
Attempt to Reverse a $55 Million Ether Heist - bmj1
https://www.bloomberg.com/features/2017-the-ether-thief/
======
n8n3k
Thief?

He strictly followed the terms of a contract by people who were very clear
that "code is law" and who did not want institutions were the result is
decided by human judgement.

~~~
supernumerary
Can we do an experiment and use 'she' for anonymous players in these stories?
Would be kinda cool. The article uses 'he' throughout, and only acknowledges
the possibility of it being either/or/group in the final paragraphs.

~~~
plainOldText
What's wrong with he? I think one can choose one or the other, and the author
chose he. There's also the alternative of using he/she every time, but I think
that would just be annoying.

~~~
rdubz
Attempting to expand on context that I think the parent left implicit:

\- Women are underrepresented — in STEM fields at large and in the
cryptocurrency space in particular — relative to a fairer world with less
sexism, outmoded notions of gender roles, etc.

\- This underrepresentation self-perpetuates partly because well-meaning men
in these fields don't realize it's happening: it always feels better to
believe a happier story about the world being more fair, and such men have
less data about what keeps women out than they would have in a fairer world
where women were more present to tell their stories.

\- Erring on the side of feminine or gender-neutral pronouns — against this
backdrop of under-representation — is a lightweight way to signal basic
awareness of these issues and avoid the appearance of reinforcing them or
believing they should be reinforced. As such, it informs my general model
about the writer's thoughtfulness/sensitivity, which has some bearing on how
compelling I find their argument to be.

It also bears noting that while I can mostly shrug and move on if a writer is
implying apathy (or worse) about this issue, it is a more acute and even
threatening signal for some women whose careers/lives have been damaged by
these playing fields' having never​ been level, and it is morally fraught to
participate in and benefit from discussions/community/resources that are
effectively/unfairly off-limits to under-represented groups.

tl;dr:

\- default-masculine-pronouns are not neutral,

\- we've all been tacitly made to think that they are,

\- some work to counter that makes sense, and

\- it's good to push conversations/awareness about them because the default
perpetuates them.

~~~
matthewmarkus
I discovered this article a while ago:

Avoiding Sexism in Legal Writing—The Pronoun Problem

[https://lawyerist.com/49433/avoiding-sexism-in-legal-
writing...](https://lawyerist.com/49433/avoiding-sexism-in-legal-writing-the-
pronoun-problem/)

It has some solid advice, but it also notes that the use of "he" in sex-
indeterminate situations was codified by Ann Fisher, "an 18th-Century
schoolteacher and the first woman to write an English grammar book." Now,
every time I see "he," I think of her.

~~~
plainOldText
Good article! As a result I am now aware there are various techniques writers
could employ to adopt a gender neutral language. Thanks for sharing!

------
RcouF1uZ4gsC
If R2-D2 used Ethereum.

C-3PO: He made a perfectly legal move.

Han: Let him have it. It’s not wise to upset a Wookiee (The Ethereum
founders).

C-3PO: But sir. Nobody worries about upsetting a droid (a regular contract
user without influence). Han: That’s cause a droid (regular contract user)
don’t pull people’s arms out of their sockets (hard fork the entire crypto
currency and call you a thief) when they lose. Wookiees (The Ethereum
founders) are known to do that.

C-3PO: I see your point, sir. I suggest a new strategy, R2. Let the Wookiee
(Ethereum founders) win.

With Chewbacca's and the Ethereum founders' behavior, you would be a fool to
play their game again thinking that they follow the rules.

~~~
rtpg
isn't it a bit disingenuous to say it was just the position of Ethereum
founders? People wanted their money back.

It's almost as if some recourse for actions done in bad faith is a useful tool
to have as a society...

~~~
gus_massa
That's not what says [https://www.ethereum.org/](https://www.ethereum.org/)

> _Ethereum is a decentralized platform that runs smart contracts:
> applications that run exactly as programmed without any possibility of
> downtime, censorship, fraud or third party interference._

~~~
mannykannot
Among those of us who see some value in smart contracts, there are two camps:
those who are realistic about their limits and challenges, and those who have
bought in to a massive delusion. This quote epitomizes the latter.

For example, how does 'run exactly as programmed' rule out fraud? Fraud is as
programmable as legitimate activity.

For example, if fraud is not possible, then what was the justification for the
hard fork?

People who have bought into a delusion find it hard to evaluate evidence - for
example "Van de Sande is eager to move on. “It was really just a blip,” he
says." So what was all the fuss about? After all, it was just two lines of
code, so simple in retrospect, and now it has been fixed, so there's nothing
to worry about, right?

