Bloomberg

Hacks and scams have long been part of the fabric of doing business in crypto. Is it time for the sector’s venture capitalist backers to start assuming they should expect to cover the losses?

High-profile attacks on the crypto “bridges” that support key activities, like transferring tokens from one blockchain to another or playing the popular game Axie Infinity, have siphoned off more than $1 billion to date. When customers need repaying, recent incidents have shown those platforms’ operators are turning to their wealthy investors for aid — a trend that perhaps signals a new chapter in tech dealmaking.

Sky Mavis, the developer of Axie Infinity, a $150 million funding round from the likes of Binance, Andreessen Horowitz and Paradigm on Wednesday — funds it said would go directly to reimbursing customers after the platform lost around $600 million in a hack affecting its Ronin bridge. Two months earlier, Jump Trading Group fully reimbursed more than $300 million in Ether that was stolen from Wormhole, a bridge platform in which it had invested previously. 

VCs use term sheets to lay out the various parts of a deal they will sign with portfolio companies, from how many board seats they’re after, to how long it will be before they can cash out their stakes. But when it comes to crypto, with attacks so prevalent, It may be necessary for Silicon Valley to also think about setting aside contingency funding to bail out victims of hacks as a core part of the agreement.

“These are realities,” said Jump President Dave Olsen on Bloomberg’s “What Goes Up” podcast last month, following the February Wormhole attack. “No matter where you are, that’s kind of the progression that complex software has to go through. Hopefully you don’t have to do too many iterations of that.”

Read More: Giant Ronin Bridge Hack Could Change How VCs Invest in Crypto 

“You do contingency plan for that sort of thing. You hope it doesn’t happen, and if it does, you hope it’s not at that magnitude,” he added. “It’s pragmatic and realistic that you gotta think that way.”

Investors put roughly $4.7 billion into crypto startups globally in the first quarter of this year alone, according to data from PitchBook. Three of the sector’s top 10 deals from the last six years were completed in that period, plugging billions of dollars into industry powerhouses like Fireblocks, ConsenSys and Yuga Labs, the company behind Bored Ape Yacht Club. The money sloshing around in crypto is significant — so it would make sense that a part of that cash could soon be automatically allocated to alleviating its flaws.

Already, VCs have begun thinking about other ways to be more responsible for the investments they make. Animoca Brands co-founder Yat Siu, another Sky Mavis backer, said the attack on Axie’s Ronin bridge platform suggested VC firms should audit the code and security protocols of projects before making investments. While crypto’s deep-pocketed backers typically aren’t the ones whose actual wallets are drained in a heist, they have just as much of a stake in ensuring that users are confident in the sector even as it endures teething problems.

The up-front cost of hacks is already mounting, even without such sheet arrangements. Olsen noted that Jump has issued several $10 million bounties to so-called white hat hackers to find flaws in platforms like Wormhole, before they can be exploited by bad actors.

If venture capitalists are willing to plough billions of dollars into the growing crypto industry in order to reap its benefits, they may soon find refunding customers when things go wrong is a necessary tradeoff.

— With assistance by Crystal Kim