It's Sleuths vs Hacks, With Billions on the Line

these kinds of attacks. So the people who know how to stop hacks from happening, who have specialist knowledge and understanding and expertise, they're really raking in the cash right now. Bloomberg reports Olga Karif, somebody is going through the code line by line, essentially checking for any bugs, and senior editor and Arera so you have then white hackers, which are the good guys who are trying to hack Um your project and obviously not steal the money, but just

to prove that there is a problem. Join me now

for more about these crypto sleuths. It's always such a pleasure to do these episodes because I feel, like you know, we've got like three different time zones happening at the same time, and folks, folks all around the world, which is, I think, an appropriate entry point for this episode because it covers, or will cover, crypto sleuths who are operating from all different corners of of countries and cities to try to stop hacks and scams and other bad things

from happening Algo. What was the origin of this story, like how did you kind of come across these folks and why are they gaining in Popu larity right now? Actually, it was Anna's idea. There we go. Might the question for her. I don't know. I love when like editors are coming up with stories. So yeah, so thank you, Olga. You could have just run with it. I would have

been fine. So I was actually interviewing. It was like maybe my first week here, and I was speaking to someone who just raised money for their new defied protocol and I asked what they were going to spend the money for and he said security, security, it's been so expensive and it's one of the people we quote, so the founder of Morphol Labs Um who said they spent so much money, who told me in a telegram message with many ohs. Yeah, that is the actual quoting stories

like us, Oh, while for emphasis. Yeah, so you know, he brought it up and so I thought that's really interesting. And he brought up the idea of auditors and I just found it was fascinating. You know that, that you need to have your code audited, especially so now with

so many hacks. And he brought up, you know, how they're different firms, different levels of quality, but that it is important to spend a lot of money, and I think he mentioned how much they'd spent in one and I thought, well, that's a lot of money to spend, especially if you're in a bear market and you might have less money. M So Olga. Why does crypto need

what it is? You know, it's such an interesting Um it's such an interesting situation in the crypto market where billions are invested into a slew of different APPS, uh, and in a lot of cases these APPs are not well protected at all. So billions is being lost and that, I think, is getting fixed now and that's why all of the security firms that Um Anna and I talked to are benefiting, because the industry is waking up to the need for greater security protections one of the biggest

crypto high to date. Hacker stole about six hundred million dollars from a blockchain system connected to the popular acts the Infinity Online game, and it's the Ronan Bridge. Uh, the blockchain that supports actually infinity says was hacked. The attack, many say, is shown what vulnerability these bridges provide because the rife with problems. The Computer Code, for instance, on the bridges, is not audited, and that's what security experts

say creates vulnerabilities. For years, probably since bitcoin was invented, there have been people who have been finding exploits and code vulnerabilities. What about two has meant that this much money is surging into these companies now the size of the hacks is becoming just amazingly large. So earlier this year, for instance, one of the bridge lost more than six hundred million dollars in a hack. And then somebody has to put this money back to to to give it

to users, hopefully. And what we found out as a result of a lot of this bridge hacks is that there are very sort of serious backers of this bridge. Is there are large financial companies that are now having to cough up this funds and they are the ones waking up to the need for greater security and they're the ones putting the bills for this losses. I think that's why the industry is starting to spend this money

on security. So when you talk about those sorts of, you know, well capitalized, well funded, traditional investors, an example is when jump crypto had to bail out wormhole, the bridge that lost, you know, more than three hundred million dollars. I'm sure it was a kind of a good sign of confidence to the the overall wormhole ecosystem and really said something about jumps willingness to, you know, support their

their portfolio companies, but a very expensive headache certainly. Why has it taken crypto so long, other than the financial incentives that you've described, to adopt this kind of philosophy shift? The CRYPTO INDUSTRY HAS UM essentially grown up with, you know, its its roots are, you know, a bunch of developers getting together in chat rooms and throwing some code together,

seeing how it works. It's a very sort of democratic, grassroots structure and it's this structure that essentially Um has impeded, uh, the the industry from implementing some of the basic measures that any sort of company implements automatically the security measures that are being implemented. They can run from something basics such as, you know, somebody is going through the code

line by line, essentially checking for any bugs Um. In addition to that, what a lot of the security companies are doing, they're also deploying software bots that's essentially monitor what's happening in the APP and already in the team working on the APP that say they got hacked, because what we saw earlier this year was that, you know, sometimes they would pass and the APP developers don't even

know that the APP got hacked. So we're talking about some very, very basic steps that are now increasingly being taken. You know, one aspect, I think, and it might be a skeptical in me, but part of it is also made because no one, because it's distributed, who's going to get in trouble if something goes wrong. So if no one's responsible, like no person, no entity necessarily, then you might have less of an incentive because you know, if

something goes wrong, well sorry. And also initially, you know, the sums at risk weren't that big, whereas now, and especially because some of these hacks happened during a rally. Everything gets multiplied by like like it's fifty higher. So you know, a hack now might be a lot less

lost than it would have been six months ago. So I think it's like, as the industry matures and more mature players step in, you have some of the requirements, or at least you know the investors that are coming in will expect some of the same standards they're used to in other sectors. Because, for example, you mentioned banks, right like if a bank gets hacked, even if it's they're just their website or something's down for three seconds, you know, imagine you are you aren't able to access

your bank account for five minutes. That's a huge deal and regulators will step in, or at least they'll want to know what's going on. They'll be like politicians talking about it like because obviously you expect to be able to access your money, whereas here I think the threshold and the standards have been lower. But slowly people are realizing that, you know, I need to be able to access it's my money and having low standard for it

doesn't it's not okay. Is there something cultural about this attitude of well, we're only going to take this seriously when you know billions of dollars or at play and we're going to have to hire in outside people, rather than this being something we can sort of solve as a community? I think crypto is also a bit individualistic

in my experience. I don't know if maybe I'm doing it a disservice, but I feel like there's a lot over the years with all the crashes that I've sort of covered, there's a lot of like well, they lost their money whatever, like nobody ever seems to be sad for people who have lost the money. It's like you weren't smart enough because you kept it on an exchange.

