Pseudonymous crypto sleuth Ogle has witnessed plenty of failures while investigating DeFi hacks. He's part of a cottage industry of security experts who clean up the mess from attackers targeting crypto-finance projects almost daily. His specialty: tracking them down and getting the projects' money back.
Stopping these heists depends on good smart contract code and savvy security. In an interview with CoinDesk, Ogle said it's also a game of incentives. If an attacker believes the personal cost of their exploit may be too high, they might decide against mounting it at all.
UnmuteOver $67M in Crypto Lost to Hacks and Exploits in February: Immunefi Report
00:59Running With Crypto: 5 Questions With TRM Labs' Ari Redbord09:43Hacks Involving North Korea Are 'Even Greater Problem': Legal Experts02:01Breaking Down the State of Hacking in 202400:59Crypto Hack Volumes Fell by More Than 50% in 2023: TRM LabsThat ethos is one of the pillars behind Ogle's upcoming blockchain, called Glue. It plans to fund a security blanket that raises the stakes for black hats and – hopefully – prompts them to take their heisting elsewhere.
Glue has largely flown under the radar this year despite raising at a $1.4 billion valuation in a public token sale. It's another newcomer layer 1 blockchain at a time when oodles of competitors are vying for the attention of crypto traders and developers.
Ogle's entrant doesn't have the name-brand appeal of buzzy platforms like Monad and Berachain, two other yet-to-launch blockchain platforms. Instead, it deployed guerilla marketing tactics (like handing out Spy-style manilla envelopes at industry conferences) to stoke intrigue.
In interviews with CoinDesk Ogle and co-founder SnapShot outlined Glue's philosophy, security and design. They believe it can appeal to "regular people who don't do crypto all day long" as well as traditional financial professionals "who can't come onto a platform where they think they're going to be rugged."
Hub security
"We want to build something that actually has a chance of competing with the banks," said Glue co-founder Snapshot.
Glue will be built around an activity "hub" that aggregates DeFi services for chain users. That level of curation makes Glue markedly different from the construction of most other blockchains. Usually, their users must find what they're looking for themselves.
"'Centralization' is a dirty word in crypto for a good reason but from a UX perspective I think we can have a much more central interface," SnapShot said. Ogle said Glue Hub will make on-chain onboarding smooth – "almost like Coinbase."
The approach targets the 90% of crypto users who SnapShot said stick to centralized exchanges, rather than the "one million – basically no one" that he said operate on-chain.
Glue Hub won't be the only place where users can trade. The chain is permissionless, meaning anyone can build and launch anything for anyone to use. These creations could be integrated with Glue Hub if they pass security checks like audits commissioned by Glue.
Audits have emerged in crypto as a kind of marketing tool in their own right. Projects commission reports from chain-checking specialists who scour their smart contracts to squash money-losing bugs. These checks aren't definitive – plenty of audited projects still get exploited – but projects tout their clean bills of health as stamps of approval.
That practice has gone too far, according to Ogle, who said he used to run an auditing firm. Many projects are only willing to be transparent about good-looking reports, and opt to bury the bad, he said.
"That's not good for security, for the cryptosphere itself," he said.
In place of this Ogle said high-caliber projects on Glue could be subjected to audits funded by the chain via the Glue Security Fund. This fund will get its money from a tiny tax applied to every transaction, the founders said. It will pay for various efforts to promote security across the entire chain.
Audits don't always work. Lending protocol Euler lost $200 million to a hack that slipped past 10 audits in two years. Ogle participated in Euler's recovery as part of the war room that tracked down the hacker and negotiated the return of that money. Ogle claims he has a 65% success rate in getting money back for the 40-odd exploited projects he's assisted.
"We have actual funds set aside for me and a group of people to go and chase down anyone who does bad things on" Glue, Ogle said. He later added that any security service (be they vigilante detectives, auditors or analytics compliance tools) will be able to apply for grants from the GSF. Holders of Glue's token will determine what's funded, he said.
The idea with GSF is to disincentivize hackers from trying to attack Glue projects in the first place. They won't be able to catch everybody, Ogle said. But if would-be hackers are comparison-shopping targets, they might think twice about hitting the mark that has a war chest ready to pay for chasing them down.
Transactions on Glue will be multi-sig, meaning any attempt to move money from wallets will require multiple approvals from the user. Ogle said this default setup opens the door for third-party services to build tools that increase user security by, say, flagging any money movement that looks out of the ordinary.
This could save people from losing money to otherwise innocent-looking wallet interactions.
Edited by Stephen Alpher.