Even as the ongoing Binance-FTX saga continues to dominate the crypto airwaves, there has been a growing trend — an uneasy one at that — that has been
Even as the ongoing Binance-FTX saga continues to dominate the crypto airwaves, there has been a growing trend — an uneasy one at that — that has been garnering the attention of many digital currency enthusiasts in recent months, i.e., hackers returning partial funds for discovering exploits within a protocol.
In this regard, just recently, the bad actors behind the $14.5 million Team Finance attack revealed that they would be allowed to stay in possession of 10% of the stolen funds as a bounty. Similarly, Mango Markets, a Solana-based decentralized finance (DeFi) network that was recently exploited to the tune of over $110 million, revealed that its community of backers was working toward reaching a consensus, one that would allow the hacker to be awarded $47 million as a reward for exposing the exploit.
As this trend continues to garner more and more traction, Cointelegraph reached out to several industry observers to examine whether such a practice is healthy for the continued growth of the digital asset market, especially in the long run.
A good practice, for now
Rachel Lin, co-founder and CEO of SynFutures — a decentralized crypto derivatives exchange — told Cointelegraph that on one hand, the habit of encouraging “black hatters” to turn “white hat” encourages the industry to raise its standards of best practices, but it’s still not uncommon for popular protocols to be forked or simply copied and pasted, leaving them replete with hidden bugs. She added:
“We’d be remiss to say that this is healthy where in an ideal world, there’d be only white hat hackers. But the transition we’re seeing in which hackers are returning some of the funds, which wasn’t previously the case, is a strong step forward, particularly in sensitive times like these where it’s becoming clearer that many projects and exchanges are connected and could impact the ecosystem as a whole.”
On a somewhat similar note, Brian Pasfield, chief technical officer for decentralized money market Fringe Finance, told Cointelegraph that while the idea of giving hackers a fraction of the money they cart away for discovering loopholes can be seen as unhealthy and almost unsustainable, the fact of the matter remains that ultimately the hacked projects have no choice but to utilize this approach. “This is a better alternative than resorting to law enforcement’s approach to nab the perpetrators and recover the funds, which takes a very long time, if successful at all,” he added.
Recent: What can blockchain do for increasing human longevity?
Speaking more technically, Slava Demchuk, co-founder of crypto compliance firm AMLBot, told Cointelegraph that since everything is on-chain, all of a hacker’s actions are traceable, so much so that the hacker has almost a 0% chance of using the illegally obtained digital assets. He added:
“When the hackers agree to return some of these stolen funds, not only does the project usually not prosecute the hacker, it even allows them to be able to use the remaining funds legally.”
Lastly, Jasper Lee, audit tech lead at SOOHO.IO, a crypto auditing firm for several Fortune 500 companies, said that this kind of white hat behavior could be healthy for the blockchain industry in the long run since it provides the opportunity to identify vulnerabilities within DeFi protocols before they become too large.
He further told Cointelegraph that out in non-blockchain industries, even if a hacker finds a vulnerability in a given code, it is difficult for them to go public with that information because it could cause severe legal issues. “In traditional hacking, it is very rare that a hacker returns the funds they have taken, as doing so would likely reveal their identity,” Lee said.
Not everyone agrees
David Carvalho, CEO at Naoris Protocol, a distributed cybersecurity ecosystem, stated in unequivocal terms that allowing hackers to keep funds in such a way not only undermines the entire ethos of a decentralized financial system but it promotes behavior that fosters distrust.
“It cannot continue to be seen as something to be tolerated on any level. The fundamentals of a safe and equitable financial system don’t change,” he told Cointelegraph, adding, “The premise that the only way to solve the hacking issue is to make the problem part of the solution is fatally flawed. It may fix a small crack for a short period of time, but the crack will continue to grow under the weight of the flimsy fixes and result in a destabilized market.”
A similar sentiment is echoed by Tim Bos, co-founder and chairman of ShareRing — a blockchain-based ecosystem providing digital identity solutions — who believes that this is a terrible practice. “It’s akin to paying criminals who hold people hostage. All this does is makes the hackers realize that they can commit a huge crime, be rewarded for it, and then there are no repercussions,” he told Cointelegraph.
Carvalho noted that just because a hacker is…
cointelegraph.com