Hacker News new | comments | show | ask | jobs | submit login
An Open Letter (The DAO Attacker) (pastebin.com)
257 points by arekkas 343 days ago | hide | past | web | 101 comments | favorite

signature fails to validate here:

    $ helpeth verifySig 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e 0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b072c81637fe81006061603908f692dc15a1b6ead217785cf5e07fb496708d129645f3370a28922136a32
    Message hash (keccak): 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e

        throw new Error('Invalid signature v value')

Japp, troll.

This letter is fake. Signatures do not match. Flag and move on.


Even if it is fake it raises interesting issues worthy of discussion, so I'd say note that it is fake, don't flag, and let's discuss those issues.

The answer, an open letter to the attacker: https://www.reddit.com/r/ethereum/comments/4oo3ud/an_open_le...

And according to this [1] (based on the signatures) the open letter from the attacker is fake.

[1] https://www.reddit.com/r/ethereum/comments/4oo1io/an_open_le...

I find this whole situation has an interesting parallel to international law. Unlike other kinds of law that are backed by the power of individual states, international law exists in this weird zone where it's kind of law, but kind of also the United States can do whatever they want because they own all the aircraft carriers and what are you going to do about it punk?

That's why it's funny to see Sealand, Hutt River Province, Liberland and other nation-hacking experiments say things like "The Law says this is our nation!". The law is an illusion that exists only in the shade of power, specifically power to provide enforcement. That illusion just doesn't work on the world stage. Any sufficiently powerful actual nation could come and take your island and no other nation would bat an eye. The only reason they don't is because it usually doesn't matter enough to even be worth the bad press.

Ultimately, The illusion of law in Ethereum is implemented on top of the power of the miners involved. The miners can and possibly will eradicate The Attacker's carefully grifted money if it suits their interests. Power trumps law.

This open letter is being written for two reasons: firstly, the power of the miners can be swayed by appealing to their ideals. Secondly, because this whole virtual legal playpen is still subject to real-world laws and, thus, state power.

It's fascinating to see how quickly this smart contract experiment has turned into a struggle between these multiple levels of political power, with really nothing at all to do with the letter of the law as laid out in the contract. Well worth the price of admission, in my opinion.

That not how international law works. International law doesn't really "exist", it's a convoluted assortment of treaties that were signed and ratified by different countries and if you and another country signed the same treaty it gives lawyers the legal framework to work in because in this case all parties have agreed to play by the same rules(there is a slightly different between being a signatory and ratification which gives lawyers a weaker and a stronger argument but that's besides the point). Now while you might want to hyperbolically claim that the US has violated international law, the state department and the white house council would strongly disagree with you and they will be right. People throw the words international law and war crimes way too easily these days, and while I do believe that they believe that a country has violated international law or has committed war crimes they more often than not do so on moral reasons not on legal ones, and more often than not they are wrong.

All law is ultimately backed by the ability to enforce it, it is just a little less obvious to those who have grown up as a member of the privileged majority in a prosperous, liberal western-style democracy (the privilege that I am referring to is precisely that of growing up in etc.) It is so unobvious to some of them that they turn to a fanciful version of libertarianism as the imagined solution to their mostly-imagined slights.

> this weird zone where it's kind of law, but kind of also the United States can do whatever they want because they own all the aircraft carriers and what are you going to do about it punk?

That definition should go on university books, seriously. A lot of what we talk about when we discuss "international law" is a contorted way of making this or that nation prominence as morally justified.

> and no other nation would bat an eye

... however, this is a bit too cynical. The UK definitely did "bat an eye" when Hitler seized Gdańsk/Danzig. Russia is currently under sanctions after its Crimea annexation. Just because we don't constantly respond to crisis with full military force, it doesn't mean that we don't care.

I personally don't see the equivalence between this situation and international law, because this can really be resolved by a higher power (the State), if necessary by suppressing ethereum altogether. In international relations, there is simply no higher power.

I agree that there are situations where eyes would be bat, just not in the case of seasteading or trying to declare a new micronation in the Danube. Even in the case of Danzig and Crimea, I would argue it's as much about the country doing the seizing as the people being seized. Most likely if Putin decided to put boots on the ground(?) in Sealand, the West would care just because fuck that guy.

I think the parallel isn't in the way that the State might swoop in and do State things, rather that until or unless that happens, Ethereum exists in a similar contradictory place where in principle it's a system of laws but in practice the nation-state miners will decide what happens.

>> Russia is currently under sanctions after its Crimea annexation.

Aye. And who's going to sanction the US for Iraq and Afghanistan? Russia?

The fact that sanctions are imposed one-sidedly, only to the designated adversaries of the US is a testament to the fact that "international law" is just the will of whoever can enforce it (currently the US, duh).

While you could say that the invasions of Afganistan and Iraq were misguided or detrimental, they are in a different legal category than outright annexation or territory, which also violated a specific clause in an agreement signed between Ukriane and Russia.

One important point here, whether the letter is genuinely from the attacker or not, is the nice summary, in "showing not telling" fashion, of the issue here: if the "The DAO’s code controls and sets forth all terms of The DAO Creation," and the way to undo/mitigate what happened (forking) undermines trust in Ethereum, then we're between a rock and a hard place. I.e., I'd just like to call out the efficient and compelling rhetoric this letter represents.

The rhetoric of the letter falls flat to me.

It misses the point that the "contract" is also code, and contained a legitimate bug. Exploitation of that bug in most places would be a crime.

If I figure out that an ATM spits out hundred dollar bills every time I type in a certain pin, that's a crime. I don't get to make the claim that I was rightfully using the ATM.

The quote that "The DAO’s code controls and sets forth all terms of The DAO Creation" is a disclaimer that is meant to protect the DAO from those who would seek to imply some sort of guarantee or warranty from the organization. In other words if the attacker makes off with the funds, and the DAO decides to keep the code as is, then as an investor I have no recourse against the DAO.

Ultimately the letter misses the main point. The DAO token holders are free to amend the contract code as they see fit thru consensus. The disclaimer never states the contract can't change. And even if it did, the idea that their would be some legal recourse for the attacker, should the community decide to fork, is hilarious.

So the letter comes across to me as something an immature troller would write. I'd be suprised if most sophisticated DAO token holders took it seriously.

But they so explicitly point to the code as the source of truth for the contract. Banking and trading firms use teams of lawyers to find loopholes in contracts and laws all the time. Why would digital contracts (code) not have the same level of scrutiny / unscrupulous behaviour? Guaranteed if big money is at play in the system non-code based exploits will be used by firms just as often.

The parties of any contract are free to amend the contract. You're referring to a situation in which one party of a two party contract seeks to exploit the terms.

In this case, which has an enourmas number of parties to the contract, 99.9% agree to amend the contract.

I don't thinks much legal precedent for a contract with thousands of parties, but it also means that there's no simple legal "source of truth" to the contract.

IANAL, but as far as I know, traditional contracts can be amended - under the condition that all concerned parties agree to the changes. Not 99.9% of the parties, all of them. As you say, that may be impractical with such a big number of parties, but impracticalities don't change the law.

In fact, before the incident, Ethereum's rules were even stricter as in that there was no way at all to amend a contract. Which is why the current strategy against the attack is to modify Ethereum itself and hard code the attackers wallet into the platform code. The ones who are to "vote" on that proposal (because they are the only ones with the power to implement it) are the miners, not the DAO holders.

I think this would be comparable with making a contract with a bunch of MPs - and when they find that the contract can be exploited, they lobby to amend contract law itself and add a clause that deals specifically with your contract.

The parties of any contract are also free to exploit the contract's terms.

What does that matter if the terms are changed?? The attacker exploited a contract that will be given new terms by the vast majority of the parties involved, which prevents his exploit.

You could possibly claim that the contract requires 100% of all parties involved to amend, but I don't think a contract with such a larger number of parties has ever been dealt with by any legal system.

Add to that, that the attacker almost certainly committed computer fraud, and the attacker seems to have little ground to stand on. Contracts (or loopholes in them) don't give you the right to break other laws.

Yeah, I thought so too. The truly orthogonal logic and arguments used in the letter are excellent.

A fork doesn't deprive the hacker of anything. In a fork scenario, the hacker keeps 100% of the Ether he obtained, without interference. Every smart contract has been honored in full. It's just that everyone else has decided to start using a new cryptocurrency.

So much for confidence in future smart contracts in ethereum.

You have invested in an experimental 'organization' that is defined by the contract that is its code. The code supersedes any other interpretation of the contract. You have agreed to this. Now something didn't go the way you wanted it to, yet fully in line with the code, and you want to fork the entire currency to steal this 'attacker's' property.

Good luck with your fork, it will mark the official end of ethereum.

> You have invested in an experimental 'organization' that is defined by the contract that is its code.

Greed trumps contracts.

I think this is a really fascinating and smart argument.

But I think it loses some power when the currency is still called "ethereum", and administered by some of the same individuals who created the DAO.

Who knows what a court would think

Aye! Indeed!

I tend to agree with the letter. I'd probably feel differently if I was a DAO token holder, but I think forking the blockchain would be a severe compromise of the principles laid out by Ethereum and the DAO: the code is the contract.

Just like it was unethical for the banks to get bailed out from bad, risky mortgage-backed securities, it's unethical for the DAO to get bailed out for writing bad, risky code.

The banks needed to be bailed out or else there would've been a massive bank run on the scale of the Great Depression.

The people who made those MBS trades should have gone to jail, and they didn't. That's where the injustice stems from.

Then that is what needed to happen. Banks failed, therefore they should go away and be replaced with something else. It literally is that simple. By bailing them out we shifted away from capitalism. Which may not be bad, but let's call it what it is. Once we use our own capital to reinforce dead/dying businesses we give them incentive to get too big to fail, make all the cash they can while doing it, and screw everyone along the way. People would have been better off with prepaid cards and cash. We should have used that bailout money to make sure people got their money from banks. This is where the injustice lies. If we didn't send them to prison, we didn't have to PAY them for being criminals. Ugh they even paid themselves huge bonuses with the money we the customers gave them to continue screwing us. Remember them not loaning money though we just GAVE them tons, even though it was a provision of said bailouts? Saying it "wasn't their problem"?

Sorry, I'm jaded but when I see people say stuff like that it just makes me so resigned to the fact this is not the place I grew up in, in the 80's.

Many legitimate companies take advantage of poorly written contracts for monetary gain. The terms state the DAO's code is the contract. It's just as if he was a lawyer or analyst, who did his due diligence, carefully reading the contract and finding a (legal) loophole. English may be imprecise, and a paper contract could be challenged in a courtroom, but with smart contracts, there is no need for a court, since the contracts are governed by the laws of physics (the VM).

When the stakes are real and consequences real, more money and smart people will be attracted to the platform, and over time smart contracts will become more robust. Without real consequences, what is the incentive to participate if the rules can change when they don’t always go in your favor?

Yes, wording can be twisted. But the other side can mount the legal argument that this was not the meaning of the original contract. From http://apps.americanbar.org/litigation/committees/trialevide...

  Strict construction might be the appropriate 
  approach if we lived in a society where language 
  was so formal, standardized, and known that every 
  contracting party would use precisely the same 
  words to describe an agreement.

That's more tricky, ethereum claims anything permitted by the code is the contract.

e.g. Spyglass vs Microsoft


The deal stipulated that Spyglass would receive a base quarterly fee for the Mosaic license plus a royalty from Microsoft's Internet Explorer revenue.[6]

If IE revenue is $0, then royalties are $0, too.

Not nice, but perfectly legal.

> Without real consequences, what is the incentive to participate if the rules can change when they don’t always go in your favor?

That's the root problem here. The law works because people believe that it works. Once people lose that belief, the typical response is violent suppression, or violent revolution.

> Without real consequences, what is the incentive to participate if the rules can change when they don’t always go in your favor?

Yes. This should be the very core of the argument, with a focus on the words "conseqeunces" and "incentive".

Setting aside the question of whether the letter is genuine, the attacker is perfectly free to enjoy the ether he stole.

However, the rest of us are also perfectly free to adopt a fork if we wish.

Yes, but that would be breach of contract.

Can you clarify who would be breaching which contract?

The attackers claim (assuming that's who wrote the message) that he merely took advantage of the contract as written is at first reading a plausible one. To change a contract after it has been written and executed and to try to 'undo' a done deal based on actions the contract and its context fairly explicitly ruled out prior to the execution would seem to me to be against both the letter and the spirit of the contract.

I get why everybody is upset, but this was pretty much bound to happen. Security of this kind is an all-or-nothing item, you have to get it 100% right or it might just as well not happen at all. So all this backpedaling and fixing does absolutely nothing in my view to strengthen the concept.

The only way forward would be to declare this version a total loss and to do a reboot with a better core and then to see how long that one will stand up.

Rinse and repeat until one really stands (by then confidence will likely be quite low) and accept that it could still go down at any point in the future.

A bit like the Monty Python sketch about the castle built on swampland.

Anything less will not do, either the contract is all there is or it is pointless.

Legally this all seems very esoteric and shaky.

Philosophically I wonder about this "the exact code defines the semantics of the DAO" clause because, well, nobody's suggesting to change the code; the fork proposals would just change how the code is interpreted.

Kind of like "this exact Java code defines the terms of the contract" but then a new version of Java makes that code behave differently...

So the clause depends not only on the Solidity code but also on the Ethereum virtual machine's interpretation of that code, and the question now is whether that interpretation is constant or mutable.

And, like, what's even the legal status of the https://daohub.org/explainer.html document? It has a list of things to which anyone who interacts with "The DAO" supposedly agrees, which seems like a typical groundless EULA and anyone who "invested" could just say "uh, I didn't agree to any of that stuff".

I'm not really making an argument, I just find it bewildering to even imagine how any of this stuff would be interpreted by lawyers.

> I just find it bewildering to even imagine how any of this stuff would be interpreted by lawyers.

Agreed, and that's essentially what we're seeing here, some kind of rough equivalent between lawywers hacking human language and programmers hacking code. A 'smart' lawyer is equivalent to a hacker, finding a loophole in the law to enforce some novel interpretation of the letter rather than the intent of the law.

Trying to do an end-run around a whole bunch of established systems all to end up with re-inventing the exact problems of those systems that you were trying to get away from in the first place, it's kind of funny.

If I understood it correctly the letter claims Ethereum wrote in the end user contract that anything ammissible by the contract is the contract. So not upholding that would be breach of contract.

Not a lawyer, but a contract requires that all parties must gain some consideration for their entry into the contract. That the blockchain enforces the proposer's "smart contract" without giving material return to the token-holders means that the proposer's claim is unenforceable in a real-life court. No consideration, no (real-world) contract, no breach if some consensus fork emerges.

same ianal disclaimer, but here's the thing, this was built for allowing anonymous contract participation, if you can't participate in a contract without agreement from all parties that'd put the whole smart contract to an end. everyone would be able to seek damages from etherium from transactions they didn't like

Well, the attacker is welcome to try to get a UK court to injunct me against adopting a fork. How far do you think he'll get with that?

It doesn't matter, if that what's required the DAO is dead. After all, if it needs the courts then one of the major principles of it appears to be broken beyond repair. Which may have been the whole point of the attack.

Let me get this straight: You are saying that if the attacker has to resort to taking me to court to prevent me from forking, the DAO is dead?

I beg to differ. If those events come to pass, the DAO will be far from dead!

You're missing an essential point of the whole argument. Either the DAO as it is is self-contained or it is a failure. If it needs the courts, either to enforce a contract or to try to prevent enforcing a contract then the whole thing is dead.

On which side of such a lawsuit you are is not important, the fact that the DAO can not be trusted to be complete and that there is a possibility that contracts once executed can be rolled back makes it un-viable in this incarnation.

Personally I think it was oversold, this lesson could have been learned a lot cheaper but that's easy to say after the fact. As bug bounties come this was a pretty good one, and I'd be highly surprised if it was the only flaw in the present implementation.

You want to make that point. I don't care.

The attacker tried to exploit a flaw in TheDAO's code to steal its ether, not because it was designed to allow that or because that was the intent of its designers, but because he could.

Well, the Ethereum community can also do something that was neither intended nor planned for. You say that doing so would be a breach of contract. I say: Well, go ahead and sue me.

He didn't 'try', he (or she) did. And he could because it was allowed, intent or not.

> Well, the Ethereum community can also do something that was neither intended nor planned for.

Of course they can. And that will make the whole concept moot.

> You say that doing so would be a breach of contract. I say: Well, go ahead and sue me.

No-one will. But then also: no-one will ever trust the concept. It either works or it does not, you can't say it works and if it doesn't we'll fork. That's simply institutionalizing unreliability.

The attacker has - very elegantly - pointed out a major flaw in the whole thing in a way that not much else could have: in the end we all have to either trust some higher power to interpret the context in which a contract was drawn up or we will have to live by the letter of the contracts. You can't have it both ways.

> But then also: no-one will ever trust the concept.

I think they will. In time, one of us will be proven right.

I believe ethereum is dead, but I also believe that a better implementation of the idea has merits. So long term I'm optimistic but it would have been better if DAO had been a bit more conservative before taking on substantial outside involvement. Overselling something is never good.

Curious, is there a contractual clause that prevents any members of the DAO from adopting or starting a fork?

First part of the explanation of the terms:

"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."

Emphasis mine.



So yes, I'd interpret that as forks being 'right out'. It's either 'all terms' or it isn't.

> Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code.

As far as I see, that means there's no guarantee that Ether will be accepted by other parties, and no obligations on Ethereum miners, a de facto counterparty to the contract, not to agree to modify their own code. Of course, third parties [some of them with conflicts of interest] forking Ethereum is against the spirit of the "contract", but so was exploiting a recursion bug.

Which just goes to show that you still need to trust those with voting rights not to collude against you in a supposedly trustless system.

Thanks. I'll admit that this is way over my head. Is there a concise summary of what's contained in the "smart contract code" at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413?

The code at that location in the Ethereum blockchain implements a Decentralized Autonomous Organization that takes Ether from participants in exchange for tokens granting them the right to vote on proposals for this specific DAO to fund and the right to receive any benefits from the execution of funded proposals.

This is the primer to the how it is supposed to work: https://blog.slock.it/a-primer-to-the-decentralized-autonomo...

Here is how it was attacked: http://vessenes.com/deconstructing-thedao-attack-a-brief-cod...

Why? The DAO is implicitly referencing how ethereum works, it's not specifying that directly. So changing how ethereum works should be perfectly valid, and the DAOs terms would be valid, and yet refuse to run because ethereum changed to prevent it from running.

Also, strictly speaking it's not all the same people who might be bound by the contract as those who would do the forking.

It's the proverbial rock-and-a-hard-place dilemma. Stick to the contract and the original description: lose the funds. Fork and change how ethereum works and you've proven conclusively to all participants that a power grab is possible and that the contracts are all subject to future novel interpretation.

DAO -> DOA either way.

It sure seems that way, but this doesn't have anything to do with breach of contract per your original comment. Forking and changing how it works seems completely kosher from the contractual side, but seems like a bad idea for the reasons you stated.

But forking is a consensus decision of miners on the chain. Nothing to do with the DAO or its implicit or explicit terms. By that logic I can write a contract that dictates future behaviour of anyone choosing to mine this particular block chain.

I can see how forking in the case of a technology change is acceptable but I can't see how forking just to undo certain contracts would ever be acceptable. That's the foundation the whole thing rests on, if contracts can be rolled back at will (and this nicely exposes that it can be done to all those that weren't informed about this) then they are worthless.

That's what makes this attack so elegant, it strikes at the heart of the problem rather than 'just' take some money.

An even worse attack would have been to do this slowly over a longer period of time, which would make it even harder to roll back (but would have increased the chance of discovery before the damage was this large).

That must have been a tough decision on the part of the attacker.

I assume this is fake.

To me, it doesn't follow that forking Ethereum to change it's behaviour would constitute "seizure of ... ether". There's no law to stop the Ethereum Foundation from changing their software protocol in arbitrary ways. It's theirs, they can do what they want.

There's money involved, but in that case it's similar to the scenario if Supercell decided to remove IAP from Clash of Clans and users couldn't use their gems.

It could be a fake, but that has no bearing on whether or not what is written there is factually correct. Judge the document contents on their merits or lack thereof, not by their provenance.

> There's no law to stop the Ethereum Foundation from changing their software protocol in arbitrary ways.

tortious interference with a contract.


It is signed - has anyone checked the signature?

It's useless unless you know who signed it; have a public key. Fake.

The real "hacker" made millions shorting ETH before the attack.

This is actually brilliant and is almost a no lose situation.

* Outcome 1: ETH is forked -> ETH value goes to 0, the shorted currency is pure profit minus interest

* Outcome 2: ETH is not forked -> Hacker gets $50 million

These are only the technical outcomes but the only social outcome I can see is a lot of suing going on. My suspicion is that it is unlikely that anyone will succeed in a legal challenge, but I'm not a lawyer.

Of course legal challenge won't be fruitful. In the eyes of the law using an exploit on an vulnerability found in a contract will still be interpreted as malicious or even criminal and thus illegal,

I don't understand your certainty - the point about law is that there is an exception to every rule.

Courts enforce contracts that contain unfavorable terms all the time. And malciousness is not a part of contract law. It's true that contracts can be set-aside (though not always) when they have a criminal basis, but it's not at all clear that this is the case here.

There was an unequivocal and unilateral offer made to the world in the text - that will be hard to read down as anything other than an intention to contract.

I'm curious where one could actually place this volume of short sales on ETH if true.

Exchanges deal with a great amount of volume.


I assume that the DAO hack involved some signed operations.

You're right but you can't sign a message from a contract, only from an external account. The ECDSA at the bottom is not valid. Valid ECDSA signatures are 65 bytes ending with 0x00 or 0x01. This one ends with 0x20.

This whole ordeal has made me look at cryto currencies in a less optimistic way I guess, it's all Utopian this Utopian that, freedom freedom this that, until people realise that in the real world things are not as perfect as they imagine.

How funny would it be if it turns out this was written by someone high up/heavily invested in eTH/DAO to push users to support the fork (which didn't seem anywhere near majority yesterday)

" to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."

You can't say on the one hand that the code that lives on the blockchain is the absolute source of truth and then claim when someone uses that code contained in that contract to get rewarded for doing due-diligence that it was wrong. The DAOs hubris is what got the investors into this mess. I was for the forks until I read it. Game Over for the DAO.

In fact, the attacker has already won as he could also attack the other fallacy still standing - that decentralization somehow leads to a less corrupt system. Don't believe me? The attacker should simply be less greedy and offer 9 million dollars USD to each of the 4 largest mining pools to NOT observe the fork. He still walks with about 4 million.

dwarfpool 9.7% 1882 30.7 1.1 TH/s f2pool 12.8% 904 14.7 557.0 GH/s ethermine 12.4% 701 11.4 431.1 GH/s ethpool 12.5% 511 8.3 313.6 GH/s

This would give him the majority and incentivize the miners to not go along with the will of the DAO creators. And consensus still wins. Bought and paid for with money gained from investors who didn't understand or do due diligence before dumping money into a new untested type of organization. Maybe proof of stake will fix this mess. The attacker has already won by showing the hubris and lack of research on the part of investors and DAO creators. The DAO creators can't have it both ways.


What the attacker claims seems reasonable.

I have no stake in this so perhaps it is easy for me to make comments but here it is: if nobody agrees that there is any value in this currency then there is no value even if real money is involved. I could have written this a little bit better, I know.

So a hard fork is in essence the community saying that they do not accept that there is any value for them beyond a certain point. Nobody breaks any laws. The "attacker" can retain what they gained. Nothing changes. The community simply moves on to another island - it is as simple as that.

I am not a lawyer but I cannot see how someone can sue you for not wanting to do business with them purely from value perspective. Perhaps this is a bit of an extreme example but it is also as if I start suing everyone because they do not accept doing business with me while I pay them with seashells (once perhaps considered a valid tender).

so, the DAO contract is the only authority, and everything is on the blockchain, except when the collective decides it's not? you say "nothing changes", but something obviously would - "the attacker" would lose their money. and not because any smart contract decided so, but rather >1/2 of the involved participants.

of course, he's a thief and should not get the money, but maybe the DAO was flying a bit too high too quickly.

So, I know next to nothing about the DAO and Ether, but could some please explain this to me? The way I read this is that someone just proved that all code has bugs and if you use code as a contract, people will inevitably find ways to exploit its bugs and take your money (or, whatever, ether).

Is that what just happened?

Yeah. And it proves that ether is valuable. And that it is important to debug and beta test in small scale.

How does it prove any value?

If ether had no value there would be no talk of undoing the transaction. That's my guess at least.

Yes. And the fact that people are trying to steal them.

I am reminded of the engineering triangle, and like most code, the DAO code looks FC optimized.

There is a logistical asymmetry. DAO had to allocate resources between engineering the software and selling the idea to investors.

There is also an economic asymmetry. DAO can only use a small portion of the total fund to cover the expenses related to code quality. Funds for future projects have to be retained. Returns on investment have to be provided. Conversely, the attacker can potentially cover their expenses with all of the DAO funds. For the DAO, $1,000,000 of defense is a significant portion of operating expenses and has low marginal return. For the attacker, $1,000,000 is an investment in potential 70x return.

That's enough to attract sophisticated actors even up into the state level. But even ordinary fintech could pull it off.

Well played.

I think Levine did a good job debunking the idea that a bit of disclaimer in the Terms of Service would preclude a court of law from considering facts beyond just the [exploitable] code of the smart contract. In the real world courts are fully equipped to handle situations like a faulty contract being exploited by insiders and outsiders alike. Fortunately the law is not a Turing machine. I think if the hacker who exploited this bug ever was uncovered it would not go well for them.

But the idea that any miner choosing a fork which blacklists this recursive split exploit is liable for damages to the hacker, that's just laughable. Can you imagine a universe where miners are legally bound to continue investing their hashrate in a particular fork?

The entire system is predicated on miners independently choosing whichever fork they want to support. The attacker is welcome to mine as much as they want on their preferred fork, just as any miner is free to do the same.

In any case, the market will decide how much the Eth on either fork should be worth. You can argue which fork you would value more, or which universe you would rather live in, but what's neat is ultimately the miners and the market will decide.

Whatever direction the Eth ultimately goes, one thing we can be sure of is that blacklisting is always possible to the extent that miners are willing or able to be compelled into implementing them. A campaign against blacklisting this particular address seems to me to be misplaced, because other than enriching the hacker it accomplishes nothing. Miners upgrade their code to express their preferences all the time. Miners can run "official releases" or variations on the same at any time. I think arguing that loading or not loading a particular commit proves anything about the future nature of Etherium is pretty speculative. You can blacklist an address today and not blacklist tomorrow. You can not blacklist today and blacklist tomorrow.

My own opinion is that Eth is very much still in Beta (or Alpha) and the community is still in Kindergarden learning how to write secure contracts in Solidity. We should expect these contracts to fail like this more often than not. If the miners vote for a "redo" on this particular bug in this particular contract I think it doesn't matter much either way. The reality is that Eth has a very long road before it can be safely used for its intended purpose, and that realization (whether it should have been obvious or not) will have a larger economic impact than this particular hack being rolled back or not. It's not like this is the only bug in "The DAO" code.

Mods, could you please indicate in the title that the validity of this letter has not yet been verified. The attribution in the title: "(The DAO hacker)" assumes that this is an authentic letter.

I find it ironic that blockchains promote the idea of anonymity while the community spends a considerable amount of time discussing who did this or that. It seems the hunt for Satoshis is an unexpected social consequence of blockchains.

But it's trivial to prove that it was the attacker, they can just sign this message with the public key used for the transaction.

He can sue, but who and for what? Essentially the community is showing him a finger even if he didn't break the law. He will keep the money, but they simply won't be doing any business with him.

I imagine they sent the cease and desist letters to any prominent personality with stake in DAO that publicly advocated forking. They might try to sue shareholders for inciting other shareholders to breach contract.

What makes it weird is that they can't just buy back the shares, because that wasn't in the contract. They have to convince the body controlling the currency, which backs the issued shares, to essentially invalidate and reprint a pallet of virtual cash.

Although the DAO shareholders don't necessarily have to participate in the fork for it to succeed, publicly advocating a fork, before the fork, in order to nullify a contract seems like it could be considered a breach of contract.

He can try to sue (in the US)

Next thing the IRS will go after him for the corresponding taxes on millions of dollars of crypto currency

So they pay the taxes. There should still be quite a bit left.

So that's just over 50 million dollars?

50 million Internet dollars. He needs to sell them for real dollars, I believe.

He knew what he was doing, and when it would be done. If you know this, you can short the currency and make a mint without spending the stolen currency.

When Ethereum was first announced, there was a lot of fanciful talk about trustless economies (much of it still easily available). I briefly tried to get a discussion going about the difficulty of verifying Turing-equivalent code, but the zealots thought I was trolling.

I like this guy

haha it's unavoidable they're going to sue him. But he seems ready :)

Ready and with $50M to defend himself?

I have no idea how you get actual money out of it, but if he does get it, that's a lot of money for lawyers...

Wouldn't they have to find out his/her real identity first?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact