
An Open Letter (The DAO Attacker) - arekkas
http://pastebin.com/CcGUBgDG
======
0x006A
signature fails to validate here:

    
    
        $ helpeth verifySig 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e 0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b072c81637fe81006061603908f692dc15a1b6ead217785cf5e07fb496708d129645f3370a28922136a32
        Message hash (keccak): 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e
    
        node_modules/helpeth/node_modules/ethereumjs-util/index.js:403
            throw new Error('Invalid signature v value')

~~~
Bombthecat
Japp, troll.

------
verroq
This letter is fake. Signatures do not match. Flag and move on.

[https://www.reddit.com/r/ethereum/comments/4oo1io/an_open_le...](https://www.reddit.com/r/ethereum/comments/4oo1io/an_open_letter_from_the_hacker/d4e7efq)

~~~
tzs
Even if it is fake it raises interesting issues worthy of discussion, so I'd
say note that it is fake, don't flag, and let's discuss those issues.

------
wslh
The answer, an open letter to the attacker:
[https://www.reddit.com/r/ethereum/comments/4oo3ud/an_open_le...](https://www.reddit.com/r/ethereum/comments/4oo3ud/an_open_letter_to_the_attacker/)

And according to this [1] (based on the signatures) the open letter from the
attacker is fake.

[1]
[https://www.reddit.com/r/ethereum/comments/4oo1io/an_open_le...](https://www.reddit.com/r/ethereum/comments/4oo1io/an_open_letter_from_the_hacker/d4e7efq)

------
sgentle
I find this whole situation has an interesting parallel to international law.
Unlike other kinds of law that are backed by the power of individual states,
international law exists in this weird zone where it's kind of law, but kind
of also the United States can do whatever they want because they own all the
aircraft carriers and what are you going to do about it punk?

That's why it's funny to see Sealand, Hutt River Province, Liberland and other
nation-hacking experiments say things like "The Law says this is our nation!".
The law is an illusion that exists only in the shade of power, specifically
power to provide enforcement. That illusion just doesn't work on the world
stage. Any sufficiently powerful actual nation could come and take your island
and no other nation would bat an eye. The only reason they don't is because it
usually doesn't matter enough to even be worth the bad press.

Ultimately, The illusion of law in Ethereum is implemented on top of the power
of the miners involved. The miners can and possibly will eradicate The
Attacker's carefully grifted money if it suits their interests. Power trumps
law.

This open letter is being written for two reasons: firstly, the power of the
miners can be swayed by appealing to their ideals. Secondly, because this
whole virtual legal playpen is still subject to real-world laws and, thus,
state power.

It's fascinating to see how quickly this smart contract experiment has turned
into a struggle between these multiple levels of political power, with really
nothing at all to do with the letter of the law as laid out in the contract.
Well worth the price of admission, in my opinion.

~~~
toyg
_> this weird zone where it's kind of law, but kind of also the United States
can do whatever they want because they own all the aircraft carriers and what
are you going to do about it punk?_

That definition should go on university books, seriously. A lot of what we
talk about when we discuss "international law" is a contorted way of making
this or that nation prominence as morally justified.

 _> and no other nation would bat an eye_

... however, this is a bit too cynical. The UK definitely did "bat an eye"
when Hitler seized Gdańsk/Danzig. Russia is currently under sanctions after
its Crimea annexation. Just because we don't constantly respond to crisis with
full military force, it doesn't mean that we don't care.

I personally don't see the equivalence between this situation and
international law, because this _can_ really be resolved by a higher power
(the State), if necessary by suppressing ethereum altogether. In international
relations, there is simply no higher power.

~~~
YeGoblynQueenne
>> Russia is currently under sanctions after its Crimea annexation.

Aye. And who's going to sanction the US for Iraq and Afghanistan? Russia?

The fact that sanctions are imposed one-sidedly, only to the designated
adversaries of the US is a testament to the fact that "international law" is
just the will of whoever can enforce it (currently the US, duh).

~~~
krrrh
While you could say that the invasions of Afganistan and Iraq were misguided
or detrimental, they are in a different legal category than outright
annexation or territory, which also violated a specific clause in an agreement
signed between Ukriane and Russia.

------
matt_morgan
One important point here, whether the letter is genuinely from the attacker or
not, is the nice summary, in "showing not telling" fashion, of the issue here:
if the "The DAO’s code controls and sets forth all terms of The DAO Creation,"
and the way to undo/mitigate what happened (forking) undermines trust in
Ethereum, then we're between a rock and a hard place. I.e., I'd just like to
call out the efficient and compelling rhetoric this letter represents.

