About a week after a hacker stole $610 million from PolyNetwork in what was likely the biggest heist in history of so-called decentralized finance, the victim has offered its attacker a job.

The hacker claimed the attack against the PolyNetwork platform – which lets users swap tokens across multiple blockchains – was an act of “hacking for good” to “save the project.” The attacker has since promised to return the money and so far delivered about half of it.

PolyNetwork has responded by lavishing praise on the hacker, who it dubbed “Mr. White Hat,” a term used to describe “ethical” hackers who find vulnerabilities in computer networks and alert companies and organizations to fix them.

On Tuesday, in an act of gratitude or perhaps exasperation, PolyNetwork offered Mr. White Hat a job as “Chief Security Adviser.”

The identify of the hacker isn’t yet known, nor is it clear if Mr. White Hat is a single individual or a group of attackers.

“To extend our thanks and encourage Mr. White Hat to continue contributing to security advancement in the blockchain world together with PolyNetwork, we cordially invite Mr. White Hat to be the Chief Security Adviser of PolyNetwork,” the company said in a statement. “Again, it is important to reiterate that PolyNetwork has no intention of holding Mr. White Hat legally responsible, as we are confident that Mr. White Hat will promptly return full control of the assets to PolyNetwork and its users.”

In the meantime, PolyNetwork is still struggling to get all of its clients’ money back. After returning half of the network’s assets, the hacker deposited the rest – around $235 million – into a joint account that is protected by two keys needed to unlock the funds. One of the keys was given to PolyNetwork, and the hacker has kept the other.

PolyNetwork has been pleading with Mr. White Hat to turn in his key so the funds could be accessed ever since. The hacker has yet to do so, despite the job offer and another offer that would allow the hacker to keep $500,000 of the funds.

The hacker’s behavior has stumped experts, who’ve been trying to trace the funds since they were initially stolen.

“There have been plenty of DeFi hacks, but there haven’t been any ongoing conversations between the hacker and the project,” Tom Robinson, co-founder of blockchain forensics firm Elliptic Enterprises Ltd., said in an interview. “It seems like the hacker wants to retain some control over the funds. It just feels to me like the hacker has a bit of an ego. He wants to retain some attention.”

Researchers at the cryptocurrency research firm Chainalysis Inc. speculated that PolyNetwork’s posture may be a tactical decision aimed at getting all of their funds back by appeasing Mr. White Hat with money, accolades and titles.

“Perhaps PolyNetwork is implying trust in the attacker in an attempt to convince them to do the right thing and return the funds as soon as possible so they can begin the process of restarting their business,” said Gurvais Grigg, global public sector chief technology officer of Chainalysis, in a text message. “While it still remains to be seen how this strange story will play out, I can say that this is not typical behavior of true white hat hacker(s). The good news is that the blockchain is transparent, and we, along with the cryptocurrency community, have our eyes on the funds.”

DeFi apps – which let people lend, borrow and trade coins without using intermediaries – have become frequent targets of attacks lately as they gain in popularity. Some $156 million has been netted from DeFi hacks in the first five months of this year, surpassing the $129 million stolen in such attacks in all of 2020, according to crypto security firm CipherTrace Inc.