Skip to main content

Rewarding Hackers With Bug Bounties ‘Inherently Creates a Moral Hazard’ Says Expert

Rewarding Hackers With Bug Bounties 'Inherently Creates a Moral Hazard' Says Expert

Rewarding hackers who agree to return a portion of the stolen funds not only “creates a moral hazard” but potentially “leads to more security breaches,” a Web3 expert has argued. The recent attacks on Kronos and Kyberswap, as well as the subsequent attempts to engage the hackers, are said to demonstrate why victims of attacks should not rely on appeasing the exploiters.

Effectiveness and Importance of Code Audit

According to the latest Immunefi crypto losses report, cybercriminals successfully siphoned over $1.7 billion from decentralized and centralized digital asset exchange platforms in the first eleven months of 2023. The thefts have been carried out via hacking, phishing attacks, and outright fraud.

Such attacks have increased in their frequency and boldness over the past few months, leading many, including proponents of decentralized platforms, to question the effectiveness of code audits or how users’ funds are secured. Still, others like Davinder Singh, the CTO at the crypto platform Rocketx, concur with those who argue against rewarding hackers. According to Singh, rewarding hackers who agree to return a portion of the stolen funds “inherently creates a moral hazard.”

Although they are intended to help decentralized finance (defi) platforms improve their security and protect users from malicious attacks, Singh told Bitcoin.com News that offering such rewards “inadvertently incentivizes malicious actors and potentially leads to more security breaches.”

The recent attacks on Kronos and Kyberswap, as well as the subsequent attempts to engage the hackers, potentially demonstrate why exchange platforms should not rely solely on appeasing them. For instance, the malicious actor behind the Kyberswap exploit recently made several seemingly outrageous requests, including demanding full control over Kyber.

As reported by Bitcoin.com News, the hacker is seeking a more favorable arrangement than the Kyberswap team’s offer. This example could lend to the argument that defi platforms should be more focused on finding ways to prevent the attacks.

Tracking Hackers

However, Fraser Edwards, the CEO of the privacy-preserving payment network, Cheqd, told Bitcoin.com News that besides helping platforms recover some of the funds, the offer to reward hackers also helps exchange platforms identify perpetrators of the attacks.

“The offer and any response creates the chance of getting more information on the hacker which could give them away. E.g. do they communicate via specific channels or using usernames which could lead to a real identity? A good example here is how Ross Ulbricht of Silk Road was identified through his username/handle being linked across multiple forums, eventually to his real identity,” Edwards explained.

Meanwhile, Nikolay Angelov, Blockchain Head at crypto lender Nexo, insists that while bug bounties are useful in helping decentralized exchange platforms recover stolen funds, they also help cleanse the hackers’ money. Additionally, in some of the known high-profile cases in which hackers have agreed to return the stolen funds, the sum ultimately recovered has been less than 90%.

Declining User Confidence

When hackers can easily get away with stealing millions of dollars, this inevitably erodes confidence in digital asset platforms. To restore trust, Angelov said platforms must utilize “real-time software code inspections to prevent vulnerabilities.”

While the so-called white hat hackers may be motivated by the challenge or reward, state-backed hackers, on the other hand, have no desire to return the funds. Therefore, bug bounties may not be an effective way of attempting to recover funds. According to Angelov, operators who are at the receiving end of attacks orchestrated by state-backed actors such as the North Korean-affiliated Lazarus Group should “actively seek cooperation with government agencies to prevent stolen funds from entering their platforms.”

Singh, who shares similar sentiments, urged defi players to collaborate by sharing threat intelligence and adopting advanced defence strategies. He added:

“This collective effort is essential to safeguarding the decentralized financial ecosystem against sophisticated state-sponsored threats.”

What are your thoughts on this story? Let us know what you think in the comments section below.



from Bitcoin News https://ift.tt/a16QMhp
Labels:

Comments

Post a Comment

Popular posts from this blog

Mt Gox Creditors Updated, Trustee Says Rehabilitation Custodian Is ‘Currently Preparing to Make Repayments’

On August 31, 2022, the Mt Gox trustee Nobuaki Kobayashi explained in a recent letter that the rehabilitation custodian is “currently preparing to make repayments” to Mt Gox creditors. Trustee Updates Mt Gox Creditors — Repayment Date and Exchange Still Unknown Last week speculation and rumors concerning the release of 140K bitcoin ( BTC ) from Mt Gox littered social media platforms and headlines. Bitcoin.com News covered the situation six days ago as a number of people and Mt Gox creditors called the rumors “ fake news .” During that same period of time, a bitcoin whale transferred 10,000 BTC to unknown wallets, and a 2018 annotation , heuristics, and clustering methods show the funds likely originated from the June 2011 Mt Gox hacks. Following the mysterious whale transfer, last Wednesday, Mt Gox published an official update from the court trustee Nobuaki Kobayashi that explains the court is “currently preparing to make repayments” to creditors. Mt Gox creditors have been wait...
Post a Comment
Read more

International Crypto Exchange Luno Adds Bitcoin Cash Trading

Luno exchange has added bitcoin cash trading to the platform following feedback from its client base. BCH is now only the third cryptocurrency available for trading on the exchange, in addition to BTC and ETH , but more options could be on the way once Luno determines that they are credible enough. Also Read: Bitflyer Adds Bitcoin Cash Trading Across Europe and the US Luno Adds Bitcoin Cash Trading Luno, the London-headquartered company formerly known as Bitx, recently announced that bitcoin cash was made available on its cryptocurrency exchange. Starting from Monday, September 23, customers at Luno are now able to store, buy and sell BCH on the platform. The reason given for adding BCH to the exchange is feedback from users in developing markets that convinced Luno to expand their offering from previously just BTC and ETH . Marcus Swanepoel, CEO of Luno, said , “We are in a new and exciting financial era. Developing economies are leading the large-scale adoption and appli...
Post a Comment
Read more

DefiDollar Listing on AscendEX

PRESS RELEASE. AscendEX, formerly BitMax, an industry-leading digital asset trading platform built by Wall Street quant trading veterans, has announced the listing of the DefiDollar Token (DFD) under the pair USDT/DFD on Apr 29 at 1:00 p.m. UTC. DefiDollar is a DeFi lab that aims to bring mass adoption to DeFi with a wide-ranging product suite. The first product offering to go live will be the stablecoin index – DUSD, with ibBTC and optionCoin currently in development. DefiDollar (DUSD) aspires to be a risk-insured stablecoin layer for DeFi. It is designed to provide a safe and stable way for users to hold their assets with DUSD being optimized for peg safety, yield, and diversification. DefiDollar uses DeFi primitives to stay close to the dollar mark. DUSD provides an avenue for diversifying stablecoin holdings to hedge against an event where the underlying stablecoins like Tether or DAI deviate from their peg. DUSD is collateralized by Curve Finance LP tokens. DFD is the n...
Post a Comment
Read more