~~~
crazydoggers
The rhetoric of the letter falls flat to me.

It misses the point that the "contract" is also code, and contained a
legitimate bug. Exploitation of that bug in most places would be a crime.

If I figure out that an ATM spits out hundred dollar bills every time I type
in a certain pin, that's a crime. I don't get to make the claim that I was
rightfully using the ATM.

The quote that "The DAO’s code controls and sets forth all terms of The DAO
Creation" is a disclaimer that is meant to protect the DAO from those who
would seek to imply some sort of guarantee or warranty from the organization.
In other words if the attacker makes off with the funds, and the DAO decides
to keep the code as is, then as an investor I have no recourse against the
DAO.

Ultimately the letter misses the main point. The DAO token holders are free to
amend the contract code as they see fit thru consensus. The disclaimer never
states the contract can't change. And even if it did, the idea that their
would be some legal recourse for the attacker, should the community decide to
fork, is hilarious.

So the letter comes across to me as something an immature troller would write.
I'd be suprised if most sophisticated DAO token holders took it seriously.

~~~
achr2
But they so explicitly point to the code as the source of truth for the
contract. Banking and trading firms use teams of lawyers to find loopholes in
contracts and laws all the time. Why would digital contracts (code) not have
the same level of scrutiny / unscrupulous behaviour? Guaranteed if big money
is at play in the system non-code based exploits will be used by firms just as
often.

~~~
crazydoggers
The parties of any contract are free to amend the contract. You're referring
to a situation in which one party of a two party contract seeks to exploit the
terms.

In this case, which has an enourmas number of parties to the contract, 99.9%
agree to amend the contract.

I don't thinks much legal precedent for a contract with thousands of parties,
but it also means that there's no simple legal "source of truth" to the
contract.

~~~
thrill
The parties of any contract are also free to exploit the contract's terms.

~~~
crazydoggers
What does that matter if the terms are changed?? The attacker exploited a
contract that will be given new terms by the vast majority of the parties
involved, which prevents his exploit.

You could possibly claim that the contract requires 100% of all parties
involved to amend, but I don't think a contract with such a larger number of
parties has ever been dealt with by any legal system.

Add to that, that the attacker almost certainly committed computer fraud, and
the attacker seems to have little ground to stand on. Contracts (or loopholes
in them) don't give you the right to break other laws.

------
curiousgal
A fork doesn't deprive the hacker of anything. In a fork scenario, the hacker
keeps 100% of the Ether he obtained, without interference. Every smart
contract has been honored in full. It's just that everyone else has decided to
start using a new cryptocurrency.

~~~
martinko
So much for confidence in future smart contracts in ethereum.

You have invested in an experimental 'organization' that is defined by the
contract that is its code. The code supersedes any other interpretation of the
contract. You have agreed to this. Now something didn't go the way you wanted
it to, yet fully in line with the code, and you want to fork the entire
currency to steal this 'attacker's' property.

Good luck with your fork, it will mark the official end of ethereum.

~~~
adekok
> You have invested in an experimental 'organization' that is defined by the
> contract that is its code.

Greed trumps contracts.

------
programmarchy
I tend to agree with the letter. I'd probably feel differently if I was a DAO
token holder, but I think forking the blockchain would be a severe compromise
of the principles laid out by Ethereum and the DAO: the code is the contract.

Just like it was unethical for the banks to get bailed out from bad, risky
mortgage-backed securities, it's unethical for the DAO to get bailed out for
writing bad, risky code.

~~~
dev1n
The banks needed to be bailed out or else there would've been a massive bank
run on the scale of the Great Depression.

The people who made those MBS trades should have gone to jail, and they
didn't. That's where the injustice stems from.

~~~
effingwewt
Then that is what needed to happen. Banks failed, therefore they should go
away and be replaced with something else. It literally is that simple. By
bailing them out we shifted away from capitalism. Which may not be bad, but
let's call it what it is. Once we use our own capital to reinforce dead/dying
businesses we give them incentive to get too big to fail, make all the cash
they can while doing it, and screw everyone along the way. People would have
been better off with prepaid cards and cash. We should have used that bailout
money to make sure people got their money from banks. This is where the
injustice lies. If we didn't send them to prison, we didn't have to PAY them
for being criminals. Ugh they even paid themselves huge bonuses with the money
we the customers gave them to continue screwing us. Remember them not loaning
money though we just GAVE them tons, even though it was a provision of said
bailouts? Saying it "wasn't their problem"?

Sorry, I'm jaded but when I see people say stuff like that it just makes me so
resigned to the fact this is not the place I grew up in, in the 80's.

