This just looks like another run-of-the-mill ICO backed by convoluted, cryptospeak that one can only pretend they know what they actually intend to build 
Even the investors sound sketchy. Why does no one even challenge their business model? 
I'm willing to bet this hack was an inside job.
Most of these products I have taken look at make no sense and truly just seem to be a bunch of crypto and tech buzzwords mixed together to make it sound like some real business plan (e.g. "decentralise", "blockchain", "trustless", "distributed", "peer-to-peer").
It makes sense to "get hacked" and be able to just walk away with the money without having to pretend you actually want to create and deliver a product.
That seems pretty impressive for a company that, from what I can tell, does nothing and has no product.
I don't really see a downside right now, aside from ethics. It doesn't seem like any of the hackers have been prosecuted or even lost the coins. They can just slowly tumble them and...move on with their lives, newly rich.
I mean I really don't see how this is sustainable. Incentives for not doing this are rapidly evaporating, which will create systemic instability and erode confidence in the currency. But in the meantime you can acquire a fortune in what seems like a pretty straightforward, low risk way.
But even if that is true, it doesn't diminish the fact that right now the only thing apparently stopping anyone from becoming rich is ethics, not effort. Normally in situations where there are few effort penalties but high ethics penalties for quickly acquiring a fortune, there is a disincentive in the form of regulation and the judiciary system.
That's not the case here! (If it is, correct me if I'm wrong). For example, how many of those fraudulent Bitcoin wallets were prosecuted? The salient example seems to be Mt. Gox, but I feel as though that one was prosecuted because there wasn't much anonymity available to the founder.
There doesn't seem to be much of a reason to not try to e.g. exploit a vulnerability in a widely used smart contract. The endgame is millions or tens of millions of dollars, cleaned through a tumbler and then reported to the IRS. "Where did this windfall come from?" "I was an early cryptocurrency investor, I did very well!"
As someone who has done a lot of code review over the years and read more bug bounty reports than I can count, I can very easily see this becoming the de facto activity of unscrupulous security researchers until the market undergoes the improvement you speak of.
I guess to put my point more succinctly: it seems somewhat unprecedented to me how easy it is to do this and simply get away with it. A commenter on Hacker News was able to pinpoint the Parity Multisig vulnerability - it's not like it necessarily required a team of people and 6 months.
With that background in mind, I'm going to have to strongly disagree with your point on two grounds. First - yes, SWIFT was successfully attacked, and $800M is an egregious amount. But while security vulnerabilities can exist in essentially any type of software, it is significantly more difficult to get away with defrauding a banking institution out of seven digits or more. There is virtually no way to identify a single vulnerability and then exploit it to rapidly siphon funds out of the institution. If nothing else, the intermingling of various transfer protocols and identity constraints tends to make that very difficult.
When I was in that role, we were very frequently targeted. The only way attackers were ever able to successfully steal money from the bank was by first achieving identity theft or by compromising existing accounts. Here there is still an economic caveat - to achieve successful attacks against banks on the scale of what is currently rampant in Ethereum smart contracts, you generally need to reliably achieve a certain scale. The attackers tend to be groups acting in concert, and will actively look for institutions where a critical mass of accounts can have funds siphoned out of them.
In practice, this most often occurs when there is either 1) a truly egregious security flaw in the specific institution or 2) a major security breach that facilitates password cracking en masse against users who have accounts at the bank and use the same passwords. A good example of #1 would be an online bank that allows users to bypass the identity/address verification step in the account opening process (i.e. there may be a vulnerability that allows them to assign themselves a social security number without verification, skip parts of the verification process or change it later on). I was very good at making sure we never had such a serious issue.
That leaves #2, and it's the way that we were almost always attacked in practice. Password breaches would occur, we'd get a rash of accounts compromised, and those accounts would attempt transfers out of the system. Sometimes it was more complex (two types of compromised accounts involving C2C transfers, etc). We mitigated these through sophisticated rate limiting, aggressive logging and a lot of incident response. Sometimes it happened often enough to essentially become a dull background noise for us. But in my ~2 year tenure, the most I ever recall us losing in any single attack was about $15,000 (across hundreds of accounts), and I can count on one hand how often that happened.
