Hats has secured $3.5 million in seed funding in order to create an “incentivized” cybersecurity network. Hats is now live with Liquity and Kleros bounty vaults, according to an update shared with CI.
Hats’ upcoming PPM (Protocol Protection Mining) is a bug bounty vault that “incentivizes community participation to secure protocols and farm HATs tokens in the process, the governance token of the Hats protocol.”
The first Hats vault will reportedly include 100,000 in stablecoin USDC, which will be available to anyone who properly discloses any vulnerabilities or potential exploits of the Hats protocol.
As mentioned in the announcement, Hats’ seed round has been led by Greenfield One along with contributions from Lemniscap, Spartan Capital, Accomplice, Collider Ventures, IOSG Ventures and several other investors. Collider Labs had offered the initial capital and development support.
As noted in the release, Hats governance “creates a bounty vault of project tokens, which can fill up to a certain percentage of the token’s circulating supply, farming Hats tokens in the process.” This incentivizes hackers to “disclose the vulnerability in return for the prize locked in the vault,” the announcement explained.
As stated in the release:
“In the case of a detected exploit, a hacker will disclose the vulnerability to the specific vault committee, with an on-chain hash proof of the disclosure. Each vault has its own committee [which] is composed of the project’s trusted technical team, and in the future, security researchers and white hat hackers.”
This committee will either approve or deny the vulnerability and “a subsequent release of funds to the hacker, according to the token allocation specified in the vault.”
As noted in the update, Hats creates scalable security vaults “using the project’s own token.” The more successful the project and it’s token are, “the higher the bounty becomes.” Additionally, prolific NFT artists have “pledged assistance and will create numerous unique NFTs that will be minted especially for Hackers or Auditors that responsively disclose vulnerabilities.”
As mentioned in the release:
“Using a unique on-chain timestamp commitment and off-chain encrypted communication, hackers can responsibly disclose vulnerabilities to the vault’s committee, ensuring both the hacker exploit report proof and hacker disclosure integrity.”
“I was thinking about this kind of DeFi project that secures the ecosystem myself, and it is so good to see a serious group of entrepreneurs who executes it,” stated Robert Lauko, the founder of Liquity.
A core reason the team developed Hats was to attract “black hat” hackers to use their skills to secure cryptocurrency-related projects. By incentivizing an “open hacking” market that scales with the growth of the initiative’s market capitalization and rewards hackers — the project developers will “turn black and gray hat hackers into white hat hackers”
While explaining how all this will work, the Hats team noted that let’s say an individual, called Mr. Hatter, identifies an exploit or vulnerability in a Ethereum decentralized finance (DeFi) protocol.
At present, the only way for Hatter to obtain a significant monetary reward for his efforts is to “exploit the protocol, undertake massive risk, and potentially gain a large amount of limited fungibility funds, let’s say $20m.”
Should he succeed, then he will “become a criminal and could face exposure to massive fines and jail time.” Furthermore, he will “incur a devastating outcome to the project’s token value, investors, community, and millions in collateral lost for liquidity providers and other involved parties,” the Hats team added.
Hats proposes a different path for Mr. Hatter: “Disclose the exploit, get fully fungible funds plus potential upside from the protocol itself as it is now more secure.” In addition, Mr. Hatter will “get notoriety within the community for detecting and disclosing the vulnerability, a unique NFT made by some of the top artists in the NFT space, and work offers on the basis of his reputation.”
Jascha from Greenfiled One, stated:
“Hats’ core contributors are composed of crypto veterans, the funds from this seed round will fuel the next stage of Hat’s growth. With a collective net experience of decades, the team includes Ethereum coding pioneers, R&D experts and contributors from a range of world leading crypto projects. The Dev team includes –, formerly a part of the Prysmatic Labs team, which implements a popular ETH 2.0 Client, and a former R&D manager at DAOstack and a smart contract security auditor.”
Roderik from Lemniscap noted:
“Design flaws and code vulnerabilities are inherent to the rapid innovation cycles in the DeFi space. As active participants in the evolution of this novel financial infrastructure, we strive to support a variety of layers adding to the overall security of the ecosystem. Hats is building a unique approach towards community-governed bug bounties, enabling discrete and incentivised participation by some of the greatest security practitioners in the space. A well designed incentive mechanism is poised to increase codebase exposure to a larger number of experts while simultaneously reducing audit cycles on each update to the codebase.”