30:31 PM +UTC)White HackerJust confirmed the shared multisig wallet with the poly!!!https://etherscan.io/tx/0xf391ec8d5935d4ec11efb2c8b99ba3586cb0b0f05c5e0b9c44c74a1c40386bd7
77
(Aug-12-2021 01:33:19 PM +UTC)White Hacker($13.89) USD Coin (USDC)https://etherscan.io/tx/0xb60940615e750d404fdc56e2ba1fe001585b5cc9545ec49d6e9b0aa414005455($13.89) USD Coin (USDC)
78
(Aug-12-2021 01:39:08 PM +UTC)White Hacker($48,902,089.28) Wrapped BTC (WBTC)https://etherscan.io/tx/0xbe3b80a14d27115aab572e64511f292ef9b2f68455ecdb8ed3894ccae46be7a5
($48,902,089.28) Wrapped BTC (WBTC)
79
(Aug-12-2021 02:32:55 PM +UTC)White HackerTX 0x98b6316d3004be81c5d1b06c27472bef8097c9c922345876cd36111495ccf32a DECRYPTED: 'We appreciate you sharing your experience and believe your action constitutes white hat behavior. But we can't touch user assets and Poly Network doesn't have its own token. Since , we believe your action is white hat behavior, we plan to offer you a $500,000 bug bounty after you complete the refund fully. Also we assure you that you will not be accountable for this incident.
We hope that you can return all tokens as soon as possible. You can reserve the equivalent value of 500,000 USD in any assets to the current owner address. We will make up this part of the assets to Poly Network users.
Your contribution is very helpful to us. Again, we think this behavior is white hat behavior, therefor this 500,000 USD will be seen as completely legal bounty reward. We will also ensure that you will not be held accountable for this incident, and we will publicly express our gratitude to you.'		https://etherscan.io/tx/0xbd66349e77b8d4e493e3a13ae146557a72e8585650b6ec3a71c402c66e2d3882
80
(Aug-12-2021 02:34:33 PM +UTC)White HackerTX 0x05f90618be1e7f64230618476912dccb0091f6eb011dd983f4ac7239e846d422 DECRYPTED: 'We've had a fix. It had been cross-checked internally and reviewed by a well known security audit team.The multi-sig address we provided is safe, please send the remainings to that address. We will send you the 500k bounty when the remainings are returned except the frozen USDT.'https://etherscan.io/tx/0x5a17cb912b9a0a1bf12a1ced9a8d108ce7c1de3355df7826d47dc13ba44fadce
81
(Aug-12-2021 02:36:09 PM +UTC)White HackerThe poly did offered a bounty, but I have never responded to them. Instead, I will send all of their money back.https://etherscan.io/tx/0x962d0df8f580051bb53e4fa2a2570073a0cd4c5c719c1936e707101e735ceee1
82
(Aug-12-2021 02:52:12 PM +UTC)White Hacker($96,942,062.86) Daihttps://etherscan.io/tx/0x7a026bf79b36580bf7ef174711a3de823ff3c93c65304c3acc0323c77d62d0ed($96,942,062.86) Dai
83
(Aug-12-2021 03:25:04 PM +UTC)White HackerNow comes the last token, eth! However, I am terrified for the first time! They are calling me mr. 600 million, but the price of eth is going down recently, what if my balance can not cover the debt? Eth to the moon plz!https://etherscan.io/tx/0xdeb4d7ddc2e921e999214e78879ae5afb6f7c268d6643b19d20ca64c398de7ca
84
(Aug-12-2021 03:40:04 PM +UTC)White Hacker($94,987,844.28) 28,953 Ether https://etherscan.io/tx/0xf91e43dceeb80cd2d5fbf2c5cf94ea364929515bbac29f57270163c3de812271
28,953 Ether ($94,987,844.28)
85
(Aug-12-2021 06:05:23 PM +UTC)White HackerI would say its a bit risky to relaunch the original mainnet in this week. After this incident, the poly is exposed to many greedy hackers. You may provide a decent bounty to other security experts so that they will stand on your side. In the meanwhile, offering a new token for compensation seems to be the standard procedure in the defi world. I think people will understand the situation.https://etherscan.io/tx/0x34699571b73a2ab00b4ab966d48146ff54079b1d52845cd7c72e0b55c6003909
86
(Aug-12-2021 07:18:17 PM +UTC)White HackerI felt sorry for any innocent people who were affected by my wild adventure. I tried to avoid introducing any noises to the crypto world: no touching shitcoins, no doing huge swap, no dumping valuable assets. However, even the avengers have to face endless lawsuits from the civilians. Seriously I am considering taking the limited bounty as one source of the compensation fund for unexpected victims, but it's hard to prove that your loss is my fault especially when you are already gambling beyond your capability. Another embarassing fact is that refugees have already taken over my message list, it's hard for you to compete against them with your true story. Any way, I will try to do something. Donations are accepted at 0xa87fb85a93ca072cd4e5f0d4f178bc831df8a00b, it will be the main source of the fund.https://etherscan.io/tx/0x78b8d13618af4d1b8facfde5906cb40972ff70b04574de3aa6b2b403329c7b44
87
(Aug-12-2021 10:18:45 PM +UTC)White HackerQ & a, part five:

