Digital Currency Ethereum Is Cratering Amid Claims Of a $50 Million Hack

Digital currency Ethereum's value has dropped amid a hack on DAO (Decentralised Autonomous Organisation), an organisation with huge holdings of Ethereum (Wikipedia page). Its value is now below $15, down from more than $21 a few minutes ago. It is believed that as much as $50 million of the digital currency has been stolen. From a blog post on DAO: An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.From a Quartz report: It's no surprise that cryptocurrency markets are in a panic. Funds invested in the DAO represents more than 10% of all the ether in circulation ($81.8 million worth). A massive hack on the DAO's holdings would be roughly equivalent to a successful heist at a major financial institution.

Re:

[xxxJonBoyxxx]

"You may have been a good smuggler, but now you're Bantha fodder. "

      -- Jabba the Hutt, Star Trek V ("Jedi Reloaded"), in her throne room on Arrakis

Re:

[el cisne]

Luke, I am your fodder.

Re:

[sexconker]

The line is "No, I am your fodder.".

Re:

[PCM2]

Whoosh was from The Flash...

Ethereal value

[penguinoid]

So you're saying Ethereum's value has become ethereal?

Re:

[Aaden42]

More like some Wireshark ate it all.

Re:

[arglebargle_xiv]

My tulip bulbs! My tulip bulbs! Oh the tulipanity!

Re:

[arglebargle_xiv]

Oh come on, it's at least slightly funny, even if it's mostly schadenfreude.

Re:

[Anonymous Coward]

Good practice makes safe programs. Not programming languages.

If magic bullet programming techniques were the cure we'd all be running microkernel operating systems programmed in lisp.

Re:

[ameline]

Mod parent up.

So long as the contract language used by Etherium is Turing-complete, they're pretty much doomed to having this sort of thing repeating. To their credit, they have mechanisms to, through community consensus, block and reverse these thefts.
(A good currency design should be tolerant of fraud -- assume it will happen, and have in place mechanisms for detecting and reversing it.)

In support, I give you Rice's Theorem;
https://en.wikipedia.org/wiki/... [wikipedia.org]

"there exists no automatic method that decides wi

Re:

[mmell]

A good currency design should be tolerant of fraud

So the US economy is great!

Re:

[St.Creed]

Existing fiat currency systems are surprisingly robust in the face of many problems, of which fraud is a minor one - and much more so than gold standards or bitcoin, IMO.

Re:

[peawormsworth]

To their credit, they have mechanisms to, through community consensus, block and reverse these thefts.

Reversing the "thefts" would be the quickest way to drive the value of Ethereum to zero.

It is my opinion that the primary value in Blockchain currencies the decentralization. Reversing these funds would prove it is centralized and requires trust from authority figures.

You tell us

[tomhath]

Since you seem to be an expert. Rather than just listing vague claims about a language, describe how the features you listed are pertinent to this attack.

Re:

[dow]

EthCore's Ethereum implementation is written in Rust anyway, I believe.

Re:

[alexgieg]

Except you don't have to find a sucker who will give you real goods and services for your printed paper currency first.

FTFY.

Re: "heist at a major financial institution"

[chill]

Yeah, that problem was solved centuries ago. Considering I'm posting from inside a restaurant who is doing just that, after stopping at a gas station who did the same, the challenge of finding people to accept paper currency AND purely digital bits via a debit card is trivial.

A successful heist?

[jtownatpunk.net]

Doesn't sound very successful if the thing you're stealing becomes worthless because you successfully stole it. Unless you have significant holdings in other crypto-currencies which will increase in value due to their better security.

Re:

[Anonymous Coward]

A real currency would not become worthless simply because it was stolen. However it is obtained, the value should remain the same.

Re:

[phantomfive]

If you were able to steal 10% of all the US dollars in circulation, it would cause the value of the currency to drop sharply.

Why? Wouldn't removing the dollars from circulation cause deflation? (Or if you spent them, to cause them to remain in circulation, of course)

Re:

[Nunya666]

Conventional currencies certainly could. If you were able to steal 10% of all the US dollars in circulation, it would cause the value of the currency to drop sharply.

Only if you try to cash in the stolen currency in another country, which considers the value of the US Dollar against the value of the local currency.

