Hacker Who Stole $611M From Poly Network Returns Nearly Everything, Refuses $500,000 Thank-You Bounty
The suspected hacker, who claims to have initiated the attack “for fun :),” took hundreds of millions in digital assets after discovering a bug in Poly Network’s system as a way to “keep it safe” from more malicious actors.
Hackers Steal, Then Promise To Return $611M
Around $611 million worth of digital assets were stolen in a cyberattack this week in what appeared to be one of the largest cryptocurrency thefts ever. Now, a person claiming responsibility for the hack has returned nearly all of the money and even refused a $500,000 reward from their victim.
The situation largely began Tuesday morning when the blockchain provider Poly Network publicly announced the theft and said it sought to establish a line of communication with the hacker or hackers involved. In its statement, the company also urged the culprit(s) to return the hacked assets to thousands of victims on its platform.
On Wednesday, in what became the first of several strange turn of events, the hacker(s) told Poly that they were “ready to return” the assets. Several hours later, Poly reported that it had recovered an initial $4.8 million.
So far, we have received a total value of $4,772,297.675 assets returned by the hacker.— Poly Network (@PolyNetwork2) August 11, 2021
ETH address: $2,654,946.051
BSC address: $1,107,870.815
Polygon address: $1,009,480.809 pic.twitter.com/bPFAQk4mvS
At first, it was unknown why the hacker(s) had started to send the money they stole back to Poly.
Tom Robinson, a chief scientist of the blockchain analytics firm Elliptic, told CNBC, “I think this demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult, due to the transparency of the blockchain and the use of blockchain analytics.”
“In this case the hacker concluded that the safest option was just to return the stolen assets.”
Others have theorized that the hacker(s) grew afraid of being exposed and prosecuted after researchers found potentially identifying information, including an email and IP address.
Suspected Hacker Says It Was All “For Fun”
Later Wednesday, a person claiming to be behind the attack instead offered a different explanation, saying it was all just “for fun :).”
“Cross chain hacking is hot,” they said.
According to that person, after spotting a bug in Poly’s systems, they took the money to protect it from bad actors who might also find the bug and run off with the money for good.
“I had a mixed feeling,” the reported hacker said. “Ask yourself what to do had you fac[ed] so much fortune. Asking the project team politely so that they can fix it? Anyone could be the traitor given one billion!”
“I can trust nobody! The only solution I can come up with is saving it in a _trusted_ account while keeping myself _anonymous_ and _safe_.”
Hacker Reportedly Turns Down $500,000 Reward
As of Friday morning, Poly said all but $33 million in frozen Tether, a “stablecoin” with a value attached to the U.S. dollar, had been recovered.
However, another $238 million remains locked behind an account that requires passwords from not only Poly Network but also from the hacker.
“It’s likely that keys held by both Poly Network and the hacker would be required to move the funds — so the hacker could still make these funds inaccessible if they chose to,” Robinson said in a blog post-Friday.
That said, the suspected hacker has promised to provide the final key “when _everyone_ is ready.”
In another message, the reported hacker said Poly Network has offered them immunity and even claimed to have turned down a $500,000 “bug bounty” from Poly for returning the money and “helping us improve [our] security.”
Tech organizations tend to offer bug bounties to those who report security vulnerabilities to them. As such, Poly actually ended up thanking the hacker and has begun referring to them as a “white hat,” a term meant to denote ethical hackers who expose system flaws.
“After communicating with Mr. White Hat, we have also come to a more complete understanding regarding how the situation unfolded as well as Mr. White Hat’s original intention,” Poly said in a statement to Reuters.
However weirdly this story may have played out, it nonetheless highlights the inherent risks of decentralized finance platforms and the lack of safeguards they employ compared to traditional banks and exchanges.
See what others are saying: (CNBC) (Reuters) (Engadget)
Right-Wingers Are Turning Against Chick-fil-A
Some have accused the company of joining a woke “cult” after learning of its diversity, equity, and inclusion initiative.
Chick-fil-A Goes “Woke”
Conservatives are condemning Chick-fil-A after learning of the fast food chain’s commitments to diversity, equity, and inclusion.
Some have accused the brand of bowing “to the Woke mob.” Others have debated boycotting the chain.
It’s unclear when exactly Chick-fil-A began its DEI campaign, but according to LinkedIn, the current Vice President of DEI, Erick McReynolds, has been working in the department since 2020 before taking on his current role in 2021. It is also unclear why right-wingers on Twitter have just now discovered Chick-fil-A’s DEI website, but many spent a chunk of Tuesday morning lambasting the company for working to promote diversity.
Chick-fil-A’s DEI page is titled “Committed to being Better at Together.”
“Modeling care for others starts in the restaurant, and we are committed to ensuring mutual respect, understanding and dignity everywhere we do business,” McReynolds said in a statement on the website.
Chick-fil-A is no stranger to boycott campaigns, though those efforts usually come from the opposite side of the political aisle. The company, known for its strong Christian ties, has been criticized for donating to groups with anti-LGBTQ missions. As a result, many on the left have refused to eat there, while it has been a haven for those on the right.
Conservatives, however, have become increasingly outraged by DEI initiatives. Chick-fil-A’s website, which only vaguely outlines its DEI efforts, still seems to be enough for the right to change its tune about the brand.
“Even our beloved Chick-Fil-A has fallen to the DEI cult,” one person tweeted. “the same agenda that is turning our beloved military woke.”
“It’s becoming an epidemic that even Christian companies are being strong-armed to participate in,” the tweet continued.
Old Clip of Chairman Resurfaces
Some have also started resurfacing an old clip of Chick-fil-A Chairman Dan Cathy speaking on a panel about racism during the summer of 2020. During the discussion, he talked about repentance and said that if you ever see someone who needs their shoes shined, you should do it. He then walked over to a Black person on the panel, got on his knees, and shined their shoes.
