
Poly Network attacker's latest Q&A: Non-native English speaker, works in security industry, proud even if identified
TechFlow Selected TechFlow Selected

Poly Network attacker's latest Q&A: Non-native English speaker, works in security industry, proud even if identified
Non-native English speaker, has been working in the security industry, not interested in money.
In the early hours today, the Poly Network attacker left another on-chain message on the Ethereum network, revealing some personal details: a non-native English speaker, long engaged in the security industry, and uninterested in money. The hacker wrote that if any other hacker can uncover their social identity within one month, they would willingly give them a private gift, and stated that even if their identity is eventually revealed, they remain proud of their integrity.
Below is the full text of the latest Q&A:
Q1: Why an AMA? Is this your confession?
A1: It's more like a diary, telling some stories I'm proud of.
Q2: Why return all the funds?
A2: As I said, I don't care about money.
Q3: Poor English skills?
A3: Not a native English speaker. I simply expressed my true feelings without polishing. Typing while holding down the "Shift" key isn't easy.
Q4: Black hat or white hat?
A4: I also enjoy feeling superior by judging others, but it’s never been easy. Not only legally good things can be white hats. So-called black hats can also be good people. Human nature is complex. Have you heard of gray hats?
Q5: Shouldn’t a white hat directly notify the developers?
A5: Please read P1Q1234. DeFi is a dark forest, where hundreds of projects flee every year. I trust no one.
Q6: Why hide from the beginning?
A6: Even if you're a legitimate good person, you might still be at risk for various reasons. I genuinely care about security.
Q7: Why explain so much?
A7: Read P4Q2. The guidance part means a lot to me. I want to share with everyone how I used my mindset to overcome arrogance and greed. I think mental challenges are no easier than hacking itself.
To be honest, when the attack succeeded, I was too excited and almost forgot my original plan—there were too many guesses, which was unexpected (see P2Q1). The first message (see P3Q1) sparked my interest in doing something creative. I spent some time going through my message list looking for interesting yet reasonable ideas.
I (still) have great confidence in hiding my identity, so I thought as long as I didn't cause unbearable losses, I could handle this game. Later, because of those affected victims, I began to calm down.
Yes, I realized that even temporarily taking control of the funds was an unforgivable joke that caused too much suffering.
Regarding the joke about “a billion shitcoins,” I meant the headline of this event could attract more attention, but the ending would be the same: I wouldn't abandon the shitcoins. In the end, it turned out to be a bad joke. As for the joke about “DAO,” I was asking the community how and when the refunds should happen. That was a careless joke.
(Read my beginner's guide.) I just realized I should be cautious because my decisions could change many people’s lives! If I had left the tokens there and exited the game, I could have enjoyed life as a millionaire and continued my usual explorations, but thousands of people would lose control over their own fate. This goes against my personal philosophy (see P4Q2).
Soon after, I sent an email to POLY from an anonymous mailbox, attaching a signed ETH transaction. If they received the email, they could broadcast a transaction from my address. It wasn't a wise move, since I couldn't broadcast any new messages before them. That email must have been lost—I didn't receive a reply from ETH—and due to that mistake, I waited for several hours.
The next part of the story is what you already know. I stopped my game and returned the funds according to my plan, just as I promised.
Q8: You haven't been exposed, but they have clues—so you’re scared!
A8: I have more confidence than anyone else.
In the real world, I am a well-known hacker, working in the security industry and dedicated to hacking since childhood. Seriously, as security researchers, our job is to save the hidden world.
I know security consulting is tough work, and PR and reputation matter greatly. I don’t mind security teams using my incident for publicity, especially if it helps them. Raising awareness about security is also part of our professional mission.
If any hacker can find my social identity within one month, I will gladly give them my private gift. Otherwise, I may or may not reveal another clue about my identity. Shall we play this game?
Even if my identity is confirmed, I remain proud of my integrity.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














