
The DAO Hacker Is Getting Away - dogecoinbase
http://www.coindesk.com/ethereum-dao-hacker-getting-away-classic/
======
rsync
"DAO Hacker" and "getting away" are very loaded bits of language that point to
an interpretation of events that differ, AFAICT, from reality.

The DAO contract was neither hacked nor broken. This individual used the
features and functions of the contract in unexpected ways, but ways that were
legitimate nonetheless.

~~~
ahelwer
This argument also rests on an assumption over and above the function of the
system: that the result of executing a contract is immutable and thus beyond
reproach. As was demonstrated, the result is subject to ratification by
miners. To miners on the new chain, the DAO hacker is a hacker.

Certainly it was the case that ethereum contacts were advertised as immutable
and beyond reproach, but if you bought into that, well... you'd be making the
same error you see in your ideological opponents!

It is a separate question whether ethereum contacts _ought_ to be immutable,
but that requires a different type of argument.

~~~
grandalf
The issue in my opinion is that the Ethereum maintainers actively helped
create a hard fork to steal Ether from the so-called "hacker". This crosses a
line.

Sadly, the DAO had major bugs and the time to do something about them was
before it launched.

It's not the end of the world, though it does place Ethereum in the category
of "easily corruptible human organizations" which makes it largely ineffective
for the sorts of things that made it most exciting.

Ethereum may become more distributed which would make this sort of consensus
more difficult to achieve, or it may be replaced by something that has a more
corruption-resistant governance structure.

The basic idea underlying the holocaust, the Iraq war, and pretty much any
human atrocity is that _the ends justify the means_. This is exactly the
argument that hard forkers made. But, much like the Iraq war, the president
should not have ever had the sole discretion to launch a war, nor should such
a small number of interested people have the ability to launch a hard fork.

Apologies for the hyperbole, but I think it's helpful to illustrate the core
issue.

~~~
zem
the hacker actively exploited a flaw in the ethereum system to steal money
from unwi{tt,ll}ing users. saying that that was okay because the platonic
nature of smart contracts allowed it is saying that the means justified the
ends, which does not work either.

~~~
pc86
> _unwi{tt,ll}ing_

There is absolutely no reason to type like this.

~~~
jessaustin
Yes, " _unwi{t,l}^2ing_ " would have been less repetitive.

~~~
pc86
Ah but then you would have had to press the Shift key and use another
keystroke!

------
joosters
I think the most interesting part of the DAO story is the 'white hat hackers'
situation. Prior to the fork, these people also hacked the DAO, basically
stealing all the remaining ETH that the original attacker had failed to take.
It was justified at the time because they claimed to be a 'robin hood group',
trying to save the money of DAO victims.

However, now the fork has happened, these same hackers have vanished, or
disavowed anything to do with the hacking, despite the fact that they now
control millions of dollars worth of other people's money. They 'stole' from
the rich but now don't want to let go of their takings. I wonder how they try
to justify their action/inaction now?

------
vectorpush
I don't see this often discussed, but the DAO always seemed pretty shady, even
prior to the hack. This was a system meant to function as an autonomous
investment platform, but I couldn't find any details that explained exactly
how the recipients of the investment funds were meant to be held accountable
for the money they received. Ultimately, the eth would have needed to be
cashed out into spendable money so that the business could pay for expenses
and grow the company, but an eth contract is incapable of forcing the company
to put fiat money back into the DAO and it's not a stretch to imagine a
situation where the recipients do not agree to use the money in a fashion that
is entirely inline with the intent of the investors or even fulfill _any_ of
the obligations stipulated as conditions of the investment. This was a scam
waiting to happen even if the contract _did_ function as intended by the
authors.

~~~
will_brown
>This was a scam waiting to happen even if the contract did function as
intended by the authors.

I have said this from the beginning. From a purely logical point as a
potential investor, you should ask yourself, why would an autonomous
investment platform (borrowing your phrasing) require all the funds up front?

In other words, look at kickstarter/gofund me, how skeptical would everyone
have been if they asked for investors money before there was even an
investment opportunity? Even with the fork, I think they should have returned
everyone's money to them, and allow them to buy membership/voting right to the
DAO for a nominal fee that would allow them to invest in future investment
opportunities.

~~~
vectorpush
Indeed. It seems to me that the only concern was building hype for the DAO (in
order to solicit further investments) and ethereum in general. I kept seeing
claims about how smart contracts would enable autonomous corporations to pay
employees and run factories and other clearly impossible things, everyone was
so excited about the possibilities that nobody sat down to critically examine
what is actually possible.

------
_Marak_
I was chatting in the DAO slack chatrooms early on ( before any of this
hacking news ). I was looking to legitimately fund a company using the DAO
software ( still looking for funding... )

Pretty much every developer there told me the thing was unsafe, untested, and
should not be used for any real business ( yet ).

Not very surprised about any of this.

~~~
lawnchair_larry
So why are you still looking? :)

~~~
_Marak_
Well, if anyone is interested in doing a seed or angel round for a profitable
PAAS / FAAS, check out my profile and shoot me an email: hn@marak.com

------
hakanderyal
There is an interesting relationship between ETC and ETH community.

ETC reddit[0] and ETH reddit[1] can provide some information for those
interested in the debate.

[0]:
[https://www.reddit.com/r/EthereumClassic/](https://www.reddit.com/r/EthereumClassic/)
[1]: [https://www.reddit.com/r/ethereum](https://www.reddit.com/r/ethereum)

------
pavel_lishin
Does this mean that there are now two Ethereum blockchains running
concurrently?

~~~
ChrisClark
Ugh, yes. The minority who didn't want the hard fork have continued to use the
old chain. They constantly try to promote it and troll the 'bailout chain'.

It was supposed to be a vote on whether to fork or not, then leave the
deprecated chain behind. The vote for the fork succeeded, and all the
developers of Ethereum and 99% of the developers for apps on the chain have
decided to go with the vote. Everything is being done on the main chain, ETH,
Ethereum. The old deprecated chain is now called ETC, they named themselves
Ethereum Classic.

~~~
vectorpush
Why ugh? They want to support the old chain for ideological reasons, what's
the problem with that? Isn't that the whole point of these blockchain systems
(i.e. that a centralized authority does not control the system)? I am a pretty
big blockchain critic, but schadenfreude aside, I think the eth/etc split is a
decent demonstration of the fact that these systems have legitimate resistance
to centralized authority, even when ethereum's influential creator is the
authority. It's not stable and eth's buggy contracts are not reliable, but as
far as blockchain money goes it has lived up to the ideals of the enthusiasts.

~~~
joosters
The vitriol in r/ethereum is an amazing sight. There are cult-like levels of
declarations of support for either chain. It's astounding, considering both
chains are basically the same system, and that prior to the DAO 'theft',
everyone seemed to be proponents of the 'code is law' viewpoint. How quickly
things change, and how little time it takes for people to switch their beliefs
and villify those who still hold the old beliefs.

It's certainly fun to watch the fallout...

~~~
devishard
> It's astounding, considering both chains are basically the same system

They aren't at all. Immutable smart contracts are the basis of ETC and not
ETH. It's only one difference, but it's a difference as fundamental as the
difference between gold and dollars.

ETH is now a centralized currency. I have trouble seeing any purpose to using
ETH now that it's centralized, given that existing centralized money/contract
systems are much more mature. But given both ETH and ETC are too buggy for me
to use, I've no skin in the game, so I'm happy to wait and see if some benefit
to a centralized cryptocurrency emerges that I wasn't aware of.

~~~
jessaustin
Doesn't this episode illustrate that ETC could go the way of ETH, whenever the
miners decide? ETH was always ETH, it just took a while for people to realize
it.

~~~
devishard
Mathematically yes, there's nothing preventing ETC from doing the same thing.
But ideologically, the lines have been drawn. At least for the time being, I
think it's a safe bet that people who aren't committed to decentralization
will just go with ETH instead of investing in ETC and voting for future forks.

Again though, I think the design of both cryptocurrencies is prohibitively
error-prone, so it's kind of a moot point.

------
erdevs
I haven't been tracking this closely. Any chance the DAO "hacker" was
influential in keeping the "classic" chain around?

~~~
onestone
Considering that the DAO hacker has the most to gain from the "classic" chain
still having value, there is a significant chance.

------
fapjacks
I lost money to the "hacker", but I fully support the original, untainted,
"the code is the contract" blockchain.

------
milesf
This all reminds me of what happened to VeriCoin and the MintPal heist. A
hacker stole millions in coins, but the devs of VeriCoin rolled it back and in
one fell swoop stopped one theft but cut the floor out from under themselves.

What's needed is a cryptocurrency that cannot, under any circumstances, be
rolled back. Otherwise crypto is a fiat currency just like all other modern
currencies that can be manipulated.

~~~
smallnamespace
> that cannot, under any circumstances, be rolled back

But getting hacked is ok, right?

~~~
robryk
I've once heard an argument that one of the desirable properties of the legal
system is that its decisions, even if bad, are considered as final by
everyone. This sounds kinda similarly.

~~~
smallnamespace
OTOH, legal systems consider humans and their motivations to be first-class
entities.

The same is not true for a cryptocurrency system.

------
Fej
How can the hacker get away with moving any ETC out of his account, if
everyone can see?

~~~
KingMob
For starters, it's not even clear if this constitutes theft or just a clever
hack in a system that originally claimed "code = law". IIRC, the DAO hacker
anonymously published a statement claiming that all the ETH was rightfully
his, and any attempts to do otherwise would be met with lawyers.

------
Analemma_
I last saw this story when the fork looked like it was going to succeed. Did
enough people really dig in their heels for the immutable chain that they're
going to let the guy get away with robbery? Oh man.

Ah, hardcore libertarians. You're all completely mad, but I won't deny you're
consistent.

~~~
api
The issue is more complex than that. The DAO was created and backed by people
who are also Ethereum developers, and forking the entire block chain to save
what many people consider to be a badly thought out and badly executed
experiment is just as dubious as some of the things that were done to save
mega-banks in 2008. It's a clear case of moral hazard among other issues.

Many of the people who are backing Ethereum Classic (the non-fork) are doing
so because they like the ideas of Ethereum but want it to be truly
independent. If the fork succeeds many people take it as a sign that Ethereum
is a "proprietary" coin rather than a more open "nobody owns it" system like
Bitcoin.

I have no dog in the fight but that's how I understand it.

~~~
Analemma_
> as dubious as some of the things that were done to save mega-banks in 2008.

That's a good analogy, but not for the reason you're thinking. The expert
consensus on the 2008 bank bailouts is that they had to be done, because
letting them fail would've turned the recession into another Great Depression,
and that much harder to recover from. Does that mean bailouts are good and
proper? No, bailouts are terrible. It means the right way to avoid the moral
hazard would have been to better regulate the banks and never have let them
get "too big to fail" in the first place.

I feel the same way about Ethereum. The DAO hack was a no-win situation,
because these "smart contracts" should never have been created to begin with.
They're always going to end up in situations like this, because they involve
the affairs of messy, imperfect humans. The correct answer to the DAO mess was
never to get into it in the first place.

~~~
grandalf
> The correct answer to the DAO mess was never to get into it in the first
> place.

I don't think this is true at all. The DAO is (and was) a very cool idea. The
only problem was that the code was complex enough that those who casually
reviewed it failed to notice the vulnerability that the attacker noticed.

As for the financial crisis, it was a combination of an unexpected event and
entrenched interests scrambling to benefit as much as possible from it. By
definition, entrenched interests want a continuation of the status quo, and
that is what happened. We think about how bad it would have been if some
homeowners would have foreclosed, but we fail to think about the people who
would have been able to afford a home at a great price.

~~~
jessaustin
We also fail to imagine the future crises that were made inevitable by the
bailouts. If we wanted bankers to learn, we shouldn't have shielded them from
the consequences of their poor decisions.

