[dafelst]

At most you are going to make a few thousand, maybe if you're super lucky and skilled, a few tens of thousands of dollars on bug bounties. Compared to the amount of poorly-secured money that was/is in crypto, it is a pittance.

Add to that the fact that many of the hacks are largely legal consequence free due to crypto's famous lack of regulation (by design, lol), the economics are far more skewed towards the black hats over the white hats.

[waprin]

I don’t work in crypto but I read a ton of tech blogs and this guy:

https://cmichel.io/

Seems legit and claims to have made one million in 14 months in bug bounties, although he was #1 on some leaderboard. Based on his blog I think he’s probably one of the best in the world at smart contract security so it’s probably not a realistic goal for most people , but assuming the blogger is honest I think you underestimate the potential for top white hats. Certainly the big black hat hacks are far bigger money but a million is nothing to sneeze at especially for no legal or moral risk.

[iramiller]

Doing crime on a system with a perfect immutable record doesn’t seem like a smart play to me.

As noted above the firms like chainalysis will continue to uncover and attribute all of the nodes in the graph. If you are taking 100s of thousands or more through fraud the incentives are aligned to see your crimes prosecuted.

[liveoneggs]

is it a crime if the smart contract acts as coded, but not necessarily as intended?

[TimJRobinson]

Yes. There are those who claimed they just performed a "highly profitable trading strategy", and are now sitting in jail.

[dafelst]

I think the main takeaway here is that in many cases wrt crypto, it is highly ambiguous on whether the actions you take are criminal or not.

[mypastself]

Agreed, especially given that frontrunning and similar techniques are almost inextricable from the technology’s default behavior.

However, actors other than law enforcement can also perform chain analysis, and you’d probably prefer to stay anonymous if you engage in such practices…

[pornel]

It can't be a crime. The contract is always executed exactly as written.

[pcthrowaway]

There are loads of bounty payouts in the hundreds of thousands. Probably 1000 payouts per year at that size. Most protocols would rather pay out $1 million than lose $100M to an exploit.