
Bad code may be to blame for $500M of cryptocurrency losses in seven months - agris777
https://topbitcoin.lv/bad-code-lost-500-million-cryptocurrency-year/
======
zaroth
Consider this: Every single Bitcoin mined has either been lost/stolen, or will
be lost/stolen, with probability approaching 1 over increasing timespans.

I’d argue that since January 2009 about 50% of the ~17M coins minted to-date
are lost. But the realization that this number will asymptotically approach
100% of all coins is a bit striking.

The reasoning is simple - maintaining control of your coins is surprisingly
difficult. The harder you try to secure them from theft, the more likely an
accident will wipe them away. The more redundancy you keep to protect from
losing them, the more they are exposed to theft. And as time goes on, the
random noise of life conspires to blot your coins out of existence. And once
they’re lost, there is simply no recovery.

The supply of Bitcoin is not asymptotically approaching 21M. The supply is
approaching zero.

~~~
wereHamster
Backing your coins up is very easy, most wallets support BIP32/39/44\. Just
write the mnemonic down and put it under your mattress. Or a safe if you have
one. But seriously, for most people under the mattress is equally safe. I
don't understand why anyone would keep a non-trivial amount of coins in a
wallet and not have a backup. That's irresponsible.

~~~
bpp
People losing their life savings because they kept it under their mattress is
basically the reason that banks were invented. So I suppose this has all come
full circle now.

~~~
wereHamster
There are web wallets today where you only have to remember a password, and
can recover access if you can prove your identity. Like uhm… banks. If you
don't trust yourself to keep the coins safe and backed up then go put them
there. No shame in that.

~~~
jnordwick
> recover access if you can prove your identity

So hackable, you're saying?

~~~
wereHamster
Like banks.

The discussion is turning in circles. People lose coins. Have a backup. Too
difficult. Put them in a bank. Banks are hackable. Manage the coins yourself.
But then I might lose them.

(you can replace bank with 'trusted third-party', doesn't change the outcome)

Consider the two options: self-managed, or in a trusted third-party. Whichever
has the smaller (perceived) risk, that's where you store your coins. Not
everybody asses risk equally, and that's fine. My preferred solution may not
be the same as your preferred solution. That's fine, still.

~~~
jnordwick
Fiat banks can recover money though - cash can be found and transactions
unwound - and there are techniques to poison what is stolen without
permanently decreasing the money supply. Freezing a wallet basically destroys
the btc forever with no way to print more.

~~~
wereHamster
And the bitcoin software is written in stone, can never be changed.

~~~
mort96
Basically, yeah.

I mean, the wallet software is obviously open source, and you can change it
however you want of course, but allowing for transactions to be undone would
basically require rewriting the entire protocol and everything which interacts
with the bitcoin network - and that's if it's even possible in the first
place, without removing vital parts of bitcoin like the decentralization or
being able to trust the entire network without trusting any one entity.

------
jacquesm
Who says it was lost? I suspect quite a few of these 'hacks' are inside jobs
to take coins from the general public and move them to the
founders/owners/employees of exchanges.

Yes, that's a pretty harsh accusation to make, but there is plenty of evidence
that this happens with some regularity and the number of instances is high
enough to make that claim. And it will continue as long as gullible people
place 100's of millions in unsecured accounts without oversight.

Who knew that regulatory oversight was a good thing?

~~~
mschuster91
Hmm. I'd say it's a combination of inside jobs and general poor
coding/security practices. The inrush of customers has prompted lots of people
to follow the "sell the shovels, not mine for gold" mentality and try to open
up their own exchanges... and every exchange is a prime open target for any
hacker because of the massive amounts involved.

~~~
leibnizwasright
In addition to all you said, I would add that some more advanced test
frameworks/library a missing. There are only good ones for unit tests and UI
test automation like Selenium, for integration tests there is a huge gap of
decent test frameworks missing.

~~~
jacquesm
Wrong thread? Or do you feel that test frameworks/libraries are going to take
care of sloppy security practices and inside jobs?

~~~
leibnizwasright
From the bugs described in the article, specially the one a person could
withdrawal from another account to its own account, I believe better test
libraries could help. Normally people develop tests using the same input data
from beginning to end of test execution, since it becomes cumbersome to use
different test data for input in the same round of test execution. Mainly
because how these data come from fixtures.

~~~
mercer
I don't know if this is a good example of the value of testing. This 'mistake'
strikes me as so colossal that the idiot who allowed it to happen would not be
saved by writing tests.

------
patio11
If this interests you:

[http://dayssinceacryptocurrencyexchangehaslostmorethan100mil...](http://dayssinceacryptocurrencyexchangehaslostmorethan100million.com)

------
s_dev
I've lost .38 Eth because of the Mist wallet on macOS.

Seems they've a password issue where the password is always wrong even if you
wrote it down at the time of setup.

The suggested solution on the GitHub issues is to use a brute force attack
using a python script. Such an issue just screams poor testing.

~~~
jerf
Is it this script?
[https://github.com/burjorjee/pyethrecover](https://github.com/burjorjee/pyethrecover)

That is atrociously bad. It appears to use a pure-python implemention of AES
(!!!) [1]. Holy cow. This is going to be miserably slow. Using all the CPUs
isn't going to help when it's going to be literally tens of thousands of times
slower than better techniques.

You will literally have time to learn hashcat [2] from scratch, learn how to
implement the plugin, test the plugin with some sample passwords, and run it
yourself, and _still save time_ over running the Python script, because even
if you leave the Python script running during the entire, say, week you spend
learning all this, the hashcat script will still outrun Python in the first
_minute_ or so, by my somewhat conservative estimate that it will run 10,000x
faster. (I wouldn't consider 100,000x out of reach. Depends on your GPU. But
hashcat will still be faster even just on the CPU alone.)

(Also hashcat shows some ethereum support, but neither of the two things it
says say "aes". I don't know whether hashcat would support this out of the
box, I'm just saying that you literally have time to implement this from
scratch and _still be faster_ than running that Python script.)

(I also want to be clear that this isn't GPU fanboying. It can't be, because
I'm not one. GPU computing is very often oversold. But this is legitimately
one of those cases where GPUs can smoke CPUs by multiple factors of
magnitude.)

[1]
[https://github.com/burjorjee/pyethrecover/blob/master/aes.py](https://github.com/burjorjee/pyethrecover/blob/master/aes.py)

[2] [https://hashcat.net/hashcat/](https://hashcat.net/hashcat/)

------
nobrains
If a coin is stolen, it is still in circulation. No affect on the holders of
that cryptocurrency.

If a coin is lost, it is out of circulation, and the net effect is that it is
distributed to all the remaining holders of that cryptocurrency.

~~~
boobsbr
> If a coin is lost, it is out of circulation, and the net effect is that it
> is distributed to all the remaining holders of that cryptocurrency.

Meaning the value of the remaining coins increases a tiny bit because supply
was reduced?

~~~
nobrains
Correct

------
granaldo
Tipping point is bulk of everything Seeing more of this further solidifies the
case for decentralized exchanges

I used to remember how every hack hits the market really bad

This time every hack is like business as usual
[https://www.coingecko.com/en](https://www.coingecko.com/en)

Which is why when I get into investing in crypto. I take coin hack risk and
volatility risk into account from day

------
tlrobinson
On the flip side, the combined market cap* of all cryptocurrencies has
increase approximately $400B in the last year.

* Yes, I know market cap is a poor metric, but it’s equivalently bad to the $500M “lost” metric used here.

~~~
Retric
That's assuming the total number of coins still exists. I would not be
surprised if 20% of all bitcoins have already been lost.

EX: Satoshi's coins could all have been lost at this point.

~~~
jnordwick
I wonder how much the rise in btc or eth can be attributed to lost or
blacklist coins?

------
juskrey
Not necessarily code, not necessarily lost and not necessarily $500M

~~~
lawlessone
Not necessarily a reply.

------
moonbug
..and, yet, nothing of value was lost.

~~~
TeMPOraL
Lots of electricity was wasted.

------
ryandvm
One man's loss is everyone else's gain. If $500MM of a coin is irrevocably
lost or destroyed, everyone just gained $500MM in value through an increase
rarity.

It's equivalent to the losers transferring all their coin to the rest of the
network participants (in proportion to their stake).

~~~
chrisseaton
> If $500MM of a coin is irrevocably lost or destroyed

But the examples in the article are about coins being stolen, not lost or
destroyed. Someone somewhere still has it and is presumably able to spend it.

~~~
akerro
>But the examples in the article are about coins being stolen, not lost or
destroyed. Someone somewhere still has it and is presumably able to spend it.

quite a lot of these stolen coins were tracked down and weeks later locked by
exchanges when someone tried to sell them.