Perhaps my favorite quote is "“I’m absolutely amazed. Why has no one traced
this back and found out who did it?” asks Stephan Tual, the third co-founder
of Slock.it." He is amazed that in one respect, this digital currency lived up
to one of their major claimed benefits?

I am also not at all surprised by the 'shoot the messenger' complaints about
Sirer's involvement.

The reality is that the verification of software, especially at this scale, is
a really difficult problem, and everyone who has bought into the delusion
seems to think that someone else is going to do it for them - I doubt that
even 1% know how to do it themselves. So much for 'trustless'.

------
passivepinetree
"Just as the global WannaCry ransomware attack in May laid bare weaknesses in
computer operating systems, the DAO hack exposed the early frailties of smart-
contract security and left many in the community shaken because they hadn’t
found the bug in time. "

This seems like a tenuous connection at best.

------
kbody
This case feels so closely to the very interesting case of Aviva France[1],
where a not "well-futureproofed" life insurance contract is making a person
very rich by the day.

Unfortunately for Aviva, their contracts are actually law in contrast to
Ethereum where if the devs feel like it, they can do/revert anything.

[1]: [https://ftalphaville.ft.com/2015/02/27/2120422/meet-the-
man-...](https://ftalphaville.ft.com/2015/02/27/2120422/meet-the-man-who-
could-own-aviva-france/)

~~~
BenjiWiebe
Am I missing something? I thought the devs had to have everyone agree to do a
hard fork. If the devs were in complete control, that wouldn't have been
necessary.

~~~
nebabyte
If the devs "just reverted anything if they felt like it", people would
quickly move to a different fork.

------
kator
> Another decision he made when he had no idea of the bug shows how quirky and
> unforgiving code can be. “If the capital ‘T’ in line 666 had been a small
> ‘t,’ that would also have prevented the hack,” he says.

Can someone familiar with this explain how something financially based can
have a capitalization flaw? I would expect a smart contract language to have
very strict type and variable linking. Humans make many mistakes in coding but
most of the time it doesn't cost $55m. A transaction language should be very
strict so either the smart contract language is flawed or the author of this
article is overstating something for dramatic effect.

EDIT: Found this:
[https://github.com/slockit/DAO/blob/v1.0/DAO.sol#L666](https://github.com/slockit/DAO/blob/v1.0/DAO.sol#L666)

on a deeper dive: [http://hackingdistributed.com/2016/06/18/analysis-of-the-
dao...](http://hackingdistributed.com/2016/06/18/analysis-of-the-dao-exploit/)

~~~
kefka
That's primarily because Ethereum is pure amateur hour. When Bitcoin had built
in checksums on addresses, Eth Dev's just said "watch where you send money".
They ended up having to later add in a capitalization scheme to serve as a
hash.

I have no clue how they managed to fool so many people with poor and shoddy
work. But they have so far. And they've fooled everyone that this is a 'hack'
even after saying time and again "The code is the contract, and the contract
is the code"... Unless lead devs lose money.

~~~
NicolaiS
The 't' vs 'T' has _nothing_ to do with checksums.

`Transfer` and `transfer` are two different functions, one creating an "event"
(think a signal on the blockchain) and the other actually transfering tokens.

The true flaw lies in the reentrant attack on `.send()`

~~~
Laaas
jesus christ, who the fuck would make two identical symbols differentiated by
only capitalisation? (Other than these guys obviously)

~~~
lproven
What, you mean apart from every Unix ever?

(All right, all right, excluding Mac OS X. But it's weird.)

~~~
jchw
That's filesystems, not the OS. There are some extremely good reasons to treat
filenames as bags of bytes, which is why Apple got rid of case folding in
APFS. Think performance, locale issues, etc.

(And before someone says it, yes, of course performance matters for filenames.
Every single stat shouldn't need to worry about case folding.)

------
atomical
Is it even illegal to hack Ethereum? Some purists would say the smart contract
was behaving as written.

~~~
wwwv
The principle of Ethereum is that code is law, the "hacker" followed the law
to the letter and acted in a prescribed manner. What's the crime here exactly?

~~~
DINKDINK
The ethereum foundations reaction to the DAO hack proved that the "code is the
contract" is not true. Which questions the very value of smart contracts on
the ethereum blockchain because it's proven that they're immutable now

This is a good discussion:
[https://www.bloomberg.com/view/articles/2016-06-17/blockchai...](https://www.bloomberg.com/view/articles/2016-06-17/blockchain-
company-s-smart-contracts-were-dumb)

~~~
darawk
> The ethereum foundations reaction to the DAO hack proved that the "code is
> the contract" is not true.

