Opinion by: Mitchell Amador, founder and CEO of Immunefi
The best crypto defense against catastrophic hack is not code – it’s incentives. Bugies of bugs prevented billions -billions of losses, and it is important to emphasize that these billions -billions may exploitNot responsible disclosure, if the right incentives are no longer set up. This protection only works when the incentives for the white hat are clearly more than those for exploitation, and the current market trends are now tempting balance in dangerous ways.
Bug -scale scale standard means that the size of the reward must grow along with the amount of capital at risk. If a weakness can take off $ 10 million, the large amount must offer up to $ 1 million. These are changing living incentives for researchers to reveal security rather than exploit, and they are effective in protocols compared to the devastating alternative of hacking. This scale approach protects the entire protocols from destruction and ensures onchain’s continued financial growth.
The problem is that the market competition is warping these incentives. Some platforms have now tied their lowest service plan to capable rewards of large amounts, sometimes not higher than $ 50,000. This pricing structure forces protocols to reduce rewards and reduce costs, creating conditions for the next catastrophe.
Bugs of bugs as defense mechanisms
Recently cork protocol $ 12-million hack offers an example of saying. The protocol set a critical bug bounty to just $ 100,000, a small portion of risk funds. This misalignment creates a simple economic calculation: why spends the road -a time finding a weakness if the CAPPED payout is 120 times less than the amount of exploitation? Such math does not weaken exploitation; It is encouraged.
Bouhes of the bug are critical defense mechanisms that only work when they are at risk. When protocols with ten -ten million in total amounts locked bounties in the low five figures, they effectively bet that hackers will choose economic ethics. That’s not an approach – that’s hope.
The standard of millions of dollars exists for a factor
Crypto security standards are scrambled by a million dollar moments. Makerdao has set a $ 10-million huge amount that signed what protection is worth. The $ 10-million payout of wormhole after a critical exploitation was cementing the previous security requires significant incentives. Security researchers require the causes of life change to choose a disclosure of destruction in an industry where exploitation can remove wealth in minutes.
This scale approach was futile to work. If critical weaknesses may affect millions of user funds, bounties should offer proportional rewards, usually around 10% of the capital at risk. These economics help ensure the best researchers stay in the ecosystem and remain motivation to report weaknesses.
Market forces create dangerous precedes
Race to obtain market sharing has led several platforms to compete with prices rather than security results. By connecting platform fees to cope with bounty rewards, they create a bending incentive structure; Protocols choose lower rewards to reduce costs, not because of the risk, but because pricing it encourages. This is a major misunderstanding of what bugies of bugs are. They don’t just cost; These are insurance policies whose value should be measured by what they protect.
Related: Superrare $ 730,000 exploitation is easy to avoid – weigh by experts
Worse, some security platforms now require exclusive contracts to restrict which researchers can work. Others allow the post-disclosure disclosure that disrupts the researcher’s trust. These habits are far from the social contract that makes bugies of bugies effective in the first place. If experienced researchers lose confidence in the system’s fairness, they have three options: stop hunting, switch to private audit or dark.
The result is a chilling effect: Protocols cap Rewards to cure costs. Researchers choose because the upside is not worth the effort. Critical weaknesses are not defined. Exploits occur. The protocols even cut off the security budgets. It is a spiral of death that does not benefit anyone other than malicious actors.
A warning from web2
The in parallel with web2 bug bounty failures are disturbing. There, the chronic underpayment and poor treatment of researchers led to many skilled white hats to leave public programs. Crypto can’t make the same mistake, not when the trillion value prepares to move the onchain and the institutions watch closely.
Some argue that early stage teams are unable to cope with large bounties. The fact is, however, that the cost of a successful hack will always exceed a well -aligned bug. The loss of funds is expensive. The loss of trust is deadly.
The path forward requires coordination with the industry
Protecting the crypto security infrastructure requires acknowledgment that bug bounties work with trust and incentives. Each underpriced program weakens a social contract that maintains experienced researchers on the right side of the law.
The solution is not radical. Keep the rewards of the great amount that reflects the actual risk. Ensure transparent, fair treatment of researchers. Resist the temptation to treat security as a cost center rather than a values driver.
Critical, platforms should stop the insults of protocols in order to deliver their own defense.
The decentralized economy works only when the scale of trust here. If we want to continue to grow in crypto, with confidence from users, regulators and institutions, we need large amounts that make sense, not just in paper, but in training. Crypto only succeeds until its defenders are empowered to act.
Opinion by: Mitchell Amador, founder and CEO of Immunefi.
This article is for general information purposes and is not intended to be and should not be done as legal or investment advice. The views, attitudes, and opinions expressed here are unique and do not necessarily reflect or represent the views and opinions of the cointelegraph.
