In 2022, crypto media have been overloaded with articles about hacks, scams, and other fraudulent incidents costing investors their money. Readers may even falsely believe that the risk of losing money due to scams is a distinctive feature of crypto assets and they have no other choice but agree with the current status quo.
Generally, it is a false belief.
Today, communities start playing a primary role in project development and influencing managerial decisions. The same applies to cybersecurity and the cooperation between ethical crypto communities and security auditors is an effective way for the industry to deal with scammers and fraudsters in crypto.
To clearly see the power of ethical communities in crypto, let’s consider the following 2 cases - The Ugly and The Good (one of them is the real incident).
Case 1. The Ugly: Warnings are not enough and Scammers are not afraid of luring users.
In November 2022, the owners of Safuu Protocol made a rug pull worth $6M. However, this incident was not a surprise for the crypto community and the sum of losses would have been much greater without the involvement of the ethical crypto community.
Far before the incident took place, CoinCodeCap published an article revealing the suspicious nature of the Safuu Protocol. The article contained the investigation carried out by Certik Alert revealing that the project owner could swap all $SAFUU in this contract for BNB and move these assets to the treasury address. The shocking fact was that the owner could, at any time, change the liquidity receiver, treasury receiver, and $SAFUU insurance fund receiver addresses. As such, the owner had almost complete control over the token supply. Also, the team used to have previous affiliations with high-risk projects such as Clever DeFi and Tagz Exchange. As a result, Certik delisted $SAFUU Protocol due to high-risk indicators.
Prior to Certik’s alert, there was a warning investigation about $SAFUU conducted by independent researcher HackLaddy and published on Medium on 11 March 2022 (rug pull took place only 8 months later!). The specialists analyzed $SAFUU’s crazy yield scheme offering users >383,000% fixed APY. At the same time, SAFUU imposed both buy and sell trading fees of 14% and 16% respectively thereby affecting users’ readiness to sell their assets. Even with such high taxes, there was not enough capital to cover the crazy APY while keeping token prices at a high level. SAFUU’s mechanism had no other final destination than reaching 0 price level.
If this shocking investigation had been open to the public long before the rug pull took place, then how did scammers steal such a great amount of money? The answer is hidden in the figures, namely, audience figures. The Certik Alert resource is followed by just 27K users while the CoinCodeCap has an even smaller audience of around 4K users. HackLaddy had only 545 followers.
As we can see, even the numerous investigations conducted by the ethical crypto community have not forced SAFUU’s team to follow an ethical path. The team was not afraid of becoming engaged in a rug pull which was probably their primary objective. The power of the ethical crypto community, in this case, was not big enough to protect users from losing $6M.
How could the crypto community prevent the incident?
First of all, the media coverage of these investigations was not broad enough to reach the majority of SAFUU’s investors. Second, the findings were not integrated into any popular crypto-scoring databases. As a result, $SAFUU was an obvious scam but almost no one knew about it.
Case 2. The Good: public goods communities as effective contributors to crypto security
Now imagine the opposite situation (not a real story). There is a project, let’s call it, CrypSecCool. This project is led by young leaders. They have developed a breakthrough concept integrating attractive profit-making features for users. The project’s co-founder John and two of his teammates have some expertise in crypto and have written, as they suggest, working tokenomics.
Before launching their product, the team shares its details and underlying tokenomics with the community as well as invites independent researchers to look for possible issues. In a few days the team gets the following feedback from a group of ethical researchers called MakeCryptoSafe bros:
the proposed farming APY of 40% is too high and may lead to token price depreciation under the current token supply scheme. The team should consider lowering farming APY to <30%;
the 15-months lock-up period for early investors should be modified by setting different distribution schedules ranging between 9 and 18 months for investors depending on the volume of investments. The higher the volume of invested assets, the longer the lock-up period. As a result, the project would prevent a too large token volume accumulation thereby limiting possible selling pressure;
The founder of the partner project has been previously involved in a few rug pulls. This fact may heavily affect the reputation of the project and, thus, CryptoSecCool should consider terminating cooperation with this suspicious initiative.
The team has reviewed and agreed with the received feedback. The introduction of proposed changes has allowed the project to prevent serious critics from the side of external experts and competitors.
As we can see from case #2, cooperation with a public goods crypto security community is highly beneficial for projects and leads to the resolution of major issues affecting new and growing projects.
Good public communities vs crypto bad guys
The ongoing crypto winter has marked the clear divide between healthy and ugly crypto worlds. On the one hand, we have product-oriented communities for whom the future of technology lies in Web 3.0. At the same time, there are a myriad of bad groups for whom speculative profits are much more important compared to industry growth.
Today cybersec projects, let’s call them sheriffs, cannot defeat all these bad guys without industry support. And there is no doubt that the powerful support will come from the public goods communities, the groups uniting crypto and security enthusiasts who believe in the future of Web 3.0 and would like to stand at the forefront of revolutionary security changes.
The real power of public goods communities
Apart from information gathering, the other big role of public goods communities is active dissemination of findings with a broad crypto audience. Researches have no value unless they reach end users.
By drawing industry attention to bad guys, public goods communities will leave them no other choice but to leave the market.
Will public goods communities be able to cover the whole crypto industry?
Yes, they should and they can do it. For example, the cryptocurrency security rating CER 2.0 covers more than 1,500 digital assets. And the input data for this rating were collected by the Hacken community of cybersecurity enthusiasts. The speed of data collection and high quality of findings have revealed the value of the use of public goods communities for cybersecurity. And, when coordinated by seasoned industry players, these communities can turn previously unbelievable industry ideas into reality. That is why the Hacken community is now undergoing an ambitious transformation – it is becoming the public goods community building Web 3.0 trust with its army – the TRUST ARMY.
Public goods communities will have enough power to shape the future of crypto security and as such, they should focus on educating users about the foundations of crypto security.
As a result, stories like case #2 will become mainstream in crypto. And we can leave ugly cases like case #1 in the past.
As a result, stories like case #2 will become mainstream in crypto. And we can leave ugly cases like case #1 in the past.
Conclusion
Crypto projects should prioritize building strong ties with ethical communities. In return, auditors should strive to act as coordinators for these big armies of researchers. The findings made by public goods security communities will make crypto free of shocking scam cases affecting thousands of users worldwide.
Disclaimer: the author may have worked or been working with mentioned companies and/or advised them in the past.