Is all crypto theft bad?

Like many my age I grew up watching the golden age of westerns.

In many movies today you’re not sure who is good and bad, and often no one is completely one or the other. But in many of those classic early movies you could always tell the bad guys from the good guys by the colour of their hat. This is especially prevalent in the 20s, 30s and 40s before colour film was widespread.

The Great Train Robbery was the first, and then Roy Rogers immortalised the white hat good guy catching the greedy black hat bad guy.

Today, many see the decentralised finance (DeFi) world built on crypto technology to be a bit like the gold rushes of the American Wild West.

Many see their friends or read the news about “quick wins” and easy money that seems to be waiting for you under every rock. Likewise, the laws and regulations were few out in the Wild West and obeyed even less; and the Sheriff was nowhere to be seen. Those looking to build a future homestead are risking it all in the new world for a better future, fighting for territory against the challenge of the unknown.

Then there are the bad guys; the rustlers, the stagecoach robbers, the big ranchers dominating resources, the gunslingers and the conmen. These ‘baddies’ exist in the DeFi ecosystem too. There are hackers, rugpullers, the crypto wales swallowing little guys, the get rich quick ‘snake oil’ salesman, the scammers and launderers.

And like San Francisco in 1849, the amount of money at stake is growing fast which attracts characters of every kind.

How bad is it in the Crypto Scam World?

According to the team running the blockchain analysis tool Chainalysis, that Rexxfield uses in our Crypto Scam Investigations:

  • Over 3.7m different wallet addresses were used in 2021 for illicit crypto receipts
  • Receiving over USD$4.6 Billion in illegally acquired crypto
  • But, 54% of these funds were received by just 0.015% of those addresses
  • Altcoins are used far more extensively than Bitcoin, and
  • Overall money laundering using crypto is growing fast and has exceeded USD$33Billion since 2017 (but that is still a very tiny amount compared to the $800 Billion to $2 Trillion estimated to flow through fiat).

Editor’s note: It is widely reported in the media that the widespread use of crypto by criminals is a major reason why it should be ‘banned’ or regulated more. But that’s a false flag, because level one crypto protocols are public ledgers ( as is Bitcoin ) which means every transaction ever conducted in Bitcoin is public and unchangeable on the blockchain ledger. This means that not only is a criminal transaction visible, but transaction links to all other previous and future onchain criminal activity and their wallets are also visible. This means that once a perpetrator is identified, his or her whole network is vulnerable. The wallet owner is anonymous, but overtime one mistake can lead to them being identified and caught. So it’s super risky to incorporate Bitcoin wallets into your criminal activity. By far and away, the anonymity of cash and precious metals (i.e. gold) and stones make for far more anonymous means of criminal exchange.

While the scale of illegal activity in crypto pales in comparison to fiat, it is growing at a rapid rate and it has very significant implications and effects on the ecosystem, users and the paths chosen by players in the system, such as protocol founders, DApp developers and government regulators.

Here is where we get to the topic of heated disagreement within the industry.

Is crypto crime sometimes good?

To address this, we need to draw a distinction, and for the sake of time we can only address one type of crypto crime.

A non exhaustive list of crypto crime includes:

  1. Protocol hacking: exploiting vulnerabilities in systems and software (eg exploitation of a loophole in the Wormhole protocol costing $300million)
  2. Stealing identity/ security credentials: Similar to protocol hacking, thieves can find ways to get into a crypto Exchange or your wallet where your crypto credentials are stored. Once they gain access, they will change credentials and syphon away your funds while you watch it go.
  3. Rugpulls: A ‘RugPull’ is a colloquial term that refers to running a fund-raise of some kind and running off with the money – ergo, pulling the rug out from under the investor’s feet. (see recent example where Youtuber Ice Poseidon ‘pumped and dumped’ $750 million).
  4. Scamming: Scamming can take many forms, but it is generally about some form of deception of the user into handing over sensitive financial information such as private keys or passwords. (eg a fake trading platform was used to con a person out of $323k in crypto. Fortunately, this case was quickly solved and the funds were sucessfully frozen by the Rexxfield cyber crime group).
    • Ponzi schemes are another form of scam, where money flows are like a game of musical chairs. When the music stops, those who haven’t withdrawn their funds in time are left with nothing.
    • Social Engineering scams manipulate victims into human error to gain private information, access, or valuables through exposing data, spreading malware infections, or giving access to restricted systems.
  5. Laundering: Proceeds from illegal activities on or off chain are ‘washed’ through crypto to hide, move and distribute funds.
  6. Extortion: threatening harm with some type of leverage over you in return for payment. This can be in fiat, crypto or some other form of value and can involve threats of physical or reputational or social harm.

Here we only have time to really address (1) Hacking – the infiltration of a system, security, protocol through a backdoor to gain uninvited access to steal funds.

We will call this “cryptocurrency-native” crime because it doesn’t involve crime off chain.

