Poly Network Hacker Starts to Return Drained Funds

• The hacker's Polygon address first sent $10,000 in USDC to a wallet set up by Poly Network at 8:46 UTC on Wednesday, before sending another $1 million fifteen minutes later, Polygonscan shows.
• When Poly Network announced the hack and the associated wallet addresses, the accounts held over $600 million in various cryptocurrencies. But under $400 million remained when the hacker said they were ready to return the funds, as they had sent them to various other addresses.
• Before starting to return the funds on Polygon, the hacker also embedded a mysterious message in a transaction with themselves: "ACCEPT DONATIONS TO "THE HIDDEN SIGNER" NOW. ENCRYPT YOUR MSG WITH HIS PUBKEY."
• The hacker has been embedding messages to transactions with their own addresses to communicate with the world. Dozens of people have used the same method to ask the hacker for charity.
• Earlier today the hacker used this tactic to say that they were ready to return the funds. They then said they were unable to get in touch with Poly network and asked for multisignature wallets.
• Poly Network, which had been calling on the hacker for the hacker to return the funds, prepared three wallets on Ethereum, BINANCE Smart Chain, and Polygon, the three blockchains the hacker has been using.
• O3 Labs, a Tokyo-based blockchain developer associated with Poly Network's affiliate Neo, said the hacker might turn out to be a whitehat hacker earlier today. O3 Labs had to halt some functions of its cross-chain aggregation protocol O3 Swap last night because of the attack.
• The attack took advantage of a big within Poly Network's cross-chain smart contract, security company SlowMist said.
• Returning the funds would mean the hacker wasn't after their own gain, like a so-called blackhat hacker, but wanted to expose the vulnerabilities to make the project more robust, like a whitehat hacker.

UPDATE (XXX UTC): Adds details about the hacker’s behavior.