When Is a Hacker Not a Hacker?

The word “hacker” gets throw around a lot. Anytime there’s a cybersecurity issue, the malicious actor is labelled a hacker.

Most of the time, it’s an accurate label.

However, the line can be very blurry very quickly.

What Is A Hacker?

Hacker originally didn’t refer to a cybercriminal.

The word was used as a label for someone who loves to breakdown computing problems and systems and solve them in creative ways.

This definition is still listed in the dictionary but has fallen out of use. We — the original hacking culture — lost control of it over time as it was used again and again in the mainstream to refer to malicious activities, not acts of creation.

Edge Case Confusion

As with science, economics, or any complex technical topics, simplifications must be made in order to make any issues accessible to a broad audience.

In the case of cybersecurity, that simplification is “Anything unintended == hacker.”

Honestly, it’s not a bad trade off. But it’s also not always accurate.

NFTs…Again

NFT marketplace OpenSea recently had an issue where some NFTs were sold at a dramatically reduced price compared to their current trading value.

Due to the nature of the blockchain, these transactions were considered valid.

Of course, it’s a hack right? Some hacker broke into OpenSea and committed a crime (probably fraud or maybe theft?) in order to pull this scheme off.

Not so fast.

Single Source of Truth

It turns out — in this case — that there were multiple listings for the same NFTs. Earlier listings that the owners thought removed, were only removed from the web interface.

These listings were still accessible via the API or application programming interface. The unexpected transactions were conducted via the API using the lower price listing.

OpenSea treats the API as the single source of the truth. Users (buyers and sellers) see the web interface as the single source of truth.

The hacker in this case took advantage of that and completed a completely valid transaction on the platform.

So are they a hacker or a smart buyer?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
marknca

marknca

☁️🔬 Cloud Strategist @Lacework. @awscloud Community Hero. Builder. Working to make security easier for everyone. Opinionated but always looking to learn