The hacker responsible for one of the world’s largest digital coin heists has returned nearly all of their more than $610m (£440m) haul, reportedly saying they did it “for fun” and to expose a vulnerability.

The victim, Poly Network, which until Tuesday’s heist was a little known peer-to-peer cryptocurrency platform, said all of the funds except for $33m-worth of the digital coin Tether, which were frozen earlier in the week, had been transferred to a wallet controlled by both the platform and the hacker.

The hacker, they said, was a so-called “white hat”, a term used to refer to ethical hackers who deploy their skills to expose cyber vulnerabilities that could be exploited by malicious actors.

“The repayment process has not yet been completed,” Poly Network said in a statement on Thursday. “To ensure the safe recovery of user asset, we hope to maintain communication with Mr White Hat and convey accurate information to the public.”

According to messages from a person claiming to be the hacker posted on Twitter by Tom Robinson, the chief scientist and co-founder of the cryto tracking firm Elliptic, Poly Network offered a $500,000 “bug bounty” to return the stolen assets and promised “you will not be held accountable for this incident”.

Robinson said the purported hacker told him they would not be claiming the money but that they would be using donations they had received in recent days to compensate “unexpected victims” of the hack.

Poly Network first alerted the world to the hack on Tuesday when the company, which allows users to transfer or swap tokens across different blockchains, said it had fallen victim to a cyberheist and called on the people behind it to return the stolen funds.

The blockchain forensics company Chainalysis said the hacker or hackers, whose identity is not yet known, appear to have exploited a vulnerability in the platform’s digital contracts to move assets between blockchains.

The hackers started returning the funds on Wednesday, a day after the attack, prompting analysts to speculate that they might have struggled to launder the stolen cryptocurrency on such a vast scale.

But later a person claiming to be the hacker claimed in a Q&A shared by Robinson that they did it “for fun” after spotting a bug and wanted to “expose the vulnerability before any insiders hiding and exploiting it.” The purported hacker also claimed that they had always planned to return the tokens.

According to CipherTrace, the crypto intelligence company, the decentralised finance sector registered $474m in criminal losses between January and July.

Experts say that the high level of theft demonstrates the risks of the largely unregulated sector, which allows users to carry out transactions, usually in cryptocurrency, without any of the traditional safeguards such as banks or exchanges.