q: why ama? Your confession?
A: it's more like a diary. Something I am proud of.

Q: why all capital?
A: as I said, I don't care about money or capital.

Q: garbage english?
A: not native speaker. (leaking identity 1) I just expressed my true feelings without polishing. Typing while holding the "shift" is not easy.

Q: black hat or white hat?
A: I also enjoy the feeling of superiority by judging others, but it's never easy. Not only lawful good can be the white hat. So called black hat can also be a nice guy. People are variable. Have you heard of grayscale?

Q: shouldn't a white hat just notify the devs?
A: read p1q1234. Defi is a dark forest, hundreds of projects ran away every year. I dont trust anyone.

Q: why hiding at the beginning?
A: you might be in danger for any reason even if you are lawful good. Security guys do care about security.

Q: why explain so much?
A: read p4q2. The guiding part means a lot to me. I would like to share how I pwned my mind to overcome the arrogant and greed. I think the mental challenge is not easier than the hacking part.

To be honest, I was so excited when the expolit worked that I almost forgot my original plan, because there was too much guessing and it's unexpected (see p2q1). The first message(see p3q1) sparked my interest in doing some creative things. I spent some time looking for funny but rational ideas from my message list.

I am (still) strongly confident about my hiding, so I think I can handle the game as long as I dont cause unaffordable loss. Later I started to calm down because of those refugees. Yes, I realized that even taking over the money temporarily is still an unforgiven joke, it's causing too much pain.

For the "one billion shitcoin" joke, I meant the headline of this incident could be more eyecatching, but the ending would be the same: I would not dump the shitcoins. It turned out to be a terrible joke. For the "dao" joke, I was asking the community how and when to refund. It was a irresponsible joke.

I was not terrified because of exposure or laundering trouble at all (read my noob lessons). I just realized I should be cautious because my decision would change the lives of many people! If I left tokens there and quit the game, I could enjoy the life of being a millionaire and continue my exploration as usual, but thousands of people would lose control of their fate. This is against my personal philosophy (see p4q2).

_soon_ I wrote an _email_ to the poly attaching a signed eth transaction from an anonymous mailbox. If they had got the mail, they would be able to broadcast a transaction from my address. This was not a wise move, since I can not broadcast any new message before them. That mail must be lost, I was not acknowledged from the eth, but I waited a few hours because of that mistake.

The next part of the story is what you already know. I stopped my game and returned the money, as I promised, as I planned.

Q: you are not exposed, but they have got the clues, so you are terrified!
A: I am more confident than any others.

I am a high profile hacker in the real world (leaking identity 2). I work in the security industry and have been devoted to hacking career since young (leaking identity 3). Seriously, as security researchers, our job is to save the hidden world.

I know security consulting is a hard job, and public relation and reputation mean a lot. I don't mind security teams making advertisements based on my incident, especially when it's helpful to them. Raising concerns about security is also the mission of our career.

If any hacker can find my social identity in one month, I would like to send him my personal gift. Otherwise, I may or may not leak another clue of my identity. Shall we play the game?