I disagree. The code must also refer to the implementation of the Ethereum
clients, and the collective will of the network participants. Those are
_implicit_ provisions of the contract, specified in advance. The Ethereum
Classic chain still exists, and the thief is welcome to use it. People have
simply voted with their feet and prefer a world without the theft. There is no
breach of contract, anyone is free to fork the Ethereum network in any way, at
any time. It is up to the users to decide how much value to ascribe each fork.

~~~
ubernostrum
I thought the whole point was to do away with "implicit" or "everybody knows"
or other human-interpretation/subjective factors?

If the premise is "the code is the contract, period, except we reserve the
right to change the contract at any time or even to cause the contract
retroactively never to have existed, based on implicit or subjective factors
decided by humans and not by code", then it's a very different beast.

~~~
BenjiWiebe
Except no one reserved that right. The majority of the users agreed to
basically create a new currency with the same history, minus the theft
/unethical taking of money (if you insist on calling it legal).

~~~
ubernostrum
So "the code is the contract" until enough people decide to unilaterally
change the code because they don't like the contract. Which is right back to
what I said.

There's no way of framing this that preserves the philosophical purity.

~~~
pas
There is.

It's the same thing with Communism/Socialism. Communism is the pure end state,
utopia, etc.

Socialism is the ugly road there.

Now, of course we know Socialism usually does a 5 minute walk in the park then
turns 90 degree at that big pine tree, and when no one's watching puts on the
evil hat, and by the end of the hour it's a totalitarian state! No iteration
on ideas, criticism is met with GULAG, no education, teachers and thinkers are
decadent freeloaders, enemies of Communism, internment, execution, mass
murder! You know the drill.

Etherum and other code is law experiments are trying to find the best
expression of that "common sense" platform, they are trying to craft the best
Constitution for this. "And no true Scotsman claimed that Etherum/DAO is
perfect." (This is the part where semantics is fuzzy, as it really depends on
who said what, when, how, why, and to whom. But realistically, anyone who
claimed to get it right the first time, was too optimistic, _and_ of course,
it was "reviewed",
[http://piratepad.net/theDAOreview](http://piratepad.net/theDAOreview) [
[https://www.reddit.com/r/ethereum/comments/4hkgsz/a_summary_...](https://www.reddit.com/r/ethereum/comments/4hkgsz/a_summary_of_the_dao_contract_review/)
] and see .. but never audited -
[https://www.reddit.com/r/ethereum/comments/4ota1q/the_truth_...](https://www.reddit.com/r/ethereum/comments/4ota1q/the_truth_about_the_security_audit_stephen_tual/)
.)

------
mannykannot
One thing not mentioned in this article is that the hard fork was only
feasible because there was not much else in the way of contracts on Ethereum
at the time, other than the DAO itself. If there had been vast networks of
interdependent, concurrent contracts and their obligations, as envisioned by
many of the most vociferous proponents of smart contracts, I think a rollback
would have been impossible, at least in practice. Next time, they may not be
so lucky.

~~~
kerkeslager
The success of the DAO performing a 51% attack on Ethereum virtually ensures
that Ethereum is useless for other contracts. Your contracts hold no value of
they can be rolled back at the whim of the holders of the largest contract in
the system for reasons that have nothing to do with your contract.

------
zenkat
Etherium's fundamental premise -- "code is law" \-- presupposes a general
solution to the formal verification of program correctness. This is an
unsolved problem (and is likely unsolvable in the complete case).

Put simply, all code has bugs. How can Etherium ever work in practice at
scale?

~~~
dmix
> How can Etherium ever work in practice at scale?

Aren't there a to of Bitcoin organizations with hundreds of millions of
dollars flowing through them? If these companies found a way to operate safely
with manageable risk, through things like cold storage and encryption schemes,
than how is it much different from Ethereum?

It's fun to say things like "code is law" and imagine everything happens
within this self-contained bubble but this stuff still operates in the real
world and there are risks and consequences for actions as well as real world
security mechanisms regardless.

~~~
mannykannot
It works because Bitcoin is only the ledger - the accounting part. All the
contractual aspects of the business activity are external to the blockchain,
and are handled in the traditional way - through civil law and procedures.

------
SolarNet
Part of the problem is they based this language off of JavaScript _on purpose_
no less. It should be hard to make mistakes like this yet a single
capitalization would change the semantic meaning enough to prevent this!
Terrible design choices for a financial banking language.

~~~
dyscrete
SolarNet what makes you think it's based on js

~~~
vuyani
Solidity is a contract-oriented, high-level language whose syntax is similar
to that of JavaScript and it is designed to target the Ethereum Virtual
Machine (EVM).

[http://solidity.readthedocs.io/en/develop/](http://solidity.readthedocs.io/en/develop/)

~~~
Jabanga
Syntax being similar is not the same as being based on it.

~~~
ryanlol
For only one specific interpretation of "based on".

------
harwoodleon
He was a thief, in the spirit that the money invested in the DAO was never
intended to go directly to one individual (i.e. him). It was an error in the
contract, as outed by numerous individuals.

Code as law is right, but laws can (and should) change, because the effect
they can have can be devastating if loopholes do the opposite of the intention
behind the law.

The fallacy here is that we have one immutable law that governs everything,
that is set at one time and never changed - how ridiculous. This is utter
nonsense.

The DAO was a beautiful experiment that went badly wrong. In the grand scheme
of things, if this was a heist in the traditional sense - everyone would have
lost out. But as it stands, it's probably the biggest bug bounty in history.

Hopefully no one got hurt. We learn and move on.

------
kensai
I don't understand why people keep complaining it was an "injustice" to
reverse the transaction. Most people followed the hard fork the reversed the
effects of the heist. If it was that unjust, Ethereum Classic would be the
major Ethereum fork now.

------
roryisok
This Post Title Needs Sentence Case, More Words

Ether thief remains a mystery, one year after $55m digital heist

------
jokoon
This story really needs an ELI5

~~~
dsacco
A guy came up with an idea of digital money that doesn't require contracts
using "smart contracts", where the code is the law.

The guy went to a bunch of people with the idea and they liked it.

The people talked about it a lot and many more people joined in.

They all pooled their money together to launch this cool money.

Some other guy came over, saw all of this, looked at the code, and used the
code to transfer $55M to his wallet.

Arguments about law and contracts ensued.

~~~
djrogers
That’s all stuff leading up to he hard fork and rollback...

------
7ewis
So I'm assuming the fork, Ethereum isn't at risk?

At least as far as we're aware.

~~~
vuyani
It still and will always be. They have set a dangerous precedence. If another
group of large developers decide to revert a certain transaction. They could.
The one platform that still has its integrity is ethereum classic

~~~
kerkeslager
But Ethereum classic is still subject to the problems of Ethereum main's
amateurish codebase.

~~~
vuyani
but the core difference here is there is no precedence set. Especially since
classics core belief is immutable transactions. As long as the community has
that integrity. Then its safe. but ultimately. It is a consensus based system.
So its not to say its not impossible

------
exabrial
Is Etherium not formally proven? One would think that would be a check box
among many things for a financial interchange system...

~~~
mannykannot
It is not even close. Nor is any other financial interchange system, but they
have external checks, balances, and a formalized way to correct errors.

------
vfclists
That page is virtually unreadable. Why the fancy CSS, Javascript and fonts?

------
Fej
Are there any terse explanations out there of the DAO bug?

------
mopedtobias
Isn't Bruce Wanker the hacker?
[https://youtu.be/_O5fdMFKEC0](https://youtu.be/_O5fdMFKEC0)

------
devdoomari
> ". Over email, he said, “We might be up the creek ;).” Later, when Gün
> pointed to the error in line 666, Daian replied, “Don’t think so.”

well, isn't the financial law against this kind of incompetence in the first
place?

I don't think the thieves would be guiltier than the team behind DAO.

ps: and line 666??? who the hell keeps a single source-code file that big? no
wonder bugs are around...

~~~
__s
> who the hell keeps a single source-code file that big

Me. SQLlite. .NET's garbage collector. CPython's eval. Lua's lexer. xinit.
dwm. These are off the top of my head that I've seen

[https://raw.githubusercontent.com/dotnet/coreclr/master/src/...](https://raw.githubusercontent.com/dotnet/coreclr/master/src/gc/gc.cpp)

[https://github.com/catseye/Befunge-93/blob/master/src/bef.c](https://github.com/catseye/Befunge-93/blob/master/src/bef.c)

[https://github.com/rust-
lang/rust/blob/master/src/liballoc/v...](https://github.com/rust-
lang/rust/blob/master/src/liballoc/vec.rs)

[https://github.com/oxyc/luaparse/blob/master/luaparse.js](https://github.com/oxyc/luaparse/blob/master/luaparse.js)

Yep. Pretty troll comment. Felt like taking the bite today. I'm going to get
back to getting my lexer past 1000 lines today:
[https://github.com/serprex/luwa/blob/master/rt/lex.wawa](https://github.com/serprex/luwa/blob/master/rt/lex.wawa)

~~~
minxomat
I think big source files have their place. Single procedure view is about the
only thing I miss in today's Visual Studio (was a thing in VS6).

