Cryptocurrency platforms that have been the victim of thefts are telling their attackers to keep some of the stolen digital assets and give back the rest, as the platforms face millions of dollars in losses. Victims have offered as much as $10 million, similar to bug bounties, according to a Monday (July 25) report in The Wall Street Journal.
The deal allows companies to move on from cyber-attacks, security experts told WSJ. At the same time, these experts don’t like the correlation with bug bounties, which are paid out to hackers who work with the company to find vulnerabilities in a security setup.
“That dilutes all of the work that people have done to do the right thing,” said Casey Ellis, founder and chief technology officer of bug-bounty platform Bugcrowd, in the WSJ report. “I have to step back from the keyboard now and then when it comes up.”
In recent years, hackers have stolen substantial sums from cryptocurrency platforms.
North Korean-linked groups have taken more than $1 billion over the years, largely from decentralized financial platforms, according to crypto-research firm Chainalysis Inc., even as crypto values have continued to plummet.
DeFi trading platform Crema Finance this month said they had $8.8 million of crypto stolen. Its developers teamed up with third-party cyber-detectives to trace the stolen funds across blockchains, or digital public ledgers, before contacting the attacker a few days later.
“We are afraid that a discussion on the negotiation process with too many details actually provides more help for hackers than for the DeFi community,” Crema said.
Lending platform Qubit Finance posted a tweet in January offering $2 million as a “well earned bounty” in exchange for hackers returning the remainder of an $80 million theft.
We’d like to offer the exploiter the highest bounty in history.
Let’s retweet this! pic.twitter.com/eQ0iUOaxiy— Qubit Finance (@QubitFin) January 30, 2022
And last month, DeFi crypto project Harmony responded to a heist of about $100 million, offering a $1 million “bounty” on Twitter to hackers in exchange for the rest of the money.
We commit to a $1M bounty for the return of Horizon bridge funds and sharing exploit information.
Contact us at whitehat@harmony.one or ETH address 0xd6ddd996b2d5b7db22306654fd548ba2a58693ac.
Harmony will advocate for no criminal charges when funds are returned.
— Harmony 💙 (@harmonyprotocol) June 26, 2022
Related: US Lawmakers Take on Crypto Ransom Payments
Last month, the Senate Committee on Homeland Security and Government Affairs held a hearing on the rising threat of cryptocurrencies as an enabler of ransomware attacks and ransom payments.
Sen. Gary Peters, chairman of the committee, released a new report on June 2 detailing the results of his investigation into the role of cryptocurrencies.
For all PYMNTS crypto coverage, subscribe to the daily Crypto Newsletter.