1. Home
  2. Whitehat hacker

Whitehat hacker

Truth or fiction? Popular former hacker claims to have $7B in BTC

“I’m quite wealthy. Yeah, I do not have to work if I don’t choose to. I have over seven billion dollars worth of Bitcoin,” stated the hacker known as Gummo.

A former blackhat hacker who goes by the name Gummo online claims to have amassed around $7 billion worth of Bitcoin (BTC).

Despite a flood of positive comments and posts relating to his interviews with the Soft White Underbelly YouTube channel — which has 3.18 million subscribers — information about Gummo is scarce elsewhere, which could either be by design or suggest that a large pinch of salt may be required when listening to his extravagant claims.

He said that he has been working in the field for more than 30 years, and while he started hacking for illicit reasons and got caught by authorities, he has since turned to doing good work — thanks to the support and counsel of his wife — such as threat hunting, cybersecurity and developer consulting.

The latest comments came as part of a follow up interview published on March 12, after the initial discussion occurred in late 2020. During the first video, Gummo stated that he built four supercomputers to mine Bitcoin when it was priced at around $200-300 back in 2013, and generated more than 80,000 BTC within a year and half.

According to his claims, he has now amassed roughly 179,000 BTC. If his holdings are calculated at current prices that would rank him at around the 369th richest person globally according to Forbes’ 2021 world’s billionaires list:

“I’m quite wealthy. Yeah, I do not have to work if I don’t choose to. I have over seven billion dollars worth of Bitcoin. ”

Gummo stated that his current work in hacking is not motivated by the desire to have a job or money, but by helping the little guy, as he emphasized the importance of choosing to do the right thing and protect people from online evil.

“Knowing that I'm preventing someone’s grandmother from being a victim of some sort of cyber extortion scheme, that’s the thing I get up for each day and those are the things that motivate me currently,” he said.

Speaking on the dark side of technological advancement, Gummo warned that the hacking has quickly evolved from “having endless javascript pop-ups” humorously spam PCs to the weaponization of data and software against people:

“The landscape is growing darker and more sinister as more people wish to seek their wealth. Whether it be cryptocurrency theft or traditional theft of banking systems.”

“The fact that governments now are keen to begin a war on just the idea of software being deployed is quite frightening and unfortunately that will be society’s new reality,” he added.

Related: No crypto for criminals: Coinjoin BTC mixing tool to block illicit transactions

Looking at the response to the both interviews, it appears Gummo is fast becoming a beloved figure due to his back story which includes a difficult upbringing, the loss of loved ones and a significant shift from the dark side of hacking to helping people online.

The latest video has 14,000 likes so far and there is an almost endless amount of positive feedback for the figure, while the first video has 144,000 likes and the same sentiment in the comments.

“This man has inspired me to pursue cyber security with good intent. I'm a broke teacher, LOVE teaching because it helps students so never focused on the paycheck. Now too old to teach. Considered cyber security as a new career to pay the bills, but Gummo has given more meaning to this career, will now pursue the career to make the world a better place too. Thank you Gummo,” wrote YouTube user “Zim Petrichor.”

User “quicklern818” stated that: “I don't think we're ever going to see this man again, and in a way, I feel that's appropriate — he's like a guardian angel, working behind the scenes and always watching. Sending love to him and his family, and a thank you for all of his hard work.”

Comments on Gummo follow up interview: Soft White Underbelly YouTube channel

$1,000,000 Bitcoin Incoming by the End of the Current Cycle, Predicts BitMEX Founder Arthur Hayes – Here’s Why

Polygon upgrade quietly fixes bug that put $24B of MATIC at risk

“Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances,” said Polygon’s co-founder Jaynti Kanani.

Ethereum-based layer two scaling network Polygon has quietly fixed a vulnerability that put almost $24 billion worth of its native token MATIC at risk.

According to a Dec. 29 blog post from Polygon, the “critical” vulnerability in the network’s Proof-of-Stake (PoS) Genesis contract was first highlighted by two whitehat hackers on Dec. 3 and Dec. 4 via blockchain security and bug bounty hosting platform Immunefi.

The vulnerability put more than 9.27 billion MATIC at risk that is valued at around $23.6 billion at the time of writing, with the figure representing the vast majority of the token’s total supply of 10 billion.

Polygon noted that the bug was resolved at Block #22156660 via an “Emergency Bor Upgrade” to the Mainnet on Dec. 5 at around 7:27 am UTC. The network noted that a “malicious hacker” managed to steal 801,601 MATIC ($2.04 million) before the bug was resolved. The blog post said:

“The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade 80% of the network within 24 hours without stoppage.”

