Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Almighty Buck Bitcoin Bug Security

Ethereum Debate Marred By Second Digital Currency Heist (dailydot.com) 44

Thursday's news of a $50 million heist of digital currency at Ethereum. was followed today by reports of a second heist from the DAO, according to the Bitcoin News Service -- this one for just 22 Ether. "It appears this is just someone who wanted to test the exploit and see if they could use it to their advantage... " Slashdot reader Patrick O'Neill writes: The currency's community is currently debating a course forward for a currency who is built on the idea that it is governed by software and not human beings. One option is to fork the code, another is to do absolutely nothing at all."
Vitalik Buterin, the co-founder of Ethereum, posted Sunday that "Over the last day with the community's help we have crowdsourced a list of all of the major bugs with smart contracts on Ethereum so far, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts." The list begins by including "The DAO (obviously)," but is followed by a warning that "progress in smart contract safety is necessarily going to be layered, incremental, and necessarily dependent on defense-in-depth. There will be further bugs, and we will learn further lessons; there will not be a single magic technology that solves everything."

The Daily Dot wrote Friday that "Because of the way the code in question is written, Etherum's developers and community have 27 days to decide what to do before the hackers are able to move the money and cash out... What's happening now amounts to a political campaign. But the debate is far from over. The clock is ticking now, the world is watching, and the next step of the cryptocurrency experiment is unfolding under a spotlight burning hotter every day."
This discussion has been archived. No new comments can be posted.

Ethereum Debate Marred By Second Digital Currency Heist

Comments Filter:
  • Why is this called a heist? Do we also call it a heist if a patent lawyer walks away with a pile of millions? Maybe it is just a bunch of Ether Trolls that will sue the developers into oblivion for breach of contract if they try forking the code.

    • Re:Sue obviously (Score:5, Insightful)

      by jbssm ( 961115 ) on Sunday June 19, 2016 @03:02PM (#52348387)

      Why would they sue? The DAO wording very clearly states that for all possible purposes including legal ones the code is the contract. Whoever did this, did exactly what the contract stated.

      Besides why would people what a smart contract based blockchain currency if the contracts wouldn't be solved by those smart contracts but by a traditional court? Doesn't that defeat the all purpose of the currency? I bet these people are not feeling so "libertarian" right now.

      • by ADRA ( 37398 )

        Like all great libertarian losers, blame someone else (And make sure history doesn't recall that they were Libertarian to begin with).

      • Except that even in law there is often a good bit of leeway assigned to intent when interpreting law. And since a code fork *can* reverse a contract, clearly "The Code" can be manipulated both for and against unintended outcomes.

        It's hypocritical to say that the code acted as intended, and then also criticize changing the code as unethical. The fork also worked as intended.

      • by 0dugo0 ( 735093 )

        Whoever did this being the one filing suit in case the code gets forked. Read!

      • by r0kk3rz ( 825106 )

        Besides why would people what a smart contract based blockchain currency if the contracts wouldn't be solved by those smart contracts but by a traditional court? Doesn't that defeat the all purpose of the currency? I bet these people are not feeling so "libertarian" right now.

        The point is that you no longer require a human 'trusted executor' of a contract, you can use the network for that. This means you don't have to worry about potentially having to sue the executor when they steal your money, because the executor is a computer and is literally bound by the code it runs.

        There is nothing that Ethereum and Smart Contracts that do that you cannot accomplish with a human bound by a legal contract, but you can do it on a much greater scale.

        Personally I think some kind of court syst

  • by Anonymous Coward on Sunday June 19, 2016 @01:57PM (#52348129)

    "Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference."

    This is the very first sentence on the ethereum.org homepage. Doing anything to try to reverse these "heists" is basically these people deciding that they didn't like the contract they wrote (because it didn't benefit them as much as they thought it would) and want to invalidate it. It totally goes against all the principles they claim to stand for, but I suppose that's nothing new.

    • The problem is that in their hubris, they forgot to allow for coding errors in "exactly as programmed". So yeah, it's working exactly as programmed, just not as intended by the programmer. :)

      Also, this isn't a heist, because nothing was stolen. It's more of a counterfeiting operation, if I understand the commentary correctly. Someone took advantage of a recursive bug and an anti-pattern of calling recursive code before updating values and essentially created more 33% more Ether than previously existed out o

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The problem is that in their hubris

        And that the people who "lost" the most are those that are at the core of the project. They do not want to lose their money, and want the project to bail them out. It was if the 1% wanted a bailout all over again (just a different 1% this time).

        If the bailout does happen, this risks the entire project. If the bailout does not happen, this risks the entire project. Heads you lose, tails you lose.

      • "Also, this isn't a heist, because nothing was stolen. It's more of a counterfeiting operation, if I understand the commentary correctly. Someone took advantage of a recursive bug and an anti-pattern of calling recursive code before updating values and essentially created more 33% more Ether than previously existed out of thin air."

        It was a heist. Ether didn't get created, it just got moved. The child DAO tokens could theoretically have been "created" out of thin air if you drained the DAO past 0 recurs
  • Quit posting about these guys, please! I keep mis-reading the name as "eurethrum"

  • Be sure to tune in next week, when Doris gets her oats...

  • It turns out that if you build a system deliberately with exactly no regulation, hoping that it'll all magically work based off the magical hand of the market, that everything goes tits up.

    Who'dathunkit?

    • Re:It turns out... (Score:4, Informative)

      by thegarbz ( 1787294 ) on Sunday June 19, 2016 @03:48PM (#52348577)

      Tits-up IS the magic hand of the market. This is the work of self-regulation in progress. Companies which offer insecure solutions in an entirely unregulated market magically cease to exist because of their stupidity due to ... ahem ... "market forces".

  • from the summary ...as well as various smaller 100-10000 ETH thefts and losses in games and token contracts.

    This isn't a 22 ETH second Ethereum theft: this is just one more a long ongoing series of thefts-- and not a particularly large one.

  • by jbssm ( 961115 ) on Sunday June 19, 2016 @03:03PM (#52348397)
    I'm a totally libertarian guy... until they mess with my money, because then I cry for the intervention of the state and the real courts of law.
    • by Anonymous Coward

      Either you can defend some phenomenon as your "property", or you cannot; justification is your ability to convince others to condone (if not aid) your defense.

      Under libertarianism, The Law is the collection of all voluntary contracts; you operate outside The Law at your own peril.

      There is nothing magical about the security industry ("police"), the contract-enforcement industry ("police"), or the justification industry ("courts"); it is not necessarily the case that a violently imposed monopoly is the optima

      • by XXongo ( 3986865 )
        In my experience, if you have two libertarians in a room and start asking them detailed questions, they have at least three contradictory opinions about what libertarianism is and how it operates.
    • There are many libertarians who believe in a minimal state and real courts of law, but, yeah, if there are individuals in the cryptocurrency space crying for government intervention at the level of the protocol, then they're missing the point. You don't have to be a libertarian to see the usefulness of Bitcoin, though.

  • Y'know, Ethereum's VM and their contract language, Solidity, are not especially great for this kind of verified contract work. It would have been great to see lessons learned from the E programming language and the object-capability security model in this whole misadventure. But no, they just took "smart contracts" and tried to interpret that in isolation without any of the literature that comes with it. Disappointing.

  • If you think BTC isn't dangerous and manipulated enough you may enjoy "altcoins" like Ethereum.
  • Why is there a 27 days limit?
  • Don't worry, guys. The free market will sort it out.

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...