Some white hat hacker behavior is ‘weird,’ Ledger CTO says

After the Kraken-CertiK incident earlier this week, Ledger’s Charles Guillemet weighed in on white hat hackers

article-image

Maor_Winetrob/Shutterstock modified by Blockworks

share

The back and forth between CertiK and Kraken this week left more questions than answers. 

So to get some potential answers — and to pick his brain — Blockworks chatted with Ledger Chief Technology Officer Charles Guillemet.

Outside of the use of Tornado Cash by the US-based CertiK, he also highlighted the withdrawal of XMR — a privacy coin on Monero, in case you’ve skipped some of Empire’s previous segments — as suspicious because, well, it’s a privacy coin.

Add ChangeNow, a self-styled non-custodial exchange, into the mix. In Guillemet’s experience, ChangeNow is generally one of the top picks for attackers who are trying to hide crypto. It’s often used by bad actors because it doesn’t require proper KYC checks before facilitating swaps from one token to another.

It was also weird that there were video calls between CertiK and Kraken. And don’t even get him started on the millions withdrawn (he maintains you can exploit as little as $5 to prove the bug and then report it for a bounty). 

Read more: Empire Newsletter: DJT and Kraken bring the drama

However, the five-day time period in which the researchers were testing the exploit isn’t that strange. 

“So the five day period is not suspicious, per se. But what is suspicious is what they did during the meantime,” he told Blockworks.

The silver lining in this is the speed in which Kraken assessed the issue (47 minutes, according to Kraken’s Chief Security Officer Nick Percoco) and investigated the issue.

Kraken had everything in place in order to verify what happened on their platform and to find out that the vulnerability was actually exploited several times, by three accounts and not only by one,” he added. 

Guillemet was in the security world before swapping over to crypto in 2017. 

With that experience, he said that the “behavior that we see in blockchain and crypto when it comes to white hat [hacking] is really weird from my standpoint.”

Read more from our opinion section: We need to talk about the dangers of custody on exchanges

“Sometimes you have a white hat, supposedly, who finds a vulnerability on some smart contract. It completely drains the smart contract and then gives back like 90%, choosing its reward [of] 10%. This kind of behavior, for me, is extortion. It seems to be okay. It seems to be white hat behavior,” Guillemet continued.“But I completely disagree with this. When you do security research, you don’t choose your reward.”

“In crypto, it’s not always the case, and it’s a bit disturbing for me, and it’s also disturbing for other security guys in the field.”

CertiK said it wasn’t trying to exploit or “extort” funds from the exchange, unlike claims made by Percoco. On Thursday, Kraken confirmed it received the funds back sans a bit lost to fees.

The simplest way to improve the space is obviously investing in security, but the more difficult path forward is for security teams to stay humble, Guillemet said. 

“Attackers will get better and better and we as an ecosystem must be humble and always raise the bar for security because this is a cat-and-mouse game and the stakes are getting higher.”

A shorter version of this article appeared in Friday’s Empire Newsletter. Sign up here to never miss an issue.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

recent research

Blinks Report Image.png

Research

Blinks enable the ability to vampire attack user monetization of existing networks by inserting onchain and financialized functionalities directly within the popular social feeds and digital experiences of today.

article-image

Plus, how the FTX collapse played out in Asian countries

article-image

Kalshi founder Tarek Mansour said Thursday marked the “the first trade on regulated election markets in nearly a century”

article-image

I was excited about being on the precipice of realigning societal incentives and solving many issues plaguing our modern financial world

article-image

Cypherpunk Holdings has rebranded to Sol Strategies in a pivot to a Solana-first investment approach

article-image

BitGo’s wrapped bitcoin (wBTC) has a new custodial challenger

article-image

Make no mistake: Tether makes a ton of money. But exactly how much depends a lot on the price of bitcoin.