{"id":527510,"date":"2022-12-15T17:45:19","date_gmt":"2022-12-15T14:45:19","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/"},"modified":"2022-12-15T17:45:19","modified_gmt":"2022-12-15T14:45:19","slug":"ethics-101-should-crypto-projects-ever-negotiate-with-hackers","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/","title":{"rendered":"#Ethics 101: Should crypto projects ever negotiate with hackers?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3c595c21a7b\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3c595c21a7b\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/#%E2%80%9CEthics_101_Should_crypto_projects_ever_negotiate_with_hackers%E2%80%9D\" >&#8220;Ethics 101: Should crypto projects ever negotiate with hackers?&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/#How_much_has_been_stolen_in_DeFi_hacks\" >How much has been stolen in DeFi hacks?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/#Should_you_negotiate_with_hackers_Yes\" >Should you negotiate with hackers? Yes.\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/#Should_you_negotiate_with_hackers_No\" >Should you negotiate with hackers? No.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/#Should_you_call_the_police_about_DeFi_exploits\" >Should you call the police about DeFi exploits?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/#How_to_fix_DeFi_vulnerabilities\" >How to fix DeFi vulnerabilities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/ethics-101-should-crypto-projects-ever-negotiate-with-hackers\/#Stand_your_ground_against_thieves\" >Stand your ground against thieves\u00a0<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CEthics_101_Should_crypto_projects_ever_negotiate_with_hackers%E2%80%9D\"><\/span>&#8220;Ethics 101: Should crypto projects ever negotiate with hackers?&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p style=\"float:right;margin:0 0 10px 15px;width:240px\"><img decoding=\"async\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/Stand-up-to-bullies-or-give-in-to-extortion-scaled.jpg\" class=\"type:primaryImage\"><\/p>\n<pre><code>                &lt;p&gt;&lt;strong&gt;A highly profitable trading strategy was how hacker Avraham Eisenberg described his involvement in the Mango Markets exploit that occurred on Oct. 11.&lt;\/strong&gt;\n<\/code><\/pre>\n<p><strong>By manipulating the price of the decentralized finance protocols underlying collateral, MNGO, Eisenberg and his team took out infinite loans that drained $117 million from the Mango Markets Treasury.\u00a0<\/strong><\/p>\n<p>Desperate for the return of funds, developers and users alike voted for a proposal that would allow Eisenberg and co. to keep $47 million of the $117 million exploited in the attack. Astonishingly, Eisenberg was able to vote for his own proposal with all his exploited tokens.<\/p>\n<p>This is something of a legal gray area, as code is law, and if you can work within the smart contracts rules, theres an argument saying its perfectly legal. Although hack and exploit are often used interchangeably, no actual hacking occurred. Eisenberg tweeted he was operating within the law: <\/p>\n<blockquote class=\"wp-block-quote\"><p>I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.<\/p>\n<\/blockquote>\n<p>However, to cover their bases, the DAO settlement proposal also asked that no criminal proceedings be opened against them if the petition was <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roved. (Which, ironically, may be illegal.)<\/p>\n<p>Eisenberg and his merry men would reportedly go on to lose a substantial portion of the funds extracted from Mango a month later in a failed attempt to exploit DeFi lending platform Aave.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"322\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/The-Mango-Markets-47-million-settlement-received-96.6-of-the-votes.png\" alt=\"The Mango Markets $47 million settlement received 96.6% of the votes\" class=\"wp-image-14837\" \/><figcaption class=\"wp-element-caption\"><em>The Mango Markets $47-million settlement received 96.6% of the votes. Source: Mango Markets<\/em><\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"How_much_has_been_stolen_in_DeFi_hacks\"><\/span>How much has been stolen in DeFi hacks?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Eisenberg is not the first to have engaged in such behavior. For much of this year, the practice of exploiting vulnerable DeFi protocols, draining them of coins and tokens, and using the funds as leverage to bring developers to their knees has been a lucrative endeavor. There are many well-known examples of exploiters negotiating to keep a portion of the proceeds as a bounty as well as waiving liability. In fact, a report from Token Terminal finds that over $5 billion worth of funds has been breached from DeFi protocols since September 2020.