So that's my first point, regarding inherently superior (or more charitably, "mature") security mechanisms. My second point is that a bank and a smart contract or an ICO aren't really analogous. They are both in the financial domain, but they have different risk profiles and functions. A smart contract would be more analogous to a regular contract, and while I am very willing to concede that smart contracts have theoretical benefits, it is very clear at the moment that the lack of a legal fallback (for now) is a weakness, even if it's also a strength. A smart contract and a contract are both generalizable, whereas a bank would more akin to a specific, constrained type of legal contract that houses money in exchange for certain privileges. Smart contracts are inherently more vulnerable than banks because they can be much more open ended in purpose and execution, without the corresponding legal oversight that regular contracts have.
An ICO is also not analogous to a bank; as the name implies, it's much more similar to an IPO. IPOs absolutely do not share the risk profile of ICOs, and there would be significant legal penalties if an IPO were manipulated in such a fashion as to cost investors tens of millions of dollars that simply evaporated due to fraud. No one would take the underwriting bank or the founding team seriously if they said, "well hey it's not a significant amount of money that was lost compared to our market capitalization." NB: I'm not talking about an overvalued IPO dipping in share price, I'm talking about a significant amount of the invested money literally being stolen from both the company and the investors with apparently no way to make either of them whole. The idea of this happening is conceptually beyond the pale for me.
Instead of a smart contract or ICO, a banking institution is more like a wallet or an exchange. And this brings us full circle to Mt. Gox, which actually was liable, much like a bank would be. In return for legitimacy and expanded utility, companies like Coinbase have had to accept an increasing amount of legal oversight and liability over the years.
I'm not entirely sure what fiduciary (or other) duty you owe people who invest in ICOs -- but conceivably with the right phrasing, you don't actually need to steal the money to just sit on it.
-> Talented team, crypto, yada, yada, yada.
-> ICO token entitles buyer to use all of our services.
-> Throw up site that validates token and then serves static site telling you future projects will be here.
-> Spend money on living it up while you "develop apps".
-> Alt: Put money in trust after incorporating as a non-profit; sit on returns indefinitely.
I don't think it's very hard to not technically break your word as long as you only plan to take one investment round and don't need goodwill.
ICOs that make legally binding agreements with their investors are well covered already so that leaves only those who start fraudulent ICOs. Again here, if a financial crime is committed, then there will be a criminal investigation too.
Crypto-economics is a new field, but fraud and theft are old crimes. More education and awareness for the general public is definitely needed though.
Wow! This in a post announcing the 8M USD hack. And what language he speaks.
> Veritaseum uses only bitcoin, and subsists completely on the bitcoin blockchain. It is the only bitcoin wallet system that can trade simple and complex value structures without using non-bitcoin tokens, alt coins, sidechains or alternative blockchains. It can trade the value of over 45,000 tickers in all asset classes, from major exchanges from all around the world. At it’s essence, Veritaseum is a hyper-intelligent Bitcoin wallet “system” that is able to create and interpret smart contracts through the blockchain. It coordinates with an Oracle to gain access to conventional, physical and legacy financial data and information and uses it to price, value, trade and settle OTC, P2P financial instruments - all in BTC.
I would be surprised if they -- now, two years later -- have actually demonstrate this "system" in use publicly.
It looks like the South Sea Bubble, but with cryptocurrency.
1. of a bacterium, virus, or other microorganism causing disease.
I hope they will come forward with more information but Veritaseum has always looked fishy, about 98% of the tokens are held by one address https://etherscan.io/token/0x8f3470A7388c05eE4e7AF3d01D8C722... and are not in free circulation.
2% of $360,000,000 are $7,200,000 and the hacker stole more than eight million.
Or did I get this wrong somehow?
