ווי כאַקס און עקספּלויץ continue to go rampant within the crypto industry, the importance of finding vulnerabilities to prevent potential losses becomes of utmost importance. However, a Web3 developer highlighted that it’s not rewarding to do so.
In a tweet, a Web3 developer קליימד that he found a vulnerability in a Solana smart contract that would have affected several projects and around $30 million in funds. According to the dev, he reported and helped patch the vulnerabilities. However, when it was time to ask for a reward, the projects just started to ignore him.
The developer noted that this sends a wrong message because it shows that projects would rather get hacked than have critical bugs reported to them. He געשריבן:
"דאָס איז וואָס איר האָבן סיטואַטיאָנס ווי די מאַנגאָ עקספּלויט פּאַסירן ווו דער עקספּלויטער וועט ערשטער גאַנווענען די געלט און דעמאָלט אָנהייבן ניגאָושיייטינג. עס איז קיין געהעריק ינסעניוו צו באַריכט."
Community members also echoed the sentiment of the developer. Smit Khakhkhar, a fellow developer, אפגערופן by claiming that he also made the same mistake multiple times. “This is one major reason why hackers exploit first and then negotiate,” he wrote. On the other hand, a Twitter user thinks that it’s also possible for developers within the projects to secretly want to exploit the code for themselves. They tweeted:
Yep, the incentives to hack it yourself is way higher than the incentive to report. Also..perhaps these devs secretly wanted to exploit it themselves. Don’t rule that out. I’m sure the people that a most likely to spot exploits are the code writers.
— ReddSpark (@Redd_Spark) דעצעמבער קסנומקס, קסנומקס
Because of these, some פאָרויסזאָגן that the next cycle in crypto will be a break-and-fix cycle. According to the community member, traders could potentially pay blackhats to exploit critical vulnerabilities while shorting projects.
פֿאַרבונדענע: טריידער אַלעדזשאַדלי געזען איבער 5,000 קס גיינז נאָך אַנקר פּראָטאָקאָל כאַק
Meanwhile, many industry executives believe that artificial intelligence programs like ChatGPT can contribute to securing smart contracts. Speaking to Cointelegraph, HashEx CEO Dmitry Mishunin recently noted that ChatGPT can be integrated and reduce the number of hacks within the industry.
Within crypto, many hacks have been highlighted in the decentralized finance (DeFi) space. Despite this, many industry professionals are confident that broader DeFi adoption can be achieved by educating institutional players and eliminating user experience barriers.
Source: https://cointelegraph.com/news/projects-would-rather-get-hacked-than-pay-bounties-web3-developer-claims