Even if I am identified, I am still proud of my integrity :)
https://etherscan.io/tx/0xf34ee3551be7be57df6643d4ec7e4bdf9fd047d925c3c32a74e64e7428e5f8a9
88
(Aug-13-2021 12:13:03 PM +UTC)White HackerQ & A, part six:

Q: special force?
A: do you mean they have called the fbi? Where is the claim? In fact, I don't think they have tried to contact me. I will go through my message list later. (just start processing the huge list today, sorry)

I am glad that they and other security teams might be beneficial from the game. Even the exploit itself could be a tasty food for the researchers.

Q: anything about security teams?
A: it's fun for me wathcing the emergency responses from top tier security teams (only in blockchain of course).

_notice: the following timeline could be wrong!_

at the beginning, most experts were talking about the single keeper of the insider conspiracy. Based on what I have seen, @kelvinfichter was the first guy pointing out the most crucial but obvious bug about the eth contract. (I got your encrypted inquiry ;) ) then the slow mist team got excited about the bait and announced the good news about the traces. Didn't they think it's too obvious since the source of my funding was already labeled "hoo"? Any way, they took the responsibility to let the community calm down. It's an unexpected side effect, but it's very important. Later they seemed busy hanlding inquiries and doubts from the media and the community. I am very happy that they are helping me to finish the guiding or education part. The dark knight finds his harvey dent! Thank you, the slow mist team. The other security teams did not seem as active as the slow mist, but they contributed to explaining more details of the exploit. I think certik was the first to publish the missing part about the ontology invocation. Peckshield also mentioned about the kicking off transaction and the special signer. Kudos!

Q: anything about the defi/blockchain security?

The security is a tough job, no matter if it's in classic or crypto world. In most cases, we security experts are only summoned as the medical examiners after the incidents. What we do is just writing postmortems, sometimes tracing the bad guys. It's almost the same in the crypto world, except that some project are not very urgent getting the money back since it's not their money, they would just tell the real victims that "sorry we tried but never guranteed the extreme security".

