Pseudonymous crypto sleuth Ogle has witnessed many failures research into DeFi hacks. He is part of a cottage industry of security experts who clean up the mess of attackers targeting crypto finance projects on an almost daily basis. His specialty: tracking them down and getting the money back from the projects.
Stopping these robberies depends on good smart contract code and smart security. In an interview with CoinDesk, Ogle said it’s also a game of incentives. If an attacker believes that the personal cost of their exploit is too high, he or she may decide not to perform the exploit at all.
That ethos is one of the pillars behind Ogle’s upcoming blockchain, called Glue. It plans to fund a security blanket that will raise the stakes for black hats and – hopefully – encourage them to commit their heists elsewhere.
Glue has largely flown under the radar this year, despite reaching a $1.4 billion valuation in a public token sale. It is yet another newcomer to layer 1 blockchain at a time when numerous competitors are vying for the attention of crypto traders and developers.
Ogle’s newcomer doesn’t have the brand appeal of buzzy platforms like Monad and Berachain, two other yet-to-be-launched blockchain platforms. Instead, it used guerrilla marketing tactics (such as handing out Spy-style manila envelopes at industry conferences) to fuel the intrigue.
In interviews with CoinDesk, Ogle and co-founder SnapShot outlined Glue’s philosophy, security, and design. They believe it could appeal to both “regular people who don’t do crypto all day” and traditional finance professionals “who can’t get onto a platform they think will be robust.”
Hub security
“We want to build something that actually has a chance to compete with the banks,” says Snapshot, co-founder of Glue.
Glue will be built around an activity hub that aggregates DeFi services for on-chain users. That level of governance makes Glue distinctly different from the construction of most other blockchains. Most of the time, their users have to find what they are looking for themselves.
“’Centralization’ is a dirty word in crypto for good reason, but from a UX perspective I think we can have a much more central interface,” SnapShot said. Ogle said Glue Hub will make onboarding into the chain smooth – “almost like Coinbase.”
The approach focuses on the 90% of crypto users who SnapShot says stick to centralized exchanges, rather than the “one million – basically no one” who he says operate on-chain.
Glue Hub won’t be the only place where users can trade. The chain is permissionless, meaning anyone can build and launch anything that anyone can use. These creations can be integrated with Glue Hub if they pass security checks, such as audits commissioned by Glue.
Audits have emerged in crypto as a kind of marketing tool in themselves. Projects committee reports from chain control specialists who search their smart contracts to suppress money-losing bugs. These controls are not final – many audited projects are still being exploited – but projects tout their clean bills of health as stamps of approval.
That practice has gone too far, according to Ogle, who said he used to run an accounting firm. Many projects are only willing to be transparent about nice reports and choose to bury the bad ones, he said.
“That is not good for security, for the cryptosphere itself,” he said.
Instead, Ogle said high-value Glue projects could be subject to audits funded by the chain through the Glue Security Fund. This fund will make its money from a small tax levied on each transaction, the founders said. It will reward various efforts to promote safety throughout the chain.
Audits don’t always work. Credit protocol Euler lost 200 million dollars due to a hack that passed by 10 audits in two years. Ogle participated in Euler’s recovery as part of the war room that tracked down the hacker and negotiated the return of that money. Ogle claims he has a 65% success rate in recovering money for the approximately 40 exploited projects he has helped.
“We actually set aside money for me and a group of people to go after anyone who does bad things,” Ogle said. He later added that any security service (whether vigilante detectives, auditors or compliance analytics tools) can apply for grants from the GSF. Holders of Glue’s token will determine what gets funded, he said.
The idea with GSF is to discourage hackers from attacking Glue projects in the first place. They won’t be able to catch everyone, Ogle said. But if potential hackers are targets making comparisons, they might think twice about reaching the target where a war chest is ready to pay for its pursuit.
Transactions on Glue will be multi-sig, meaning any attempt to withdraw funds from wallets will require multiple approvals from the user. Ogle said this default configuration opens the door for third-party services to build tools that increase user security by, for example, flagging any money movement that looks unusual.
This could save people from losing money through otherwise innocent-looking wallet interactions.