- DeFi protocols are adopting Security Alliance's Safe Harbor Agreement.
- It reassures white hat hackers they won't be prosecuted for rescuing funds during exploits.
Decentralised finance protocols are taking an unorthodox approach to boosting their security.
They’re giving white hats, hackers who use their skills legally and with permission, to intervene should they get exploited, empowering them to potentially rescue funds that would otherwise be stolen by bad actors.
The initiative is underpinned by the Safe Harbour Agreement, a legal and technical framework developed by crypto security nonprofit Security Alliance.
As of September 1, 12 DeFi protocols with a combined $20 billion in deposits have adopted Safe Harbor Agreements, per DefiLlama.
Among them are some of the biggest names in DeFi, including Pendle, a $10 billion yield derivatives protocol, and Uniswap, the biggest decentralised exchange with almost $6 billion in deposits.
The effort, which has been ongoing for several years, has received increased attention in recent months as crypto crime remains a perennial problem.
Over $2.2 billion in crypto has been stolen from crypto services so far in 2025, 6% more than the entirety of 2024, according to DefiLlama data.
To be sure, $1.5 billion of that was from North Korean cybercriminals’ February hack of crypto exchange Bybit.
DeFi protocols — code on blockchains like Ethereum that facilitates permissionless trading, lending, and other services — remain a top target for malicious hackers.
Hackers in jeopardy
During DeFi exploits, there are often opportunities for other hackers to intervene, often by taking targeted funds from the DeFi protocol under siege before the attacker can.
This so-called white hat hacking has previously helped rescue millions of dollars worth of DeFi deposits.
But doing so puts white hat hackers in jeopardy. Even if their intention from the beginning is to return the funds, the targeted DeFi protocol’s creators could still pursue legal action. Many are reluctant to intervene because of this.
By signing Safe Harbour agreements, DeFi protocols promise that if such cases arise, they won’t prosecute white hat hackers.
The hope is that by having Safe Harbour agreements, helpful hackers won’t be dissuaded from intervening when they see the opportunity to do so, boosting security.
There are some rules, however.
Safe Harbor only applies when an exploit is already in progress or imminent. Only white hat hackers who rescue funds without initiating the exploit are covered, and they must return funds to the official recovery address within 72 hours.
Security Alliance began working on a standardised Safe Harbor Agreement after the 2022 Nomad hack.
“Over $190 million was drained over the course of hours while white hats stood by, willing to help, but unable to act without legal protection,” Security Alliance said on its website. “With Safe Harbor, our goal is to make sure that never happens again and to empower whitehats to rescue funds.”
The framework received direct input and legal review from experts at a16z Crypto, Cooley, Debevoise & Plimpton, Filecoin Foundation, Paradigm, and several other firms.
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at tim@dlnews.com.
