The hacker behind a $610 million attack on the cross-chain decentralized finance (DeFi) protocol Poly Network has returned nearly all of the stolen funds amid the project saying their deportment constituted "white lid beliefs."

According to a Thursday update on the attack from Poly Network, all of the $610 meg in funds taken in an exploit that used "a vulnerability between contract calls" accept at present been transferred to a multisig wallet controlled by the project and the hacker. The simply remaining tokens are the roughly $33 1000000 in Tether (USDT), which were frozen immediately following news of the attack.

The hacker had been communicating with the Poly Network team and others through embedded messages in Ethereum transactions. They seemed to have not planned to transfer the funds after successfully stealing them, and claimed to do the hack "for fun" considering "cantankerous-chain hacking is hot."

Related: DAO Maker crowdfunding platform loses $7M in latest DeFi exploit

Nonetheless, afterwards speaking with the project and users, the hacker returned $258 1000000 of the funds on Wednesday. Poly Network said it determined that the assault constituted "white hat behavior" and offered the hacker, whom information technology dubbed "Mr. White Hat," a $500,000 bounty:

"We assure you that you lot will not be answerable for this incident. We hope that you can return all the tokens as shortly as possible [...] We will send you lot the 500k bounty when the remainings are returned except the frozen USDT."

"The poly did offered a compensation, only I have never responded to them. Instead, I will send all of their money back," said the hacker.

With the remainder of the funds, with the exception of the frozen USDT, now returned, the biggest hack in decentralized finance seems to be coming to an end. Though the hacker's identity has yet to be made public, Chinese cybersecurity business firm SlowMist posted an update shortly after news of the hack broke, saying its analysts had identified the assailant'southward electronic mail accost, IP address and device fingerprint.