Projects would rather get hacked than pay bounties, Web3 developer claims
As hacks and exploits continue to go rampant within the crypto industry, the importance of finding vulnerabilities to prevent potential losses becomes of utmost importance. However, a Web3 developer highlighted that it’s not rewarding to do so.
In a tweet, a Web3 developer claimed that he found a vulnerability in a Solana smart contract that would have affected several projects and around $30 million in funds. According to the dev, he reported and helped patch the vulnerabilities. However, when it was time to ask for a reward, the projects just started to ignore him.
The developer noted that this sends a wrong message because it shows that projects would rather get hacked than have critical bugs reported to them. He wrote:
“This is why you have situations like the Mango exploit happen where the exploiter will first steal the funds and then start negotiating. There's no proper incentive to report.”Community members also echoed the sentiment of the developer. Smit Khakhkhar, a fellow developer, responded by claiming that he also made the same mistake multiple times. “This is one major reason why hackers exploit first and then negotiate,” he wrote. On the other hand, a Twitter user thinks that it's also possible for developers within the projects to secretly want to exploit the code for themselves. They tweeted:
Yep, the incentives to hack it yourself is way higher than the incentive to report. Also..perhaps these devs secretly wanted to exploit it themselves. Don't rule that out. I'm sure the people that a most likely to spot exploits are the code writers.
— ReddSpark (@Redd_Spark) December 20, 2022Because of these, some predict that the next cycle in crypto will be a break-and-fix cycle. According to the community member, traders could potentially pay blackhats to exploit critical vulnerabilities while shorting projects.
Related: Trader allegedly saw over 5,000x gains after Ankr protocol hack
Meanwhile, many industry executives believe that artificial intelligence programs like ChatGPT can contribute to securing smart contracts. Speaking to Cointelegraph, HashEx CEO Dmitry Mishunin recently noted that ChatGPT can be integrated and reduce the number of hacks within the industry.
Within crypto, many hacks have been highlighted in the decentralized finance (DeFi) space. Despite this, many industry professionals are confident that broader DeFi adoption can be achieved by educating institutional players and eliminating user experience barriers.