Guardians of the Blockchain: Security Alliance's White Hat Heroes

Security Alliance helps white hat hackers recover stolen funds through the Whitehat Safe Harbor Agreement that provides legal cover for ethical hacking.

The crypto community has welcomed the inception of Security Alliance, a nonprofit aimed at enhancing blockchain safety by supporting white hat hackers in recovering stolen funds. The alliance introduces a hotline, "war games" for developers, and the Whitehat Safe Harbor Agreement to provide legal cover for ethical hacking. This initiative is backed by some big names in the industry like the Ethereum Foundation and Vitalik Buterin, and has raised over $1 million to combat the increasing crypto-related hacks and scams.

The crypto sector is unfortunately still facing sophisticated scams, including those exploiting online dating and deceptive ENS domains.

Security Alliance: A New Beacon for Blockchain Safety

The crypto community is celebrating the launch of Security Alliance, a new nonprofit organization based in the United States dedicated to supporting "white hat" hackers who specialize in recovering funds from exploiters. This initiative, led by the pseudonymous samczsun, head of security at crypto venture capital firm Paradigm, aims to boost blockchain security efforts.

Security Alliance, which was unveiled on Feb. 14, is spearheading three major projects to better crypto security. These include a hotline for immediate security assistance, a "war games" component designed to prep developers for potential security threats, and the Whitehat Safe Harbor Agreement. This agreement provides legal safeguards and incentives for white hat hackers engaged in fund recovery operations, under the condition of lawful, competent, and good-faith action.

The formation of Security Alliance was inspired by the Nomad hack in August of 2022, where the lack of a legal framework for white hat hackers to operate effectively was keenly felt. The new organization wants to fill this gap by offering a structured legal framework to encourage more white hat interventions in hack and scam situations.

Despite the secrecy surrounding its members' identities, with samczsun being the only individual explicitly mentioned, the group boasts over 50 donors and partners. Some of the notable supporters include the Ethereum Foundation, Vitalik Buterin, a16zcrypto, Paradigm, Electric Capital, and Coinbase. The project also has huge financial backing of over $1 million, with Buterin himself contributing half of this amount.

This initiative can not come at a better time as $2.61 billion got lost to hacks and scams in 2023, with only a fraction of these funds being recovered.

The High Cost of Looking for Love Online

Those looking for love online might be the most grateful for Security Alliance's new initiative. Valentine's Day, while a celebration of love and romance, also serves as a sad reminder of the potential dangers lurking in the digital world of online dating.

With the online dating industry projected to generate $3.1 billion in revenue in 2024, the landscape is ripe for scams. A recent report from Binance's security and compliance department also highlighted the growing concern over romance scams. Data from Norton’s 2023 Cyber Safety Insights report reveals that 1 in 4 adults globally has fallen victim to online dating or romance scams.

The trend has seen a big rise in the United States, where the Federal Trade Commission reported a jump from 11,235 complaints in 2016 to approximately 70,000 in 2022, with losses amounting to around $1.3 billion. Despite cash being the primary medium for global money laundering, crypto payments have sadly emerged as a primary channel for romance scam losses, accounting for 34% of reported cases. Binance's own data from 2023 estimates that romance scams constituted 2% of total reported cases, translating to an average loss of $14,000 per victim.

These scams often involve manipulative tactics that exploit trust and fabricate emotional connections, according to Tigran Gambaryan, Binance's head of financial crime compliance. Drawing from his experience as a former U.S. IRS investigator, Gambaryan notes the similarities between romance scammers and financial fraudsters in their methods of deception.

Evidence from Binance's investigations revealed a user who lost $100,000 to a scammer met on Tinder and another who sent $500,000 in cryptocurrencies to a scammer posing as a crypto trader on a social media platform.

Pig-butchering," a term used to describe a scam where trust is built over time to eventually scam the victim, is also on the rise. Research from Sophos in January of 2024 indicates that this form of online fraud, particularly involving fraudulent cryptocurrency-related investment schemes, is one of the fastest-growing segments. Scammers are increasingly leveraging DeFi decentralized applications and protocols, which allow them to bypass traditional hurdles by simply having victims connect their Web3 wallets to malicious contracts, resulting in massive financial losses.

Beware: Sophisticated ENS Scam

Just yesterday, Hayden Adams, the creator of the decentralized exchange (DEX) Uniswap, pointed out a very sophisticated scam exploiting the Ethereum Name Service (ENS) domains. On Feb. 14, Adams took to X to share a warning about scammers who have impersonated his Ethereum wallet by registering his wallet address as an ENS domain with a .eth extension. This allows the scammer's ENS domain to appear as a top search result when Adams's wallet address is entered into certain user interfaces, potentially leading to digital asset senders mistakenly transferring crypto to the scammer's address instead of the intended person.

To combat this, he has called on user interfaces to implement filters that would prevent misleading addresses like this from appearing and thus safeguard users from these fraudulent activities.

The scam is not entirely novel, according to Taylor Monahan, the founder of Ethereum wallet manager MyCrypto. Monahan recounted how a similar scam targeted the early users of the MyEtherWallet service, leading to disruptions in registrations and resolutions for names starting with “0x.”

Adding to the conversation, ENS founder and lead developer Nick Johnson advised against the auto-completion of names in user interfaces, calling it "far too dangerous." Johnson pointed out that ENS's user experience guidelines specifically advise against this to minimize the risk of scams.

The scam involving Adams's impersonation is part of a broader pattern of fraudulent activities targeting the crypto sector. In January, crypto investors were bombarded with emails from people posing as prominent Web3 companies, promoting fake airdrops. This phishing scheme was traced back to a security breach at the email marketing firm MailerLite, where hackers used a social engineering attack to access Web3 accounts. The phishing attack was financially damaging, with the scammer's wallet reportedly receiving inflows amounting to approximately $3.3 million since the campaign started.