The person behind last week’s $15.8 million exploit of Team Finance has returned $13.4 million worth of funds to the affected projects.

On Sunday, blockchain security firm PeckShield shared on-chain data that confirmed that the Team Finance hacker’s address had sent back the majority of his profits from the exploit, keeping 10% of the stolen funds as a “bug bounty” for himself.

By returning the funds, the project’s exploiter earned himself the title of a “whitehat” – a term used to describe ethical hackers who use their skills to alert projects to potential vulnerabilities, as opposed to exploiting the code for their own benefit.

Data shows that the whitehat hacker returned stolen funds to the affected crypto projects, including $860,000 in ETH to the FEG token team, $756,000 in DAI and $626,700 in TSUKA to the Tsuka team, and $328,000 in ETH and $292,000 KNDX to Kondux.

The largest recipient of stolen funds was a project known as CAW, that saw $5.5 million CAW and $5 million DAI sent back from the whitehat hacker.

The whitehat hacker initiated the process of returning funds by communicating to the victims through blockchain messages. A decoded message from the exploiter details how he opted to drain the funds from Team Finance with the supposed interest of the individual projects in mind. After the exploit, the hacker claims to have attempted to communicate with Team Finance but was allegedly met with resistance from the team.

The attacker claims to have then concluded that the actions of Team Finance were suspicious and established a line of communication with individual projects through the blockchain. These projects then agreed to offer the whitehat hacker a 10% bounty for returning the stolen funds to them.