The Cowboy Hats

This is where the colour of the cowboy hats comes back.

I’ll use a definition I got from Anym on Youtube.

A White Hat Hacker = solely legal hacking, and doesn’t use illegal techniques. Usually eventually returns most of what they steal.

A Grey Hat Hacker = uses legal hacking, but will use illegal methods if necessary.

A Black Hat Hacker = just hack whoever they want. 99% of the time without permission or with any thought to the law. Generally keeps most of what they steal.

The Poly Network Whitehat Hack

The biggest single hack to date was on 10 August 2021, when $612 million was stolen from the cross-chain protocol Poly Network. A hack this size attracted attention from world media including the BBC, CNN and CNBC.

But the hacker got back in touch and said they would return the funds.

So why did the hacker Mr White Hat (yes, that’s his online name) do it if they didn’t intend to keep the funds?

Well, supposedly to highlight that vulnerabilities existed, and arguably for other intangible reasons, such as reputation building, ego or simply ‘because they could’.

The size and nature of this hack was a very big deal and sent shock waves through the DeFi world.

But Poly Network reported that by the 23rd of August, the hacker released the private keys and the money was returned.

The Liquid Black Hat Hack

Contrast this with a ‘black hat’ hack on 19 August 2021 when Japanese cryptocurrency exchange Liquid lost $80 million to a black hat hacker. But in this case there were no negotiations and no money was returned.

By the way, what was it with August? Was there a particular hacking-friendly moon up that month?

The Benefits of Being Hacked

The augment goes that Poly Network were lucky they were hacked by a white hat hacker rather than by a black hat.

Lucky, because they got the funds back and also were shown where a critical vulnerability existed so it could be closed before a black hat hacker did more serious and permanent damage.

If the money was returned, was this like getting a free code audit?

Or was there other damage that made it costly after all?

Firstly, not mentioned in the news reports was the incredible stress that dozens or even thousands of people would have suddenly been put under when this hack was discovered.

Did anyone lose their job?

Did anyone have a nervous breakdown?

Or worse, did anyone jump in front of a train?

Having been a commodities trader, I know what it is like to lose 8 figures in a hurry. It isn’t fun telling investors their money is gone. It is not a stress I’d wish on anyone or their families.

In this case, I don’t know how the Poly Network team fared, but I hope the hack didn’t do any permanent damage to their careers, health, and lives.

But what about more measurable things? Did the Poly Network platform survive and recover? Does the hacking still hang as a shadow over the protocol, or have partners and investors forgiven the breach and continue to use the platform? Hopefully it is far more secure than it was – assuming the unauthorised point of entry has been closed.

Maybe this will determine whether that hacker wearing the hat was white or grey?

Poly Network Hack Recovery

Before the hack, Poly Network’s trade volume for July 2021 was a little over USD$9.4 Billion. Cross Chain Transactions were 422K and Cross Chain Addresses in use were 162k.

After the hack and the recovery of the funds, one might expect users to be somewhat spooked and move to alternatives, but in September 2021 the volumes showed no signs of users abandoning ship.

In fact far from it.

USD equivalent

Before the hack

After the hack

Total Trade Volume: 

$9.4 Billion

$13 Billion

Cross Chain Transactions: 



Cross Chain Addresses: 



By December, Total Trade Volume was up to $15.4 Billion, cross chain transactions 725K and Cross Chain Addresses 302k.

So if there are any long term negative impacts of the white hat hack, it’s not showing in these key metrics. Some people even argue that the hack was actually an elaborate publicity stunt. If it was, it worked.

So it appears that the users and owners and partners of Poly Network dodged a bullet and Mr White Hat Hacker gets a big plug to their reputation.

But did the end justify the means? I’ll leave that question for you to answer.

Institutions should enter the wild west of DeFi with eyes open and prepared. They must prioritise sufficient resources to properly secure their interests in blockchain technology. Experienced businesses, high net wealth investors and institutions need to find a safe pair of hands to onboard and guide them through the open plains of wild DeFi country. Fortunately, there are organisations that do this, such as the experienced Kitefin team who specialise in safely bridging successful people in the real world across to the DeFi ecosystem.

But what about individuals?

What about the newcomer to crypto, the mum and dad investor, the retiree trying to boost their 401k?

Take a moment to read my post “Granny Got Scammed

So what’s your answer?

So is crypto crime good or bad?  I welcome your insights in the comments below.

I guess it depends and each situation is obviously different.  We need the vulnerabilities plugged, the usability improved, the reputation enhanced to increase adoption and application to solve real world problems.

Are white hats the lesser of two evils to achieve this?

At the same time we need to find ways to onboard people who don’t yet know enough to navigate DeFi safely.

In both ways, I’m confident that in time this will come.

Order will eventually come to the Wild West. It will be tamed, but until then it’s going to be a whip-cracking crazy ride.




The author is assisting in the development of both the Kitefin and Rexxfield projects mentioned in this article.