\u00a0<\/p>\n<p>High-profile incidents include the $190-million Nomad Bridge exploit, the $600-million Axie Infinity Ronin Bridge hack, the $321-million Wormhole Bridge hack, the $100-million BNB Cross-Chain Bridge exploit and many others. <\/p>\n<p>Given the apparently endless stream of bad actors in the ecosystem, should developers and protocol team members try and negotiate with hackers to attempt to recover most of the users assets?<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">1\/ After four hacks yesterday, October is now the biggest month in the biggest year ever for hacking activity, with more than half the month still to go. So far this month, $718 million has been stolen from <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/DeFi?src=hash&amp;ref_src=twsrc%5Etfw\">#DeFi<\/a> protocols across 11 different hacks. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/emz36f6gpK\">pic.twitter.com\/emz36f6gpK<\/a><\/p>\n<p>\u2014 Chainalysis (@chainalysis) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/chainalysis\/status\/1580312145451180032?ref_src=twsrc%5Etfw\">October 12, 2022<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Should_you_negotiate_with_hackers_Yes\"><\/span>Should you negotiate with hackers? Yes.\u00a0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>One of the greatest supporters of such a strategy is no other than ImmuneFi CEO Mitchell Amador. According to the blockchain security executive, developers have a duty to attempt communication and negotiation with malevolent hackers, even after they have robbed you, no matter how distasteful it may be.<\/p>\n<figure class=\"wp-block-image alignright size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"370\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/ImmuneFis-CEO-Mitchell-Amador.png\" alt=\"ImmuneFis CEO Mitchell Amador\" class=\"wp-image-14833\" \/><figcaption class=\"wp-element-caption\"><em>ImmuneFis CEO, Mitchell Amador. Source: LinkedIn<\/em><\/figcaption><\/figure>\n<p>Its like when someone has chased you into an alley, and they say, Give me your wallet, and beat you up. And youre like, Wow, thats wrong; thats not nice! But the reality is, you have a responsibility to your users, to investors and, ultimately, to yourself, to protect your financial interest, he says.<\/p>\n<p>And if theres even a low percentage chance, say, 1%, that you can get that money back by negotiating, thats always better than just letting them run away and never getting the money back.<\/p>\n<p>Amador cites the example of the Poly Network hack last year. After post-facto negotiations, hackers returned back $610 million in exchange for between $500,000 to $1 million in bug bounty. When such an event occurs, the best and ideal, the most effective solution overwhelmingly, is going to be negotiation, he says.<\/p>\n<p>For CertiK director of security operations Hugh Brooks, being proactive is better than reactive, and making a deal is only sometimes an ideal option. But he adds it can also be a dangerous road to go down. <\/p>\n<blockquote class=\"wp-block-quote\"><p>Some of these hacks are obviously perpetrated by advanced persistent threat groups like the North Korean Lazarus Group and whatnot. And if you are negotiating with North Korean entities, you can get in a lot of trouble.<\/p>\n<\/blockquote>\n<p>However, he points out that the firm has tracked 16 incidents involving $1 billion in stolen assets, around $800 million of which was eventually returned. <\/p>\n<p>So, its certainly worth it. And some of those were voluntary returns of funds initiated by the hacker themselves, but for the most part, it was due to negotiations.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"613\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/Perhaps-the-Poly-Network-hacker-really-just-wanted-a-small-bounty-for-his-efforts.png\" alt=\"Perhaps the Poly Network hacker really just wanted a small bounty for his efforts\" class=\"wp-image-14836\" \/><figcaption class=\"wp-element-caption\"><em>Perhaps the Poly Network hacker really just wanted a small bounty for his efforts. Source: Tom Robinson via <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a><\/em><\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Should_you_negotiate_with_hackers_No\"><\/span>Should you negotiate with hackers? No.