------
pjhumble
Many legitimate companies take advantage of poorly written contracts for
monetary gain. The terms state the DAO's code is the contract. It's just as if
he was a lawyer or analyst, who did his due diligence, carefully reading the
contract and finding a (legal) loophole. English may be imprecise, and a paper
contract could be challenged in a courtroom, but with smart contracts, there
is no need for a court, since the contracts are governed by the laws of
physics (the VM).

When the stakes are real and consequences real, more money and smart people
will be attracted to the platform, and over time smart contracts will become
more robust. Without real consequences, what is the incentive to participate
if the rules can change when they don’t always go in your favor?

~~~
heisenbit
Yes, wording can be twisted. But the other side can mount the legal argument
that this was not the meaning of the original contract. From
[http://apps.americanbar.org/litigation/committees/trialevide...](http://apps.americanbar.org/litigation/committees/trialevidence/articles/spring2014-0614-demise-
meeting-of-minds-contract-law.html)

    
    
      Strict construction might be the appropriate 
      approach if we lived in a society where language 
      was so formal, standardized, and known that every 
      contracting party would use precisely the same 
      words to describe an agreement.

~~~
LoSboccacc
That's more tricky, ethereum claims anything permitted by the code is the
contract.

------
jackgavigan
Setting aside the question of whether the letter is genuine, the attacker is
perfectly free to enjoy the ether he stole.

However, the rest of us are also perfectly free to adopt a fork if we wish.

~~~
jacquesm
Yes, but that would be breach of contract.

~~~
mbrock
Can you clarify who would be breaching which contract?

~~~
jacquesm
The attackers claim (assuming that's who wrote the message) that he merely
took advantage of the contract as written is at first reading a plausible one.
To change a contract after it has been written and executed and to try to
'undo' a done deal based on actions the contract and its context fairly
explicitly ruled out prior to the execution would seem to me to be against
both the letter and the spirit of the contract.

I get why everybody is upset, but this was pretty much bound to happen.
Security of this kind is an all-or-nothing item, you have to get it 100% right
or it might just as well not happen at all. So all this backpedaling and
fixing does absolutely nothing in my view to strengthen the concept.

The only way forward would be to declare this version a total loss and to do a
reboot with a better core and then to see how long that one will stand up.

Rinse and repeat until one really stands (by then confidence will likely be
quite low) and accept that it could _still_ go down at any point in the
future.

A bit like the Monty Python sketch about the castle built on swampland.

Anything less will not do, either the contract is all there is or it is
pointless.

~~~
mbrock
Legally this all seems very esoteric and shaky.

Philosophically I wonder about this "the exact code defines the semantics of
the DAO" clause because, well, nobody's suggesting to change the code; the
fork proposals would just change how the code is interpreted.

Kind of like "this exact Java code defines the terms of the contract" but then
a new version of Java makes that code behave differently...

So the clause depends not only on the Solidity code but also on the Ethereum
virtual machine's interpretation of that code, and the question now is whether
that interpretation is constant or mutable.

And, like, what's even the legal status of the
[https://daohub.org/explainer.html](https://daohub.org/explainer.html)
document? It has a list of things to which anyone who interacts with "The DAO"
supposedly agrees, which seems like a typical groundless EULA and anyone who
"invested" could just say "uh, I didn't agree to any of that stuff".

I'm not really making an argument, I just find it bewildering to even imagine
how any of this stuff would be interpreted by lawyers.

~~~
jacquesm
> I just find it bewildering to even imagine how any of this stuff would be
> interpreted by lawyers.

Agreed, and that's essentially what we're seeing here, some kind of rough
equivalent between lawywers hacking human language and programmers hacking
code. A 'smart' lawyer is equivalent to a hacker, finding a loophole in the
law to enforce some novel interpretation of the letter rather than the intent
of the law.

Trying to do an end-run around a whole bunch of established systems all to end
up with re-inventing the exact problems of those systems that you were trying
to get away from in the first place, it's kind of funny.

------
taspeotis
I assume this is fake.

To me, it doesn't follow that forking Ethereum to change it's behaviour would
constitute "seizure of ... ether". There's no law to stop the Ethereum
Foundation from changing their software protocol in arbitrary ways. It's
theirs, they can do what they want.

There's money involved, but in that case it's similar to the scenario if
Supercell decided to remove IAP from Clash of Clans and users couldn't use
their gems.

~~~
jacquesm
It could be a fake, but that has no bearing on whether or not what is written
there is factually correct. Judge the document contents on their merits or
lack thereof, not by their provenance.

