Legal Defense Fund Covers Crypto Research

Thieves have stolen cryptocurrency worth billions of dollars from cryptocurrency exchanges and wallets. As security researchers probe the defenses of cryptocurrency platforms, an industry group is partnering with the Security Research Legal Defense Fund to ensure that these researchers are protected from legal threats.

In February, platforms including the Ethereum and Filecoin foundations; crypto-focused venture funds, like Paradigm and a16z crypto; and others — which have been battered by successive years with multibillion-dollar heists — formed the nonprofit Security Alliance to address the specific security needs of their industry. The group has launched various initiatives to improve companies' resilience, such as the emergency response bot Seal 911, the Security Alliance Information Sharing and Analysis Center, and now the Whitehat Legal Defense Fund.

Researchers who follow the principles of the Whitehat Safe Harbor Agreement and face legal expenses incurred by their actions can apply to the Security Research Legal Defense Fund (SRLDF) for money earmarked by crypto donors. To be eligible, the researcher must show financial need, have hacked in good faith for the purposes of vulnerability disclosure, and aimed to avoid harm to the public with the goal of improving the security of computers or software. The SRLDF board must approve any funding decisions.

While discerning the difference between good-faith and bad-faith efforts might, in theory, seem difficult, in practice bad-faith actors tend to make themselves clear. Earlier this week, for example, the Kraken crypto-trading platform alleged that a security researcher found a security flaw and filed for a bug bounty, but also refused to return funds stolen as part of testing the concept. That application for legal funding would probably not fare well.