Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Bitcoin Security The Almighty Buck

Digital Currency Ethereum Is Cratering Amid Claims Of a $50 Million Hack (businessinsider.com) 116

Digital currency Ethereum's value has dropped amid a hack on DAO (Decentralised Autonomous Organisation), an organisation with huge holdings of Ethereum (Wikipedia page). Its value is now below $15, down from more than $21 a few minutes ago. It is believed that as much as $50 million of the digital currency has been stolen. From a blog post on DAO: An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.From a Quartz report: It's no surprise that cryptocurrency markets are in a panic. Funds invested in the DAO represents more than 10% of all the ether in circulation ($81.8 million worth). A massive hack on the DAO's holdings would be roughly equivalent to a successful heist at a major financial institution.
This discussion has been archived. No new comments can be posted.

Digital Currency Ethereum Is Cratering Amid Claims Of a $50 Million Hack

Comments Filter:
  • So you're saying Ethereum's value has become ethereal?

    • by Aaden42 ( 198257 )
      More like some Wireshark ate it all.
    • My tulip bulbs! My tulip bulbs! Oh the tulipanity!
  • by jtownatpunk.net ( 245670 ) on Friday June 17, 2016 @09:56AM (#52336119)

    Doesn't sound very successful if the thing you're stealing becomes worthless because you successfully stole it. Unless you have significant holdings in other crypto-currencies which will increase in value due to their better security.

    • by Anonymous Coward
      A real currency would not become worthless simply because it was stolen. However it is obtained, the value should remain the same.
      • by ceoyoyo ( 59147 )

        Yeah right. Try stealing a significant supply of any particular currency and watch what happens to it's value.

      • by PRMan ( 959735 )
        When they seize it, it becomes worthless to you.
    • by Anonymous Coward
      If I steal $1,000,000 worth of foobarcurrency from you, and it's value drops to $1,000, I'm still ahead $1,000. You're screwed but I don't really have to care.
    • Was anyone willing to sell a credit default swap against DAO?

  • On the bright side, as the value of the currency drops, the amount stolen would drop as well. So given a roughly 30% drop in value that $50 million is now only worth about $35 million!
  • Another digital currency in the bit bucket.
    • by Yvan256 ( 722131 )

      Mooncoin will rise again, you'll see! To the moon!

      Also, does anyone want to buy one million Flappycoins?

      • Also, does anyone want to buy one million Flappycoins?

        Do you take continental dollars? :P

        • by dwye ( 1127395 )

          Hey! Continentals were convertible to gold-backed dollars after the Constitution went into effect, at par. Granted, in the years before that they were often sold at pennies on the dollar, but that is the mistake of those who sold them so low.

      • by Gr8Apes ( 679165 )

        Mooncoin will rise again, you'll see! To the moon!

        Also, does anyone want to buy one million Flappycoins?

        I've got a $500 bill from Life....

  • by bazmail ( 764941 ) on Friday June 17, 2016 @10:00AM (#52336167)
    ...that is all complete fucking jibberish.

    An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.

    • by Anonymous Coward

      An attack has been found and exploited ...

      ...that is all complete fucking jibberish.

      It's a Fork Bomb [linuxconfig.org] with money.

      In other words, tying value to a bit doesn't work so well after a .... bit. ;-) But don't worry, it's the next big thing [google.com] since the stock market. Invest now before you lose out!

      It's "gibberish", old man.

      Yeah, give us a break, our memory's not quite what it used ... what was i saying?

  • by Anonymous Coward

    The fact that this bug occurred is a black mark on DAO and an utter embarrassment, but nothing has actually been "stolen". As the DAO blog post says, a community effort is underway to fork and lock out the attacker. They have a month to make it happen. No money will be lost.

    Basically, this system is based on programming contracts (think legal contracts, usually written by lawyers and reviewed by judges). Someone left a bug in the contract, and because this is a programmed contract, not a written one, no one

    • by Anonymous Coward

      Programmed contracts undermine the idea of programmed contracts. There will always be some shifty motherfucker who is smarter than you think you are. How can you enter a trust relationship when you can't trust anyone?

      Law is in the hands of humans because we understand the idea of unforeseen circumstances. Real contracts require real, legal good faith action on both parties.

      Ethereum always strikes me as the place where the real frightening and intelligent sociopaths when after they wrung all they could out o

      • by Anonymous Coward
        It's a very childish, literal, techno-centric way of thinking but it rears its ugly head over and over. "If I can prove X is effectively the same as Y (whatever 'effectively' means to the speaker), and X is legal, then the courts and lawyers and whole rest of the world will automagically see my way and make Y legal". Ask Aereo how well that worked out for them.
    • by ameline ( 771895 )
      The value of Etherium will rebound, but the underlying problem is that the contracts are written in a Turing-complete language -- it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.
      • https://en.wikipedia.org/wiki/... [wikipedia.org]

        "there exists no automatic method that decides with generality non-trivial questions on the behavior of computer programs."

        • by ceoyoyo ( 59147 )

          "with generality" Key words.

