Are smart contract exploits more ethical than hacking?

There has been a lot of talk about the recent “hacks” in the DeFi realm, particularly in the case of Harvest and Pickle Finance. That talk is more than necessary, considering hackers stole more than $100 million from DeFi projects in 2020, accounting for 50 percent of all hacks this year, according to a CipherTrace report. Some point out that the occurrences were merely exploits that shone light on the vulnerabilities of the respective smart contracts. The thieves didn’t really break into anything, they just happened to casually walk through the unlocked back door. By this logic, since the hackers exploited flaws without actually hacking in the traditional sense, the act of exploiting is ethically more justifiable.

But is it?

The differences between an exploit and a hack

An exploit is the specially crafted code adversaries use to take advantage of a certain vulnerability and compromise a resource.

Even mentioning the word “hack” in reference to blockchain might baffle an industry outsider less familiar with the technology, because security is one of the centerpieces of distributed ledger technology’s mainstream appeal. It’s true blockchain is an inherently secure medium of exchanging information, but nothing is totally unhackable. There are certain situations in which hackers can gain unauthorized access to blockchains. These scenarios include:

  • 51-percent attacks: Such hacks occur when one or more hackers gain control over half of the computing power. It’s a very difficult feat for a hacker to achieve, but it does happen. Most recently in September, Ethereum Classic faced three successful 51-percent attacks in the span of a month.
  • Creation errors: When security glitches or errors go overlooked during creation of the smart contract. These scenarios present loopholes in the most potent sense of the term.
  • Insufficient security: When hacks are done through gaining undue access to a blockchain with weak security practices, is it really as bad if the door was left wide open?

Are exploits more ethically justifiable than hacks?

Then there are cases such as cryptojacking, which is a form of cyberattack in which a hacker hijacks a target’s processing power to mine cryptocurrency on the hacker’s behalf. Cryptojacking can be malicious, or non malicious.

It may be safest to say that exploits are far from ethical, and they only get a point for being less disastrous than their counterpart. They are also entirely avoidable. In the early stages of the smart-contract creation process, it’s important to follow the strictest standards and best practices of blockchain development. These standards are set to prevent vulnerabilities, and ignoring them can lead to unexpected effects. There are many ways in which smart contracts can be exploited. It’s vital for teams to fully understand each attack vector and vulnerability before building. It is also vital for teams to have intensive testing on a testnet. Smart contract audits can also be an effective way to detect vulnerabilities, though there are many audit companies that issue audits for little money. The best approach would be for companies to get several audits from different companies.

By: Pawel Stopczynski, R&D Director of VAIOT

VAIOT is combining AI & Blockchain to develop IVAs – Intelligent Virtual Assistants, for both consumers and businesses.