Rewarding Hackers With Bug Bounties ‘Inherently Creates a Moral Hazard’ Says Expert

Rewarding hackers who hold to instrumentality a information of the stolen funds not lone “creates a motivation hazard” but perchance “leads to much information breaches,” a Web3 adept has argued. The caller attacks connected Kronos and Kyberswap, arsenic good arsenic the consequent attempts to prosecute the hackers, are said to show wherefore victims of attacks should not trust connected appeasing the exploiters.

Effectiveness and Importance of Code Audit

According to the latest Immunefi crypto losses report, cybercriminals successfully siphoned implicit $1.7 cardinal from decentralized and centralized integer plus speech platforms successful the archetypal eleven months of 2023. The thefts person been carried retired via hacking, phishing attacks, and outright fraud.

Such attacks person accrued successful their frequence and boldness implicit the past fewer months, starring many, including proponents of decentralized platforms, to question the effectiveness of codification audits oregon however users’ funds are secured. Still, others similar Davinder Singh, the CTO astatine the crypto level Rocketx, concur with those who reason against rewarding hackers. According to Singh, rewarding hackers who hold to instrumentality a information of the stolen funds “inherently creates a motivation hazard.”

Although they are intended to assistance decentralized concern (defi) platforms amended their information and support users from malicious attacks, Singh told Bitcoin.com News that offering specified rewards “inadvertently incentivizes malicious actors and perchance leads to much information breaches.”

The caller attacks connected Kronos and Kyberswap, arsenic good arsenic the consequent attempts to prosecute the hackers, perchance show wherefore speech platforms should not trust solely connected appeasing them. For instance, the malicious histrion down the Kyberswap exploit precocious made respective seemingly outrageous requests, including demanding afloat power implicit Kyber.

As reported by Bitcoin.com News, the hacker is seeking a much favorable statement than the Kyberswap team’s offer. This illustration could lend to the statement that defi platforms should beryllium much focused connected uncovering ways to forestall the attacks.

Tracking Hackers

However, Fraser Edwards, the CEO of the privacy-preserving outgo network, Cheqd, told Bitcoin.com News that too helping platforms retrieve immoderate of the funds, the connection to reward hackers besides helps speech platforms place perpetrators of the attacks.

“The connection and immoderate effect creates the accidental of getting much accusation connected the hacker which could springiness them away. E.g. bash they pass via circumstantial channels oregon utilizing usernames which could pb to a existent identity? A bully illustration present is however Ross Ulbricht of Silk Road was identified done his username/handle being linked crossed aggregate forums, yet to his existent identity,” Edwards explained.

Meanwhile, Nikolay Angelov, Blockchain Head astatine crypto lender Nexo, insists that portion bug bounties are utile successful helping decentralized speech platforms retrieve stolen funds, they besides assistance cleanse the hackers’ money. Additionally, successful immoderate of the known high-profile cases successful which hackers person agreed to instrumentality the stolen funds, the sum yet recovered has been little than 90%.

Declining User Confidence

When hackers tin easy get distant with stealing millions of dollars, this inevitably erodes assurance successful integer plus platforms. To reconstruct trust, Angelov said platforms indispensable utilize “real-time bundle codification inspections to forestall vulnerabilities.”

While the alleged achromatic chapeau hackers whitethorn beryllium motivated by the situation oregon reward, state-backed hackers, connected the different hand, person nary tendency to instrumentality the funds. Therefore, bug bounties whitethorn not beryllium an effectual mode of attempting to retrieve funds. According to Angelov, operators who are astatine the receiving extremity of attacks orchestrated by state-backed actors specified arsenic the North Korean-affiliated Lazarus Group should “actively question practice with authorities agencies to forestall stolen funds from entering their platforms.”

Singh, who shares akin sentiments, urged defi players to collaborate by sharing menace quality and adopting precocious defence strategies. He added:

“This corporate effort is indispensable to safeguarding the decentralized fiscal ecosystem against blase state-sponsored threats.”

What are your thoughts connected this story? Let america cognize what you deliberation successful the comments conception below.