Calling a Hack an Exploit Minimizes Human Error

/in


Yesterday, beginning at 18:24 UTC, someone or something exploited a security vulnerability on Wormhole, a tool that allows users to swap assets between Ethereum and a number of blockchains, resulting in the loss of 120,000 wrapped ether (or wETH, worth about $321 million) on the platform.

This is the second largest decentralized finance (DeFi) attack to date, according to rekt’s leaderboard, in an industry where security exploits are fairly common and part of users’ risk curve. There’s a whole business made out of code reviews, a lexicon of industry-specific jargon to explain what’s going on and something of a playbook to follow if and when “hacks” inevitably occur.

This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

Wormhole, apart from catching and patching this bug earlier, has seemingly tried to do the right thing: They shut down the platform to prevent further losses, notified the public of what they know and announced Jump Trading is on the line to replenish the stolen coins.

Read more: Blockchain Bridge Wormhole Suffers Possible Exploit Worth Over $326M

Furthermore, in a move that’s becoming increasingly common, the Wormhole Deployer has posted an open message to the exploiter on Ethereum offering them a “white hat agreement” and $10 million for an explanation of the attack in exchange for the stolen funds.

Excuse the simile, but this is like waiting for a magician to pull a rabbit from a top hat. The world is waiting to see whether they’re dealing with a “white” or “black” hat hacker, terms meant to explain a hacker’s motivations. The reality is likely to be a little more gray.

Hacks vs. exploits

“Black hat hackers are criminals who break into computer networks with malicious intent,” according to Kaspersky security experts. They may use malware, steal passwords or exploit code as it’s written for “self-serving” or maybe “ideological” reasons. White hats, aka “ethical hackers” or “good hackers,” are the “antithesis.”“They exploit computer systems or networks to identify their security flaws so they…

Source…