DAO and smart contract hacks (eg: The DAO Hack 2016, Poly Network 2021) can cause millions of dollars of damage.
Typical Hack Types
- Reentrancy attack (DAO Hack)
- Flash loan attack
- Oracle manipulation
- Phishing (taking keys from the user)
- Rug pull (developer takes money and escapes)
Responsibles
- Developer (if not audited)
- Audit companies (insufficient audit)
- Hacker (victim committed a crime)
- DAO management (with its decisions)
Developer's Liability
- Contractual: limitation in user agreement happens
- Tort (TBK art. 49)
- Deliberately faulty code = grave fault
Post-Hack Process
- Evidence of the hack (blockchain analysis)
- Wallet address determination
- Exchange cooperation (KYC)
- Public prosecutor's office
- International cooperation
Turkish Law
- TCK art.243 entering the information system
- TCK art.244 blocking systems
- TCK art.158/1-f fraud with information system
- The victim's right to compensation
Insurance Opportunity
- Still very limited
- Some companies offer "smart contract insurance" offers
- Limited scope
Practical Advice
- Invest in audited projects
- Keep wallets in cold storage
- Use 2FA and hardware wallet
- Stay away from "high return" projects
Web3 and cyber security law lawyer recommended