Some cryptocurrency platforms that have watched millions of dollars vanish in digital heists have made an unusual pitch to their attackers: Keep some of it, but give back the rest. The pleas amount to last-ditch entreaties to convince hackers to return most of the stolen funds. Victims have offered as much as $10 million in these efforts, and have likened them to the bug bounties paid to security researchers for uncovering software flaws. Similar to ransom payments, the deals may make business sense, allowing a company to get back to normal after a cyberattack, security experts say. But branding them as “bug bounties” has incensed vulnerability specialists. To them, the practice legitimizes thieves by conflating them with white-hat hackers, who report software flaws for a fee. Ethical hackers deal directly with companies, including to multinationals, such as Microsoft Corp., or go through third-party platforms. “That dilutes all of the work that people have done to do the right thing,” said Casey Ellis, founder and chief technology officer of bug-bounty platform Bugcrowd Inc. “I have to step back from the keyboard now and then when it comes up.”
Full story : Crypto Firms Make Thieving Hackers an Offer: Keep a Little, Give Back the Rest.