<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Not every security expert is on board with the idea of rewarding bad actors. Chainalysis vice president of investigations Erin Plante is fundamentally opposed to paying scammers. She says giving in to extortion is unnecessary when alternatives exist to recover funds.<\/p>\n<p>Plante elaborates that most DeFi hackers are not after $100,000 or $500,000 payouts from legitimate bug bounties but frequently ask upward of 50% or more of the gross amount of stolen funds as commission. Its basically extortion; its a very large amount of money that is being asked for, she states.\u00a0<\/p>\n<p>She instead encourages Web3 teams to contact qualified blockchain intelligence companies and law enforcement if they find themselves in an incident. <\/p>\n<p>Weve seen more and more successful recoveries that are not publicly disclosed, she says. But its happening, and its not impossible to get funds back. So, in the end, jumping into paying off scammers may not be necessary.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"780\" height=\"439\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/Many-funds-have-been-lost-in-DeFi-exploits-this-year.png\" alt=\"Many funds have been lost in DeFi exploits this year\" class=\"wp-image-14834\" \/><figcaption class=\"wp-element-caption\"><em>Many funds have been lost in DeFi exploits this year. Source: Token Terminal<\/em><\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Should_you_call_the_police_about_DeFi_exploits\"><\/span>Should you call the police about DeFi exploits?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>There is a perception among many in the crypto community that law enforcement is pretty hopeless when it comes to successfully recovering stolen crypto.\u00a0<\/p>\n<p>In some cases, such as this years $600-million Ronin Bridge exploit, developers did not negotiate with North Korean hackers. Instead, they contacted law enforcement, who were able to quickly recover a portion of users funds with the help of Chainalysis.<\/p>\n<p>But in other cases, such as in the Mt. Gox exchange hack, users funds  amounting to approximately 650,000 BTC  are still missing despite eight years of extensive police investigations.<\/p>\n<p>Amador is not a fan of calling in law enforcement, saying that its not a viable option.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"600\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/Not-all-hackers-are-interested-in-striking-bounty-deals-with-developers.png\" alt=\"Not all hackers are interested in striking bounty deals with developers\" class=\"wp-image-14835\" \/><figcaption class=\"wp-element-caption\"><em>Not all hackers are interested in striking bounty deals with developers. Source: Nomad Bridge<\/em><\/figcaption><\/figure>\n<p>The option of law enforcement is not a real option; it is a failure, Amador states. Under those conditions, typically, the state will keep what it has taken from the relevant criminals. Like we saw with enforcement actions in Portugal, the government still owns the Bitcoin theyve seized from various criminals.<\/p>\n<p>He adds that while some protocols may wish to use the involvement of law enforcement as a form of leverage against the hackers, its actually not effective because once youve unleashed that force, you cannot take it back. Now its a crime against the state. And theyre not just going to stop because you negotiated a deal and got the money back. But youve now destroyed your ability to come to an effective solution.<\/p>\n<div class=\"article-suggest\">\n<div class=\"article-suggest__title display3\">Read also<\/div>\n<div class=\"article-suggest__items\">\n<div class=\"article-suggest__item\">                                                    <span>Features<\/span>                            Can Crypto be Swedens Savior?<\/p>\n<\/p><\/div>\n<div class=\"article-suggest__item\">                                                    <span>Features<\/span>                            <\/p>\n<p>Space invaders: Launching crypto into orbit<\/p>\n<\/p><\/div>\n<\/div>\n<\/div>\n<p>Brooks, however, believes you are obligated to get law enforcement involved at some point but warns the results are mixed, and the process takes a long time.<\/p>\n<p>Law enforcement has a variety of unique tools available to them, like subpoena powers to get the hackers IP addresses, he explains.