Projects would rather get hacked than pay bounties, Web3 developer claims

Published at: Dec. 20, 2022

As hacks and exploits continue to go rampant within the crypto industry, the importance of finding vulnerabilities to prevent potential losses becomes of utmost importance. However, a Web3 developer highlighted that it’s not rewarding to do so. 

In a tweet, a Web3 developer claimed that he found a vulnerability in a Solana smart contract that would have affected several projects and around $30 million in funds. According to the dev, he reported and helped patch the vulnerabilities. However, when it was time to ask for a reward, the projects just started to ignore him.

The developer noted that this sends a wrong message because it shows that projects would rather get hacked than have critical bugs reported to them. He wrote:

“This is why you have situations like the Mango exploit happen where the exploiter will first steal the funds and then start negotiating. There's no proper incentive to report.”

Community members also echoed the sentiment of the developer. Smit Khakhkhar, a fellow developer, responded by claiming that he also made the same mistake multiple times. “This is one major reason why hackers exploit first and then negotiate,” he wrote. On the other hand, a Twitter user thinks that it's also possible for developers within the projects to secretly want to exploit the code for themselves. They tweeted:

Yep, the incentives to hack it yourself is way higher than the incentive to report. Also..perhaps these devs secretly wanted to exploit it themselves. Don't rule that out. I'm sure the people that a most likely to spot exploits are the code writers.

— ReddSpark (@Redd_Spark) December 20, 2022

Because of these, some predict that the next cycle in crypto will be a break-and-fix cycle. According to the community member, traders could potentially pay blackhats to exploit critical vulnerabilities while shorting projects.

Related: Trader allegedly saw over 5,000x gains after Ankr protocol hack

Meanwhile, many industry executives believe that artificial intelligence programs like ChatGPT can contribute to securing smart contracts. Speaking to Cointelegraph, HashEx CEO Dmitry Mishunin recently noted that ChatGPT can be integrated and reduce the number of hacks within the industry.

Within crypto, many hacks have been highlighted in the decentralized finance (DeFi) space. Despite this, many industry professionals are confident that broader DeFi adoption can be achieved by educating institutional players and eliminating user experience barriers.

Tags
Related Posts
How do DeFi protocols get hacked?
The decentralized finance sector is growing at a breakneck pace. Three years ago, the total value locked in DeFi was a mere $800 million. By February 2021, the figure had grown to $40 billion; in April 2021, it attained a milestone of $80 billion; and now it stands at above $140 billion. Such rapid growth in a new market could not but attract the attention of all manner of hackers and fraudsters. According to a report by crypto research company, since 2019, the DeFi sector has lost about $284.9 million to hacks and other exploit attacks. Hacks of blockchain ecosystems …
Technology / Aug. 14, 2021
Immunefi partners with Binance Smart Chain on bug bounties to secure BSC projects
Immunefi, a security service outfit that specialized in decentralized finance (DeFi) projects, has inked a collaboration with the Binance Smart Chain. According to a release issued on Friday, Immunefi will work in collaboration with BSC to improve the security of projects on the Binance chain. As part of the partnership, ethical hackers who take part in a campaign to discover vulnerabilities in BSC-based projects will earn rewards. As a security outfit, Immunefi has reportedly paid more than $3 million in bug bounties to ethical hackers. Major BSC protocols such as PancakeSwap, DODO, and Zapper among others are already deploying the …
Blockchain / July 9, 2021
Can Web3 be hacked? Is the decentralized internet safer?
Web3 came into existence posed as a blockchain-powered disruption to the current state of the internet. Yet, as a nascent technology, a fog of assumptions plagues discussions about the real capabilities of Web3 and its role in our day-to-day lives. Considering the promise of a decentralized internet using public blockchains, a complete transition to Web3 would require scrutiny across several factors. Out of the lot, security stands as one of the most crucial features as, in a Web3-powered world, tools and applications hosted over the blockchains go mainstream. Smart contract vulnerabilities While the blockchains that host Web3 applications remain impenetrable …
Adoption / Aug. 21, 2022
Cyber sleuth alleges $160M Wintermute hack was an inside job
A fresh new crypto conspiracy theory is afoot — this time in relation to last week's $160 million hack on algorithmic market maker Wintermute — which one crypto sleuth alleges was an "inside job." Cointelegraph reported on Sept. 20 that a hacker had exploited a bug in a Wintermute smart contract which enabled them to swipe over 70 different tokens including $61.4 million in USD Coin (USDC), $29.5 million in Tether (USDT) and 671 Wrapped Bitcoin (wBTC), worth roughly $13 million at the time. In an analysis of the hack posted via Medium on Sept. 26, the author known as …
Blockchain / Sept. 27, 2022
Wintermute inside job theory 'not convincing enough' —BlockSec
Blockchain security firm BlockSec has debunked a conspiracy theory alleging the $160 million Wintermute hack was an inside job, noting that the evidence used for allegations is “not convincing enough." Earlier this week cyber sleuth James Edwards published a report alleging that the Wintermute smart contract exploit was likely conducted by someone with inside knowledge of the firm, questioning activity relating to the compromised smart contract and two stablecoin transactions in particular. BlockSec has since gone over the claims in a Wednesday post on Medium, suggesting that the “accusation of the Wintermute project is not as solid as the author …
Blockchain / Sept. 28, 2022