ImmuneFi Founder Warns of Professional DeFi Hackers Turning Cybercrime Into a Full-Time Career

As Hackers Get Savvier, Can Regulation Catch Up?

Mitchell Amador, the founder of Web3 bug bounty platform ImmuneFi, has issued a warning that decentralized finance (DeFi) is becoming an increasingly profitable and sustainable career choice for hackers. This comes as the industry is rocked by a series of high-profile attacks. Hackers, who once operated on a part-time or opportunistic basis, are now making hacking a full-time business. In a rapidly evolving crypto space, their tactics are becoming more sophisticated, and as the stakes get higher, so does the pressure on regulators to step in.

Amador’s comments at the Decrypt Web Summit on December 9th revealed just how organized and skilled these attackers have become. “Hacking DeFi protocols has become an infinitely sustainable and viable business,” Amador explained, noting that cybercriminals are now aiming to cause “more damage than ever.” With a wider range of tools and strategies at their disposal, these hackers are proving more difficult to stop. The rise of professional DeFi hackers could change the landscape of the entire industry, presenting new challenges for platforms like ImmuneFi to ensure security.

The Changing Face of Crypto Hackers: From Opportunists to Professionals

Historically, crypto hacking was seen as a quick way to make money, with many of the early attackers being opportunistic. But the game has changed. Today, many of these hackers have refined their craft and are now operating with much more organization and professionalism.

One key tactic has been the use of MEV (Maximal Extractable Value) bots, which monitor pending transactions on the blockchain and execute trades before legitimate users. This process allows hackers to take advantage of high-value trades by placing their own transactions in front of others, effectively front-running legitimate users and reaping large profits in the process. “Even when they’re not hacking, they could be front-running trades,” said Amador.

Hackers are also expanding their skillsets beyond simple exploits. The recent attack on Radiant Capital, where North Korean hackers stole $50 million, highlighted the lengths these professional hackers are willing to go. Amador explained that the attack involved compromising private keys and executing a “man-in-the-middle attack” by spoofing transactions—a much more intricate method than what was seen in earlier crypto hacks.

The Role of Governments and Regulatory Clarity

The crypto industry, often criticized for its lack of regulation, might soon see some changes on the horizon. Amador believes that the election of pro-crypto politician Donald Trump as U.S. president could influence regulatory measures in the United States, pushing for clearer guidelines on crypto security.

He pointed to recent discussions within the Republican party about establishing a Federal Bitcoin Reserve, suggesting that this could be a turning point for how the U.S. approaches cryptocurrency. In his view, the resulting regulatory clarity could lead to more global adoption and ultimately increase security across the sector. “I’ve seen this with my own eyes,” Amador stated, noting that European countries have already begun to “adopt crypto more aggressively” in response to such policies.

Despite the threats posed by hackers, Amador remains optimistic about the future of crypto security. He believes that as governments get more involved, the industry will see improvements in safety and a reduction in cybercrime.

ImmuneFi’s Role in Ensuring Security and Addressing Internal Controversies

ImmuneFi has positioned itself as a key player in the fight against DeFi security threats by hosting the world’s largest bug bounty contest. The company is offering up to $1.5 million in rewards for hackers who can find critical vulnerabilities in Ethereum, the blockchain that powers a large portion of DeFi platforms.

However, ImmuneFi is not without its own challenges. Recently, the company suspended the white-hat security firm Trust Security for 90 days due to allegations that Trust Security unfairly denied a bug bounty payment. Trust Security had discovered a critical vulnerability on a forked mainnet of an undisclosed project, which could have led to fund theft. When ImmuneFi offered a smaller payout, Trust Security rejected the offer, accusing the company of siding with the project behind the vulnerability.

The controversy underscores the tension in the bug bounty industry, where both ethical hackers and platforms like ImmuneFi must carefully balance fairness and integrity in assessing vulnerabilities. Trust Security, in turn, accused ImmuneFi of siding with a project that dismissed a critical vulnerability, which, according to the firm, could lead to disastrous consequences.

Key Points to Understand:

• Hackers are increasingly treating DeFi protocols as a full-time career.
• MEV bots and sophisticated attack techniques are on the rise.
• ImmuneFi’s bug bounty contest plays a significant role in improving crypto security.
• Political shifts, particularly in the U.S., may lead to clearer regulatory frameworks for crypto.

Looking Ahead: Will Regulation Be Enough?

The crypto industry, which thrives on decentralization, is grappling with the question of whether regulation will truly help or hinder innovation. While Amador is hopeful that more security measures will be adopted with government intervention, the balance between regulation and freedom in the crypto world remains a delicate one. Will tighter security measures make it harder for hackers to exploit vulnerabilities, or will it stifle the industry’s growth?

With hackers treating crypto like a career, it’s clear that the problem isn’t going away anytime soon. But whether or not regulation can keep up with the fast-paced world of DeFi remains to be seen.