<\/p>\n<figure class=\"wp-block-image alignright size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"393\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/Chainalysis-VP-of-Investigations-Erin-Plante.png\" alt=\"Chainalysis VP of Investigations Erin Plante\" class=\"wp-image-14832\" \/><figcaption class=\"wp-element-caption\"><em>Chainalysis VP of investigations, Erin Plante. Source: LinkedIn<\/em><\/figcaption><\/figure>\n<p>If you can negotiate upfront and get your funds back, you should do that. But remember, its still illegal to obtain funds through hacking. So, unless there was a full return, or it was within the realm of responsible disclosure bounty, follow up with law enforcement. In fact, hackers often become white-hats and return at least some money after law enforcement is alerted.<\/p>\n<p>Plante takes a different view and believes the effectiveness of police in combating cybercrime is often poorly understood within the crypto community.\u00a0<\/p>\n<p>Victims themselves are often working confidentially or under some confidential agreement, she explains. For example, in the case of Axie Infinitys announcement of funds recovery, they had to seek approval from law enforcement agencies to announce that recovery. So, just because recoveries arent announced doesnt mean that recoveries arent happening. Theres been a number of successful recoveries that are still confidential.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"How_to_fix_DeFi_vulnerabilities\"><\/span>How to fix DeFi vulnerabilities<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Asked about the root cause of DeFi exploits, Amador believes that hackers and exploiters have the edge due to an imbalance of time constraints. Developers have the ability to create resilient contracts, but resiliency is not enough, he explains, pointing out that hackers can afford to spend 100 times as many hours as the developer did just to figure out how to exploit a certain batch of code.<\/p>\n<div class=\"subscribe subscribe--inner\">\n<div class=\"container\">\n<div class=\"subscribe__inner\">\n<div class=\"subscribe__content\">\n<div class=\"subscribe__title display2\">Subscribe<\/div>\n<div class=\"subscribe__desc text-l\">The most engaging reads in blockchain. Delivered once a        week.<\/div>\n<div role=\"form\" class=\"wpcf7\" id=\"wpcf7-f13672-o1\" lang=\"en-US\" dir=\"ltr\">\n<div class=\"screen-reader-response\">\n<p role=\"status\">\n<ul><\/ul>\n<\/div>\n<div><\/div>\n<fieldset class=\"form-group\">    <label for=\"footer-subscribe\">Email address<\/label><br \/><\/fieldset>\n<p><button class=\"subscribe__btn btn btn-white\">SUBSCRIBE<\/button><\/p>\n<div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/div>\n<\/div>\n<div class=\"subscribe__img\">    <img decoding=\"async\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/10\/reading-copy.png\" alt=\"Subscribe to Magazine by Cointelegraph Newsletter.\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Amador believes that audits of smart contracts, or one point-in-time security tests, are no longer sufficient to prevent protocol breaches, given the vast majority of hacks have targeted audited projects. <\/p>\n<p>Instead, he advocates for the use of bug bounties to, in part, delegate the responsibility of defending protocols to benevolent hackers with time on their hands to level out the edge: When we started on ImmuneFi, we had a few hundred white-hat hackers. Now we have tens of thousands. And that is like an incredible new tool because you can get all that enormous manpower protecting your code, he says.\u00a0<\/p>\n<p>For DeFi developers wanting to build the most secure outcome, Amador recommends a combination of defensive measures: <\/p>\n<blockquote class=\"wp-block-quote\"><p>First, get the best people to audit your code. Then, place a bug bounty, where you will get the best hackers in the world, to the tune of hundreds of thousands, to check your code in advance. And if all else fails, build a set of internal checks and balances to see if any funny business goes on. Like, thats a pretty amazing set of defenses.<\/p>\n<\/blockquote>\n<p>Brooks agrees and says part of the issue is there are a lot of developers with big Web3 ideas but who lack the required knowledge to keep their protocols safe. For example, a smart contract audit alone is not enough  you need to see how that contract operates with oracles, smart contracts, with other projects and protocols, etc.<\/p>\n<p>Thats going to be far cheaper than getting hacked and trying your luck at having funds returned.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Stand_your_ground_against_thieves\"><\/span>Stand your ground against thieves\u00a0<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<figure class=\"wp-block-image alignright size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/Hacker-2.jpg\" alt=\"\" class=\"wp-image-14858\" width=\"291\" height=\"437\" \/><figcaption class=\"wp-element-caption\"><em>Best to avoid getting hacked in the first place. Source: Pexels<\/em><\/figcaption><\/figure>\n<p>Plante says cryptos open-source nature makes it more vulnerable to hacks than Web2 systems.