All you need to know about white hat hackers and how they make blockchains more secure

Hackers are most often seen as the bad guys. And for good reasons too. According to Security Magazine, there is a hacker attack every 39 seconds, with hundreds of thousands of innocent users falling victim to cybercrimes every year. However, cybersecurity is getting stronger by the day, and while it may sound absurd, some of this progress can actually be attributed to the work of hackers.

But these are ethical hackers, also called white-hat hackers, who use their hacking skills to identify loopholes in hardware, software or network security. These hackers operate within legal boundaries and do not cross over to the wrong side of the law.

Let's look at how some of these white hat hackers are making the decentralised finance (DeFi) space more secure.

| Explained: What are gold-based stablecoins; why are they outdoing other cryptos

Recently, hacking veteran Jay Freeman was in the limelight for discovering a billion-dollar vulnerability in three of Ethereum’s layer-2 networks. The bugs were found in the Optimism, Boba, and Metis networks of Ethereum, which he then christened the “Unbridled Optimism.” According to Coindesk, Optimism, Boba and Metis had about $750 million locked in DeFi on the day this issue came to light, and almost all of it was reportedly at risk at the time. The gravity of the situation speaks for itself.

In the first week of February 2022, Freeman discovered an issue with the ‘selfdestruct’ function of the Ethereum smart contracts. This function is designed to eliminate expired or obsolete smart contracts and transfer the associated balance of the network’s native currency ether (ETH) to a different address. This can be exploited to suck out billions of dollars worth of liquidity from the system and leave DeFi service providers in losses.

A few weeks ago, crypto exchange Coinbase was saved from an embarrassing disaster when white-hat hacker ‘Tree of Alpha’ connected with CEO Brian Armstrong to apprise him of an impending threat. It was pointed out that the Coinbase order books could be transferred to other addresses at arbitrary rates, allowing criminals to make millions of dollars in the process. This was a critical expose, and within two hours of being briefed, the exchange patched the vulnerability and restored trading services for all users – a befitting example of how white hat hackers can really help.

Also Read | Explained: How investors can participate in crypto airdrops

White hat hackers seek to expose all possible gaps in a project’s underlying code. They may arrive at their discovery through research on open-source software (free for all), self-owned systems and software, or through investigative rights given to them by developer-run ‘bug bounty programs’. These programs hand out rewards to hackers who can get through and point out security flaws that need fixing. Last year, the US government, for instance, offered rewards of up to $10 million in crypto assets to incentivise white hat hackers to weed out state-sponsored actors or other potential threats on the dark web. Companies also employ these ethical hackers to test their information systems.

There are also some white hat hackers who do ethical hacking for sheer thrill. In August last year, a white hat hacker siphoned off $612 million from the Poly Network and later returned it after a lot of negotiation, claiming the heist was ‘for fun’. Although the term ‘white hat hacker’ may not exactly be applicable in this case, an important vulnerability was exposed in the process.

The tools used by white hat hackers are the same as those used by black hats (cybercriminals), but the intent of use is to help organisations upgrade the security of their networks. They conduct a stress test with deep scans of networks for malware, identifying potential threat of hacking in a platform’s information systems, and even fooling the organisation/platform’s employees into clicking on links that lead to malware infestations.

Also Read | Blockchain: Not just proof of work or proof stake, here are 7 other consensus mechanisms

These are two common ways in which they help improve systems:

Pen Tests: Short for penetration tests, ethical hackers use their knowledge to identify potential entry points into systems and then breach them to determine the extent of damage they can cause.

Denial-of-Service (DoS) Attack: This is one of the most popular forms of attack in the world of crypto. These attacks render the service unavailable to the users through network disruptions and outages caused by performance impacting hacks. Organisations need to have a DoS response plan, which can be made robust with the help of white hat hackers.

With cybercrimes increasing as cryptocurrencies become more popular, the need to identify underlying issues and sure up systems has risen. And it’s an uphill task without the help of white hat hackers. They act as the faceless guardians of major crypto networks, silently protecting users from behind the curtains.