Another funny fact is that it's unusual to see any professional security teams report those crucial bugs of live contracts! Sure, they can always teach you why you were killed after your death! Why don't you see any cases that the security teams spot the vulnerability that affects millions usd, let alone cases in billions? Because they are not paid? I guess most teams are even richer than me, and some of them might be more capable than me, do you believe that they have never faced the similar temptation? Or some of them just surrendered to the evil? It reminds of the film, "searching". Just my conspiracy, and that's the reason I don't trust anyone, but you can always believe in me.		https://etherscan.io/tx/0x42446ccc66bb48eac7bd905ae7d79708f303849802b280eb4d65770c1bfc0997
89
(Aug-14-2021 11:28:45 AM +UTC)White HackerWow I like your typing style so much! Though your doubts do not deserve any responses go reading my lessons and diaries. Really appreciate teaching me how to be more retarded!https://etherscan.io/tx/0x2a6e7fe5385e2524eecb370fb27bef5da68287251fb73d0d354f52b323def113
90
(Aug-15-2021 02:11:07 PM +UTC)White Hacker:)https://etherscan.io/tx/0xddd4131d6ce0d1c05951560c71843d61bb14222bc2990ee830b5ec2b990c1065
91
(Aug-15-2021 03:29:07 PM +UTC)White Hackera73aacd02b1bf2e56b4c397b0f0082f00210389b5e4c695037185cc1bab20adaa823d407668bc37d7906a02ade403727640202cdc02ca882e95df8ade3f6eb8f2a0c9c7421c7b20986babee79a65ee012d307733efe3346e723ae02e63e354751d8df20b6faed565325485105a0be7bb6ea46c59f6322fd17fcc730404e8bc99f9f35397e1521e8e45f4f35f914b409579d2d67cc5ed969279e0e21791ab1d80bb4e827a585a16eedafed38b0eed50b8ccd9a478dc014134258b28ad4c73c814675aaf4622a729247dd76f711c2f1b7a4310a888ad7488fd44904b1495e7a2ed4b23709b7f0ff2bac404bdd4e2a4a0d2e3db5c6a5dc4e10dba6ba2a90122e47f314e3c51a396a47789ced74d4f660ecbae89202835eee3cd508c76d840dba0a45b5eb2a774d3abf5d8dbba8803532020296a8840f0e8f683fc165cc70815a63fa22482ab38e318217d9ea1a4855222cb1977e23a712ae59d0a9dbde153b2466c6ec71f3afbc7d123ddf8ab4f3976144d58a2d5a1f771bbed6c9d9aea29db6c3e03e05c24e15f75fb4988062c414a047a9ef976568519d67a3731bb77ee5d07de945a6e1f28c64fe7b2cf147cc6c657d8413762b3e0c146de48d45c8f4af8ebb6d8d3b0affc381e106d071abe83f0fa2756014161b587f399f52b8943df4a810e78e800b96f8571848672f2af0a254dadfc8c539c67647045639e6c3279e752e7f434f13e9e458ccc8952b392c40d9742ad3840172e48a0ff8b0d042299f58f788c6f0cbc1c8e6a597c8cdcc4d264a19388b139d231da43940fb434338f3cd8508eb91a2e69ca7325f068dbc3c7775bb61413847cec776b5edc52cc900a18a452afb2c9545c20785f4b896885c60325e86964f29166fd882e0d0cbbdff60978fb4fe154f6ba850d9aed785558b301f8acc743e0dca0ce2b81a62124816b3f31b8f2ecb49d2a6748ba89f0156ccfd324ebe0c6593ae14ac9bcea2184a7567499264461d8cd6a5a241e6bc6becfa52fdeb7fe273b97e503caff04d8fbc1b23b5503f45c050bef23b6ac443b1b7b0315b09fd06bcdb71bd6736b8c635e496087945ca04dafd606707786d37ae16df75c0b20e7938ea5af468aab6fa8f5839c3d4c8781296e4ab7f0625b296cb276004b7d34bf6e4e819e7501215345b19127836ba5c38e8cabf626566277a828819e455d34a7adcdef3a13efb1152502e8587e8c4d2e8314cf37efb64f6863672bd00d264cf2af946e3235ffcb9c9c8bc88f502f15e41fbf02a80babbba1316e4050fbd1a5b829faebefdc3184c941dbefce1f972b5609f16b030094edefb6cd99e5aae82931a400d0a261c44bcae6b43a9b607716d918a0ab51221c36032f567707a5a68b4f674bc162975788ddb3ee8701a76a56fed5759aefc2a0c1744ad083dd433ad7f7922fe1ecf850b457fa8c2fe6d1cc0dc26e4133550b9db6181780fdec973d610d6b83941f651e00c7dd687fc5e13c8002061247e5f776b65b112fb1503391e59776287ec9ea71f798231d9627135abe5e19c0859a4121531c97e67c37753ad8b9fb62984a2f49b852078f8c95472a7b3032b3f168f24271fa3412dc19ca6fd7b136de8f4c82a3f58c3560188b76aa640cd8f878248514cb414d2c94facb0ab40651db0fec38642907de51577dea6e7adfc697c124b50c3c8e26c3b4afc462425a19551fda96a88fa1118f1cc64af586cbb7f28ffdcd6e415f7cef858e532a57073609e3a5100d0e200434627e4bd64d992848bcfe225c3acb586e1cdecce49a885b079b7f02fa7db410e256c3bf423626055b5433ba027ce5a86dc40a0b0357e5c3b18918638c5cabd799127de90e92f7f44a3e27b52f39a2e890826c14baedd8https://etherscan.io/tx/0x578da109df18e8bc472ea2461b4977420ef0585d3f8fec252ecb8e5d681cb0ea
92
(Aug-15-2021 04:51:43 PM +UTC)White HackerI am so flattered. I have always been looking for _funny_ and _rational_ ideas, let me share them with you:
1. Turnning the ethereum network to be a real anonymous twitter or whatsapp! It has been witnessed that the obstacles of my negotiation with the poly was the major cause of the latency: we have spent hours reaching a consensus on communication protocal! The ethereum has the potential to be a secured and anonymous communication channel, but its not friendly to average users. The extraction of message requires some thequinies, the encryption of message is a more advanced skill. I have no research on existing projects. And the gas fee stops most users, though it does not stop refugees. Is it possible to ultilize the eth network for free by using extremely low gas? A snapchat on chain?
2. Wandering in the defi world. Impact and difficulty are the two key factors that drive my hacking journey. As I said hacking in defi is not as exciting as hacking the real hardcore world, its so hot thanks to the crypto bubble and the risk taking crowd. I will invest most time in learning & hacking other stuffs which are also important in the real world, but I may hang out at night to see if there are the potential vulnerable people. Given the credit of this address, I think people dont need to worry when their assets are secured by this address. For security noobs, you have to know the difference among hackings: some activities are definitely crimes, like rug pulling or stealing some private keys. Sometimes exploiting a vulnerability is like whispering a magic spell to be the owner of the beast. In the poly hack, I just triggered the intrinsic behaviour of the wild system by legimate instructions and proved its destructiveness. In the meanwhile, this process does not hurt the economy of those tokens. In contrast, some hackings make profit from dumping the shitcoin (which is usually the rewarding token of that shit project) and they cause unrecoverable damage to the whole project! That is to say, my future adventure, if that happens, will not be as delightful as the poly hack, since protecting the assets is always my first priority		https://etherscan.io/tx/0x0ae3d3ce3630b5162484db5f3bdfacdfba33724ffb195ea92a6056beaa169490
93
(Aug-15-2021 05:22:20 PM +UTC)White HackerQuick Q & A, part (incredible) seven:

a: I am fairly confident of their desire and capability to recover and secure the project which has been designed as a robust system. My only concern is that the poly chain, the core part of the whole network, is _not very decentralized_, and that is not something I can contribute to. Maybe I am _wrong_.

A: I prepared two keys for that wallet, one will be published and the other is the backup. Ask the poly for more details.

A: this story has its happy ending, but it may not be the end of my wild adventure. Do you think the credit of this address will be helpful for the dark knight?

A: no. I will check it later. It's weekend.

A: it's weekend. I just watched wrath of man. (leaking identity 4?)		https://etherscan.io/tx/0x1f3ff47b612f2c92a8bda39ba310c38b22a32dca94a38d7073abbc9bb53c1dbc
94
(Aug-15-2021 06:28:58 PM +UTC)White HackerNot just AMA but my warning sincerely! Since I have no way hearing all your voice, I am very worried that some of you guys may not understand the real danger of this wild world of crypto! Hope the media could broadcast my voice seriously:
I have spent a lot of time explaining the security stuff. I claimed that I was super anonymous and secure, why? Boasting myself? Some people reads it as "he is bluffing because of fear and the security teams who have traced him are on the way". Wake up boys! They are not the god, they can not save you! I can not save you! You should learn to protect yourself!
I have explained the situation of security industry (see p6q1q3), as experienced security experts, we know all the ways of tracing the bad guys, that is to say, we know all the ways of hiding from good guys. In the real world, the government and police may stand on your side, but there is no such a utopia in the crypto world! The point of claiming my anonymity, along with the lessons about fearless laundering, is to convince you that there are always perfect hacks that cause permenant damage for real! Don't be naive! Don't believe in so called experts, escpecially those who conclude that "it's the evidence that the cryptoworld is still something can be regulated"! Protect yourself, or just leave the casino!
https://etherscan.io/tx/0x0cf3678a08c93947a7e08f6f0d07609aef4f25bbe27215914bc46e12074fed8f
95
(Aug-16-2021 02:25:30 PM +UTC)White HackerThanks for your sincere advice!
You are 99% correct about the story but you are missing the key point: you don't know me. Money means little to me, some people are paid to hack, I would rather pay for the fun. I am considering taking the bounty as a bounus for public hackers if they can hack the poly network. (they can win double if they feel the current plan is awkward). If the poly don't give the imaginary bounty, as everybody expects, I have well enough budget to let the show go on. Just some funny thoughts but I may probably make them come true. If you are still confused, ask some richer friends, what is money for?
I trust some of their code, I would praise the overall design of the project, but I never trust the whole poly team.
My only guilty was triggered from the refugees. All of my actions were determined since I made the final decision to be the eternal. I am a little bit surprised that you call them professional negotiators, just look at their tense and repetitive words. If the poly really got my initial idea, they could be less embarassed. I published their request so that they got the chance to be a winner. Who do you think is dominating the game?		https://etherscan.io/tx/0xea8ffdabd3dc2a43b643640be59a93953fa25d273d5beaa34ed96b7fc5f3d033
96
(Aug-16-2021 04:56:11 PM +UTC)White HackerQ & A, part (technically) eight:

Q: when will you publish the key?
A: `I will provide the final key when _everyone_ is ready.` my idea is not changed, but I do worry it might be an endless war. So I might release it earlier as long if the community understands everything. See next question.