<\/p>\n<p>If youre working in a non-DeFi software company, no one can see the code that you write, so you dont have to worry about other programmers looking for vulnerabilities. Plante adds, The nature of it being public creates those vulnerabilities in a way because you have bad actors out there who are looking at code, looking for ways they can exploit it.<\/p>\n<p>The problem is compounded by the small size of certain Web3 companies, which, due to fundraising constraints or the need to deliver on roadmaps, may only hire one or two security experts to safeguard the project. This contrasts with the thousands of cybersecurity personnel at Web2 firms, such as Google and Amazon. Its often a much smaller team thats dealing with a big threat, she notes<\/p>\n<p>But startups can also take advantage of some of that security know-how, she says.\u00a0<\/p>\n<p>Its really important for the community to look to Big Tech firms and big cybersecurity firms to help with the DeFi community and the Web3 community as a whole, says Plante. If youve been following Google, theyve launched validators on Google Cloud and became one the Ronin Bridge, so having Big Tech involved also helps against hackers when youre a small DeFi project.\u00a0<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">It was an honor to speak at <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/hashtag\/AxieCon?src=hash&amp;ref_src=twsrc%5Etfw\">#AxieCon<\/a> and share the successful recovery of $30M in crypto that was stolen from the Ronin Bridge. In these hack investigations it is a long road to recovery. But the Axie Infinity community is strong and we will continue to partner in this fight. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/V0lwrOtThr\">https:\/\/t.co\/V0lwrOtThr<\/a><\/p>\n<p>\u2014 Erin Plante (@eeplante) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/eeplante\/status\/1567956313908584449?ref_src=twsrc%5Etfw\">September 8, 2022<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>In the end, the best offense is defense, she says  and theres an entire population of white-hat hackers ready and willing to help.\u00a0<\/p>\n<p>Theres a community of Certified Ethical Hackers, which I am a part of, says Erin. And the ethos of that group is to look for vulnerabilities, identity, and close them for the larger community. Considering many of these DeFi exploits arent very sophisticated, they can be resolved before extreme measures, such as waiting for a break-in, theft of funds and requesting a ransom.<\/p>\n<div class=\"article-suggest\">\n<div class=\"article-suggest__title display3\">Read also<\/div>\n<div class=\"article-suggest__items\">\n<div class=\"article-suggest__item\">                                                    <span>Features<\/span>                            <\/p>\n<p>Inside the Iranian Bitcoin mining industry<\/p>\n<\/p><\/div>\n<div class=\"article-suggest__item\">                                                    <span>Features<\/span>                            <\/p>\n<p>Unforgettable: How Blockchain Will Fundamentally Change the Human Experience<\/p>\n<\/p><\/div>\n<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/magazine\/ethics-101-crypto-projects-negotiate-hackers\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Ethics 101: Should crypto projects ever negotiate with hackers?&#8221; &lt;p&gt;&lt;strong&gt;A highly profitable trading strategy was how hacker Avraham Eisenberg described his involvement in the Mango Markets exploit that occurred on Oct. 11.&lt;\/strong&gt; By manipulating the price of the decentralized finance protocols underlying collateral, MNGO, Eisenberg and his team took out infinite loans that drained $117&#8230;<\/p>\n","protected":false},"author":1,"featured_media":527511,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cointelegraph.com\/magazine\/wp-content\/uploads\/2022\/12\/Stand-up-to-bullies-or-give-in-to-extortion-scaled.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-527510","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/527510","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=527510"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/527510\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/527511"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=527510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=527510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=527510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}