“There’s a time in which we need to have, you know, some personal action here, and maybe we need to give them a hug, too,” Cathy said while shining the shoes.
“I bought about 1,500 of these and I gave them to all our Chick-fil-A operators and staff a number of years ago,” Cathy continued, in reference to his shoe-shining brush. “So, any expressions of a contrite heart, of a sense of humility, a sense of shame, a sense of embarrassment begat with an apologetic heart — I think that’s what our world needs to hear today.”
The clip caused a stir when the events first unfolded, and has prompted a new wave of anger now. Some are accusing Cathy of being “a woke, anti-American, anti-white BLM boot licker” who thinks all white people need to shamefully shine the shoes of Black people to apologize for racism, though that is not what he said.
These boycott calls are just the latest from conservatives who have been on a rampage against any company supporting any social cause they deem as “woke.” Earlier this year, the political right took a stand against Bud Light after it included a trans influencer in a sponsored Instagram post. Just last week, Target and Kohls faced boycotts over items in their Pride Month collections.
See what others are saying: (The Hill) (Rolling Stone) (AL)
Bioré Apologizes For Referencing School Shooting in Mental Health Ad Campaign
“Our tonality was completely inappropriate. We are so sorry,” the skincare brand said.
Video Faces Backlash
The skincare brand Bioré apologized this week for partnering with a school shooting survivor as part of its Mental Health Awareness Month campaign.
“We are committed to continuing our mental health mission, but we promise to do it in a better way,” the company said in an Instagram post on Sunday.
Last week, influencer and recent Michigan State University graduate Cecilee Max-Brown posted a video to TikTok sponsored by Bioré where she discussed the numerous challenges she had faced throughout the year. Among them was a school shooting on her college’s campus, which killed three people in February.
“Life has thrown countless obstacles at me this year, from the school shooting to having no idea what life is going to look like after college,” Max-Brown says in the video. “In honor of mental health awareness month, I’m partnering with Bioré skin care to strip away the stigma of anxiety.
“We want you to get it all out, not only what’s in your pores, but most importantly, what’s on your mind, too,” she continued.
In the 50-second video, Max-Brown went on to discuss more details about her mental health struggles, as well as how “seeing the effects of gun violence firsthand” has impacted her and led to “countless anxiety attacks.”
“I will never forget the feeling of terror that I had walking around campus for weeks in a place I considered home,” she said before closing the video by encouraging her followers to participate in Bioré’s mental health campaign.
The video ignited swift outrage from people who accused Bioré of using a school shooting to sell products. In its apology, the brand admitted the video was misguided.
In the past, Bioré said it has worked with influencers to discuss and reduce mental health stigmas, as the subject is a top priority for its consumers.
“This time, however, we did it the wrong way,” the company said. “We lacked sensitivity around an incredibly serious tragedy, and our tonality was completely inappropriate. We are so sorry.”
Max-Brown also apologized on TikTok, writing that the video was intended to spread awareness, not suggest a product fixed the struggles she has experienced as a result of the shooting.
“I did not mean to desensitize the traumatic event that took place as I know the effects that it has had on me and the Spartan community,” she wrote.
Max-Brown has since removed the initial sponsored video from her account.
See what others are saying: (The New York Times) (NBC News) (The Independent)
Canada’s WestJet Pilots Give 72-Hour Notice For Strike Amid Wave of American Strike Authorizations
“We kept the airline alive during the pandemic. The company is poised to have wild profits going forward and they’re giving us the stiff arm at the table,” said a United Airlines union member to The Washington Post.
Airline Staffers Ready to Strike
Pilots across North America have been inching towards industry-shaking strikes for the last several weeks.
Most recently, Canada’s WestJet Airline pilots issued their 72-hour strike notice on Monday. This means a strike could start as early as Friday, potentially leading to major disruptions for travelers over the Victoria Day holiday weekend.
WestJet pilots are looking for better scheduling and higher pay. Specifically, they want to be paid at a similar rate to their American counterparts.
However, staffers for many American airlines are also ready to fight for higher wages, among other things. Pilots with both Southwest and American Airlines have approved strikes in recent weeks. United Airlines, although they haven’t authorized a strike, spent Friday picketing major airports across the country. Pilots from all three carriers are pushing for higher salaries, better scheduling, and better rules that establish what is expected of each employee on the job.
All of these pilots are pointing to Delta as an example, which recently ratified a $7 billion contract that will raise the wages of their 15,000 pilots by 34% over 4 years.
However, despite the authorizations, an actual walkout is unlikely. In order to legally strike in the U.S., airline workers’ unions have to go through federal mediation with the airlines themselves and that mediator has to decide that negotiation is unproductive and release both sides. Even then, a strike can be blocked by Congress or the president.
However, these strike authorizations are meant to put further pressure on the airlines to come to the table with their pilots and find some solution.
“We kept the airline alive during the pandemic. The company is poised to have wild profits going forward and they’re giving us the stiff arm at the table,” Garth Thompson, chair of the United Master Executive Council of the Air Line Pilots Association, said to the Washington Post.
The response from airlines thus far has been mixed. Southwest said in a statement that the strike authorization vote has absolutely no effect on their operations. Casey Murray, the president of the pilot’s union, said the union will petition mediators to strike because they have been in negotiations with Southwest for more than three years with no solution on the horizon.
American Airlines and its pilots, on the other hand, are much closer to reaching a solution. CEO Robert Isom even said the airline is prepared to match the pay rates of Delta pilots.
“We remain confident that an agreement for our pilots is within reach and can be finalized quickly,” the airline said in a statement. “The finish line is in sight.”