You weren't smart enough because you should have known. Like there's very much this sense of like, you know, it's like the wild west, still in the mentality you know, you should protect yourself, like very much a pioneer mentality, like if you lose your money, then it's your like it's your fault. So I think maybe there's more thinking about sort of the collective right now, like of an actual community, whereas before it's like it's been sort of well,

he lost like two million whatever. He should have known to keep it under his bed up. Next more from Bloomberg reports to Olga Karif and from Bloomberg senior editor Anna Arera on the growth of crypto security companies. We'll be right back. There is a degree of seriousness associated with I'm locked out of my money. It's not like twitters down disaster, a bunch of journalist are freaking out

about it. It's like you suddenly do not have access to your money, and I've always been struck by the not just the individuality that you describe on it, but also like the casualness right where people will be like, well, you know stuff and Crypto is not gonna work. Sometimes it's gonna go down. Buy orb aware that kind of thing.

But as the sums involved have gotten bigger and bigger, that's not something that an individual, whether dealing with a few hundred dollars worth of tokens or several thousand or more, depending on their individual wealth, like. That's not an argument that they're impressed by. I'm thinking about, you know, like the voyager and the Celsius withdrawal freezes and how, initially a lot of the response to that was well, like well, people should have known better than to put their money

in Crypto like what? What can you expect? You should accept this risk, and there's this kind of like cavaliernus about it as well, to your point about, you know, the pioneer. So what I wonder for Y'all is, when you talk to these security experts, when you talk to these folks that are being brought in to a culture that has not necessarily been welcoming of them before, how are they finding it right? Are they finding that people are going to listen to them, or they're taking their

code reviews seriously? Are they taking their device seriously, or is it more of an uphill battle? I think just the amount that they're getting paid, like they also had an example of bug bounties right like, which is a bit different, is when a project says we'll pay uh too. I don't remember. I think it was like six million or something less or higher than that they were going to pay to someone who would find a bug like openly.

So you have then white hackers, which are the good guys who are trying to hack Um your project and obviously not steal the money, but just to prove that there is a problem. So I think the fact that they're getting paid that much means that, you know, they are serious about it and more serious about it than before. There was a recent example, just in August, of a company that provides advice to an Ft. you know, folks do making N F T projects about how they should

structure their mints. Um, they're called rug pull finder and they, you know, they look at they look at different kinds of frauds and they didn't mint and got exploited and like no time flats there there was a technical exploit in the code and folks were like, uh, how did this happen? You'll are supposed to be experts, and they conceded that they did not in fact audit the code themselves or use a third party. Now, first of all,

dramatic irony. Second of all, it does seem like even people who are preaching, you know, the benefits of like take more steps, be more thoughtful or not themselves always following this advice. What is it really going to take for these kinds of services to be one, you know, kind of brought in house, but to just like listened to,

whether they're in house or Third Party Craig lators? I think it's a standard answer, like, you know, the only one of the few things I remember from my many years to get a lot of degree is that no one does anything unless there's you're they're forced to by enforcement, you know, or like you get punished for doing it. Like you're not going to do something that's not in your best economic interest unless you know you have to, because it's not something you'll do out of the goodness

of your heart. Again, maybe that's a skeptic in me, but but I feel like once regulators will be like, okay, so you big fund want to put money in this project. What is its security? What are the like? What's happening with the custody? Where the keys? where? What's you know, who's audited, the code and all that. Until that happens, then you know you can sort of make it secure because you care about it, but maybe they'll still be shortcuts you might take at one point or another. Thank you, Olga,

and thank you Anna. You can find more of Ogan and Anna's reporting on the Bloomberg terminal on Bloomberg Dot Com or follow them on twitter. Olga is at Olga Karif that's O L G A K H A R I F and Anna is at Anna Arera. That's a N N A I R R B R a on the next episode of Bloomberg Crypto. CRYPTO minors who set up shop in Sweden and Norway are finding that they are needing to move even further nor into the Arctic.

Soaring power prices in Europe as a result of drought, political considerations like Russia's invasion of Ukraine and generally rising inflation have meant that that combination of abundant energy that's also low cost is getting harder and harder to find. This is Bloomberg Crypto, a daily podcast from Bloomberg and I heart radio. For more shows from I heart radio, visit the I heart radio APP, apple podcasts or wherever

you get your podcasts. Send US your comments, questions or suggestions for the show to Crypto at Bloomberg Dot net or find us on twitter. We're at CRYPTO. The supervising producer of Bloomberg Crypto is Vicky Verglina. Our senior producer is Janet Babin. Our producer is Mohammed Farouk. Associate producer is Moses on them Desta wonder at is our engineer. Original Music by Leo Sidron. I'm Stacy Maria Schmal. We'll be back tomorrow. The stout that at the