Businesses don't raise their prices just because the international value of the local currency changes.

Re:

[dwye]

If you were able to steal 10% of all the US dollars in circulation, it would cause the value of the currency to drop sharply.

Nonsense.

Firstly, 10% of all US currency is a small fraction of all dollar-denominated accounts.

Secondly, the value would rise, since a finite and now smaller quantity of dollars was chasing the same sized pool of value.

Perhaps you were thinking of the case of 10% of US currency being counterfeited (aka Gresham's Law)?

Re:

[ceoyoyo]

Yeah right. Try stealing a significant supply of any particular currency and watch what happens to it's value.

Re:

[PRMan]

When they seize it, it becomes worthless to you.

"Worthless" is relative.

[Anonymous Coward]

If I steal $1,000,000 worth of foobarcurrency from you, and it's value drops to $1,000, I'm still ahead $1,000. You're screwed but I don't really have to care.

Re:

[radarskiy]

Was anyone willing to sell a credit default swap against DAO?

Re:

[bazmail]

You either suck at reading or suck at metaphors.

Silver lining

[Nidi62]

On the bright side, as the value of the currency drops, the amount stolen would drop as well. So given a roughly 30% drop in value that $50 million is now only worth about $35 million!

Say it ain't so...

[__aaclcg7560]

Another digital currency in the bit bucket.

Re:

[Yvan256]

Mooncoin will rise again, you'll see! To the moon!

Also, does anyone want to buy one million Flappycoins?

Re:

[__aaclcg7560]

Also, does anyone want to buy one million Flappycoins?

Do you take continental dollars? :P

Re:

[dwye]

Hey! Continentals were convertible to gold-backed dollars after the Constitution went into effect, at par. Granted, in the years before that they were often sold at pennies on the dollar, but that is the mistake of those who sold them so low.

Re:

[Gr8Apes]

Mooncoin will rise again, you'll see! To the moon!

Also, does anyone want to buy one million Flappycoins?

I've got a $500 bill from Life....

Maybe I'm showing my age but...

[bazmail]

...that is all complete fucking jibberish.

An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.

Re:

[Anonymous Coward]

An attack has been found and exploited ...

...that is all complete fucking jibberish.

It's a Fork Bomb [linuxconfig.org] with money.

In other words, tying value to a bit doesn't work so well after a .... bit. ;-) But don't worry, it's the next big thing [google.com] since the stock market. Invest now before you lose out!

It's "gibberish", old man.

Yeah, give us a break, our memory's not quite what it used ... what was i saying?

Re:

[Coren22]

You shit is worth more than $760? What are you the golden goose?

Re:

[sexconker]

You keep reading that because the clown behind Ethereum is a known charlatan who has been shouting about how his shit is better than Bitcoin non stop for the past 3 years. Anyone who knows anything about Bitcoin knew that Ethereum was horse shit. I wouldn't be surprised if said clown was behind this, or at least on the take. But I don't care enough to find out. I wasn't dumb enough to drop money into Ethereum and I got out of the Bitcoin game years ago (wish I hadn't though).

Re:

[pantaril]

You keep reading that because the clown behind Ethereum is a known charlatan

Could you provide some links to back up your claim, that Vitalik Buterin is "known charlatan"?

Re:

[sexconker]

Vitalik Buterin is a puppet they fly around to do interviews while claiming he's the developer.
He's not. It's developed by a farm of Indian's working, ultimately, for Goldman Sachs.

Ethereum is an IPO alt-coin (meaning it's a scam). The initial volume was fake (pre-arranged) in order to pump up value, as per usual.

I get that you see someone making a claim on the internet and your instinct is to assume it's bullshit. But what I don't get is why you spent time to Google "Ethereum" so you can throw out a cha

The ever topical Nelson Muntz

[smooth wombat]

Ha ha!

This Summary Is FUD

[Anonymous Coward]

The fact that this bug occurred is a black mark on DAO and an utter embarrassment, but nothing has actually been "stolen". As the DAO blog post says, a community effort is underway to fork and lock out the attacker. They have a month to make it happen. No money will be lost.

