Introduction:
1、‘SEAL 911’ team of white hats formed to fight crypto hacks in real time
‘SEAL 911’ team of white hats formed to fight crypto hacks in real time ♂
It started with the chaotic $190 million Nomad hack in August 2022. An exploit, or flaw in the code, was found for the bridge, and a colossal crowd of criminals rushed in to loot the funds.
In its analysis of the exploit, Immunifi said one problem was: “Staying true to DeFi Principles, this hack was permissionless — anyone could join in.”
Plenty of white hat hackers wanted to help but were forced to watch from the sidelines due to the legal risks of pitching in.
Looking back in February, famed white hat hacker Samczsun said the security community had wondered afterward, “How did we get to a point where random people felt comfortable stealing money from the bridge, but white hats felt it was too risky to intervene.”
Something needed to be done. Samczsun, who is also Paradigm’s head of security, decided that for future hacks, the SEAL911 bat signal could be shone into the metaphorical night so white hats could help combat hacks. But first, the legal issues needed to be sorted out.
The idea for the Security Alliance (SEAL) emerged with the project officially launching February 14. SEAL 911 is a hot desk on the Telegram messaging service where a crack team of around 40 white hat hackers can pick up reports of hacks in progress and assist in real time.
Samczsun calls it a “firefighting helicopter” that will “show the world that crypto as an industry is taking security seriously.”
“The idea is that if someone finds a critical bug but doesn’t know who to talk to in the project team […] that’s one of the things SEAL911 can help with. Then we can also help respond to the hack, obviously.”
But the huge number of hacks happening every day is a massive job for a few dozen hackers, no matter how good.
“It’s super ambitious, part of it is that, for now, the volume is manageable. We want to serve all of crypto. We may split into teams, but for now, the teams are small because we are dealing with very sensitive information.”
Apart from white hats, there are auditors, bug bounty program coordinators and investigative sleuths. Ethereum creator Vitalik Buterin was the first donor, donating 250 ETH to kick things off, and various Web2 and Web3 companies, along with VCs, have also chipped in funding.
The emergency hotline is just one of three distinct initiatives from SEAL to try and help the crypto industry with these ongoing issues. It also conducts Wargames to develop strategies to deal with simulated attacks and came up with a Safe Harbor Legal Agreement for white hats, designed to protect the good guys from liability if things get hairy when trying to help patch an imminent or ongoing criminal hack. Until now, getting into legal trouble despite trying to help has been a constant concern
Protocols sign up, let the white hats know which address to redirect the stolen funds to, and what kind of bounty they’ll receive.
The prototype for SEAL began in 2022 with a few volunteers and its first reported rescue happened in September 2023, as affiliated white hats volunteered to stop a thief mid-hack of a vulnerable smart contract at dice9win and saved $200,000. Now the organization’s remit has grown.
Samczsun is the poster boy for crypto in many ways. He is a firm believer in decentralization and is pseudo-anonymous. When he assists the FBI or other law enforcement agencies, it is always behind his anime avatar using a voice modifier. When I ask to record our interview, we have to pause for him to set up the voice modifier.
A very well-known personality in crypto, he chose to parlay his influencer status into creating SEAL.
“Objectively, SEAL is built on my reputation as a successful white hat,” he says.
Which begs the question: As a sh*t hot hacker, why not just steal the money yourself?
“I do get that a lot. The easiest way to put it is I’ve seen what it looks like for someone to be victimized by a hack. I’ve seen people fall victim to spy contract hacks, I’ve seen people fall victim to individual hacks. It sucks, it’s devastating to hear them talk about how they lost their life savings or the little amount of money they saved up trying to build a better future for their kids. I can’t do that. I can’t cause that much suffering to so many people.”
He seems pretty genuine. When we speak, the first thing he says is: “By the way, you know you have an impersonator on Twitter (X)?”
I have since discovered it’s quite hard to remove an impersonator on X.
Support pouring in from the crypto community and more than 75 collaborating organizations has helped give SEAL credibility and clout.
Buterin’s 250 ETH donation was followed by funds from the Ethereum Foundation, a16z crypto, Framework, Dragonfly, Filecoin Foundation, Electric Capital and Paradigm. There was also support from independent crypto participants who have benefited from more secure protocols and DApps.