What is stolen is 0.07% of 100M tokens which is 70K tokens, which is roughly $12M for current market price.
That number also matches the number transferred (36,687.9382688909) to this wallet mentioned in the article: https://etherscan.io/address/0x3fff90bf314673194c3a265ed1c0a....
Also, according to two other articles (linked from the bitcointalk thread), cite the value of the stolen as US$4.5M, not US$8.4M:
Checking market charts around the time it happened (~00-08 July 24th), there's a significant dip in value, with the price going as low as US$~122: https://coinmarketcap.com/assets/veritaseum/#charts. At that rate the stolen tokens would be worth US$4.48M.
"Another point that I would like to make clear is that Veritaseum tokens are software that represent our knowledge, advisory and consulting skills, products and capabilities. Without the Veritaseum team, the tokens are literally wortheless! If someone were to someone confiscate 100% of the available tokens, all we need to do is refuse to stand behind them and recreate the token under a new contract."
So if something goes drastically wrong the game plan is to just abandon their cryptocoin altogether and walk away? That doesn't exactly inspire confidence but then again I still haven't been able to figure out what Veritaseum actually does. The rest of the post-mortem is just deflecting from the incident and misdirection:
"The Sr. partner of distressed credit of one of the world's largest funds specifically took the meeting after hearing about what we are doing. "This is big, very big" (that is an exact quote from the person who arranged the meeitng, who is a 40 yr veteran of Wall Streat, a literal brand name know by nearly every experienced professional - someone who had aggressively jumped on board team Veritaseum to assist in business development)"
That is in addtion to our Veritizing a medical practice as a showcase for doctors and healthcare biz pros around the world to emulate (using Veritas, of course). Think of us just capturing 50 basis points of all of the medical practices and related healthcare businesses in the world
1. Ethereum is difficult to work with
2. Its difficulty does not provide security
This doesn't exactly inspire confidence in it.
Some comments on this article imply that this was just a scam, so maybe Ethereum is secure. I think that a lot of people learn about things they don't care about via headlines, which may be damaging for Ethereum in its infancy.
Oh please, a lot of people keep saying this, but the reality is that Ethereum and Solidity devs simply didn't do enough research. There's a long history of smart contract platforms that are both safer and more robust, and the problems inherent to the choices Solidity made were obvious right when it was first introduced:
What are you talking about? Solidity is not so unsafe, nor is it correct to imply that Vitalik "didn't do his research". MAYBE he did his research and came to a different conclusion? Maybe hhis priorities were different? Regardless, he's exceptionally bright and by no measure just a hasty dev trying to make a quick buck.
And your link does not point to any inherent flaws in Solidity, just opinions on language fit.
Ethereum development IS in it's infancy. It WILL improve over time - like it or not.
What we're talking about are a slew of successful attacks in the ETH ecosystem. What we're talking about are what appear to be questionable decisions in Solidity. What do you think of this thread earlier? https://news.ycombinator.com/item?id=14810008
It is clearly unsafe, judging from these attacks. It is clearly not designed with security in mind, which should have been a top priority. "Maybe his priorities were different" is even more damning than if people did prioritize security and failed.
You say "clearly unsafe" but there has been, to my knowledge, only one serious flaw identified, and that is what lead to the fork. Many of these ICO thefts have been suspected internal jobs, not as the result of a new vulnerability identified.
correct me if i'm wrong. If ETH is doomed, i'm happy to let best of breed win. But I'm not seeing an argument made with facts here - I'm seeing Fear, Uncertainty, and Doubt.
I suggest you read the links in that thread that talk about the requirements of REAL smart contracts, and then come back and tell me Solidity is not hopelessly flawed.
As a language for writing smart contracts, Solidity is a total minefield of unsafety.
As for the reasonableness of "different conclusions", if Vitalik was responsible for Solidity, then I can't disagree more with everything you've said.
