The hacker behind a $610 million assault on the cross-chain decentralized finance (DeFi) protocol Poly Community has returned nearly the entire stolen funds amid the challenge saying their actions constituted “white hat conduct.”

In keeping with a Thursday replace on the assault from Poly Community, the entire $610 million in funds taken in an exploit that used “a vulnerability between contract calls” have now been transferred to a multisig pockets managed by the challenge and the hacker. The one remaining tokens are the roughly $33 million in Tether (USDT), which had been frozen instantly following information of the assault.

The hacker had been speaking with the Poly Community workforce and others by means of embedded messages in Ethereum transactions. They appeared to haven’t deliberate to switch the funds after efficiently stealing them, and claimed to do the hack “for enjoyable” as a result of “cross-chain hacking is scorching.”

Associated: DAO Maker crowdfunding platform loses $7M in latest DeFi exploit

Nonetheless, after talking with the challenge and customers, the hacker returned $258 million of the funds on Wednesday. Poly Community stated it decided that the assault constituted “white hat conduct” and offered the hacker, whom it dubbed “Mr. White Hat,” a $500,00zero bounty:

“We guarantee you that you’ll not be accountable for this incident. We hope you could return all of the tokens as quickly as attainable […] We are going to ship you the 500ok bounty when the remainings are returned besides the frozen USDT.”

“The poly did supplied a bounty, however I’ve by no means responded to them. As a substitute, I’ll ship all of their a reimbursement,” said the hacker.

With the rest of the funds, except the frozen USDT, now returned, the biggest hack in decentralized finance appears to be coming to an finish. Although the hacker’s id has but to be made public, Chinese language cybersecurity agency SlowMist posted an replace shortly after information of the hack broke, saying its analysts had identified the attacker’s electronic mail tackle, IP tackle and machine fingerprint.