More and more blackhats in DeFi hacking are turning whitehat, and the reason why is simple: whitehats become heroes for responsibly disclosing vulnerabilities and are given new incentives all the time, while blackhats are shunned as low-life criminals who get no status, no opportunities as a result of their hacks, and are often doxed and pursued endlessly by legal authorities and users.
Anecdotally, we’ve heard reports that hackers who have been on the fence about illegally exploiting bugs or disclosing them responsibly via Immunefi have started disclosing through Immunefi.
Prior to Immunefi, very few protocols utilized bug bounties, despite the fact that DeFi is the best use case for bug bounties. The danger is unlike the traditional software world, where usually the risk is that some user data might be leaked or inappropriately accessed. In DeFi, the danger is that if a single line of code is vulnerable, hackers may directly steal tens or even hundreds of millions of dollars.
Over the past year, Immunefi’s bug bounty platform has exploded onto the DeFi scene and made it legal, safe, high status, and profitable to be a good whitehat. Let’s discuss those categories a bit more.
Legal
Whitehats get legal cash and can easily use the crypto or banking systems without having to worry about making one small, single mistake that might reveal who they are. The blockchain is forever. Blackhats, on the other hand, always have to look over their shoulder and find it difficult to sleep at night because everyone is after them on legal grounds: the project, users, banks, tax authorities, state authorities, and so on.
Blackhats also don’t end up just committing one crime by hacking a project and stealing user funds. They end up having to engage in more crimes to launder the ill-gotten funds. Once blackhats start getting sucked into the criminal underworld, they might find that they can’t escape. They — and even their family — might be targeted by other criminal groups.
Safe
Whitehats don’t have to worry about random, angry crypto users doxing them or their friends/family. They don’t have to worry about threats or serious physical attacks that often naturally arise from stealing millions of dollars. They don’t have to worry about criminal investigators. They don’t have to worry about other blackhats they might have worked with doxing them or turning them into authorities, which happens more than people might think. Whitehats can sleep well at night.
High Status
Whitehats become legendary heroes. They gain status and opportunities that benefit them for years to come. Wherever they go in the crypto world, everyone knows and loves them. They get cushy job offers and speaking requests. They are the knights in shining armor, the protectors of DeFi. Others want to be them.
Profitable
Immunefi hosts the world’s largest bug bounties, and it’s now possible to make a full-time career out of bug hunting in DeFi, which was impossible just a year ago. A year ago, when hackers responsibly disclosed vulnerabilities, sometimes projects would even fix the vulnerability and refuse to reward the hacker. Sometimes, projects would ignore the hackers altogether. Sometimes, the reward would be incredibly low, despite the true market value of the vulnerability being orders of magnitude larger than the reward. A $1,000 reward is a pittance if funds at risk are $10 million dollars.
Immunefi has single-handedly pioneered the scaling bug bounty standard, which encourages projects to price vulnerabilities closer to their true market value, resulting in the world’s largest bug bounties. We now have many bug bounties in the millions for whitehats to claim.
Bug bounty matching programs have also started appearing to help increase incentives for responsible disclosure. BSC’s Priority One program exists to boost security in the BSC ecosystem. Armor has a bounty matching program called the Armor Alliance. Nexus Mutual recently launched a bounty matching partnership with Immunefi for protocols using Nexus.
We’re working around the clock to boost incentives for whitehats and turn them into heroes.
For these reasons and more, blackhats are becoming whitehats, and hackers on the fence are choosing to become whitehats.
P.S. Hackers subscribed to our newsletter are 35.8% more likely to earn a bug bounty. Click here to sign up.
