Crypto Bug bounties: How successful are they in recovery of stolen funds?

in #buglast year

C3A37095-DAC9-4EDE-8274-6BF23C010E81.png
Cyber criminals have cost crypto companies and DEFI protocols over $7.35million across 69 hacks in so far 2023 according to DefiLIama data. Crypto companies offer bounties to hackers to recover funds. How successful have they been with it ?. Bug bounties are usually a specified percentage of money offered to a hacker from the money they stole from. This is in a bid to compel the hacker to return the funds. The latest hacking of the Hong Kong crypto network Mixin in the network lost $200 million is a case example. The network offered the hacker a $20million bug bounty to return the funds.

Bug bounties usually come with the promise of employing the hacker into the network team of security and not involving the law enforcement agent.
The case of safemoon hack. Safemoon hack involved nearly $9million worth of SFM tokens. The safemoon developers were able to recover 80% of the stolen funds valued at $7.1million. This was feasible because of the bug bounty where the hacker returned $7.1million of the stolen funds and kept 20%.

The Huobi global hack of $7.9 million is another point that bug bounty helps in recovery of stolen funds. In this hack, the hacker was offered 5% as a white hat bonus to return 95% of the stolen funds.

In August 2021,Poly network,a crypto platform lost $610milion. The highest hack that year if not highest in crypto hacks. The hacker was offered $500000 as bug bounty and a condition to join the network team of security. The bug bounty is worth six times more than that typically offered in traditional crypto currency bug bounty programs. Unfortunately despite the bug bounty the hacker refused to negotiate with the team and made away with it.

This is the wormhole deployer:
“We noticed you were able to exploit the solana VAA verification and mint tokens. We’d like to offer you a white hat agreement and present you a bug bounty of $10million for exploit details, and returning the wETH you’ve minted. You can reach out to us at [email protected].”
The above was the official statement of wormhole bridge offering a bug bounty of $10million during the hack of $326million of the network. Following up the case, the hacker decided to make away with the $326million.

The Qubit protocol hack of $80million is another unfortunate scenario where an unspecified bug bounty was offered to the hacker by the Quibit team. The team offered the bug bounty and also co operating with security and network partners to return the funds.

In another development, Star Arena successfully recovers 90% of its stolen funds after offering $257k bounty. Star Arena was hacked on October 7,2023 with the hacker exploiting and making away with 90% of the 266,000 Avalanche(Avax) which was worth $3million at that time. The team was able to recover this funds by offering a bounty of $257,000 to the exploiter.

From the above cases of hacks, you can agree with me that the success rate of bug bounty is more compared to the failure rate. This goes to show why crypto companies still practice and employ this means to recover their stolen funds.