Ogle Catches the Crypto Crooks
Hacks happen. And in the world of decentralized finance (DeFi), hacks happen a lot. Ogle, who goes by @cryptoogle on X (formerly Twitter) and ogle.eth on-chain, is one of a number of people attempting to professionalize the industry of recovering funds. So far, according to his website, Ogle has helped to recover more than $350 million from crypto protocol exploits.
Ogle shows up where he’s needed, and does most of his wherever he needs to. He’s on Crypto Twitter, of course, as well as Discord, Telegram and in ENS messages. He has a team of researchers at Ogle Security Group, who he pays out of pocket. And, he’s part of a less official group of Web3 natives who often help to track down moving funds, including Alicia Katz, SamCzSun and ZachXTB.
This profile is part of CoinDesk’s Most Influential 2023. For the full list, click here.
Not much is known about Ogle’s civilian life. He calls himself a tech native and has worked at Web2 firms, where he picked up knowledge of security best practices. Today, he’s inventing best practices for negotiating with crypto criminals: he’s the guy who came up with the 10% figure that keeps popping up, return 90% to the protocol and walk away with the rest.
He’s helped recover funds in some of the largest hacks to date: Euler, Alchemy and, currently, is the lead negotiator with the KyberSwap hacker.
As a kid, he said, he was part of a group called CyberArmy, a “white hat” (pen testers for the greater good), which was founded in the late 90s. In a recent episode of the “Unchained” podcast, he also mentions having the skills honed by Web1 (back then it was called the “information superhighway”), though that could have been an attempt as misdirection.
“I learned a lot about exploits, about hacking and cracking and this sort of cyber world from the point of view of someone who is trying to understand and prevent them from happening,” he told Cointelegraph in a video interview.
Although he has a paid service, costs $6,500/month and is on-call in case things break, his line-of-work is often thankless. He can spend hours, days or weeks in negotiation with a hacker, only for the DAO or protocol dev team who gets their money (or their users’ money) back to ghost him. He said it happens more than you would think.
He’s made appearances, and often played a starring role, in negotiations with hackers for years. He lost count of exactly how many; it’s around 35. He breaks the job up into two parts, asset recovery, or “using blockchain analytics and law-enforcement approved negotiation techniques” to regain stolen funds, and crisis communications, where he helps impacted teams talk with their communities.
The best thing DeFi protocols can do, he said, is get a real audit. An actual one. The next best thing is to come up with a game plan for a hack, in case the worst happens. And when it does, keep cool. Profile the suspect, keep track of the funds on-chain and communicate with the community.
Even old protocols can be at risk. In late November, one of the oldest decentralized exchanges, KyberSwap, was nearly flushed clean. Ogle called it one of the most sophisticated hacks he’s ever seen. It had to be. It was an exploit that went unexploited forever.
Ogle can’t talk much about the Kyber attack while negotiations are ongoing. The hacker started off on a strong footing: total control over Kyber the company and “temporary full authority and ownership” over KyberDAO in order to “enact legislative changes” and all documents pertaining to the company’s structure, profits, revenue, assets, liabilities and salaries.
There has to be some honor among thieves
There’s usually a type, a psychological profile of a hacker: young, smart and hungry, and usually under 25 years old and living in Asia. Sometimes, after the negotiation is over, they remain friends. “I’m the only one that knows, sometimes,” he said, adding that they can’t tell their friends or family.
How exactly did he get this job?
It started with StableMagnet, a decentralized protocol that offered significantly higher returns than rival lenders like Aave. I bet you can guess where this is going: It was a rug. People’s “hard earned money,” gone. Ogle viewed it as an opportunity.
He found a username, a clue. Then a Github account. Then other Github accounts they were connected to and connect those to actual humans and find similarities between them, like where they went to school. He found their friends, girlfriends and family and then went to the school registrar. They were in Hong Kong.
He contacted them on Signal, WhatsApp and Telegram. They didn’t want to play ball.
After he reached out directly, they fled to England — it was two and half years ago, in the midst of the COVID pandemic, and England was one of the few places they could fly to from Hong Kong. Ogle figured they were smart, that they knew only idiots would go to London, so he started calling hotels in Manchester, where the hackers would have to stay during a 10-day quarantine.
He pretended to be a family member, asking if the hotel had a guest of a certain name. Eventually, he hears, “I’m not allowed to say if we have a guest by that name, but, if we do, I’ll take the message and I’ll give it to them and if they happen to be here you know you know they’ll they’ll have the message,” he said, putting on a British accent.
“I’m like, Bingo.” He calls the police; he doesn’t like bringing in law enforcement unless he needs to. He’s turned down work before because his clients said they intend to call the FBI, after he’s promised a hacker they’d be safe if they return the funds. “There has to be some honor among thieves,” he said.
Edited by Ben Schiller.