SEAL is a legally registered 501c3 in the U.S. and has a leadership team and an independent board of directors. The idea is to build an organization that can continue on without Samczsun if necessary.
For SEAL to succeed, Samczsun explains it needed to solve the problem of legal liability for rescues gone wrong.
So, SEAL came up with the crypto equivalent of Good Samaritan laws — the laws that provide legal protection so that people who give the Heimlich maneuver to a choking person don’t get sued if they accidentally break some ribs.
The open and transparent nature of blockchain means that it’s usually pretty obvious when a hack is occurring, meaning that white hats can front-run the hack and return the funds to their rightful owners.
“If white hats can find out about these hacks as they are being executed, why are we not giving them the ability to jump in and do something about it?”
In mid-February, SEAL released the Safe Harbor Agreement (SHA) for comment. It aims to protect white hat hackers from unfair persecution and provide legal clarity around their actions should they intervene in a hack. The agreement is between the protocol being hacked and the white hat rescue and gives them a safe harbor to jump in and attempt to re-direct funds to a safe recovery address instead of the attacker’s wallet address.
“The LexPunk army” — an activist group of crypto native lawyers led by Gabe Shapiro — played a critical role in drafting the agreement. LexPunk contributor “Charm,” who managed SHA to completion, says it was important to come up with a crypto-specific agreement because “legal systems don’t handle novelty well.”
Many computer protection laws in the U.S. hark back to the Reagan administration and hacking cases from the 1980s. The agreement “relies on a very broad concept of permissions that can be granted by all involved parties. But defining that access for funds and smart contract code was really difficult.”
For white hats, the sticking point in negotiating the agreement was: should there be a discrete categorical list of actions that white hats should be allowed to take?
In the end, the Safe Harbor Agreement effectively became “an open-ended list,” Charm tells Magazine.
The agreement contemplates endless scenarios and offers ways for white hat hackers to access funds using a discreet list of actions they can take. There’s a whole section of separate terms of engagement for bots that can front-run hacks.
It was a comprehensive attempt to close off every single legal issue, shepherded through multiple rounds of review.
Charm acknowledges the criticisms of SEAL’s ability to scale up to handle the sheer number of hacks but says the SHA is a toolkit and best practice guide for every white hat on the internet, in or outside of SEAL.
Miles Jennings, general counsel at a16z crypto, says the genius of the document is that it could actually work. “It’s noteworthy in trying to solve an incredibly complex problem. And one where if you don’t solve the problem, you make it worse.”
The need for SEAL crystallized for Jennings during the Nomad hack when he blocked a16z’s security team from stepping in.
“I basically had to be the bad guy by saying ‘no, we can’t take on that risk,’ you weren’t legally authorized to engage in that activity, so potential criminal liability comes with it. Maybe there were funds we could’ve recovered, but I wouldn’t allow us to take on that risk.”
He says SHA is clear on “what types of hacks and white hat activity to allow versus not allow” and includes a list in especially clear and understandable language for white hats.
But he admits it ultimately comes down to whether parties adopt it and use it in good faith.
“It’s all fairly complex, layers on top of a risk, success is by no means guaranteed, but it’s still the most significant move in terms of white hats providing defense for the whole increasingly complex ecosystem.”
The protocols are getting bigger, the equations are getting longer, and the hacks are evolving in step. Precise hacks like the Kyber hack of November 2023 are based on specific math that only occurs in very specific conditions, explains Samczsun.
Hire a Social Media Hacker ♂
RULES AND PROCEDURES:
1 .- Requirement:
To get a Social Media Accounts password you must know what is the email address which is associated to the desired Social account.
a. When we say the associated email address, we don’t mean the @facebook or other social address which is automatically generated with all accounts. We mean the email address used to register the account.
Social Media Hacking
b. If you know about an email address but you are not sure if it is associated to the Facebook account or not, you can GOOGLE about how to check if is associated.
c. If you don’t know what is the email address and there is no way to find it out, in this case the price will be $400, since this it will be a more complex and expensive service.
2. Safety: We will get both passwords: from the social account and from its associated email address. So our service includes 2 passwords.
You may not be interested on the associated email address password, maybe you only want the social account password, but you need it mandatorily, because any social network has a safety technique for devices recognition.