          • by ameline ( 771895 )

            Indeed they are key -- what they mean is that even if you can come up with an algorithm to prove a property for *all* existing programs, it is possible (and in practice usually *trivial*) to construct a program where that algorithm will provably fail. Remember hackers need only find one hole to siphon off your ether.

            This system (or any currency for that matter) needs a mechanism for defining, detecting and reversing fraud, and unmasking those perpetrating it. You have to assume it's only a matter of "when",

            • The system does have that, It's called forking.

              Further, your link to Rice's theorem showed you have no idea what you're talking about. ceoyoyo called you out. Your next post was asinine drivel with another link to Wikipedia about something you don't understand.

              Your other post, including this gem, really drives it home:

              it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

              That's only true in the general case, so change "such contracts" to "such contracts in general" or "all contracts".
              It's also just as true if you remove "with an algorithm (reducible to the

            • by ceoyoyo ( 59147 )

              It wouldn't be difficult at all to require that any valid algorithm must be provably correct. The halting problem in particular is trivially easy to deal with. As another poster suggested, simply require that any algorithm run in X time otherwise it is considered invalid.

              • It wouldn't be difficult at all to require that any valid algorithm must be provably correct.

                The problem is, "correct" here means "what the user intended", so your validator would need to read thoughts - and if it cold do that, there'd be no need to write contracts by hand in the first place.

                But why make your contract language Turing complete in the first place? It would seem that propositional logic would be both perfectly sufficient and easier to write and understand. Do you really need your payment proc

      • by ceoyoyo ( 59147 )

        The halting problem says it is impossible to prove [blah blah] for every program.

        It's quite possible to prove whatever you like about many, many programs. It might be quite difficult for non-trivial ones though.

      • by Jeremi ( 14640 )

        the contracts are written in a Turing-complete language -- it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

        True... but isn't that also true of just about every other piece of software in use today? And yet the world continues to turn, and people continue to use software to get things done (knock on wood), modulo the occasional catastrophic bug...

    • by mbkennel ( 97636 )
      | Someone left a bug in the contract, and because this is a programmed contract, not a written one, no one could enforce the "spirit" of the contract over the exact (erroneous) content of the contract.

      A perfect instantiation of a naive (is there any other kind?) libertarian's dream and everybody else's nightmare.

      http://www.startrek.com/database_article/landru
    • "Someone left a bug in the contract"

      Seems like a feature to me. Solution? Beyond hard forking and a reset of the DAO, perhaps not allowing recursive splits.

      This is debugging in 'real'-life. How many online games have you played where you bought in-game swag and it was stolen/destroyed? Yeah, I don't either. Right.

  • Federal Reserve (Score:5, Insightful)

    by captaindomon ( 870655 ) on Friday June 17, 2016 @10:19AM (#52336333)
    Except if this happened at a "major financial institution", the Federal Reserve would step in and stop a panic by insuring the funds. That's why we *have* a federal reserve. See the Panic of 1907 for an example.
  • I sort of looked into Etherium, and I'm an expert on bitcoins, and their website's marketing fluff bullshit sounded an awful lot like it's bitcoin but run by 1 giant central company and they're downplaying that fact and outright lying about it. Does that accurately sum it up or am I missing something?
    • by Anonymous Coward

      No, that's pretty much all wrong. Ethereum does provide significant functionality over BTC by allowing arbitrary "smart contracts", though people are in the process of bringing that to BTC as well. Ethereum isn't centrally run any more than other cryptocurrencies are (that is, the developers have some informal clout but it's ultimately up to the network what the blockchain looks like).

  • 1. An unknown currency has such value?
    2. Someone bothers attacking an unknown currency?
    3. The attacker has a facility to convert a large portion of the digital currency into something tangible without it instantly being worthless?
    4. Slashdot assumes we know WTF the summary is talking about?

  • No it is not. (Score:4, Informative)

    by MartinG ( 52587 ) on Friday June 17, 2016 @10:48AM (#52336657) Homepage Journal

    "this is an issue that affects the DAO specifically; Ethereum itself is perfectly safe."

    Source: https://blog.ethereum.org/2016... [ethereum.org]

  • I sense this attack was mostly about embarrassing the company. From the Etherium website:

    Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.

    (emphasis mine)

    • For certain definitions of fraud. The key here is that the DAO contract was badly written. Not Ethereum itself. The 'attacker's open letter on the subject outlines a perfectly good argument. His actions were enforced by the very contract in question, hence there is no fraud.

  • oops, I guess something of value WAS lost here.

    Carry on....

  • a $50 Million Hack

    Wait, no, $5 million hack.

    Oop, now it's $5,000.

  • "DAO (Decentralised Autonomous Organisation), an organisation with huge holdings of Ethereum"

    Might want to work on the Decentralised bit.

  • As of eight minutes ago, the price was at roughly $13.21, which looks bad compared to the $21 value that the original article talks about, but only if you don't pay attention to the numbers from further than five days back. If you look back beyond 6/13, it's been hovering anywhere from $11-$13 since 5/20.

You know you've landed gear-up when it takes full power to taxi.

Working...