Polygon stated that the issue was fixed behind closed doors as it follows the “silent patches” policy introduced by the Go Ethereum (Geth) team in November 2020. Under the guidelines, projects or developers report on key bug fixes 4-8 weeks after they go live to avoid the risk of being exploited at the time of patching.

According to Immunefi, Whitehat hacker “Leon Spacewalker” was the first to report on the security hole on Dec. 3 and will be rewarded with $2.2 million worth of stablecoins for their efforts, while the second unnamed hacker, referred to as “Whitehat2” will receive 500,000 MATIC ($1.27 million) from Polygon.

Related: Here's how Polygon is challenging the limitations of Ethereum, as told by co-founder Sandeep Nailwal

Polygon's co-founder Jaynti Kanani emphasized the network's ability to promptly resolve the critical bug, noting in the blog post that:

“What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure. Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances.”

According to data from Coingecko, MATIC is priced at $2.45 and is up 35.1% over the past 30 days despite the current downturn across major crypto assets this month.

$1,000,000 Bitcoin Incoming by the End of the Current Cycle, Predicts BitMEX Founder Arthur Hayes – Here’s Why

White hat hacker paid DeFi’s largest reported bounty fee

Cointelegraph spoke to the hacker for insights on the timeline of events, as well as the wider implications of bounty programs on DeFi’s security landscape.

Belt Finance, an automated market maker (AMM) protocol operating a yield optimization strategy on Binance Smart Chain (BSC), claims to have paid the largest bounty in the history of decentralized finance (DeFi) to a white hat hacker who averted a $10-million bug crisis. 

Industry white hat programmer Alexander Schlindwein discovered the vulnerability in Belt Finance’s protocol this week and reported the news to the team. For his efforts, Schlindwein received a generous compensation of $1.05 million, the majority of which ($1 million) was granted by Immunefi, with the additional $50,000 offered by Binance Smart Chain’s Priority One program.

Immunefi is one of the market leaders in software security for cryptocurrency projects. Since its inception, the platform has reportedly paid out in excess of $3 million to white hat hackers who have successfully identified technical infrastructure flaws in smart contracts and crypto platforms.

Priority One is a BSC initiative launched in July to enhance the security of decentralized applications (DApp) within the platform’s native ecosystem. Mirroring the structure of Immunefi, the service provides a $10-million incentive fund to blockchain bounty hunters who successfully contribute to the avoidance of security breaches across 100 DApps.

Schlindwein told Cointelegraph about how he discovered the vulnerability:

“I went through the list of bug bounties on Immunefi and picked Belt Finance as the next one to work on. While I was studying their smart contracts, I noticed a potential bug in the internal bookkeeping, which keeps track of each user’s deposited funds. Playing the attack through with pen and paper gave me more confidence in the existence of the bug. I continued by producing a proper proof-of-concept [PoC] which undoubtedly confirmed its validity and economic damage.”

“The next step was to create an official report on Immunefi including the PoC and an extensive description of the exploit,“ Schlindwein said, adding, “Immunefi reacted immediately to the critical report, and within three minutes after submission, it was escalated to the Belt team. Shortly after, Belt confirmed the validity of the report and began implementing a fix, which then patched the vulnerability.”

Related: The perfect storm: DeFi hacks will advance the crypto sector moving forward

Although DeFi’s security breaches remain a prevalent concern, it has been argued by some that the nascent ecosystem will benefit from such incidents in the long term, as areas of weaknesses are starkly highlighted.

Cointelegraph asked Schlindwein his perspective on the importance of bounty programs in supporting DeFi’s antifragile ambitions:

“I am strongly convinced of the importance of bug bounties and initiatives such as bounty funds. DeFi security consists of multiple layers, starting with peer review and unit testing to external audits and formal verification. Bug bounties are the last line of defense should an issue slip through the overlying layers with the potential to prevent a devastating hack while instead seriously fixing the issue and compensating the finder.”

“Bug bounties in DeFi have been a rare sight before Immunefi existed, only offered by the ‘Crème de la Crème’ of projects. It’s great to see hundreds of projects launching their bug bounty nowadays, which will certainly bring DeFi security forward in the long run,” Schlindwein concluded.

$1,000,000 Bitcoin Incoming by the End of the Current Cycle, Predicts BitMEX Founder Arthur Hayes – Here’s Why