This seems small, and thus less trustworthy as a resource for me. Akin to a post on reddit with 10 upvotes and a handful of comments. I'm going to need to see more than that before I start taking those concerns seriously.
If it's obviously flawed, I'd expect more dialog and drum beating outside of one thread and among a larger group of people. I am not seeing that, presently.
There is a difference between the theory of programming, and actual programming. One is a science, the other involves a good deal of engineering and creativity. So while at a theoretical level there are concerns - it does not absolve engineering from addressing them. It is for this reason (and many more) that I do not take a forum post with a few replies as authoritative, on a forum i've never even heard of.
If you can't provide additional resources, thats fine. But lets be clear: i'm not interested in a pissing match. I'm trying to understand. I am yet to see anything yet that gives me pause surrounding ethereum smart contracts, aside from things I've already held concerns over (like the revocability issue) but which do not represent showstoppers for me.
Your clarifications make sense though.
A fundamental principle of Ethereum is that its smart contracts have Turing-complete computing power. Therefore, there is no possibility of 'higher level abstractions' that will permit only legitimate contracts to be written (even if the abstractions are limited in their power, an attacker can make use of the full power of the underlying system.)
Writing provably-secure smart contracts is as difficult as writing provably-secure software for any other Turing-complete platform: i.e. only a small percentage of developers can do it. Furthermore, the software that comprises the platform itself has not been stringently verified.
Of course, we are using lots of software in banking and finance that is not formally verified, but there are significant differences: it runs in secured environments with controlled and very limited external access, and there are out-of-band methods for correcting mistakes. In contrast, blockchain currencies are actually promoted as being immune to this sort of interference on account of transactions being irrevokable (and no, the hard fork that rescued the DAO participants is not a counter-example, as that will not be feasible in future.)
I cannot say these problems will not be resolved in the future, but why would anyone put any significant value at risk until they are?
High level abstractions and Turing completeness are not in opposition. Haskell, for example, offers high level abstractions in the form of a functional language with abstract data types, strong typing and purity (unless you specify something else explicitly, functions only have access to their arguments).
I think Safe Haskell would be a good Turing-complete, general purpose contract language. Untrusted code can be compiled to machine code and executed safely, by using a restricted IO monad that only allows specific input/output operations, so the contract logic can be executed safely without a sandbox.
Wouldn't "choose one of these 10 contracts which have been proven correct, and also choose the parameter for said contract" be using a higher level abstraction?
And if the 10 contract are proven correct+secure, then this would be secure, right?
I don't understand what you meant by "an attacker can make use of the full power of the underlying system" such that it is compatible with the security of the abstraction I described.
To expand on point 1, given that your technique should be generally applicable, why has it not taken over all the other applications of computing where security and correctness matter? The reason, I believe, is that it is, in practice, infeasible for many of the sort of things that are useful and that we actually want to do.
I believe that people have made formally verified (trivial?) contracts (based on the spec of the vm iirc? Not sure), but I don't remember anything about a formally verified contract being used in practice. People definitely are making progress on the formal verification front (building foundations/infrastructure/etc.) but they aren't really there yet. ("There" being, ready for widespread use, and in widespread use)
I don't really understand why people buy into many of these ICOs. I mean, I'm somewhat enthusiastic about "smart contracts", but I don't actually own any cryptocurrency.
I don't mean to say that I think all ICOs are bad, but given the number that are failing, I find it hard to imagine that the people buying into them are doing enough research into them before buying for it to make sense.
Also, I don't understand why people aren't building contracts on top of a contract layer that handles arbitration for reversing fraudulent transactions yet? I thought that would have been built by now.
> Also, I don't understand why people aren't building contracts on top of a contract layer that handles arbitration for reversing fraudulent transactions yet? I thought that would have been built by now.
Ittay Eyal and Emin Gün Sirer have suggested at least a partial solution along those lines. I believe there is some opposition from those who consider the inviolability of transactions to be a non-negotiable feature of crypto currencies, as arbitration implies arbitrators, but this might be part of the future of smart contracts.
