Topic: Hacker attacks again - page 2. (Read 410 times)

I think that should be possible, I mean if it was the case then you could legally hack any place you want and return 90% of it and then keep the 10% and still be rich. Think about hacking binance one day, even if you just get into their hot wallet that's still a lot of money, that's literally a huge big company sized thing, not just some shop or anything, I mean like literally IPO level of thing right there.

This is why I think it is going to be quite important that we are going to end up with no company accepting that and making sure that anyone who tries to hack into any company will end up getting the court chasing them and they will always be on the run trying to hide and never come out and that's why it is scary to hack into big companies.

What can we expect from those hackers, it's rare though that they accept the offer maybe the company knows the hackers and to avoid being compromised, that's why they accepted it. Well, hackers are always there I wonder if they still have the plan to hack the system again.
Also confused about talking legality here where in the first place they are doing illegal things.

If a hacker worries about legal problems from hacking and fund steal because these activities are illegal, the hacker will not do it. After hacking massive fund, then start to think about legal problems, it is not logic.

I don't think discussing about percent of total hacked amount as bounty for hacker is not worth to discuss. As it will raise a concern that hackers will try to do as biggest hacks as possible because what they earn legally after refund will be big no matter what percent of bounty paid by the project.

Like if you are hackers with $10M, don't refund to project and go to jail. In contrast, if you are hackers with $500M, refund to that project then get a bounty reward like $50M but because it is legally, as it not supposed to be, will be fine with government. It's not logic at all.

It is bug bounty and serious projects have very generous bug bounty rewards for people who find and report serious bugs which can be harmful for their platforms if bad guys exploit it.

If there was a deal like returning 10% and closing the case, which hacker would want it? After all, laundering millions of dollars will not be easy, and you will always be afraid of being caught.
10% is a good amount and he may not have to pay taxes if he does not sell it, all he needs is to wait for several years and he will have an amount equal to approximately 30% to 50% of the stolen amount legally instead of getting 100% with the fear of being arrested.

most systems tend to give rewards for finding bugs instead of entering into negotiations with hackers that may lead to a loss of 10% of the hot wallet.

Most of the transactions happened when MtGox hacked was P2P in able to convert Bitcointo fiat and there’s no or only few entities that specialize tracking for crimes since Bitcoin that time is not huge compared today. The money that being scammed that time is not that huge compared that even a simple DeFi dapps holds huge amount of money.

Hackers back then is very free to do whatever they want without a serious threat of being detected because there’s still not enough technology to track them compared to our current date which chainalysis is very common service.

Yup, we'll never know if there's an internal attack or inside job regards to this hack. But they better be sure and do all investigations that they can and if they're suspecting one or a few of their people is part of it, they need to do in-depth investigations just to prove if the malice is wrong or right.

Agree, 100%. They can go away without any problem freely while receiving 10% of the money. Best resort for both sides.

They really should of offered these 10% bounty’s back in the MtGox and Bitfinex days. I am pretty sure most of the hackers would of just took it. I think most of the bitfinex funds were never moved and years later they got caught anyways. No idea if the mtgox funds were ever spent. I know that one is in a top5 BTC holder address and hasn’t moved.

So with these defi hacks, it’s better for them to just take the 10%. Rather than leave the funds on the wallet for a decade and then basically get caught anyways.

If they wanted to take that route then they would have taken it already, so I can only guess they want to keep playing this game of cat and mouse with Curve, and if anything this is the only explanation that I think it makes sense to explain what we are seeing.

If they were only motivated by the money then they would have never returned anything to Curve, if they realized the great offer they received then they would have returned everything and keep the 10% of the funds without the need to risk jail time, but instead they returned some of that money but kept the rest forcing a bounty over their heads, and the only way this makes sense to me is that they are enjoying this game they are playing with Curve and they do not want it to end.

The are many ways scammers are developing to ways to make us  cry especially for those big cryptocurrency whales and big projects that lack the maximum security they need to stay in business. The same happens to Binance and the exchange quickly make I decision that make investors and traders to believe in it because they were able to replace customers money without any different. This was one of the reasons that made people trust Binance because of the precious decisions they made that was appealing. Although that decision was never easy that would have made Binance not be effect or be in existence by now.

Just like others mentioned above that they wont really be a fool on giving out hints or traces on what their real identity is because we now that hacking is a punishable or illegal act which it would really be leading to be get
prisoned and this is something that they would really be avoiding. They wont really be that foolish enough on giving out their location and its true that not all of them would really be going for the money and its unlikely that a hacker would be saying that they dont want for the project to get ruined and this is why those funds had been given back? You could actually say that this hacker is good at least and there's no way on tracing it down no matter how big or generous the bounty is but as a project owner then better to be that grateful on what this hacker had done because if not then for sure it would really be giving out that huge impact into the project
since this is talking with huge funds. Expect that unexpected when it comes to hacking because they would really be making out those kind of exploits on the time that we do least expect.