A device is a PC, smartphone, tablet, etc… which is used to logging in to a Facebook account. When a new device is detected, a device never used before, the social network(As example: Facebook ) will send a warning message to the associated email address. This is the reason because you need it.
Because when the warning message arrives (It will be immediately when the new device is detected), you must delete it to avoid to leave traces from your access and to be discovered by the owner.
3. The price for both passwords (Facebook + Email) instagram, twitter and other social media accounts is 250 DOLLARS (USD).
a. If the associated email is corporative (@corporative.com) then the price is 350 dollars.
4. If you order more than one account, you must pay all at once. If you want to order more than one, but pay one by one, you must order in this same way, and you can’t apply for the discount above. Social Media Accounts
5. Payment must be sent through Bitcoin or Monero. – no other payment method. Please understand and don’t insist. Social Media Accounts
6. Both passwords will be the original the same that are being used right now. Nothing will be changed. a. Our service is 100% safe and discreet, and the real owner will never suspect anything. Effectiveness is also 100%. There is no option to fail. Hacking ethical
7. Both passwords will be the original the same that are being used right now. Nothing will be changed. a. Our service is 100% safe and discreet, and the real owner will never suspect anything. Effectiveness is also 100%. There is no option to fail. Social Media Accounts
Facebook password hack service
8. We accept intermediaries. It means that if you want to be an intermediary between us and another person, it is possible; however, you must understand that our treat is with you, and even if you are just an intermediary, you are the only responsible to fulfill all Rules and Procedures, and to pay for our service. If you don’t want to be absolutely responsible, just don’t accept to be intermediary.
9. Once you place an order, we don’t accept any modification or cancellation. If you are not sure about our service, DO NOT order anything yet. Social Media Accounts
a. Be carefully at the moment to send us the target account. If you send an incorrect account, you must also pay, because the mistake will have been yours.
Snapchat password hackers
10. By hiring our service you will get a free 30-days warranty. It means that if the password is changed in that time frame since the moment you receive it, we will get it again for free. a. If you want, it is possible extend the warranty time for 10 dollars per each 30 extra days.
11. Our Rules and Procedures are not flexible If you want to place an order with us, you must accept all without modify, add, or remove anything.
a. Remember that you are not committed with us yet, but if you place an order, we will have a contract, and you must fulfill it mandatorily.
Social media hackers for hire
Not to read or misunderstand the rules is not justification for not fulfill them. Social Media Accounts
HOW TO PLACE AN ORDER?
Have you read our Rules and Procedures? Do you accept it at all? If yes, you can do this as follows:
By sending a message to our email address: and telling us you have read the Rules and Procedures through our website and also sending the target email address to order..
If so, you may need to hire a hacker for social media spying. Hackers can help you gain access to all sorts of information from social media accounts, including passwords, posts, and followers. So if you’re ready to get the inside scoop on your competition or just want to keep tabs on your own social media presence, be sure to hire a hacker today. Social Media Hacking
Our services are not limited to hiring hackers for your account retrievals. If you lose your account don’t worry we are here. You can hire a hacker online and your account will be recovered with complete data. We provide the recovery of your social media account within 24 hours.
We can provide Hacking Services of Social media Applications like Facebook, Whatsapp,Instagram, Snapchat,Telegram,Twitter, Etc. We can monitor anonymously / Camouflaged without alerting your Target.
Hire a hacker for a Facebook hack such as password, shut down account delete Facebook comment and more
We have a special FB hacking team that is dedicated to Facebook hacking only. We need a victim profile URL to get started, and we will complete the order within a few hours or 1 Day.
Hire a hacker for WhatsApp account hack such as retrieving deleted history, restore previous chat and videos.
Hire a Social Media Hacker. Social media hackers know the techniques to make people aware of the security of their valuable information. Evolution Hackers comes with vast knowledge about the hacking world and help you with reliable services in no time. We have a team that comprises of knowledgeable hackers that is built to serve all your hacking purposes.
You can hire a hacker online and your account will be recovered with complete data. We provide the recovery of your social media account within 24 hours. Hire A Hacker For Improve Online Reputation We can correct the error in the online credit reports. No need to Contact creditors that are harassing you for inaccurate late payments.
评论已关闭