> there is no possibility of 'higher level abstractions' that will permit only legitimate contracts to be written
True, but there is the possibility of trivial changes that would prohibit some exceptionally catastrophic bugs. The language features that allowed last weeks multisig walled bug (delegation to an unknown function, public initialization code, the possibility of calling initialization code after initialization) need not be like that. A much better language could still be Turing complete but exclude such things (forcing you to write explicit code that shoots you in the foot, if you so wish).
Well, I didn't suggest it - it seems you are inventing that notion because you are obliged to agree with everything I actually wrote.
The point is not the relative safety of one language against another, but whether, in absolute terms, Ethereum will become safe enough for the sort of wide-ranging uses that its promoters envisage. If the sort of examples you present here are sufficient for that, then, given that security and correctness have been prized for long before Ethereum, one has to wonder why they have not already been used to create languages that are already secure and bug-resistant enough for Ethereum.
There is certainly some basic changes that could make Ethereum more secure, but past experience in this field suggests there is a whole range of hills beyond this one. And in security matters, going part-way is not much of an advance at all; such defenses can, like the Maginot line, be outflanked.
You wrote: "Writing provably-secure smart contracts is as difficult as writing provably-secure software for any other Turing-complete platform". This is not true. Writing provably-secure smart contracts in something like C would be strictly harder than in Solidity because there are more classes of possible errors, and hence more properties to be proved. There are meaningful differences in the ease of proof even among Turing-complete languages. And some things you would have to prove explicitly for programs in one language are automagically "proved" for you by other languages' compilers.
So yes, you did suggest that any two Turing-complete languages are equally safe and secure.
> because you are obliged to agree with everything I actually wrote
Your closing questions has a point I agree on.
Heck, buffer overflow bugs are decades old but still happen all the time.
Software security has practically not gotten any better over the years. Best practices are now known but rarely followed. Even when you follow best practices, there are vulnerabilities. Software security is an illusion.
Is Ethereum actually being used for something meaningful?
(I guess in a way though Ethereum found its first killer app, pure currency speculation/appreciation. That gives it time and money to find something more useful.)
https://etherdelta.github.io - decentralized exchange is getting decent volume. Ironically the hacker dumped the veri tokens there.
https://ethlance.com - freelancer market. Looks like a place where once can earn Ether for coding in Solidity and related gigs.
http://ens.domains - .eth domain registry. Highly successful, will be integrated into the upcoming 'mist browser' release, plus a few other places (wallets & exchanges) support it already. Over 133k names registered.
Probably more I've missed.
Btw, full ENS stats here https://ens.codetract.io
Or simply curious people trying something new. I know I registered a name for fun, and there was quite a bit of curious interest in tech circles in my area (even outside of cryptoanarchists types).
But then, for the moment most people see ICANN regulation as okay. Maybe if that changes, a distributed alternative will get traction.
Yeah, the hackers seems to be doing alright out of it.
Prism is a live service using Ethereum smart contract(s).
It is from the Shapeshift people and is a kind of "digital asset portfolio". You can invest in many types of digital assets without having to hold them.
People are spending real money on this Ethereum smart contract.
I think one thing that plays against using these cryptocurrencies for other things besides speculation is that they are so speculative, huge ups and downs with lots of opportunities to win just trading them. Because of that they are being treated a lot like stocks (which often appreciates if you hold it) rather than currency (which is usually slowly depreciating, which encourages spending.) I think the incentives for these cryptocurrencies is sort of wrong, they are cryptostocks.
I do think it is too early to judge the cryptocurrency world or blockhain in general for not having 'killer apps'. Analogies to the early internet are no good either since there is no reason as to why this would behave like that. Time will tell. Can't deny it is an interesting space!
> Can't deny it is an interesting space!
I'd actually disagree exactly because of the lack of "killer apps". There are plenty more interesting things happening in technology when you consider no one really seems to know what to do with this. Right now blockchains sound like get-rich-quick catnip for geeks.
what... 0.07% was worth $8.7 million. So the market cap is $12,428,571,428?
