Poly Network: The $611M Hack With a Plot Twist

Stole $611 million. Then gave it all back.

Poly Network cross-chain bridge

This is the strangest hack in crypto history. Someone stole $611 million from the Poly Network cross-chain bridge and then gave every penny back.

The attacker found a vulnerability in how Poly Network handled cross-chain transactions. They exploited a flaw in the contract's permission system to authorize themselves to withdraw funds from three different chains: Ethereum, Binance Smart Chain, and Polygon. Total haul: $611 million.

Poly Network panicked and posted an open letter on Twitter begging the hacker to return the funds. They called them "Mr. White Hat" and pleaded that the stolen money belonged to regular users, not the protocol.

Then something bizarre happened. The hacker started talking. They embedded messages in Ethereum transactions, explaining they'd done it "for fun" and to expose the vulnerability before someone malicious found it. Over the next few days, they returned all $611 million in batches.

Poly Network offered the hacker a $500,000 bug bounty and, in a move that baffled the entire industry, a job as Chief Security Advisor. The crypto community couldn't decide if this was a genuine white hat hack, a PR stunt, or if the hacker just realized that laundering $611 million in traceable crypto was going to be impossible.

The truth is probably simpler than any of those theories. On-chain analytics firms had already started identifying potential wallet connections. The hacker likely realized they were about to get caught and chose the graceful exit.