Akropolis, a loan and investment platform, had recently suffered a cyberattack after hackers exploited a bug in its SavingsModule smart contract. The hacker apparently drained out over 2 million in DAI virtual currency. The crypto firm is now offering the hacker a $200,000 bug bounty reward in exchange for protection along with the $2 million funds being returned.
The security team at Akropolis.io claims that the attacker’s Ethereum account has been identified where the stolen funds are held. The team at Akropolis has geared up for the close monitoring of the Ethereum account regarding any signs of fund movements. Akropolis over the weekend had published an open letter to the hacker on offering the attacker to team up as the fund movements are impossible with such close monitoring by the crypto team.
The open letter stated:
Moreover, the crypto platform did state that as of yet no criminal investigation has been opened, offering the attacker a way out for his punishable crimes. However, the company did mention taking legal actions if the hacker does not cooperate with the terms and conditions.
Akropolis providing such a way out for a criminal is totally rare as companies generally take such matters very strictly by handing over it to law enforcers.
Bug bounties are usually paid for by ethical hackers for turning out vulnerabilities in the system without creating chaos. This in turn enables crypto companies to take measures on the sensitive exploit. Akropolis, on the other hand, is using the ethical means of bug bounty rewards to hand over as ransoms.