
$300m in cryptocurrency' accidentally lost forever due to bug - chirau
https://www.theguardian.com/technology/2017/nov/08/cryptocurrency-300m-dollars-stolen-bug-ether
======
JackFr
The whole sales pitch of ETH is that the code is the contract. Thus the
contract is literally the codified agreement of intent of the parties. _There
is no intent apart from the code._

There are no bugs. There is no theft. There are no accidents. There can be no
need of a hard fork.

~~~
Xeoncross
"the myth of communication is that it has occurred"

~~~
sova
George Bernard Shaw! :)

------
mtgx
The way Ethereum, its programming language, as well as its "smart contracts"
work effectively ensures there will be _an infinite_ amount of such issues in
Ethereum's future (assuming Ethereum also survives indefinitely, despite all
of these issues).

If Ethereum is the "internet," then all of these incidents are kind of like
"data breaches" that have happened and will continue to happen for the entire
life of the internet/Ethereum network. And if the number of data breaches
throughout the internet's life is any indication for what will happen on
Ethereum, there will be a lot of "hard forks" in Ethereum's future, too.

Ethereum devs signed-up for this when they decided to make its smart contracts
Turing complete.

~~~
LyndsySimon
My position on Ethereum is that it will never be a general-use currency for
human beings. Logically rigid contracts are not a feature that people really
want. We've built entire judicial systems around the idea that contracts are
malleable and that judgments are often sought that take more into account than
was known at the time of creation.

Ethereum may actually end up really shining as autonomous organizations become
a real thing.

~~~
eternalban
You do have an interesting point worth discussing, but that was not the thrust
of GP's comment.

Even your "autonomous organizations" will need to deal with e.g. the halting
problem, for example.

[http://cognet.mit.edu/book/heterogeneous-agent-
systems](http://cognet.mit.edu/book/heterogeneous-agent-systems) [You want to
read chapter 10.]

------
Dolores12
How about you give away 50% of tokens recovered to charity to incentive 51% of
ethereum community to make hard fork? I see no reason why would whole ethereum
community should care about what users of specific contract are doing.

------
rboyd
I think the community needs to develop a process ahead of time for determining
how to deal with these issues. A good start might be:

Can the protocol be made more robust against this class of error?

Is the proposed protocol change victimless? (nobody has already spent forked
funds, etc.)

Is the protocol change elegant? (If you were to start over would the
implementation have included this change to begin with? e.g. no hard-coded
addresses with special code paths)

------
nxsynonym
Can someone ELI5 if this is an issue with Ethereum in concept/execution or
with Pairity and how they handle Eth?

Is this an issue that can be repeated on different wallet platforms/exchanges
easily, or is there something uniquely wrong with Pairity wallet that caused
this?

~~~
PeterisP
Parity made this particular bug; but the bug and impact raise questions about:

1) Whether the Ethereum/Solidity design and implementation is good enough,
because it seems that bugs like this and not like this are far too common and
far too easy to make, and a better design/implementation would make such
incidents less common;

2) Whether the Ethereum concept/sales pitch of smart contracts that cannot be
overridden is actually something that the community wants, and perhaps there
does need to be _some_ structured way/process on how flawed contracts can be
altered; as the DAO incident is some evidence that we might want _a_ way to
alter contracts in certain conditions, but the previously used solution of ad-
hoc hard fork isn't a good one. Perhaps we _do_ want smart contracts that
can't be overridden in any way whatsoever, but we have to acknowledge that
this has a serious price - incidents such as this one.

~~~
nxsynonym
Thank you! This was super helpful.

------
detaro
duplicate, reporting on issue discussed here yesterday
[https://news.ycombinator.com/item?id=15642856](https://news.ycombinator.com/item?id=15642856)
(375 points, 271 comments)

------
DiNovi
bug on Internet unleashes 175mm peoples private info including SSN: Lol
internet!

Ethereum bug loses 500k eth: Shut it the fuck down it will never work.

People... get used to stuff.

~~~
Jtsummers
Apples and oranges.

Bug in a specific DB or HTTP server implementation exposes confidential data:
Patch it or shut it down.

Bug in a specific service: Patch it or shut it down.

Ethereum is equivalent to those things. It is not equivalent to the Internet,
that would be "blockchain technology" (quotes because it's such an ambiguous
and ill-defined space right now).

Ethereum is buggy. Plain and simple. It is ill-designed, ill-scoped, and ill-
managed (there never should have been a hard fork for the DAO fuckup).

~~~
Bromskloss
Is this a bug in Ethereum? I thought it was a bug in a piece of wallet
software.

~~~
Jtsummers
I’d say it’s a bug in ethereum. A Contract has dependencies. Those
dependencies can be shut down before the contract. The contract is now stuck,
unable to be processed.

This is very much like the leftpad issue with node and npm. It’s a flaw in the
design of the system that permits this behavior. The contract (wallet
software) is also clearly buggy. But the bug is a consequence of the ill-
designed foundations.

------
calgaryeng
This is comical. Anyone who tells you that currency was _actually_ worth
$300MM is out of their mind. This is an interesting experiment, but seems more
like a pump-and-dump.

~~~
Bromskloss
What does "actually worth" mean? It's worth whatever someone currently is
willing to pay for it, isn't it?

~~~
sova
True value or Real Value are stabilized values in the market directly
proportional to usefulness of the commodity or currency. If people wanted this
much ETH, it would be worth that much, but saturating the market with that
much more ETH would drive prices down. It's like the meteor that was made of
Iron that swung by the earth "it's 5 quintillion dollars of iron ore!" well,
with simple multiplication that may be so, but the assumption is that this
material would be absorbed into an economy that can use it effectively. Nobody
is actually going to hand you 5 quintillion dollars for the meteor.

~~~
Bromskloss
> saturating the market with that much more ETH would drive prices down.

Of course, like with any stock or commodity, the market price is the valuation
of the good _for small amounts_ of the good.

------
bolololo1
That's why this tech it's still not safe to use.

Imagine someone sending $100.000 of his hard earned money and from loans to
pay for his daughter operation and this gets lost because of a bug and a
developer in panic mode!

~~~
LyndsySimon
> That's why this tech it's still not safe to use.

For many cryptocurrency users, it's not intended to be "safe" \- it's intended
to be free.

Consider that running `rm -rf "/$APP_ROOT"` in a shell script is unsafe.
People writing their own shell scripts are doing so for the power it offers
them, and should be aware that this power enables them to shoot themselves in
the foot. Likewise, if you choose to "be your own bank" cryptocurrencies give
you the power to do that - and the power to shoot yourself in the foot.

> Imagine someone sending $100.000 of his hard earned money and from loans to
> pay for his daughter operation and this gets lost because of a bug and a
> developer in panic mode!

Imagine someone bringing $100k in cash to the hospital to pay for that
operation, only to have their car catch on fire and consume the cash on the
way. The specific mode of failure here is different for cryptocurrencies,
sure, but this _category_ of failure is not unique.

~~~
mikeash
Most people would say that transporting $100,000 in cash in a normal car is a
really, really bad idea. If that’s the analogy for cryptocurrency, it seems to
be an unflattering one.

~~~
zaarn
What about putting all your money under your mattress and then your house
burning down?

~~~
bpicolo
Most people would say that's a bad idea, too.

------
auggierose
Who cares if something that should really be worth $0 is lost forever?

~~~
Bromskloss
What do you mean by "should be"?

------
repler
It is not "lost forever":
[https://news.ycombinator.com/item?id=15644454](https://news.ycombinator.com/item?id=15644454)

They can do a hard fork and this money will re-appear.

~~~
kolbe
I am not sure how your link disputes the title. A hard fork to a new currency
still means that the past currency is unusable forever, and in the world of
crypto, that means lost forever.

~~~
repler
The title makes it sound like people lost their money.

~~~
akoncius
didn't they? People invest in hardware, pay electric bills, even purchase
coins from stock exchanges to have them and suddenly - fork? of course they
lost money.

~~~
repler
The point stands that it is not "lost forever".

When you invest in the stock market, and the market crashes, THAT money is
lost forever. This is not that.

~~~
root_axis
> _THAT money is lost forever_

No, it isn't, because the price can go back up in the future. In this case,
there is no hope of recovery unless you count the entire network pretending
this never happened as recovery. Ironically, the real stock market is more
immutable in practice than Eth.

