by Jascha Samadi, Sep. 01

We are excited to share that we recently led Hats’ $3.5m seed funding round with participation of Lemniscap, Spartan Capital, Accomplice, Collider Ventures, IOSG Ventures and others.

Hats is a decentralized cybersecurity network, which is governed by its community stakeholders (hackers, projects, token holders) and aims to incentivize protocol security by providing prize pools (similar to bug bounties) and enable black hat hackers to be turned into white hat hackers.

Permissionless innovation

One of the key aspects of Ethereum and DeFi is the way in which it is being built, based on a high degree of open-source experimentation, permissionless collaboration and composability of code. The result of this new paradigm is an unprecedented rate of innovation allowing projects to move fast, experiment, and build on each other’s tech to create a more open financial system.

This approach comes with its own challenges and risks though, as the industry has seen with a series of hacks and smart contract exploits. In traditional finance, most risk is connected to having to trust people with your assets. While many say DeFi eliminates trust, it actually shifts trust from individuals, institutions and surrounding legal systems to code. At the same time it is hardly possible to code at 100% accuracy, even if taking audits into account — while DeFi kept growing in particular over the past 1.5 years, so did the extent to which the industry was affected by hacks and exploits, leaving behind many users with significant loss of funds.

This year alone, over $1bn in user funds has been subject to hacks and exploits in Ethereum smart contracts with more than $600m. (temporarily) lost alone in the Poly Network attack, the biggest of its kind so far. The direct result of these exploits, beyond significant loss of funds to users, is the immediate drop in TVL and token price, averaging at -39% and -31% respectively. Currently the biggest measure against such exploits are security audits, and yet almost all of the affected protocols have had at least one audit in the past.

That being said, white hat hackers can play a crucial role in all of this as they can expose vulnerabilities and create a more resilient ecosystem but with little to no incentive today to become a “white hat hacker” an exponentially growing hacker community has become a problem for DeFi applications.

Open and incentivized bounty vaults

Hats intends to incentivize an open & transparent hacking market by creating a scalable model for responsible disclosure with financial and social incentives. The Hats DAO creates bounty vaults with project tokens, which can fill up to a certain percentage of the token’s circulating supply (by allocations from the project’s treasury as well as from users and token holders), farming Hats tokens in the process.

In case there is a detected exploit, the hacker will disclose the vulnerability to the Hats committee with an on-chain hash proof of disclosure. The committee, expected to be composed of researchers, project core developers and white hat hackers will approve or disapprove the vulnerability and the subsequent release of funds to the hacker, according to the token allocation specified in the vault. In addition to that, the hacker will also be awarded a special NFT (e.g. “Defender of Liquity”) which is designed by soon to be announced NFT artists and that can be held in the hacker’s wallet as reputation potentially also displayed through a public leaderboard.

Using a unique on-chain timestamp commitment and off-chain encrypted communication, hackers can responsibly disclose vulnerabilities to the vault’s committee, ensuring both the hacker exploit report proof and hacker disclosure integrity. At launch, Hats is live with Liquity and Klerus bounty vaults.

The Hats governance token will be used to vote on new vaults, capital & treasury management, registration of initial committee members and certain protocol upgrades.

Team of smart contract veterans

Hats’ core contributors are composed of smart contract veterans, including early Ethereum developers, smart contract security auditors and contributors from different projects like Prysmatic Labs, which created a client implementation for ETH 2 as well as DAOstack, a project creating tools for DAO-based governance.

If you want to learn more about Hats, go to their website, follow them on Twitter, Discord or Telegram.