Basically, this system is based on programming contracts (think legal contracts, usually written by lawyers and reviewed by judges). Someone left a bug in the contract, and because this is a programmed contract, not a written one, no one

Re:

[Anonymous Coward]

Programmed contracts undermine the idea of programmed contracts. There will always be some shifty motherfucker who is smarter than you think you are. How can you enter a trust relationship when you can't trust anyone?

Law is in the hands of humans because we understand the idea of unforeseen circumstances. Real contracts require real, legal good faith action on both parties.

Ethereum always strikes me as the place where the real frightening and intelligent sociopaths when after they wrung all they could out o

Re:

[Anonymous Coward]

It's a very childish, literal, techno-centric way of thinking but it rears its ugly head over and over. "If I can prove X is effectively the same as Y (whatever 'effectively' means to the speaker), and X is legal, then the courts and lawyers and whole rest of the world will automagically see my way and make Y legal". Ask Aereo how well that worked out for them.

Re:

[ameline]

The value of Etherium will rebound, but the underlying problem is that the contracts are written in a Turing-complete language -- it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

Re:

[Anonymous Coward]

This is a good point. You can formally prove code, but it's incredibly labor intensive academic process. .. Not really in line with the cowboy coding you typically associate with the cryptocoin community.

More specifically, Rice's theorem applies...

[ameline]

https://en.wikipedia.org/wiki/... [wikipedia.org]

"there exists no automatic method that decides with generality non-trivial questions on the behavior of computer programs."

Re:

[ceoyoyo]

"with generality" Key words.

Re:

[ameline]

Indeed they are key -- what they mean is that even if you can come up with an algorithm to prove a property for *all* existing programs, it is possible (and in practice usually *trivial*) to construct a program where that algorithm will provably fail. Remember hackers need only find one hole to siphon off your ether.

This system (or any currency for that matter) needs a mechanism for defining, detecting and reversing fraud, and unmasking those perpetrating it. You have to assume it's only a matter of "when",

Re:

[sexconker]

The system does have that, It's called forking.

Further, your link to Rice's theorem showed you have no idea what you're talking about. ceoyoyo called you out. Your next post was asinine drivel with another link to Wikipedia about something you don't understand.

Your other post, including this gem, really drives it home:

it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

That's only true in the general case, so change "such contracts" to "such contracts in general" or "all contracts".
It's also just as true if you remove "with an algorithm (reducible to the

Re:

[ceoyoyo]

It wouldn't be difficult at all to require that any valid algorithm must be provably correct. The halting problem in particular is trivially easy to deal with. As another poster suggested, simply require that any algorithm run in X time otherwise it is considered invalid.

Re:

[ultranova]

It wouldn't be difficult at all to require that any valid algorithm must be provably correct.

The problem is, "correct" here means "what the user intended", so your validator would need to read thoughts - and if it cold do that, there'd be no need to write contracts by hand in the first place.

But why make your contract language Turing complete in the first place? It would seem that propositional logic would be both perfectly sufficient and easier to write and understand. Do you really need your payment proc

Re:

[St.Creed]

Do you really need your payment processor to be potentially sapient?

Well... yes, yes I do.

Re:

[sexconker]

It's not a problem. An instruction count limit and a valid input range solve it.

Re:

[ceoyoyo]

The halting problem says it is impossible to prove [blah blah] for every program.

It's quite possible to prove whatever you like about many, many programs. It might be quite difficult for non-trivial ones though.

Re:

[Jeremi]

the contracts are written in a Turing-complete language -- it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

True... but isn't that also true of just about every other piece of software in use today? And yet the world continues to turn, and people continue to use software to get things done (knock on wood), modulo the occasional catastrophic bug...

Re:

[mbkennel]

| Someone left a bug in the contract, and because this is a programmed contract, not a written one, no one could enforce the "spirit" of the contract over the exact (erroneous) content of the contract.

A perfect instantiation of a naive (is there any other kind?) libertarian's dream and everybody else's nightmare.

http://www.startrek.com/database_article/landru

Re:

[rickb928]

"Someone left a bug in the contract"

Seems like a feature to me. Solution? Beyond hard forking and a reset of the DAO, perhaps not allowing recursive splits.

This is debugging in 'real'-life. How many online games have you played where you bought in-game swag and it was stolen/destroyed? Yeah, I don't either. Right.

Federal Reserve

[captaindomon]

Except if this happened at a "major financial institution", the Federal Reserve would step in and stop a panic by insuring the funds. That's why we *have* a federal reserve. See the Panic of 1907 for an example.

Re:

[mbkennel]

| The "Federal" Reserve is a *private* bank whose purpose is entirely self-serving.

It's not a private bank. Its creation and operations are detailed in U.S. Federal Code, its top management is chosen and confirmed by elected government officials, it regulates private banks with force of law, and its profits are turned over to the U.S. Treasury. It does not have the same motives and behavior as a private bank. Intentionally, the Fed is not a direct part of the political cabinet departments and is more of a

Re:

[Anonymous Coward]

No, no, no. You're not listening to the facts- any gold bug or libertarian can tell you, as did the parent post, that the Federal Reserve does nothing useful for anyone anywhere except themselves. That whole bit where they shored up Bank of America, Citigroup, and others, by merely preparing to take equity positions, was all just a ruse to collect termination fees. They absolutely don't operate as any kind of insurance. And that money to AIG? It was cool how they bypassed the Treasury entirely and loan

Re:

[lgw]

The US or Fed do not pay interest on Federal Reserve notes. The U.S. does pay interest on Treasury bills, notes and bonds.

The Fed does, however, pay above-market-rate interest on bank money deposited with the Fed. It's relatively new program, and really quite odd. The Fed pays banks better interest than you or I can get from buying T-bills.

While it's done wonders to keep the money supply from growing while QE was printing a couple trillion new dollars, it hardly seems fair.

Re:

[magarity]

Lol. Not even close.

The "Federal" Reserve is a *private* bank whose purpose is entirely self-serving

A common misconception. The Federal Reserve is an independent entity of the federal government, similar to the USPS: See "Who owns the Fed": http://www.federalreserve.gov/... [federalreserve.gov]

I don't get it

[slashmydots]

I sort of looked into Etherium, and I'm an expert on bitcoins, and their website's marketing fluff bullshit sounded an awful lot like it's bitcoin but run by 1 giant central company and they're downplaying that fact and outright lying about it. Does that accurately sum it up or am I missing something?

Re:

[Anonymous Coward]

No, that's pretty much all wrong. Ethereum does provide significant functionality over BTC by allowing arbitrary "smart contracts", though people are in the process of bringing that to BTC as well. Ethereum isn't centrally run any more than other cryptocurrencies are (that is, the developers have some informal clout but it's ultimately up to the network what the blockchain looks like).

Re:

[sexconker]

To implement a contract in Bitcoin you just sign messages. People have been doing it for ages.

There's a few surprises here

[thegarbz]

1. An unknown currency has such value?
2. Someone bothers attacking an unknown currency?
3. The attacker has a facility to convert a large portion of the digital currency into something tangible without it instantly being worthless?
4. Slashdot assumes we know WTF the summary is talking about?

No it is not.

[MartinG]

"this is an issue that affects the DAO specifically; Ethereum itself is perfectly safe."

Source: https://blog.ethereum.org/2016... [ethereum.org]

Someone got clowned

[PCM2]

I sense this attack was mostly about embarrassing the company. From the Etherium website:

Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.

(emphasis mine)

Re:

[lindseyp]

For certain definitions of fraud. The key here is that the DAO contract was badly written. Not Ethereum itself. The 'attacker's open letter on the subject outlines a perfectly good argument. His actions were enforced by the very contract in question, hence there is no fraud.

"And nothing of value wa..."

[GlennC]

oops, I guess something of value WAS lost here.

Carry on....

How much?

[wonkey_monkey]

a $50 Million Hack

Wait, no, $5 million hack.

Oop, now it's $5,000.

A DAO by any other name

[bestweasel]

"DAO (Decentralised Autonomous Organisation), an organisation with huge holdings of Ethereum"

Might want to work on the Decentralised bit.

"Volatile cryptocurrency displays volatility"

[Phlogiston 4 Lyfe]

As of eight minutes ago, the price was at roughly $13.21, which looks bad compared to the $21 value that the original article talks about, but only if you don't pay attention to the numbers from further than five days back. If you look back beyond 6/13, it's been hovering anywhere from $11-$13 since 5/20.