Q: how is the security of current contracts?
A: it's hard to say. I leave it as a challenge along with the hints from p1q3q4/p2q1 to the security teams. Maybe they pretended not knowing the subtle facts.

If you were willing to understand my behavior, and had read my diary and the code, you should be able to answer the question: why transfering import tokens is keeping it safe?

In this hack, I convinced the keepers to approve an execution that will update the keeper's pubkey in the manager contract. Then the manager who is authorized to operate on the vault is under my control. Some snow white hackers would say that: I controlled the key, lets report to the devs, otherwise I am no longer good boy and dad will blame me. My operation continued, not only for fun, which was the major reason, but also for the trust issues.

Their audits and claims are mitigations around the cross chain manager(eccm). Is it the most privileged contract? No! The vault asks the cross chain manager proxy(eccmp) for the real manager. The eccmp can be configured by the owner of vault. In short, the privileged owner account of the vault is so powerful that it can bypass all the security mechanisms built in the eccm.

It sounds like a common scenario of defi world. Many devs design similar systems like that, they never expect the system have to deal the trust issues in billion dollars someday. I would like to see a billion dollar project can be built on a trustless setup, and hopefully it does not require a private chain as relayers.

Trusting the singer dev's key is roughly equivalent to trusting the multisig wallet. Now the whole project has been monitored by the huge crowd, if everyone is ready to accept the final key, I will be relieved for not being the supervisor.		https://etherscan.io/tx/0xe28a27546b3b7b0910d16d47352e27edd1541bccf817c2d938079504a1a3dc66
97
(Aug-16-2021 11:30:05 PM +UTC)White HackerThanks for pointing out my mistake of the timeline! Maybe I just got kelvins message earlier since his tweet was much hotter.
I think both of them have figured out the puzzle independently, and the slow mist might be the real champion! Brilliant!		https://etherscan.io/tx/0x92bb3ad48ac5609f10538b681255c78050b38640260f8a1d6439dd1c47aa3a91
98
(Aug-16-2021 11:30:05 PM +UTC)White HackerMy bad joke today:
P: sir, could you please unlock the account we screwed up last week?
T: which one?
P: the white hat hacker. He is the savior.
T: no. We were told that he was a bad guy.
P: who said that?
T: it's you.
P: ...
P: but how could I pay him in t?
T: ...
T: any way you should not trust any anonymous guy in the crypto world.
P: sure, but I prefer trusting my chief security advisor rather than a dictator.

Just for fun		https://etherscan.io/tx/0x8ad83154b2e80390f3b7d2d7eb0b21e94c0e20f80d78ab614a5b7f019d31e645
99
(Aug-18-2021 12:16:49 PM +UTC)White HackerDear poly,
Glad to see that you are moving things to the right direction! Your essays are very convincing while your actions are showing your distrust, what a funny game. You don't even think to unlock my usdt account.
I am not ready to publish the key in this week. If you are worry about the interest, I could sign the transaction of dai token to the previous multisig wallet, then you can deposit the stables like what I did last week. Now it's the same situation with a few days ago: if you trust me, you can have a good rest and focus on the repairing and restoring process. Here is one thing that you can always trust me: holding btc & eth is better than trading them.
https://etherscan.io/tx/0x3598218cba95e97d805eeaead681ec11738245ee9d3b4d99162419b6b74f3042
100
(Aug-18-2021 12:25:35 PM +UTC)White Hacker5: a fan of Guy Ritchie. No spoiler here, but I see a lot of similarities in the story.https://etherscan.io/tx/0x363d0f2270d3b854b94f37aaa76e69730a5c1474d3556cd76630dc1494a8a887