Samczsun, a pseudonymous white hat hacker and Head of Security at Paradigm, one of the largest venture capital funds focused on crypto and related technologies, has launched Security Alliance (aka SEAL Org), a platform aiming to help crypto users affected by hacks and provide legal protection to white hat hackers who intervene.
Samczsun and his team have created the 'Whitehat Safe Harbor' initiative, a framework through which blockchain protocols “can offer legal protection to white hats who aid in the recovery of assets during an active exploit.”
Alongside this, the team has launched SEAL 911, a 24/7 emergency 'hack' hotline in Telegram, and SEAL Wargames, which provides free security training for blockchain protocols by first gaming out hypothetical hacking scenarios and then simulating an attack.
Samczsun explained that the idea of the project emerged after the Nomad hack in 2022, when a misconfiguration of the bridge’s main smart contract allowed a large number of attackers to chaotically withdraw around $200 million from the platform and the white hat community couldn't intervene as it didn't have a proper framework to salvage funds from the project.
"The war room was stressful, and the security community collectively looked back and wondered, 'how did we get to a point where random people felt comfortable stealing money from the bridge, but white hats felt it was too risky to intervene?’”
Those protocols which adopt the Whitehat Safe Harbor Agreement before an exploit happens will have a higher chance of community intervention, as white hats will know how to respond in the situation, and their rights (including bounty terms) will be legally protected. The initiative is currently welcoming comments and inviting open discussion over the next month.
The project lists over 50 donors and partners, including Vitalik Buterin, Coinbase, Paradigm and a16z crypto. The nonprofit has reportedly received more than $1 million in donations so far.
Hackers are not all driven by greed and a desire to spread chaos. White hat hackers try to identify vulnerabilities or security issues in a system by imitating the methods of their more nefarious 'Black Hat’ brethren. Unlike in a malicious attack, this is done with consent from the protocol, in order to protect the system from potential dangers.
Ethical hacking is legalized in some countries, such as Belgium, and the U.S. DoJ also believes that “good-faith security research should not be charged.” However, others claim that good intentions are not an excuse for unauthorised access to a system. In China, white hat hackers first have to report any vulnerabilities to the government, thus also serving the regime's intelligence agencies.
Samczsun is one of the most well-known, prolific security researchers in the Ethereum space. Despite the fact that he has not been as focused on independent white hat hacking since joining Paradigm as a research partner in 2020, he remains a role model for the community.
We will have to wait and see whether the agreement works to facilitate white hat intervention and reduce the value of funds stolen through attacks on blockchain protocols that sign up. According to a recent Chainalysis report, hackers managed to steal around $1.7 billion from cryptocurrency platforms in 2023, so there is plenty of work to be done.
