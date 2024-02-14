(Bloomberg) -- Samczsun, a pseudonymous cybersecurity researcher at digital-asset investment firm Paradigm, is leading an initiative to protect “white-hat hackers” from potential legal woes when they step in to protect crypto projects from attacks.

The recently created nonprofit Security Alliance has so far received more than $1 million in donations from digital-asset investors and projects including venture funds Andreessen Horowitz’s crypto division, Electric Capital, Paradigm, and industry organizations such as the Ethereum Foundation. Ethereum’s co-founder Vitalik Buterin donated $500,000, according to a spokesperson for Security Alliance.

The programmers typically go through the computer code of projects, looking for flaws and bugs that they report to the developers, often in exchange for rewards. Many, such as samczsun, prefer to be anonymous because of fear about reprisals from criminal hackers when they address breaches. About $1.7 billion in funds were stolen from crypto projects in 2023, according to blockchain intelligence firm Chainalysis.

The absence of a legal framework stands as a primary obstacle deterring white-hat hackers from intervening to protect crypto platforms from theft, samczsun said in an interview with Bloomberg News. Devon Spurgeon, who manages communications for Paradigm, confirmed in an email that samczsun is an employee.

When the crypto communication protocol Nomad was exploited in 2022, many cybersecurity researchers were not able to help because their employers advised against it, samczsun said. Unlike other hacks that typically occur within minutes, the Nomad attack unfolded over several hours, with several copycat assaults following the lead of the initial hacker to exploit a flaw in the project. The stolen funds, which ended up being nearly $200 million, could have been partially saved, if white-hat hackers were allowed to take the money from the project, samczsun said.

Read More: Crypto Firm Nomad Loses Nearly $200 Million in Bridge Hack

“Having gone through this quite a few times myself, I think this is the time for me to do something about it,” samczsun said. “I’m tired of not being able to do what I can to help these projects when they’re in these situations of crisis.”

The group’s White-Hat Safe Harbor Agreement aims to establish a legal framework to incentivize and protect cybersecurity researchers in a situation like Nomad’s hack, according to samczsun. Research by the Security Alliance shows that 60% of hacks between 2020 and 2023 could have qualified for the proposed Safe Harbor Agreement, suggesting that white-hat hackers could have potentially saved projects millions of dollars.

“We really believe that crypto is sort of different from a lot of other industries in that there’s a very independent mindset,” said Nick Selby, a member of Security Alliance and former director of cyber intelligence and investigations at the New York Police Department. “Forgetting any political statement, it’s just really hard to keep up with a very fast-moving new technology and try to regulate it, and we’ve seen that with traditional cyber.”

