Poly Network hack
A cross-chain protocol exploited for about $611M in August 2021 — one of the largest DeFi thefts ever. Unusually, the attacker (dubbed 'Mr. White Hat') returned nearly all of the funds over the following days.
Also known as: Poly Network, Mr White Hat
Summary
Poly Network is a cross-chain interoperability protocol. In August 2021 an attacker exploited a vulnerability in its contracts to move about $611 million in assets across the Ethereum, BNB Chain, and Polygon networks — at the time among the largest decentralized-finance thefts on record. [1][2]
Unusual aftermath
Over the following days the attacker — whom Poly Network addressed as "Mr. White Hat" — returned nearly all of the funds, communicating via on-chain messages and saying the hack was done "for fun". Poly Network offered a $500,000 bounty and even proposed an advisory role; security firm Elliptic helped trace the assets. [1][2]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
Sources (2)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.