As hacks and exploits continue to proliferate in the cryptocurrency industry, the importance of finding vulnerabilities to prevent potential loss becomes paramount. However, a Web3 developer noted that it is not rewarding to do so.
In a tweet, a Web3 developer he claimed that it found a vulnerability in a Solana smart contract that would have affected several projects and some 30 million dollars in funds. According to the developer, he reported and helped patch the vulnerabilities. However, when it came time to ask for a reward, the projects began to ignore him.
The developer pointed out that this sends the wrong message because it shows that projects would rather be hacked than have critical bugs reported. Wrote:
“That’s why you get situations like the Mango exploit, where the exploiter first steals the funds and then starts trading. There’s not a proper incentive to report.”
Community members also echoed the developer’s sentiment. Smit Khakhkhar, another developer, answered stating that he too made the same mistake multiple times. “This is one of the main reasons hackers exploit first and trade later,” he wrote. On the other hand, a Twitter user believes that it is also possible that the developers of the projects want to secretly exploit the code for themselves. They tweeted:
Yep, the incentives to hack it yourself is way higher than the incentive to report. Also…perhaps these devs secretly wanted to exploit it themselves. Don’t rule that out. I’m sure the people that a most likely to spot exploits are the code writers.
—ReddSpark (@Redd_Spark) December 20, 2022
Yes, the incentives to hack it yourself are far greater than the incentives to report. Also… maybe these developers secretly wanted to exploit it themselves. Don’t rule that out. I’m sure the people most likely to spot exploits are code writers.
Because of this, some predict that the next cycle in crypto will be a break and fix cycle. According to the community member, traders could potentially pay blackhats to exploit critical vulnerabilities while shorting projects.
Meanwhile, many industry executives believe that artificial intelligence programs like ChatGPT can help secure smart contracts. Speaking to Cointelegraph, HashEx CEO Dmitry Mishunin recently noted that ChatGPT can be integrated and reduce the number of hacks within the industry.
Within cryptocurrencies, many hacks have been highlighted in the decentralized finance (DeFi) space. Despite this, many industry professionals are confident that greater DeFi adoption can be achieved by educating institutional players and removing user experience barriers.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.