------
zby
It is signed - has anyone checked the signature?

~~~
curiousgal
It's useless unless you know who signed it; have a public key. Fake.

The real "hacker" made millions shorting ETH before the attack.

~~~
cheez
This is actually brilliant and is almost a no lose situation.

* Outcome 1: ETH is forked -> ETH value goes to 0, the shorted currency is pure profit minus interest

* Outcome 2: ETH is not forked -> Hacker gets $50 million

These are only the technical outcomes but the only social outcome I can see is
a lot of suing going on. My suspicion is that it is unlikely that anyone will
succeed in a legal challenge, but I'm not a lawyer.

~~~
curiousgal
Of course legal challenge won't be fruitful. In the eyes of the law using an
exploit on an vulnerability found in a contract will still be interpreted as
malicious or even criminal and thus illegal,

~~~
julian_1
I don't understand your certainty - the point about law is that there is an
exception to every rule.

Courts enforce contracts that contain unfavorable terms all the time. And
malciousness is not a part of contract law. It's true that contracts can be
set-aside (though not always) when they have a criminal basis, but it's not at
all clear that this is the case here.

There was an unequivocal and unilateral offer made to the world in the text -
that will be hard to read down as anything other than an intention to
contract.

------
oolongCat
This whole ordeal has made me look at cryto currencies in a less optimistic
way I guess, it's all Utopian this Utopian that, freedom freedom this that,
until people realise that in the real world things are not as perfect as they
imagine.

------
lsmarigo
How funny would it be if it turns out this was written by someone high
up/heavily invested in eTH/DAO to push users to support the fork (which didn't
seem anywhere near majority yesterday)

------
atomicion
" to the extent you believe there to be any conflict or discrepancy between
the descriptions offered here and the functionality of The DAO’s code at
0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets
forth all terms of The DAO Creation."

You can't say on the one hand that the code that lives on the blockchain is
the absolute source of truth and then claim when someone uses that code
contained in that contract to get rewarded for doing due-diligence that it was
wrong. The DAOs hubris is what got the investors into this mess. I was for the
forks until I read it. Game Over for the DAO.

In fact, the attacker has already won as he could also attack the other
fallacy still standing - that decentralization somehow leads to a less corrupt
system. Don't believe me? The attacker should simply be less greedy and offer
9 million dollars USD to each of the 4 largest mining pools to NOT observe the
fork. He still walks with about 4 million.

dwarfpool 9.7% 1882 30.7 1.1 TH/s f2pool 12.8% 904 14.7 557.0 GH/s ethermine
12.4% 701 11.4 431.1 GH/s ethpool 12.5% 511 8.3 313.6 GH/s

This would give him the majority and incentivize the miners to not go along
with the will of the DAO creators. And consensus still wins. Bought and paid
for with money gained from investors who didn't understand or do due diligence
before dumping money into a new untested type of organization. Maybe proof of
stake will fix this mess. The attacker has already won by showing the hubris
and lack of research on the part of investors and DAO creators. The DAO
creators can't have it both ways.

------
drinchev
Touché

What the attacker claims seems reasonable.

------
_pdp_
I have no stake in this so perhaps it is easy for me to make comments but here
it is: if nobody agrees that there is any value in this currency then there is
no value even if real money is involved. I could have written this a little
bit better, I know.

So a hard fork is in essence the community saying that they do not accept that
there is any value for them beyond a certain point. Nobody breaks any laws.
The "attacker" can retain what they gained. Nothing changes. The community
simply moves on to another island - it is as simple as that.

I am not a lawyer but I cannot see how someone can sue you for not wanting to
do business with them purely from value perspective. Perhaps this is a bit of
an extreme example but it is also as if I start suing everyone because they do
not accept doing business with me while I pay them with seashells (once
perhaps considered a valid tender).

~~~
bakhy
so, the DAO contract is the only authority, and everything is on the
blockchain, except when the collective decides it's not? you say "nothing
changes", but something obviously would - "the attacker" would lose their
money. and not because any smart contract decided so, but rather >1/2 of the
involved participants.

of course, he's a thief and should not get the money, but maybe the DAO was
flying a bit too high too quickly.

------
YeGoblynQueenne
So, I know next to nothing about the DAO and Ether, but could some please
explain this to me? The way I read this is that someone just proved that all
code has bugs and if you use code as a contract, people will inevitably find
ways to exploit its bugs and take your money (or, whatever, ether).

Is that what just happened?

~~~
em3rgent0rdr
Yeah. And it proves that ether is valuable. And that it is important to debug
and beta test in small scale.

~~~
anc84
How does it prove any value?

~~~
Kristine1975
If ether had no value there would be no talk of undoing the transaction.
That's my guess at least.

~~~
em3rgent0rdr
Yes. And the fact that people are trying to steal them.

------
brudgers
I am reminded of the engineering triangle, and like most code, the DAO code
looks FC optimized.

There is a logistical asymmetry. DAO had to allocate resources between
engineering the software and selling the idea to investors.

There is also an economic asymmetry. DAO can only use a small portion of the
total fund to cover the expenses related to code quality. Funds for future
projects have to be retained. Returns on investment have to be provided.
Conversely, the attacker can potentially cover their expenses with all of the
DAO funds. For the DAO, $1,000,000 of defense is a significant portion of
operating expenses and has low marginal return. For the attacker, $1,000,000
is an investment in potential 70x return.

That's enough to attract sophisticated actors even up into the state level.
But even ordinary fintech could pull it off.

------
sintaxi
Well played.

------
zaroth
I think Levine did a good job debunking the idea that a bit of disclaimer in
the Terms of Service would preclude a court of law from considering facts
beyond just the [exploitable] code of the smart contract. In the real world
courts are fully equipped to handle situations like a faulty contract being
exploited by insiders and outsiders alike. Fortunately the law is not a Turing
machine. I think if the hacker who exploited this bug ever was uncovered it
would not go well for them.

But the idea that any miner choosing a fork which blacklists this recursive
split exploit is liable for damages to the hacker, that's just laughable. Can
you imagine a universe where miners are legally bound to continue investing
their hashrate in a particular fork?

The entire system is predicated on miners independently choosing whichever
fork they want to support. The attacker is welcome to mine as much as they
want on their preferred fork, just as any miner is free to do the same.

In any case, the market will decide how much the Eth on either fork should be
worth. You can argue which fork you would value more, or which universe you
would rather live in, but what's neat is ultimately the miners and the market
will decide.

Whatever direction the Eth ultimately goes, one thing we can be sure of is
that blacklisting is always possible to the extent that miners are willing or
able to be compelled into implementing them. A campaign against blacklisting
this particular address seems to me to be misplaced, because other than
enriching the hacker it accomplishes nothing. Miners upgrade their code to
express their preferences all the time. Miners can run "official releases" or
variations on the same at any time. I think arguing that loading or not
loading a particular commit proves anything about the future nature of
Etherium is pretty speculative. You can blacklist an address today and not
blacklist tomorrow. You can not blacklist today and blacklist tomorrow.

My own opinion is that Eth is very much still in Beta (or Alpha) and the
community is still in Kindergarden learning how to write secure contracts in
Solidity. We should expect these contracts to fail like this more often than
not. If the miners vote for a "redo" on this particular bug in this particular
contract I think it doesn't matter much either way. The reality is that Eth
has a very long road before it can be safely used for its intended purpose,
and that realization (whether it should have been obvious or not) will have a
larger economic impact than this particular hack being rolled back or not.
It's not like this is the _only_ bug in "The DAO" code.

------
j15t
Mods, could you please indicate in the title that the validity of this letter
has not yet been verified. The attribution in the title: "(The DAO hacker)"
assumes that this is an authentic letter.

~~~
gtirloni
I find it ironic that blockchains promote the idea of anonymity while the
community spends a considerable amount of time discussing who did this or
that. It seems the hunt for Satoshis is an unexpected social consequence of
blockchains.

~~~
StavrosK
But it's trivial to prove that it was the attacker, they can just sign this
message with the public key used for the transaction.

------
tener
He can sue, but who and for what? Essentially the community is showing him a
finger even if he didn't break the law. He will keep the money, but they
simply won't be doing any business with him.

~~~
raverbashing
He can try to sue (in the US)

Next thing the IRS will go after him for the corresponding taxes on millions
of dollars of crypto currency

~~~
Kristine1975
So they pay the taxes. There should still be quite a bit left.

------
iamben
So that's just over 50 million dollars?

~~~
nilved
50 million Internet dollars. He needs to sell them for real dollars, I
believe.

~~~
midnitewarrior
He knew what he was doing, and when it would be done. If you know this, you
can short the currency and make a mint without spending the stolen currency.

------
mannykannot
When Ethereum was first announced, there was a lot of fanciful talk about
trustless economies (much of it still easily available). I briefly tried to
get a discussion going about the difficulty of verifying Turing-equivalent
code, but the zealots thought I was trolling.

------
arisAlexis
I like this guy

------
carlchenet
haha it's unavoidable they're going to sue him. But he seems ready :)

~~~
Draiken
Ready and with $50M to defend himself?

I have no idea how you get actual money out of it, but if he does get it,
that's a lot of money for lawyers...

