The hacker who stole over $600 million in crypto assets was offered $500,000 and immunity as a reward for returning the money.
Poly Network made the controversial offer after the hacker pledged to send back the money.
The attack was uncovered on Tuesday when Poly Network publicly pleaded with the hacker to help.
One former FBI official said “private companies have no authority to promise immunity from criminal prosecution”.
The attack is one of the largest hacking heists in history. Poly Network said the person had exploited a vulnerability in its system.
Most of the money has now been given back, although the hacker says they are not interested in the reward.
Shortly after the hack the anonymous individual posted notes to the publicly available blockchain taunting the company and asking for advice on how to launder his stolen riches.
Later, the criminal claimed “not to be interested in money” and promised to return it all.
By Thursday evening, Poly Network said most of the remaining assets in the hacker’s possession had been transferred to a digital wallet controlled by both the hacker and the company.
Poly Network says it is still waiting for the repayment process to be fully completed but that it is working with the hacker.
A portion of the stolen coins were frozen shortly after the attack have not yet been transferred but can’t be used by the hacker anyway.
“The hacker still holds $33.4m of stolen Tether [tokens] – because it has been frozen by Tether themselves,” Tom Robinson, co-founder of Elliptic said.
He added that it could be seen on the blockchain that “a few thousand dollars’ worth of various other tokens” were being held onto by the hacker.
It was not clear, however, if these were part of the stolen assets, or donations that the hacker requested people to send them on Thursday as a thank you for returning the money.
Other money outstanding also includes a 13.37 Ether tip ($40,000), which the hacker sent to a user who warned them that the Tether tokens had been frozen by its developer.
In a three page Q&A posted online the anonymous hacker claimed he or she carried out the heist for fun and to encourage cryptocurrency exchange firm Poly Networks to improve its security.