Looked through most of the website and still have no idea what they do...
Apparently their team consists of 3 people too, only one of them being a dev.
I'm trying very hard to figure out what they do exactly, apparently they create "Forensic Analysis and Valuation reports" and then sell them but instead of selling them for ETH or BTC they sell them in their own VERI tokens?
I think there's more to it than that since the homepage says (in an image I've had to transcribe): "Veritaseum enables software-driven P2P capital markets without brokerages, banks or traditional exchanges".
I wonder what percentage of their ICO "investors" really understood what they were pumping their money into.
I also hope that some people are thoroughly documenting and archiving all these ICOs, it will make for a very interesting and I'm guessing entertaining post-mortem.
If USD how do they come up with that exchange rate?
This sure does look like an inside job...surely they reported to whatever Government crime bureau in their jurisdiction? But given the terms of many of these sales, there are literally no repercussions if the "company" decides to just take the money and run. Buyer Beware.
I think if anything, this whole ICO thing, as I've observed, just enlighten me about what we have consumer protection. It's not so the big corps and such won't scam people...they don't need to even try, people will time and time again, fuck themselves over. It's a sad reality. There was even a "Useless Ethereum Token" that did an ICO and raised something like $50k in a matter of days. Maybe the internet likes paying for jokes... regardless, I know countless people are dumping their next months rent on whatever ICO is happening that day with little regard to anything behind it.
Disclaimer: I do believe in the Ethereum platform and am long in it. I also hold FunFair tokens, which I believe to be one of the first platforms that really takes off.
I invested in the ETH pre-sale and have done very well from it, but I have been selling a bit lately because I think someone else will come along with a system that open sources some really solidly vetted template contracts that have been thoroughly penetration tested by professionals.
Unless the original author also introduced the bug, I don't think it's fair to blame the original contract.
It is linked from the "prospect":
What kind of fools invest into this?
Nobody can - or I would dare say, likes - to be watching is own back every single moment or their existence... but that's what crypto in general expects you to do.
Hacker stole $8.4M worth of Veri coins, not Ethereum!!!
Somehow? they couldn't even figure out how the hack happened? How convincing for their clients.
You don't just shrug off losing that kind of money. If I had invested in this project, I'd be in touch with the FBI.
So this ICO has a valuation in the billions? Sounds quite fishy.
Now if you believe the price will bounce back, you can make a lot of profit on stolen coins. Immoral? Quite possibly. Against the law? Not this year.
- Since Cryptocurrency is international, the US SEC does not have jurisdiction everywhere in the world. When there is millions on the line, you could just move to another country and try a scheme, or direct a foreign lackey to do it.
- "The Federal Reserve simply does not have authority to supervise or regulate bitcoin in any way. To the best of my knowledge, there is no intersection at all in any way between Bitcoin and banks that the Federal Reserve has the ability to supervise and regulate."
- To count for an exchange you have to issue shares. Not everybody does this.
- Is cryptocurrency a token or a security?
- How to distinguish between nouveau riche BTC millionaires trying out their luck with an ICO and a criminal organization using it to launder money?
- Who is the single legal entity to target when the ICOs are distributed, and no single entity issues coins?
- What to do with those that profit from future illegal activity, as a 3rd party? Right now there is a lot of obvious market manipulation going on. Whales banding together to influence and set prices. Pumping up interest with bots and 5-cent army trolls. Selling stolen coins for 50% of market value. Sharing upcoming announcements with a small group of investors, devs, and supporters, allowing them to speculate on insider knowledge. How do they prove I must have known about the stolen coins, when the news hasn't even broken yet and I already put out a buy order of 50% of the price in case of a flash crash?
Their parameters (for example is the token for utility or just for speculation) vary.
There is a test in law that people can apply to try and tell whether a specific ICO is a security or not: the Howey test.
I think in my jurisdiction we have a law against pawning stolen goods: If the price is too good to be true (100$ macbook), and you still buy it, you can get your goods confiscated. But how does this translate to cryptocurrency and its volatile pricing (a 50% drop or increase in price is not extremely rare)? Is it illegal to set a buy order for 50% of the price? Especially if you set this before the hack, just hoping to cash in on a flash crash, I can't see which law you break.
About stealing coins, of course this (should) be against the law. But then again, data is not a good. For many jurisdictions, data isn't anything at all. You can not own data in the legal sense, because it only applies to tangible goods.
As to "stealing" coins by manipulating a smart contract, its a grey area. Of course in the real world, contracts can be breached in spirit, not only by the letter. But with smart contracts, you only have the letter of the contract: The code is law.
I fail to see how smart contracts is a grey area; if you're abusing a fault in the code, that's very clearly fraudulent behavior.
In short, there's a lot of "This is new! Things are different! The existing laws don't apply!" regarding some of these things, but I'm just not convinced. It may be harder to enforce or to prosecute, but that doesn't mean that it doesn't fall into existing laws.
It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property).
> if you're abusing a fault in the code, that's very clearly fraudulent behavior.
Another way to put this is that you are using the contract in a manner how it was defined by the author. Compare with a misconfigured web server showing open directories of files, or a robots.txt with a typo in it (ignore: /adminn). What is a fault and what is a feature? Who decides this? Solely the author of the contract? The parties involved (who splits the ties)? A majority of 3rd party volunteers? If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?
> doesn't mean that it doesn't fall into existing laws
If law was a software product, we are definitely a few pull requests behind its intended use. Look at how long it took to update authorship/copyright laws with the evolution of the internet, and how ugly things are when wrestled into the old framework of: I create it, I forever own it.
This is quite wrong; it's still considered a crime of stealing from the bank. The law does not care if you used a computer to do it instead of using dynamite to break into the safe, nor should it.
"Another way to put this is that you are using the contract in a manner how it was defined by the author."
No. If you are using an undisclosed exploit, then that is not true in the least. If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud. No amount of, "you should have known better" or "you should have done your research" will help you. Take the recent case of the hack involving Etherium. It exploited something in the "smart contracts" which very few people knew existed, and, judging by the actions of the team in charge, clearly was not meant to be there. But beyond that, if the contract were to be disputed in court, one thing that would become very clear is that no rational person would be expected to believe that was the intention of both signing parties. And thus, it would be decided that the contract was fraudulent.
"If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?"
So if I forget to lock my door, then my house should be free game for everyone?
The law cares. Like I said, in many jurisdictions this was only recently amended with special clauses -- clarifying the distinction between physical and virtual goods. In some jurisdictions theft requires fraudulently taking a physical tangible good: virtual goods can not be stolen (but you can still be charged with computer intrusion). Remember also the debate about downloading a cam movie vs. stealing property of movie studios.
> If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud.
But the contract is out there for both parties and their lawyers to have a look at it, before agreeing to it. If Google indexes my /admin directory because I made a typo error in our crawling contract (robots.txt), who is ultimately to blame? Judging by my actions and panic, the directory was clearly meant to be excluded. If we end up with the "smell test" in court for smart crypto contracts, we should just go back to "dumb" paper contracts and signatures.
> So if I forget to lock my door, then my house should be free game for everyone?
Non-sequitur. If you publish an article on Wikipedia then it is free game for everyone to visit it, edit it, and you can not retro-actively say: you are not supposed to be here.
1) there is no code for this project that I was able to find;
2) blogger /personality CEO;
3) no report on the transactions (txHash) that would show the "theft";
Finally, and this is subjective but still "feels" odd: The Veritaseum project is built on top of Bitcoin but it was Ether that was taken? If it was a smart contract then number 3 on the my list is even more important because we can replay it as many times as needed until we find the bug or exploit used, if any.
PS: Ethereum = refers to the project, the network and the foundation name; Ether = currency issued by the Ethereum network.