DeFi
How a whitehat hacker helped recover $450 million – DL News
- Whitehat hacker explains how he helps recover funds stolen in DeFi hacks.
- Negotiation is often the most productive approach.
- But some security researchers are critical of making deals with blackhat hackers.
When hackers strike, DeFi teams often feel helpless.
Many do not want to go to the police, and identifying those responsible is becoming increasingly difficult.
There are few options left, but there is one that offers hope: negotiation.
There’s just one problem: the developers behind DeFi protocols are notoriously bad at handling such issues.
“It’s just not a skill set that exists a lot in the cryptocurrency space,” said Ogle, a pseudonymous whitehat hacker. DL News in an interview.
“A lot of people in the cryptocurrency industry are 23 years old and haven’t really done much.”
Great believer
Ogle firmly believes that negotiating with blackhat hackers is a wise approach and perhaps the only one DeFi teams can take when their projects have been scammed.
To this end, he has helped recover over $450 million through more than 40 separate hacks and exploits.
Join the community to receive our latest stories and updates
Cryptocurrencies lost to hacks and exploits are down from their 2022 peak.
His greatest success? Having helped secure the recovery of $240 million for Euler Finance in April 2023.
Ogle’s other negotiations include July 2023 Curve financing Liquidity Pool Hacks and the month of April 2023 Emotional tip.
“I’ve been through a lot and I’ve dealt with some very difficult people, some very big egos,” he said.
Negotiating with hackers is probably not an easy thing.
Chances are they won’t be interested in talking to representatives of the projects they just mined. And even if they do, it can often be a waste of time.
When the cryptocurrency exchange KyberSwap lost $48 million Following an exploit in December, the hacker responded to negotiations by demanding control of the protocol, its founding company and all of its assets, in exchange for the return of user funds.
Still, Ogle said negotiating is better than doing nothing, which is usually the harsh reality after a hack.
A losing position
When a DeFi protocol gets hacked, it’s all hands on deck.
Behind closed doors, teams of crypto security experts form online war rooms—places to share information, strategize, and figure out the best way to recover stolen assets.
“I tend to get drawn into these rooms from time to time,” Ogle said.
Hacked DeFi projects almost always start from a losing position, something hackers know very well.
Many projects don’t want to involve law enforcement in the investigation. They believe that authorities will probably never catch the culprit. They may not even have the resources to do so.
Another concern is the perception that law enforcement has a poor understanding of cryptocurrencies.
“There’s not much point in tracking down an address or a person if you’re not willing to involve law enforcement,” Ogle said.
Instead, most projects look for a way to get the hacker to return the funds as soon as they have made them, which is what Ogle specializes in.
A credible threat
Ogle’s journey into hack recovery began in 2021 with a little-known DeFi protocol called StableMagnet.
The creators of the protocol took advantage of a oddity on how code is stored on blockchains to steal $27 million from users.
But the creators of StableMagnet made mistakes. This allowed Ogle to follow them as they fled Hong Kong to Manchester, England.
After Ogle had taken all the necessary steps, he passed the information on to the local police who stopped authors.
Tracking hackers is difficult and time consuming. There is no guarantee of success.
But, Ogle said, he only had to track down the hackers once to show it was possible.
“We have an example of people actually being arrested, which didn’t exist at that time,” Ogle said.
In other words, StableMagnet’s arrests could be used as a threat.
“The threat was, ‘Hey, listen, I’m involved in this. I’ve had people arrested before. You should be scared. So if you’re scared, then let’s make a deal.’
The agreement
Hacking and programming have always been Ogle’s hobbies. But he also studied business in college and has started and sold tech companies in Silicon Valley and New York.
It’s the negotiation skills Ogle has honed over his professional career that he relies on most in the war room.
The deal Ogle is trying to make with the hackers is that they return 90% of the stolen funds and keep 10%. In exchange, Ogle and the other security researchers involved promise to stop any attempts to track down the hacker.
Some security researchers criticize such deals, saying that the principle of letting hackers walk away with 10% only encourages them.
Ogle sees things differently.
“When you’re dealing with ordinary people who have lost everything, none of them really care about the principle: they want their money back,” he said.
Detect hackers
Ogle’s negotiation skills were put to the test in April 2023, when he helped secure $240 million for DeFi lending protocol Euler Finance.
“They worked on it for a while, but they had some difficulties with the recovery part. So after a few weeks, they called me to help them,” he said.
Ogle’s tactic worked.
Euler’s hacker, who said DL News This is an Argentinian named Federico Jaime, who returned all the stolen funds, minus $2 million that he sent via Tornado Cash, and another $200,000 that he sent to North Korean hackers Lazarus Group.
“For hackers just starting out: don’t be stupid, don’t steal, do bounties, etc.,” Jaime said after returning the funds.
“You have to determine what type of person you’re dealing with,” Ogle said.
“If it’s an opportunistic thief who just picked up a wallet off the ground as he walked past, that’s different from someone planning a burglary, right?”
Tim Craig is a DeFi correspondent at DL News. Got a tip? Email him at tim@dlnews.com.