There are possible few reasons among many which could convince the hacker on refunding the stolen funds, one is security, they are trying to play safe in the little way that they could, the funds which was stolen is not a small amount that could just be hidden under one wallet with being spent, even with lot of ways of mixing coins and removing trace from them, there are still possibilities of them leaving some trace, as the curve finance team will definitely be using every means possible to identify and trace them, it might not lead to any where, but their identity might not be hidden forever, so when a chance for them to keep some of the stolen asset present its self, they will happily grab it with open hands, there could also be some sort of disagreement between the hackers maybe that is the reason why all of the funds where not refunded yet.  

Hacking attacks in the DeFi space are very common as I know a few months back there was back-to-back, news for the funds hacking from the Decentralized wallets to the Liquidity platforms even on the borrowing and lending platforms. As Ronin wallet, Curve in recent, and the Uwerix on the most recent as it was on the date of 2nd August 3 days after the curve. Leetswap. Their valuation was low so they didn't grab attention in the market.

Overall the hack exploits in the Defi are not new and not much surprising the hackers use the technical backdoor vulnerabilities of the platform and steal money neatly.

Not all hackers would really be seem to be an evil guy, good thing that funds been given although in other protocol on which it is really just that normal that  they would really be trying out to give back those funds or assets

without being traced which they wont really be that so dumb that they would really be giving out hints on who they are. They arent called hackers for nothing on which it would really be just that normal that they would be having that safety precautions or approach.It is really just that good that the hacker did return out those funds but wondering if why those bounty didnt given back?since its been said that those funds were given
back on which it is really just that right that they would really be following up on what they had said about the bounty.It turns out to be that so non ethical despite on having negotiations in between a hacker.

Hackers are lurking in the shadows and trying out to wait for the opportunity on exploiting out projects  which does have weak security and taking it as an advantage.This is why it cant really be removed out the possibilites
that hacking incidents would be stopped and we know that once there is a breach then confidence and trust of investors on a certain project would dwindled out because the main thing that would be having in mind is that
your money or investment isnt really safe on something or a project that have been breached out.

It's just that based on the source given by op, all the funds were not returned back to the protocol that is said, which means that the hacker is not worried about whatever the authority wants to do to him. But even if it's a wrong step or a decision, that hacker is really down to earth.
so if I were in the hacker's situation, I hope he would just fulfill the offer he was told because apart from not being charged, he would not be in jail or have bad records.

I would rather just live average than just get paranoid on even touching every single gadget I usually use daily. I can imagine the anxiety of having to do these kinds of stuff. Not sure how many software do hackers need just  to cover trace, and I am pretty sure that VPN just barely scratches the surface, but you're right that just a single mistake could lead you either being on-the-run or possibly get hunted down considering that we're talking about internet.

There could have been possibly an internal investigation within the pools. Surely they had user of interest, but hey we'll never know who's who.

I recall months ago or two years ago, there is a hack and after that a hacker refunds to the project. People extrapolate that hack like an inorganic drama from that project team to create their pump and dump games.

I don't know what other people think about it but I see it is reasonable. Hacks a project, drains its treasury but then refunds it without any benefit but meanwhile and later can face with risk of reported by the victim project and arrested by police as well as in worst legal scenario, will be put in jails.

I will not play such dumb games like that if I am a hacker.

But if  I am an internal team member and want to set up an internal hack to dump tokens and days later refund hacked amount to bump tokens again, I will have many reasons to do such hack-and-refund.

I haven't followed this incident but there have been cases before that it happened too. Offered a bounty to the hacker but then, in a way that I don't know how the authorities managed to get probably a footprint or trace from the logs or whatsoever in technicality, the hacker got caught. It could possibly be an ego thing or whatnot but I agree that it's best to just take the offer and then let it call quits and that's it. No need to prove that he's the best and just stop fooling around with people's money.

The smart choice here would be to just take the 10% and live freely. I know highly-technical crypto users can evade traceability by doing things correctly, but it only takes one mistake mistake to get yourself in handcuffs. Having more money isn’t worth it if you’ll be on-the-run(virtually) forever.

Now, let's have an update about the curve finance. recently it had an issue where a hacker entered it and it happened on July 30, 2023. So what Curve did was they offered the hacker to return its fund and they will give 10% bounty rewards. And it will not be charged or imprisoned. The offer was accepted and the stolen assets were returned. But the hacker did not complete its full refund from other pools.

Because it has a deadline now it has passed. Now the rewards are offered just to identify the attackers. Also, what do you think is the reason and why did the hacker return the funds to another protocol? he said and that's not the reason he's afraid of being identified.

Because it seems that what the hacker wants to release or make him look like is that the authorities cannot identify him. Let's see what happens here, because we know that the hacker is not invincible because there are and still are others caught. What happened to the Bitfinex hacker even after a long time was still caught. But if it turns out that a north Korwan hacker was able to access curve finance, it is unlikely to be recovered for sure.

Source: https://m.investing.com/news/cryptocurrency-news/curve-finance-opens-bounty-after-exploiters-return-deadline-expires-3146166