Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

Legal Defense Fund Covers Crypto Research

The nonprofit Security Alliance is providing funds to protect security researchers who illegally access crypto assets with the aim of improving security.

Edge Editors, Dark Reading

June 21, 2024

1 Min Read
Woman in a white hat holds a magnifying glass and looks at bitcoin
Source: Nazarii Karkhut via Alamy Stock Photo

Thieves have stolen cryptocurrency worth billions of dollars from cryptocurrency exchanges and wallets. As security researchers probe the defenses of cryptocurrency platforms, an industry group is partnering with the Security Research Legal Defense Fund to ensure that these researchers are protected from legal threats.

In February, platforms including the Ethereum and Filecoin foundations; crypto-focused venture funds, like Paradigm and a16z crypto; and others — which have been battered by successive years with multibillion-dollar heists — formed the nonprofit Security Alliance to address the specific security needs of their industry. The group has launched various initiatives to improve companies' resilience, such as the emergency response bot Seal 911, the Security Alliance Information Sharing and Analysis Center, and now the Whitehat Legal Defense Fund.

Researchers who follow the principles of the Whitehat Safe Harbor Agreement and face legal expenses incurred by their actions can apply to the Security Research Legal Defense Fund (SRLDF) for money earmarked by crypto donors. To be eligible, the researcher must show financial need, have hacked in good faith for the purposes of vulnerability disclosure, and aimed to avoid harm to the public with the goal of improving the security of computers or software. The SRLDF board must approve any funding decisions.

While discerning the difference between good-faith and bad-faith efforts might, in theory, seem difficult, in practice bad-faith actors tend to make themselves clear. Earlier this week, for example, the Kraken crypto-trading platform alleged that a security researcher found a security flaw and filed for a bug bounty, but also refused to return funds stolen as part of testing the concept. That application for legal funding would probably not fare well.

About the Author(s)

Edge Editors

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights