Hacker News new | comments | show | ask | jobs | submit login
Attempt to Reverse a $55 Million Ether Heist (bloomberg.com)
180 points by bmj1 10 months ago | hide | past | web | favorite | 183 comments


He strictly followed the terms of a contract by people who were very clear that "code is law" and who did not want institutions were the result is decided by human judgement.

It's always been like this. Be smug and aggressive when it goes right and cry for help when something goes wrong. The housing crisis was the same. Claim you got the thing that makes everybody rich and when everything went inevitably downhill, ask the "enemy" aka the regulator/government/police to bail you out.

It's been long time since I read Too Big To Fail, so what I recall could be wrong, but i don't think your statement about the 2008 bailout is entirely true if that book wasn't a lie.

Almost the majority of Wall Street refused the bailout money. Paulson almost force them. The bailout money eventually made a profit ($15B). One could argue that the return rate was low (0.6% annualized), but still, this is far different from what most people have believed till this day: i.e., US gov just gave taxpayer's money away to the banks to cover their ass.

Paulson also almost managed to save Lehman Brothers until British Gov said no to Barclay's role in the plan. (Wall Street banks would acquire LB's "good assets" while Barclay would buy their toxic ones as its gateway to become a more influential player in US market.). But even Lehman didn't reach out to Pualson to get itself saved. It's the other way around: Paulson was trying many ways to save Lehman because he knew when Lehman went down, market would panic and then even those banks in good shape would be affected.

US has debt which costs more than 0.6% annualized so no even by the most optimistic analysis, it was a direct net loss.

It depends on how you calculate it but, actual costs where over 50 billion net loss. But, it was really important for politicians to point to it as a 'success' so there is more than a little creative accounting going on.

The British make very convenient scapegoats and were responsible for a great deal of the Financial Crisis, but not the collapse of the Lehmans deal


You can't trust anything in Too Big To Fail, unfortunately. Shame, it reads really well.

Lehman didn't assist with the LTCM bailout, like all the other big brokerages did. That's why they were chosen to be sacrificed to scare Congress.

Every official source that explains the 2008 crisis is full of lies. The big banks all engaged in massive fraud and the bailout was the cover up.

Everyone's a hero until the bullets start flying.

You're 100% right.

Same idea with the guys getting rich of off of patents in the pharma industry (e.g. EpiPen). Nothing these forms are doing is technically illegal.

But the reason some of these guys are gonna be crucified is the arrogance and lack of public contrition. They really need to take a page from the banking execs of 2008 who cried no-fault all the way to the bank.

Building a financial system without some level of flexibility and human judgment seems like an awful idea. Forgive the lengthy story, but this tale courtesy of Matt Levine is perfect for this [1]:

> The California electric grid operator built a set of rules for generating, distributing and paying for electricity. Those rules were dumb and bad. If you read them carefully and greedily, you could get paid silly amounts of money for generating electricity, not because the electricity was worth that much but because you found a way to exploit the rules. JPMorgan read the rules carefully and greedily, and exploited the rules. It did this openly and honestly, in ways that were ridiculous but explicitly allowed by the rules. The Federal Energy Regulatory Commission fined it $410 million for doing this, and JPMorgan meekly paid up. What JPMorgan did was explicitly allowed by the rules, but that doesn't mean that it was allowed. Just because rules are dumb and you are smart, that doesn't always mean that you get to take advantage of them...

> The U.S. legal system has built up a pleasantly redundant system of safeguards so that investors usually get more or less what they expect. If you invest in a U.S. public company, you are in a sense signing up for a certificate of incorporation and bylaws, which are written in lawyerly language. But you also get a prospectus that explains the terms of your investment in relatively (relatively!) plain English. Also the terms of that investment -- how you vote, what duties the company owes you, what rights you have, etc. -- tend to be constrained by federal securities law, state law, stock exchange listing requirements, underwriter due diligence, public policy, custom and tradition. Even if you invest in a company whose bylaws say that the board of directors can sacrifice you to a demon on the first full moon of a leap year, it's unlikely that that term would be enforced. There is only so much leeway to depart from the standard terms.

> If you invest your Ether in a smart contract, you'd better be sure that the contract says (and does) what you think it says (and does). The contract is the thing itself, and the only thing that counts; explanations and expectations might be helpful but carry no weight. It is a world of bright lines and sharp edges; you can see why it would appeal to libertarians and techno-utopians, but it might be a bit unforgiving for a wider range of investors.

[1]: https://www.bloomberg.com/view/articles/2016-06-17/blockchai...

That is their selling point, though.

He's essentially saying -- in the nicest, most neutral way -- that it's a silly selling point.

I'm glad the hard fork happened, because it makes clear and public that there is no "coding around" the possibility of human oversight. Better for that to happen early than late IMO. And people sure still seem to be onboard.

It doesn't make that clear at all. It just makes clear that the Ethereum community is committed to profiteering rather than decentralization.

I call it decentralization when a huge number of people must agree so the unethical taking of the money is reversed.

You're describing democracy, not decentralization. Democracy is rule centralized in the majority.

A bank robber isn't considered a "thief" for violating the laws of physics, either. What's your point?

Code is law. The community decided/realized the "law" as written wasn't the one they wanted, so they created a fork that captured both the letter and spirit of the "law" rather than the letter of some other one they didn't want.

I don't get the holy wars over this, other than the fact that some people are obviously very motivated to pump their empty shell coin in the hopes that it beats the leading ETH one. "Code is law" and "laws are imposed upon humans against their collective will" lead to two very different things.

The point is that Ethereum's selling point was smart contracts, so by definition you can't steal from a contract.

Can we do an experiment and use 'she' for anonymous players in these stories? Would be kinda cool. The article uses 'he' throughout, and only acknowledges the possibility of it being either/or/group in the final paragraphs.

I thought we were only supposed to use "she" as the default pronoun when the subject is something positive though, like always "she" the engineer, but never "she" the thief or "she" the serial killer.

What's wrong with he? I think one can choose one or the other, and the author chose he. There's also the alternative of using he/she every time, but I think that would just be annoying.

Attempting to expand on context that I think the parent left implicit:

- Women are underrepresented — in STEM fields at large and in the cryptocurrency space in particular — relative to a fairer world with less sexism, outmoded notions of gender roles, etc.

- This underrepresentation self-perpetuates partly because well-meaning men in these fields don't realize it's happening: it always feels better to believe a happier story about the world being more fair, and such men have less data about what keeps women out than they would have in a fairer world where women were more present to tell their stories.

- Erring on the side of feminine or gender-neutral pronouns — against this backdrop of under-representation — is a lightweight way to signal basic awareness of these issues and avoid the appearance of reinforcing them or believing they should be reinforced. As such, it informs my general model about the writer's thoughtfulness/sensitivity, which has some bearing on how compelling I find their argument to be.

It also bears noting that while I can mostly shrug and move on if a writer is implying apathy (or worse) about this issue, it is a more acute and even threatening signal for some women whose careers/lives have been damaged by these playing fields' having never​ been level, and it is morally fraught to participate in and benefit from discussions/community/resources that are effectively/unfairly off-limits to under-represented groups.


- default-masculine-pronouns are not neutral,

- we've all been tacitly made to think that they are,

- some work to counter that makes sense, and

- it's good to push conversations/awareness about them because the default perpetuates them.

Yes, I know women are underrepresented in many fields, but I believe there are better ways to address this than subjecting authors to a particular language. I'm open, of course, to read some studies discussing the effect of pronoun choice and awareness. Meanwhile, treat women with respect and be a model for other males, and it should probably achieve greater results than your choice of pronouns.

I discovered this article a while ago:

Avoiding Sexism in Legal Writing—The Pronoun Problem


It has some solid advice, but it also notes that the use of "he" in sex-indeterminate situations was codified by Ann Fisher, "an 18th-Century schoolteacher and the first woman to write an English grammar book." Now, every time I see "he," I think of her.

Good article! As a result I am now aware there are various techniques writers could employ to adopt a gender neutral language. Thanks for sharing!


Basically 'Why not?' you wanting it to be a male makes no sense ... unless you get a kick out of casting yourself as a protagonist in this story ... in which case go figure.

He's not the one asking for an imposition of some rule. When you write the article, pick whatever pronouns you want.

No one is asking for a rule. In fact - the conventional use of masculine pronouns that you're enforcing is perhaps the closest thing to a rule that's being imposed, albeit subconsciously. Bro.

I've read enough articles where anonymous or hypothetical actors are given feminine pronouns by female authors that I'd say the convention is to favour the pronoun that represents yourself, not to default to masculine ones. Writers choice.

Huh. It's actually kind of popular in Computer Science papers in the security field to alternate (Alice, Bob, Carol, ...), and also (in general) for some male authors to always use a feminine pronoun when referring to anonymous or hypothetical actors. Surprised you haven't noticed either.

Does it matter? And if it does, wouldn't it be better to just use "they" and avoid gender issues all together?

Yes x2.


If R2-D2 used Ethereum.

C-3PO: He made a perfectly legal move.

Han: Let him have it. It’s not wise to upset a Wookiee (The Ethereum founders).

C-3PO: But sir. Nobody worries about upsetting a droid (a regular contract user without influence). Han: That’s cause a droid (regular contract user) don’t pull people’s arms out of their sockets (hard fork the entire crypto currency and call you a thief) when they lose. Wookiees (The Ethereum founders) are known to do that.

C-3PO: I see your point, sir. I suggest a new strategy, R2. Let the Wookiee (Ethereum founders) win.

With Chewbacca's and the Ethereum founders' behavior, you would be a fool to play their game again thinking that they follow the rules.

There are no perfect rules nor there is perfect law. The hard fork was simply an abandonment of an obviously unjust law, a revolution really. The people voted with their feet, and the current market cap is an indicator of where those votes went.

People don't like to get screwed over.

In that case, why not just use current contract law with centuries of jurisprudence? Without, "code is the contract", Ethereum is a pointless, buggy, leaky abstraction of current contract law.

Perhaps in some cases a broad consensus mechanism (like hard fork) is preferable to putting it in the hands of 12 random people.

> Perhaps in some cases a broad consensus mechanism (like hard fork) is preferable to putting it in the hands of 12 random people

Sounds good in theory. In practice it's mob rule. We have pretty good evidence, i.e. history, that the rule of law is better.

Ok, so you are saying there is scientific evidence for for the statement "the rule of law is better than mob rule"?

I'd love to see a couple citations for that? Hell, I'd be fascinated to read the experimental setup.

To be truthful, it sounds like someone hooked you with some pseudoscience on poor foundations.

As long as you're a Wookie. In the meantime, Droids will get screwed over.

Just don't be a droid.

>The hard fork was simply an abandonment of an obviously unjust law, a revolution really.

This is what Ethereum users actually believe.

Want it or not, Ethereum is very much led by a small group of people, and when those people lose their money, they ask the community to hard fork because really it would be a shame if the cryptocurrency they invested in lost value and became worthless. After all, it's not as if every cryptocurreency was nothing more than just a way to speculate.

Ask a thousand people if they want to lose money or win some, they'll all answer win. Even if lose is the normal (and in Etheureum's case, codified and agreed on by everyone) course of action.

By the way, the vote was at a default 'yes' and had to be explicitly disabled.

The whole point of computers is that they're perfect rule-following systems.

isn't it a bit disingenuous to say it was just the position of Ethereum founders? People wanted their money back.

It's almost as if some recourse for actions done in bad faith is a useful tool to have as a society...

That's not what says https://www.ethereum.org/

> Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.

Among those of us who see some value in smart contracts, there are two camps: those who are realistic about their limits and challenges, and those who have bought in to a massive delusion. This quote epitomizes the latter.

For example, how does 'run exactly as programmed' rule out fraud? Fraud is as programmable as legitimate activity.

For example, if fraud is not possible, then what was the justification for the hard fork?

People who have bought into a delusion find it hard to evaluate evidence - for example "Van de Sande is eager to move on. “It was really just a blip,” he says." So what was all the fuss about? After all, it was just two lines of code, so simple in retrospect, and now it has been fixed, so there's nothing to worry about, right?

Perhaps my favorite quote is "“I’m absolutely amazed. Why has no one traced this back and found out who did it?” asks Stephan Tual, the third co-founder of Slock.it." He is amazed that in one respect, this digital currency lived up to one of their major claimed benefits?

I am also not at all surprised by the 'shoot the messenger' complaints about Sirer's involvement.

The reality is that the verification of software, especially at this scale, is a really difficult problem, and everyone who has bought into the delusion seems to think that someone else is going to do it for them - I doubt that even 1% know how to do it themselves. So much for 'trustless'.

applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference

"Without any possibility" - You'd think that'd raise a few red flags.

The probability that Ethereum will be subject to downtime, censorship, fraud, and third party interference is 1.

How can they have that on their landing page and keep a straight face?

Of course, people also want to take back losing moves in chess. The whole point of Ethereum was that the code alone specified the contract.

But code is written by humans... have you ever seen code with no bugs? In 20 years of professional development I have not.

Given that humans are imperfect, and could even potentially act in bad faith, isn't it reasonable to have an exception clause? I get the argument to not have one; that it's impossible to have favorites and central figures manipulate the system, but nothing is perfect.

> isn't it reasonable to have an exception clause

It absolutely is. Which is why you don't say "code is law". Which is why Ethereum is dumb.

If you think laws are written without exception clauses, I have a bridge to sell ya.

Laws are interpreted by courts.

There is no court of Ethereum aside from "can I convince the developers + 50% of miners to do a hard fork"

I have a solution. Perhaps you take the etherium users, and they can vote and elect arbitrators, let's call them judges. Then those judges can hold "court" and a selection of etherium users would act as a "jury" to decide on how to handle exceptions. Of course, we will also need to appoint people to enforce those laws. Maybe we should start with a constitution to get things all lined out...

Actually I would suggest starting with something less strong than a "constitution", something that just defines the federation of etherium exchanges in broad strokes, call that the "federalist papers" or something.

sel4 is amazing, but it is not bug free:


It might be close... for miTLS I don't have access to the issues, but let's assume it's bug free now for sake of argument; it hasn't always been bug free, that is in earlier unproven releases.

"Program testing can be used to show the presence of bugs, but never to show their absence!" - Edsger Dijkstra

Minor nitpick: the x86 port was never verified, the 32-bit ARM one was.

Not while claiming the opposite, it's not.

Then what exactly is the difference between Ethereum's smart contracts and our legal system's contracts? At least in the latter, we can elect (or elect the people who choose) those who make final decisions.

It is.

It's not useful to have in an electronic currency. In fact, it goes against the whole idea behind ethereum.

>Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.

They took a vote and the vast majority voted for the HF.

Had Vitalik ignored the vote and put his organization and the "canonical" chain on the non-HF side his would be the "abandoned" no-name chain, and people would now be mining some ETH derivative in line with their votes.

This is honestly just a fulfillment of "code is law", with the obvious rule above it being "humans accept or reject laws collectively". In this case, people rejected the former "law" and opted for one that captured the spirit/intent rather than the letter.

The whole value proposition of "code is law" is that the letter of the law theoretically obviates the spirit of the law.

"Just as the global WannaCry ransomware attack in May laid bare weaknesses in computer operating systems, the DAO hack exposed the early frailties of smart-contract security and left many in the community shaken because they hadn’t found the bug in time. "

This seems like a tenuous connection at best.

This case feels so closely to the very interesting case of Aviva France[1], where a not "well-futureproofed" life insurance contract is making a person very rich by the day.

Unfortunately for Aviva, their contracts are actually law in contrast to Ethereum where if the devs feel like it, they can do/revert anything.

[1]: https://ftalphaville.ft.com/2015/02/27/2120422/meet-the-man-...

here's a link not behind a signup wall: http://www.independent.co.uk/news/business/news/max-herve-ge...

Wow! I'd love to hear the reasoning that went into issuing those policies.

From [1], it sounds like it was issued at a time when today's near-real-time info on the value of the investments was unthinkable, not to mention the amount of time it would take to send and process requests for changes.

[1] http://www.proz.com/kudoz/french_to_english/insurance/625262...

Am I missing something? I thought the devs had to have everyone agree to do a hard fork. If the devs were in complete control, that wouldn't have been necessary.

If the devs "just reverted anything if they felt like it", people would quickly move to a different fork.

There's Ethereum Classic with is the original chain that survived the hard fork without the "reversion", which has $2B market-cap if that matters. But more than that it has fans that believe in Ethereum but know the value of immutability.

> Another decision he made when he had no idea of the bug shows how quirky and unforgiving code can be. “If the capital ‘T’ in line 666 had been a small ‘t,’ that would also have prevented the hack,” he says.

Can someone familiar with this explain how something financially based can have a capitalization flaw? I would expect a smart contract language to have very strict type and variable linking. Humans make many mistakes in coding but most of the time it doesn't cost $55m. A transaction language should be very strict so either the smart contract language is flawed or the author of this article is overstating something for dramatic effect.

EDIT: Found this: https://github.com/slockit/DAO/blob/v1.0/DAO.sol#L666

on a deeper dive: http://hackingdistributed.com/2016/06/18/analysis-of-the-dao...

That's primarily because Ethereum is pure amateur hour. When Bitcoin had built in checksums on addresses, Eth Dev's just said "watch where you send money". They ended up having to later add in a capitalization scheme to serve as a hash.

I have no clue how they managed to fool so many people with poor and shoddy work. But they have so far. And they've fooled everyone that this is a 'hack' even after saying time and again "The code is the contract, and the contract is the code"... Unless lead devs lose money.

The 't' vs 'T' has _nothing_ to do with checksums.

`Transfer` and `transfer` are two different functions, one creating an "event" (think a signal on the blockchain) and the other actually transfering tokens.

The true flaw lies in the reentrant attack on `.send()`

My comment on checksums was a overall comment of shoddy and embarrassing hacked crap they call Ethereum.

They claimed again and again that the code is the contract and vice versa. That was proven not true by the VIP() function.

And seriously, if this protocol was given proper due diligence, there would be no reentrant attack on this. But that points back to amateur hour. And a lot of people here have money in ETH and can't come to understand this due to the extreme cognitive dissonance.

(The premise of Ethereum really is amazing. Too bad it wasn't given the same diligence as Satoshi gave it.)

jesus christ, who the fuck would make two identical symbols differentiated by only capitalisation? (Other than these guys obviously)

It's surprising that most languages will happily let you do this. Lots of C programs have 'FOO' and 'foo'; not so many will have 'Foo' as well but it's probably more common than you think.

IMO this is only a problem if they both are the same type, e.g. both are a function, both are a type, both are a variable, both are a special keyword, things like that, because then it's hard to mix them up. If however you can substitute one for the other in code and still have it compile, that would be terrible.

It is humans' fault that they cannot choose good name for function, not languages'.

What, you mean apart from every Unix ever?

(All right, all right, excluding Mac OS X. But it's weird.)

That's filesystems, not the OS. There are some extremely good reasons to treat filenames as bags of bytes, which is why Apple got rid of case folding in APFS. Think performance, locale issues, etc.

(And before someone says it, yes, of course performance matters for filenames. Every single stat shouldn't need to worry about case folding.)

There's a big difference between being and actually making use of such anti-patterns. Especially on such a scale.

You can have macOS use case sensitive filesystems (like case sensitive HFS+), and you can have linux use a case insensitive file system (like FAT32)

I believe you, but this doesn't persuade me that Ethereum isn't "pure amateur hour".

To be fair, bad naming choice

> When Bitcoin had built in checksums on addresses [..]

There are no address checksums in the Bitcoin blockchain; all contracts/scripts on the blockchain reference raw hashes. Only at the application level -- e.g. sending an address to a friend in an email -- does Bitcoin make use of checksums, since blockchain space is fairly precious/expensive.

Their greatest skill is marketing.

Actually, could someone post a link to the source so we can all see?

On that note, could someone familiar with this code explain what the problem is?

Is it even illegal to hack Ethereum? Some purists would say the smart contract was behaving as written.

It isn't, if you take the case under contractual law there is absolutely no basis to charge the person who extracted the $55m. The contract had 'flaws' but it was the contract, so tough cookies it agreed to something you didn't like, but you wrote it! (Except we know now it was too big to fail, which in turn means centralization)

The DAO was pumped up by VCs and friends of the founder of Ethereum, which, before the launch, attracted some people who had clout from the big banks and enterprises, ergo, if the DAO failed then Ethereum failed in the eyes of the most lucrative customers & developers there.

The thing that pissed of purists so much was, that when it first came out it was marketed as this beautiful "world computer" that would be incorruptible by anyone, but the hard fork made it apparent that the values of the Ethereum community had changed to value support of banks & business over that idea.

I was at a conference this week and watched a lecture by one of the founding board members of the Enterprise Ethereum Alliance, who was getting the crowd fired up about the idea of ICO's, and then directly after his talk, David Birch from Consult Hyperion came on and said that people who are involved in the launch of new tokens in this current feverish phase are extremely likely to go to jail for fraud. Was hilarious

David Birch has been bashing cryptocurrency since around 2012. It seriously goes that far back for some of these ideologues.

Edit, just to give people an idea of where he's coming from ideologically, these are some of his comments that show the kind of world he wants to see:


"law-abiding taxpayers like me are subsidizing criminals to use cash and not pay taxes"


"so getting rid of cash has some other benefits which will lead to unexpected changes. For example for economists, getting rid of cash means that you lose the zero lower bound on interest rates. You can't have interest below zero because if you drop interest rates below zero people will just draw out the cash and just hold it. If you don't have cash you can have negative real interest rates. So getting rid of cash has a lot of benefits."


"So if you allow us technologists to build the stuff so we build something like Bitcoin which let's pretend it's anonymous. Do you know what you get if you let us build that? You get a giant electronic Somalia. If you want to live in a society which is entirely driven by anonymous cash, where the rich aren't accountable anymore, where whoever's got the most money can be the warlord and do what they like, well that's what you're letting us build now"

His demonization of cash remind me of this:

"The cashless society – which more accurately should be called the bank-payments society – is often presented as an inevitability, an outcome of ‘natural progress’. This claim is either naïve or disingenuous. Any future cashless bank-payments society will be the outcome of a deliberate war on cash waged by an alliance of three elite groups with deep interests in seeing it emerge"


He is totally right about ICO's though. They are essentially Ponzi schemes as investors think the coins have value and that their initial investment is generating more value, but that is not what is happening.

None of the token sales I've seen are ponzi schemes. "Ponzi scheme" seems to be the buzzword used to describe any irrational or bubbly investment. It's incorrect usage of the term.

You are categorically wrong about this.

Ponzi schemes are financial frauds where, under the promise of high profits, users put their money, recovering their investment and interests only if enough users after them continue to invest money.

Further to this, its qualatively provable, as you can look at the contracts and actually class the type of Ponzi scheme they are.

* https://ftalphaville.ft.com/2017/06/01/2189634/its-not-just-... https://stratechery.com/2017/tulips-myths-and-cryptocurrenci... * https://arxiv.org/pdf/1703.03779.pdf

The wikipedia article on Ponzi Schemes draws a fairly subtle distinction between a classical Ponzi schemes, economic bubbles, and pump-and-dump schemes:


Most ICOs seem more like pump-and-dump by that nomenclature, than like true Ponzi schemes, in which the Ponzi operator is directly involved in all of the transactions in and out of the system.


You're quoting from the Birch-Kaminska circle, which has been bashing cryptocurrency since 2012.

A ponzi scheme is where people pay a fee to join a scheme where members are guaranteed a payment that comes out of the membership fees paid by members that join after them.

No token sale has given out payments, let alone guaranteed one. A speculative price gain is not a "ponzi scheme".

So tell me, what is the goal of an ICO? And by extension, how do you ensure an ICO is successful?

Whatever the goal, unless they guarantee you a payment and fund that payment with membership fees paid by later entrants, it's not a ponzi scheme.

What are you talking about membership fees? That isn't the criteria for all Ponzi schemes you know? You don't sound like you know what a Ponzi scheme is.

It's you who doesn't know what a Ponzi scheme is. A Ponzi schemes requires new members to pay a fee to join. From Wikipedia:

>is a fraudulent investment operation where the operator generates returns for older investors through revenue paid by new investors, rather than from legitimate business activities.

The operator pays revenue to those who joined earlier with the fees received from those who joined later.

Many ICOs out there are effectively Ponzi schemes, which are near-universally illegal.

I don't think any of them are ponzi schemes. Shitty investment based on speculation and hype != illegal or ponzi scheme

Bubbly sectors see irrational amounts of money thrown at things that have little underlying value, like Beanie Babies, or a token for a proposed protocol described by a two page whitepaper.

The principle of Ethereum is that code is law, the "hacker" followed the law to the letter and acted in a prescribed manner. What's the crime here exactly?

The ethereum foundations reaction to the DAO hack proved that the "code is the contract" is not true. Which questions the very value of smart contracts on the ethereum blockchain because it's proven that they're immutable now

This is a good discussion: https://www.bloomberg.com/view/articles/2016-06-17/blockchai...

> The ethereum foundations reaction to the DAO hack proved that the "code is the contract" is not true.

I disagree. The code must also refer to the implementation of the Ethereum clients, and the collective will of the network participants. Those are implicit provisions of the contract, specified in advance. The Ethereum Classic chain still exists, and the thief is welcome to use it. People have simply voted with their feet and prefer a world without the theft. There is no breach of contract, anyone is free to fork the Ethereum network in any way, at any time. It is up to the users to decide how much value to ascribe each fork.

I thought the whole point was to do away with "implicit" or "everybody knows" or other human-interpretation/subjective factors?

If the premise is "the code is the contract, period, except we reserve the right to change the contract at any time or even to cause the contract retroactively never to have existed, based on implicit or subjective factors decided by humans and not by code", then it's a very different beast.

In Ethereum, its important to recognize that what's happening here is not breach of contract. The contract is still executing. However, anyone is free to alter the network in any way they choose. And everyone is free to ascribe whatever value they choose to each network fork. This is a known beforehand, explicitly specified feature of the network. However, it's also known that people really really don't want to do this unless its absolutely necessary. The tension between these two things is what creates the maxim "the code is law" in most situations. The code is law, and it always will be. However, the value may shift. Ethereum Classic is still going along just fine. The value, however, has moved. Ethereum promises only that your contract is immutable in the network in which it was originally embedded. That much is an absolute guarantee. It does not promise that people will continue to use that network.

Except no one reserved that right. The majority of the users agreed to basically create a new currency with the same history, minus the theft /unethical taking of money (if you insist on calling it legal).

So "the code is the contract" until enough people decide to unilaterally change the code because they don't like the contract. Which is right back to what I said.

There's no way of framing this that preserves the philosophical purity.

There is.

It's the same thing with Communism/Socialism. Communism is the pure end state, utopia, etc.

Socialism is the ugly road there.

Now, of course we know Socialism usually does a 5 minute walk in the park then turns 90 degree at that big pine tree, and when no one's watching puts on the evil hat, and by the end of the hour it's a totalitarian state! No iteration on ideas, criticism is met with GULAG, no education, teachers and thinkers are decadent freeloaders, enemies of Communism, internment, execution, mass murder! You know the drill.

Etherum and other code is law experiments are trying to find the best expression of that "common sense" platform, they are trying to craft the best Constitution for this. "And no true Scotsman claimed that Etherum/DAO is perfect." (This is the part where semantics is fuzzy, as it really depends on who said what, when, how, why, and to whom. But realistically, anyone who claimed to get it right the first time, was too optimistic, and of course, it was "reviewed", http://piratepad.net/theDAOreview [ https://www.reddit.com/r/ethereum/comments/4hkgsz/a_summary_... ] and see .. but never audited - https://www.reddit.com/r/ethereum/comments/4ota1q/the_truth_... .)

Nothing anyone can do about that. Absolutely NO contract can be enforced if everyone (including the enforcers) decides not to.

By not changing the default of the client pushed out by people that stood to benefit from it?

All obfuscation around a central controlling group that have the ability to reverse any transactions they don't like or negatively financially impact them, in other words.

Said "hacker" could even take Ethereum to a civil court and win a trial for changing the DAO's code: Ethereum long claimed that transactions were unrevokable and only contracts had value, causing tort to the hacker when rules were reversed...

Given the number of people involved, it could even be juged as organized crime against one person...

hmm true. Maybe smart contracts also need a good old fashioned terms & conditions signed. At least that protects against unknown bugs and exploits?

In that case, they are no longer smart contracts. The entire appeal was that they would be knowable in their entirety, automatically executed, and irrevocable. The goal as I understood it was too have something that would enforce itself, not needing an external authority to interpret it.

Instead, as others have pointed out, the hard fork demonstrated that this was not at all the case. Ethereum contracts can be voided, and the entire premise is therefore flawed. Terms and conditions would just be another way that contracts could be voided, another flaw.

The term "smart contracts" is highly misleading. It is feeding the hype and deeply confusing people. "Smart contracts" are neither smart nor contracts. They are instead very limited scripts triggered by blockchain events.

All the use cases I've seen depend on external input to be even moderately useful. But once you depend on unverifiable and potentially fraudulent external input, the supposed unique value of these scripts is lost. The notion of "oracles" just moves the problem elsewhere so it can be dismissed.

When and if we see profitable uses of these block-chain scripts then I would be glad to revisit this assessment. Until then it looks to me like a classic case of a technology looking for a problem.

They didn't reverse, they simply agreed to follow a different path. Anyone who still accepts eth classic is living in that world I believe.

Do you mean "mutable", not "immutable"?

Yes. A typo on my part

The reaction releasing a new software? How is this a contradiction to your statement? The old chain still exists

The code is not "law".

Somebody exploited a flaw in the system and managed to grab millions of funny-money currency. It's like cheating at a game of monopoly except that many of the players think the rules of the game are "the law" in real life.

The hacker is free to do whatever he wants to but the developers have no restrictions too. So they decided to rollback his transactions.

Whether something is "illegal" is a function of the court system.

So the question is, could you convince a jury that it is illegal?

That's an easy "yes".

Can't you ask for a case to be heard only by a judge? So the judge actually has to understand everything and go strictly by the law?

Depends on the jurisdiction (and the crime).

In the UK, for the most serious (indictable-only) crimes, then no. But you can ask the judge to end the trial after the prosecution case if no reasonable jury could convict, including if as a matter of law no crime has been committed.

Should be easy to describe then.

IANAL, but here is how I would argue:

The DAO was created with the intention to allocate its funds according to a certain voting scheme, with everyone's power determined by the number of tokens they held. But the program did not correctly implement this intention, and the DAO hack exploited the difference to bring the funds under control of the attacker. This most likely violated the Computer Fraud and Abuse Act, and was thus illegal.

Which is one of the issues with smart contracts. Yes, written contracts are the contract in the physical world. And sometimes people get outlawyered or just plain screw up and lose money because of circumstances that they didn't foresee. But when things come to court, there's still generally some oversight usually provided through the court system or mediators to put the brakes on clearly absurd and/or unfair results. Which is generally considered a positive thing.

Of course! Customs and other legal (based on moral) norms are basically the primary source of law or of its interpretation. Human systems based on rigid, or even utopian (that is totalitarian in practice) rules simply cannot handle the complexity of the real world. The system may seem good and functional at first but with the first problem which would because of the nature of complexity and chaotic system dynamics of human interactions inevitably happen, the system would crash (or in this case, get forked) since it would not offer any flexibility.

Without getting too abstract, even traffic lights or zebras, from the perspective of a pedesetrian, (as an example of a simple system) would be a horrendous and extremely time consuming experience if its rules were enforced by the letter. Imagine if you could >only< pass the road accross the zebras...

Human made systems need to be imperfect and the rules need to be flexible or the system will fail.

As I understand it, the DAO website explicitly stated that the code of the contract superseded any written or stated intent. Basically: The code is the law.

The actual law is the law, and contract law (and criminal law i.e. regarding fraud) states that the intent does matter. The DAO website doesn't make legislation - the code may specify the rules about which transactions the Ethereum system will approve, but in the real world the actual laws matter and they will determine whether some people will have their stuff taken away, their movement restricted, or be forced to do some transactions in the Ethereum system.

Sure, the law cares about intent.

But the question that is to be debated is, was the intention of the DAO too follow the code of the contract EVEN IF it had a bug.

There is an argument to make that, given that "the code is law" was plastered all over the DAO, that being hacked and having all their money stolen, was explicitly allowed.

I can write anything on a website.

That doesn't mean that it is legally binding.

The behaviour of the founders would almost certainly mean the phrase was interpreted as advertising rather than a legal commitment.

Advertisers are occasionally held to some sort of legal commitment with respect to statements made in their ads. The "hackers" in this case might claim they wouldn't have invested their money if they hadn't believed the ad...

The "Computer Fraud and Abuse Act" applies to the US. What if the hacker lives somewhere else? Then that law does not apply to him, and the action was not illegal.

I would assume all allied countries have similar laws and therefore share extradition treaties.

Even countries that don't have shared extradition treaties don't always ignore criminals within their borders, even if the criminal activity is occurring outside.

Are you familiar with the individual known as Kim Dotcom?

The guy that the US has been unable to get to for years and who could flee NZ at any time to a friendlier jurisdiction if he so wished? Yeah.

I have a feeling that it wasn't exactly problem-free for him.

Nothing in life is exactly problem-free. It's just easy to overestimate his troubles, which at this point are almost exclusively financial in nature.

One thing not mentioned in this article is that the hard fork was only feasible because there was not much else in the way of contracts on Ethereum at the time, other than the DAO itself. If there had been vast networks of interdependent, concurrent contracts and their obligations, as envisioned by many of the most vociferous proponents of smart contracts, I think a rollback would have been impossible, at least in practice. Next time, they may not be so lucky.

The success of the DAO performing a 51% attack on Ethereum virtually ensures that Ethereum is useless for other contracts. Your contracts hold no value of they can be rolled back at the whim of the holders of the largest contract in the system for reasons that have nothing to do with your contract.

Etherium's fundamental premise -- "code is law" -- presupposes a general solution to the formal verification of program correctness. This is an unsolved problem (and is likely unsolvable in the complete case).

Put simply, all code has bugs. How can Etherium ever work in practice at scale?

There are proposed Ethereum-like systems which use tables and formal proving systems to validate contracts, which may be a good-enough solution to bugs in contracts (this is untested). However, the Ethereum community as a whole doesn't even see this as a problem, and is happy with their JavaScript-like contract language, so I don't see any real potential that they will even attempt to solve this problem.

> How can Etherium ever work in practice at scale?

Aren't there a to of Bitcoin organizations with hundreds of millions of dollars flowing through them? If these companies found a way to operate safely with manageable risk, through things like cold storage and encryption schemes, than how is it much different from Ethereum?

It's fun to say things like "code is law" and imagine everything happens within this self-contained bubble but this stuff still operates in the real world and there are risks and consequences for actions as well as real world security mechanisms regardless.

It works because Bitcoin is only the ledger - the accounting part. All the contractual aspects of the business activity are external to the blockchain, and are handled in the traditional way - through civil law and procedures.

Part of the problem is they based this language off of JavaScript on purpose no less. It should be hard to make mistakes like this yet a single capitalization would change the semantic meaning enough to prevent this! Terrible design choices for a financial banking language.

The problem is not in a language but in poor choice of naming scheme that made it easy to pick the wrong function.

That's more the fault of choosing bad function names, not case sensitive language features.

SolarNet what makes you think it's based on js

Solidity is a contract-oriented, high-level language whose syntax is similar to that of JavaScript and it is designed to target the Ethereum Virtual Machine (EVM).


Syntax being similar is not the same as being based on it.

For only one specific interpretation of "based on".

He was a thief, in the spirit that the money invested in the DAO was never intended to go directly to one individual (i.e. him). It was an error in the contract, as outed by numerous individuals.

Code as law is right, but laws can (and should) change, because the effect they can have can be devastating if loopholes do the opposite of the intention behind the law.

The fallacy here is that we have one immutable law that governs everything, that is set at one time and never changed - how ridiculous. This is utter nonsense.

The DAO was a beautiful experiment that went badly wrong. In the grand scheme of things, if this was a heist in the traditional sense - everyone would have lost out. But as it stands, it's probably the biggest bug bounty in history.

Hopefully no one got hurt. We learn and move on.

I don't understand why people keep complaining it was an "injustice" to reverse the transaction. Most people followed the hard fork the reversed the effects of the heist. If it was that unjust, Ethereum Classic would be the major Ethereum fork now.

This Post Title Needs Sentence Case, More Words

Ether thief remains a mystery, one year after $55m digital heist

This story really needs an ELI5

A guy came up with an idea of digital money that doesn't require contracts using "smart contracts", where the code is the law.

The guy went to a bunch of people with the idea and they liked it.

The people talked about it a lot and many more people joined in.

They all pooled their money together to launch this cool money.

Some other guy came over, saw all of this, looked at the code, and used the code to transfer $55M to his wallet.

Arguments about law and contracts ensued.

That’s all stuff leading up to he hard fork and rollback...

So I'm assuming the fork, Ethereum isn't at risk?

At least as far as we're aware.

It still and will always be. They have set a dangerous precedence. If another group of large developers decide to revert a certain transaction. They could. The one platform that still has its integrity is ethereum classic

But Ethereum classic is still subject to the problems of Ethereum main's amateurish codebase.

but the core difference here is there is no precedence set. Especially since classics core belief is immutable transactions. As long as the community has that integrity. Then its safe. but ultimately. It is a consensus based system. So its not to say its not impossible

Is Etherium not formally proven? One would think that would be a check box among many things for a financial interchange system...

It is not even close. Nor is any other financial interchange system, but they have external checks, balances, and a formalized way to correct errors.

That page is virtually unreadable. Why the fancy CSS, Javascript and fonts?

Are there any terse explanations out there of the DAO bug?

Isn't Bruce Wanker the hacker? https://youtu.be/_O5fdMFKEC0


Could you please spamming HN with this? If you have a point to make about the topic, please make it and do so civilly and substantively.

> ". Over email, he said, “We might be up the creek ;).” Later, when Gün pointed to the error in line 666, Daian replied, “Don’t think so.”

well, isn't the financial law against this kind of incompetence in the first place?

I don't think the thieves would be guiltier than the team behind DAO.

ps: and line 666??? who the hell keeps a single source-code file that big? no wonder bugs are around...

> who the hell keeps a single source-code file that big

Me. SQLlite. .NET's garbage collector. CPython's eval. Lua's lexer. xinit. dwm. These are off the top of my head that I've seen





Yep. Pretty troll comment. Felt like taking the bite today. I'm going to get back to getting my lexer past 1000 lines today: https://github.com/serprex/luwa/blob/master/rt/lex.wawa

I think big source files have their place. Single procedure view is about the only thing I miss in today's Visual Studio (was a thing in VS6).

> ps: and line 666??? who the hell keeps a single source-code file that big? no wonder bugs are around...

Why would you expect there to be a relationship between source file size and bugs?

Suppose a program has 100 functions, and each function is 10 lines plus on average 4 lines of comments.

If I organize it as a single file, it will be about 1500 lines.

If I organize it as 10 files, they will each be about about 150 lines.

But when I'm actually working on the program I'll be seeing it through a window that shows the same amount regardless of whether the program is one big file or 10 smaller files.

Since I see essentially the same thing in both cases, I don't see how the bug rate will be different.

Don't get me wrong...I'm not saying it is OK to always put everything in one file. There are times when good design requires multiple files. For example if a program must use global variables and the language supports globals that can only be references within the file containing them, then organizing files around which globals functions need access to might be a good idea and help avoid bugs.

But in that case it is not the size of the files that matters. It is their data access needs.

I've seen single-file Fortran code that exceeds 15k lines of code, and I have no doubt that there exist source files orders of magnitude larger than that. Below 1000 lines, it depends on the style. If those are all a single function, then you're up a creek. If those are neatly split into many independent functions, then it can be pretty manageable.

Blockchain currency advocates like to claim that the law doesn't apply to them.

Line 666 is an entertaining coincidence but that is really not that large a file for most languages.

> Blockchain currency advocates like to claim that the law doesn't apply to them.

Example? Or do you just mean like every financial organization ever (even beyond Wall St) that pushes back on regulatory oversight?

Attempting to regulate Ethereum with human gatekeepers sounds ridiculous to me, especially at this point, and entirely defeats the purpose of the whole system.

These people who put money into that DAO fully knew the risks of what they were doing. And none of them are calling for centralized oversight from the US gov as a result. So I'm not sure who this would be protecting or helping.

> Attempting to regulate Ethereum with human gatekeepers sounds ridiculous to me, especially at this point, and entirely defeats the purpose of the whole system.

The problem is that Ethereum cannot live up to its intended purpose, at least not the hyped, pie-in-the-sky purpose that it is being promoted with.

>These people who put money into that DAO fully knew the risks of what they were doing.

Pretty clearly, they did not - and when it went pear-shaped, they abandoned all their principles to rescue themselves from the situation they had created. They appointed themselves as agents with more powers than any statutory regulator has.

> and when it went pear-shaped, they abandoned all their principles to rescue themselves

How exactly?

By rolling back the primitive marketplace that had almost zero repercussion because the marketplace was barely beyond the first users?

I didn't see anyone calling for solutions that went outside of the control of Ethereum. To fit into your snide analysis they would have turned to state authorities for help or called for other real centralized systems of control. But that didn't happen. As far as I can tell there was zero control relinquished to central bodies as a result and it would be almost impossible for them to take the same approach now that the market is maturing. So the original decentralized concept still underpins the technology as it ever did.

Comparing the early alpha days of the system to the stated ideals of what they want the system to be in the future in not fair.

If every experimental project followed your advice by being totally risk adverse as well as was carefully controlled with red tape from the early days then we wouldnt have any innovation or the great products we have today. Just look at Japan's market, feeding off industry from the last time they allowed markets to operate freely in the 1980s, if you need proof of this.

This idea that you see nothing wrong with believing you know better than people who volunteered their time and money with this project and they need to be protected by government systems is what concerns me. Why not let them run this project and see if it fails or not? Is it really worth killing this experiment to mitigate risk so a few people don't get burned?

I personally think this project is full of snake oily hand wavy ideas that will mostly fail. But I'll endless defend their right to try it. And provide feedback and thoughtful analysis to poke holes in the bad stuff as I come across it.

>> and when it went pear-shaped, they abandoned all their principles to rescue themselves.

>How exactly?

If I am not mistaken, the central principle of Ethereum, from which almost all of its alleged benefits arise, is that the blockchain is the sole authority and so the currency, contracts and transactions are consequently immune to meddling. Of course, one might argue that it was never true, and that all the hard fork did was to demonstrate that fact, but truth is not a necessary feature of a principle - though false principles usually turn out to be unworkable in the long run; see, for example, communism.

Your argument seems to be that the hard fork was feasible, expedient and harmless, but that is not an argument against it being a breach of their own principles. Furthermore, if you followed all the arguing at the time over whether there should be a hard fork, you would know that there are plenty of people who thought it was a terrible idea - so much so that some of them have gone to the considerable trouble of keeping Ethereum Classic running.

>Comparing the early alpha days of the system to the stated ideals of what they want the system to be in the future in not fair.

It is certainly fair to point out that they are unjustifiably claiming that it is, now, what they want it to be in the future. Furthermore, I don't recall it being described as alpha software when people were putting hundreds of millions of dollars worth of assets into the DAO.

> If every experimental project followed your advice by being totally risk adverse as well as was carefully controlled with red tape from the early days then we wouldnt have any innovation or the great products we have today.

Even if these general points were not exaggerated and simplistic, they would not refute the specific claims about the current state of Ethereum. Furthermore, you seem to think I am advocating the regulation of Ethereum, but I don't think that would save it from its fundamental contradictions.

> This idea that you see nothing wrong with believing you know better than people who volunteered their time and money with this project and they need to be protected by government systems is what concerns me. Why not let them run this project and see if it fails or not?

See my immediately previous response - though I would prefer it if Ethereum was promoted without claims that cannot currently be justified.

> Is it really worth killing this experiment to mitigate risk so a few people don't get burned?

That's what the opponents of the hard fork said - but the people who would have been burned without the hard fork would have included some of the most influential people in Ethereum. It would be interesting to know how much the pro-fork miners had at risk in the DAO.

> I personally think this project is full of snake oily hand wavy ideas that will mostly fail. But I'll endless defend their right to try it. And provide feedback and thoughtful analysis to poke holes in the bad stuff as I come across it.

You seem to be trying pretty hard to not notice some significant holes.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact