Hacker News new | past | comments | ask | show | jobs | submit login
Hacker Steals $8.4M Worth of Ethereum from Veritaseum Platform (bleepingcomputer.com)
196 points by microwavecamera on July 25, 2017 | hide | past | web | favorite | 163 comments

I have no idea what these guys do. They don't even take the time to explain it. The fact that these guys can run an ICO and call $8.7 million dollars miniscule is what's wrong with ICOs today.

This just looks like another run-of-the-mill ICO backed by convoluted, cryptospeak that one can only pretend they know what they actually intend to build [2][3]

Even the investors sound sketchy. Why does no one even challenge their business model? [1]

I'm willing to bet this hack was an inside job.

[1] https://bitcointalk.org/index.php?topic=1887061.0

[2] https://drive.google.com/file/d/0By5WJsM3KjltOG

[3] http://veritas.veritaseum.com/

> J. K. Rowling has said that Veritaserum "works best upon the unsuspecting, the vulnerable and those insufficiently skilled (in one way or another) to protect themselves against it...



So even the name had a hidden scam reference in it. This seems so dodgy now.

Or maybe they just mashed together the Latin word for 'truth' with 'Ethereum' and the etymology of Veritaserum is coincidentally covergent evolution

Honestly you're probably right. They wouldn't be so brazen if they planned to steal money from the beginning. But nothing would surprise me in crypto anymore.

Hey, I have to disagree here. Let's look at what we know prior art. The best phishing attacks are the ones that are so obvious that only the unsuspecting, the vulnerable and those insufficiently skilled would fall for them.

This simply isn't true. Those are the worst phishing attacks largely performed by some guy in Africa manually sending emails.

Even if the name references Veritaserum, Veritaserum isn't particularly associated with scams. Far more likely they'd be trying to associate with its truth-finding properties. The quoted line is amusing, but no more.

Maybe it wasn't stolen, this was part of the plan to do nothing after the raise :)

I think inside jobs are likely in a large number of these ICO hacks. It's a good way to just enjoy the millions of dollars (or tens of millions) you raised for a non existent product just based on a flashy website with crypto buzzwords.

Most of these products I have taken look at make no sense and truly just seem to be a bunch of crypto and tech buzzwords mixed together to make it sound like some real business plan (e.g. "decentralise", "blockchain", "trustless", "distributed", "peer-to-peer").

It makes sense to "get hacked" and be able to just walk away with the money without having to pretend you actually want to create and deliver a product.

At least we can say that 'trustless' is a real part of the plan, one way or another.

If 0.07% of their company is really worth $8.7m, then the company itself is worth $12 billion.

That seems pretty impressive for a company that, from what I can tell, does nothing and has no product.

It's surreal. If a legal hammer doesn't come down on ICOs and smart contracts soon, it's simply going to be rational to either hack other parties' smart contracts or start ICOs just to get "hacked."

I don't really see a downside right now, aside from ethics. It doesn't seem like any of the hackers have been prosecuted or even lost the coins. They can just slowly tumble them and...move on with their lives, newly rich.

I mean I really don't see how this is sustainable. Incentives for not doing this are rapidly evaporating, which will create systemic instability and erode confidence in the currency. But in the meantime you can acquire a fortune in what seems like a pretty straightforward, low risk way.

I keep bringing up the example of Bitcoin exchanges and wallets. In the first few years, there were constant hacks and scams (with wallets). Due to the global nature of Bitcoin, there was no effective way to regulate it, so this state of affairs continued until consumers and the ecosystem in general finally became wise, and avoided exchanges unless they met certain conditions (e.g. backed by reputable parties, used security best practices like cold storage) and avoided certain categories of wallets altogether (e.g. web wallets that store consumer coins server side).

I'm willing to accept that your postulate is true (if I understand it correctly, the thesis is that the market will "mature" and solve these problems).

But even if that is true, it doesn't diminish the fact that right now the only thing apparently stopping anyone from becoming rich is ethics, not effort. Normally in situations where there are few effort penalties but high ethics penalties for quickly acquiring a fortune, there is a disincentive in the form of regulation and the judiciary system.

That's not the case here! (If it is, correct me if I'm wrong). For example, how many of those fraudulent Bitcoin wallets were prosecuted? The salient example seems to be Mt. Gox, but I feel as though that one was prosecuted because there wasn't much anonymity available to the founder.

There doesn't seem to be much of a reason to not try to e.g. exploit a vulnerability in a widely used smart contract. The endgame is millions or tens of millions of dollars, cleaned through a tumbler and then reported to the IRS. "Where did this windfall come from?" "I was an early cryptocurrency investor, I did very well!"

As someone who has done a lot of code review over the years and read more bug bounty reports than I can count, I can very easily see this becoming the de facto activity of unscrupulous security researchers until the market undergoes the improvement you speak of.

I guess to put my point more succinctly: it seems somewhat unprecedented to me how easy it is to do this and simply get away with it. A commenter on Hacker News was able to pinpoint the Parity Multisig vulnerability - it's not like it necessarily required a team of people and 6 months.

Somebody stole $800m through the swift network from bangladesh. So, yes, it happens in the regular world.

To open this comment: I used to own application security at an international bank. I was responsible for technical penetration testing across the organization, including code responsible for deposits, withdrawals, C2C transfers (customer to customer), wire transfers and ACH transfers (as well as the multifarious authentication mechanisms and APIs interacting with external verification systems). I was also closely involved in incident response on more than one occasion, though that was not my particular team.

With that background in mind, I'm going to have to strongly disagree with your point on two grounds. First - yes, SWIFT was successfully attacked, and $800M is an egregious amount. But while security vulnerabilities can exist in essentially any type of software, it is significantly more difficult to get away with defrauding a banking institution out of seven digits or more. There is virtually no way to identify a single vulnerability and then exploit it to rapidly siphon funds out of the institution. If nothing else, the intermingling of various transfer protocols and identity constraints tends to make that very difficult.

When I was in that role, we were very frequently targeted. The only way attackers were ever able to successfully steal money from the bank was by first achieving identity theft or by compromising existing accounts. Here there is still an economic caveat - to achieve successful attacks against banks on the scale of what is currently rampant in Ethereum smart contracts, you generally need to reliably achieve a certain scale. The attackers tend to be groups acting in concert, and will actively look for institutions where a critical mass of accounts can have funds siphoned out of them.

In practice, this most often occurs when there is either 1) a truly egregious security flaw in the specific institution or 2) a major security breach that facilitates password cracking en masse against users who have accounts at the bank and use the same passwords. A good example of #1 would be an online bank that allows users to bypass the identity/address verification step in the account opening process (i.e. there may be a vulnerability that allows them to assign themselves a social security number without verification, skip parts of the verification process or change it later on). I was very good at making sure we never had such a serious issue.

That leaves #2, and it's the way that we were almost always attacked in practice. Password breaches would occur, we'd get a rash of accounts compromised, and those accounts would attempt transfers out of the system. Sometimes it was more complex (two types of compromised accounts involving C2C transfers, etc). We mitigated these through sophisticated rate limiting, aggressive logging and a lot of incident response. Sometimes it happened often enough to essentially become a dull background noise for us. But in my ~2 year tenure, the most I ever recall us losing in any single attack was about $15,000 (across hundreds of accounts), and I can count on one hand how often that happened.

So that's my first point, regarding inherently superior (or more charitably, "mature") security mechanisms. My second point is that a bank and a smart contract or an ICO aren't really analogous. They are both in the financial domain, but they have different risk profiles and functions. A smart contract would be more analogous to a regular contract, and while I am very willing to concede that smart contracts have theoretical benefits, it is very clear at the moment that the lack of a legal fallback (for now) is a weakness, even if it's also a strength. A smart contract and a contract are both generalizable, whereas a bank would more akin to a specific, constrained type of legal contract that houses money in exchange for certain privileges. Smart contracts are inherently more vulnerable than banks because they can be much more open ended in purpose and execution, without the corresponding legal oversight that regular contracts have.

An ICO is also not analogous to a bank; as the name implies, it's much more similar to an IPO. IPOs absolutely do not share the risk profile of ICOs, and there would be significant legal penalties if an IPO were manipulated in such a fashion as to cost investors tens of millions of dollars that simply evaporated due to fraud. No one would take the underwriting bank or the founding team seriously if they said, "well hey it's not a significant amount of money that was lost compared to our market capitalization." NB: I'm not talking about an overvalued IPO dipping in share price, I'm talking about a significant amount of the invested money literally being stolen from both the company and the investors with apparently no way to make either of them whole. The idea of this happening is conceptually beyond the pale for me.

Instead of a smart contract or ICO, a banking institution is more like a wallet or an exchange. And this brings us full circle to Mt. Gox, which actually was liable, much like a bank would be. In return for legitimacy and expanded utility, companies like Coinbase have had to accept an increasing amount of legal oversight and liability over the years.

Do you even need to hack it?

I'm not entirely sure what fiduciary (or other) duty you owe people who invest in ICOs -- but conceivably with the right phrasing, you don't actually need to steal the money to just sit on it.

-> Talented team, crypto, yada, yada, yada. -> ICO token entitles buyer to use all of our services. -> Throw up site that validates token and then serves static site telling you future projects will be here. -> Spend money on living it up while you "develop apps". -> Alt: Put money in trust after incorporating as a non-profit; sit on returns indefinitely.

I don't think it's very hard to not technically break your word as long as you only plan to take one investment round and don't need goodwill.

Criminal investigations take time but the criminal acts themselves would not be prevented by regulation at all.

ICOs that make legally binding agreements with their investors are well covered already so that leaves only those who start fraudulent ICOs. Again here, if a financial crime is committed, then there will be a criminal investigation too.

Crypto-economics is a new field, but fraud and theft are old crimes. More education and awareness for the general public is definitely needed though.

"That is in addtion to our Veritizing a medical practice as a showcase for doctors and healthcare biz pros around the world to emulate (using Veritas, of course). Think of us just capturing 50 basis points of all of the medical practices and related healthcare businesses in the world " (From [1])

Wow! This in a post announcing the 8M USD hack. And what language he speaks.

[1] https://bitcointalk.org/index.php?topic=1887061.msg20348125#...

I found some more detailed information on a historic page:



> Veritaseum uses only bitcoin, and subsists completely on the bitcoin blockchain. It is the only bitcoin wallet system that can trade simple and complex value structures without using non-bitcoin tokens, alt coins, sidechains or alternative blockchains. It can trade the value of over 45,000 tickers in all asset classes, from major exchanges from all around the world. At it’s essence, Veritaseum is a hyper-intelligent Bitcoin wallet “system” that is able to create and interpret smart contracts through the blockchain. It coordinates with an Oracle to gain access to conventional, physical and legacy financial data and information and uses it to price, value, trade and settle OTC, P2P financial instruments - all in BTC.

I would be surprised if they -- now, two years later -- have actually demonstrate this "system" in use publicly.

It's absurd. I went through all their website and still don't know what they do.

> I have no idea what these guys do.

It looks like the South Sea Bubble, but with cryptocurrency.


And what exactly is "Pathogenic Finance"?

pathogenic adjective

1. of a bacterium, virus, or other microorganism causing disease.

There are no details to this supposed hack and the used attack vector. The given information is so vague, this is indistinguishable from an exit scam.

I hope they will come forward with more information but Veritaseum has always looked fishy, about 98% of the tokens are held by one address https://etherscan.io/token/0x8f3470A7388c05eE4e7AF3d01D8C722... and are not in free circulation.

With the market cap beeing $360.000.000[0], and only 2% beeing in circulation, the value of the stolen tokens seems to be higher than the value of all coins in circulation.

2% of $360,000,000 are $7,200,000 and the hacker stole more than eight million.

Or did I get this wrong somehow?

[0] https://coinmarketcap.com/assets/veritaseum/

2% represent the $360M(market cap, in circulation). 100% is 50 times that, $18B (total supply), i.e. 100M tokens.

What is stolen is 0.07% of 100M tokens which is 70K tokens, which is roughly $12M for current market price.

According to the founder, the amount of stolen tokens is 37k: https://bitcointalk.org/index.php?topic=1887061.msg20355530#...

That number also matches the number transferred (36,687.9382688909) to this wallet mentioned in the article: https://etherscan.io/address/0x3fff90bf314673194c3a265ed1c0a....

Also, according to two other articles (linked from the bitcointalk thread), cite the value of the stolen as US$4.5M, not US$8.4M:

http://www.altcointoday.com/ethereum-ico-veritaseum-suffers-... http://www.newsbtc.com/2017/07/24/yet-another-ethereum-ico-g...

Checking market charts around the time it happened (~00-08 July 24th), there's a significant dip in value, with the price going as low as US$~122: https://coinmarketcap.com/assets/veritaseum/#charts. At that rate the stolen tokens would be worth US$4.48M.

Then the 0.07% number was probably wrongly estimated by the founder, that number would be 0.037% then. He might have missed the 3 before 7. Anyway, that explains it.

I was reading the "post-mortem", which oddly enough is posted to a forum, doesn't actually explain how the incident occurred and not posted to their website and came across this:

"Another point that I would like to make clear is that Veritaseum tokens are software that represent our knowledge, advisory and consulting skills, products and capabilities. Without the Veritaseum team, the tokens are literally wortheless! If someone were to someone confiscate 100% of the available tokens, all we need to do is refuse to stand behind them and recreate the token under a new contract."

So if something goes drastically wrong the game plan is to just abandon their cryptocoin altogether and walk away? That doesn't exactly inspire confidence but then again I still haven't been able to figure out what Veritaseum actually does. The rest of the post-mortem is just deflecting from the incident and misdirection:

"The Sr. partner of distressed credit of one of the world's largest funds specifically took the meeting after hearing about what we are doing. "This is big, very big" (that is an exact quote from the person who arranged the meeitng, who is a 40 yr veteran of Wall Streat, a literal brand name know by nearly every experienced professional - someone who had aggressively jumped on board team Veritaseum to assist in business development)"


That is in addtion to our Veritizing a medical practice as a showcase for doctors and healthcare biz pros around the world to emulate (using Veritas, of course). Think of us just capturing 50 basis points of all of the medical practices and related healthcare businesses in the world

Again who??

I don't really follow Ethereum, but from headlines on Hacker News I've learned that

1. Ethereum is difficult to work with

2. Its difficulty does not provide security

This doesn't exactly inspire confidence in it.

Some comments on this article imply that this was just a scam, so maybe Ethereum is secure. I think that a lot of people learn about things they don't care about via headlines, which may be damaging for Ethereum in its infancy.

Development on top of ethereum platform is in it's infancy. SQL injection attacks were as frequent when web development was young. I haven't checked it myself but I guess the current API is quite low level and doesn't include higher level abstractions to prevent this kind of attacks. Also there are no established development practices regarding security.

> Development on top of ethereum platform is in it's infancy.

Oh please, a lot of people keep saying this, but the reality is that Ethereum and Solidity devs simply didn't do enough research. There's a long history of smart contract platforms that are both safer and more robust, and the problems inherent to the choices Solidity made were obvious right when it was first introduced:


Always nice to read a discussion on lambda the ultimate. :)

Discussion is ongoing! Some of these recurring security issues just seriously annoy me, so I'm posting more references and discussion to that thread to document all the flaws of EVM and its languages, and the solutions to them that have existed for literally decades at this point.

> Oh please, a lot of people keep saying this, but the reality is that Ethereum and Solidity devs simply didn't do enough research.


What are you talking about? Solidity is not so unsafe, nor is it correct to imply that Vitalik "didn't do his research". MAYBE he did his research and came to a different conclusion? Maybe hhis priorities were different? Regardless, he's exceptionally bright and by no measure just a hasty dev trying to make a quick buck.

And your link does not point to any inherent flaws in Solidity, just opinions on language fit.

Ethereum development IS in it's infancy. It WILL improve over time - like it or not.

This is almost cult-like. The cult of Vitalik.

What we're talking about are a slew of successful attacks in the ETH ecosystem. What we're talking about are what appear to be questionable decisions in Solidity. What do you think of this thread earlier? https://news.ycombinator.com/item?id=14810008

It is clearly unsafe, judging from these attacks. It is clearly not designed with security in mind, which should have been a top priority. "Maybe his priorities were different" is even more damning than if people did prioritize security and failed.

I disagree. I have no cult-ties to Ethereum. I simply did not find the argument made to be well reasoned - and the attack on the devs to be highly questionable. Have you seen Vitalik talk? he's not an idiot. I know he's smarter than me. So - i'm going to take baseless claims about competence and due-dilligence with a grain of salt.

You say "clearly unsafe" but there has been, to my knowledge, only one serious flaw identified, and that is what lead to the fork. Many of these ICO thefts have been suspected internal jobs, not as the result of a new vulnerability identified.

correct me if i'm wrong. If ETH is doomed, i'm happy to let best of breed win. But I'm not seeing an argument made with facts here - I'm seeing Fear, Uncertainty, and Doubt.

> And your link does not point to any inherent flaws in Solidity, just opinions on language fit.

I suggest you read the links in that thread that talk about the requirements of REAL smart contracts, and then come back and tell me Solidity is not hopelessly flawed.

As a language for writing smart contracts, Solidity is a total minefield of unsafety.

As for the reasonableness of "different conclusions", if Vitalik was responsible for Solidity, then I can't disagree more with everything you've said.

Do you have any additional resources on the tenants of smart contracts, outside of that link? I read through it but did not see any deal breakers that could not be addressed in other ways.

The thread on LtU is ongoing as we discuss the inherent limitations of the platform. More links and discussion is still taking place (I just posted more), so check over the next few days.

so... nothing besides that thread? part of my issue with that thread is the time span and inactivity. it started over 2 years ago, and is not part of a large, long-running dialog within a community weighing the pros and cons.

This seems small, and thus less trustworthy as a resource for me. Akin to a post on reddit with 10 upvotes and a handful of comments. I'm going to need to see more than that before I start taking those concerns seriously.

If it's obviously flawed, I'd expect more dialog and drum beating outside of one thread and among a larger group of people. I am not seeing that, presently.

Nothing besides a thread populated by programming language theorists with links to over two decades of research on smart contracts and smart contract languages, all of which are safer and more composable than Solidity and Viper both, and whose linked threads have hundreds of comments from other PLT researchers? Yeah, that sounds totally useless.

i by no means implied it was totally useless - only that I need to see more than one forum thread.

There is a difference between the theory of programming, and actual programming. One is a science, the other involves a good deal of engineering and creativity. So while at a theoretical level there are concerns - it does not absolve engineering from addressing them. It is for this reason (and many more) that I do not take a forum post with a few replies as authoritative, on a forum i've never even heard of.

If you can't provide additional resources, thats fine. But lets be clear: i'm not interested in a pissing match. I'm trying to understand. I am yet to see anything yet that gives me pause surrounding ethereum smart contracts, aside from things I've already held concerns over (like the revocability issue) but which do not represent showstoppers for me.

Like I said, I posted links in that thread that discuss issues in Ethereum and Solidity in particular, and the posts will continue. If you still see nothing wrong, then no one can help you.

It is much different from SQL injection. There were ways to prevent SQL injection in the same programming language and less money at stake on every corner. Solidity and the EVM are an invitation to be hacked.

I've never said they're the same. Probably I wasn't clear enough but it was analogy not a technical comparison.

Your clarifications make sense though.

But the difference is in the impact of security flaws. It's bad enough if someone steals a bunch of credit card numbers through SQL injection, but at least individuals are indemnified. With Ethereum, poof, it's gone forever.

> I guess the current API is quite low level and doesn't include higher level abstractions to prevent this kind of attacks.

A fundamental principle of Ethereum is that its smart contracts have Turing-complete computing power. Therefore, there is no possibility of 'higher level abstractions' that will permit only legitimate contracts to be written (even if the abstractions are limited in their power, an attacker can make use of the full power of the underlying system.)

Writing provably-secure smart contracts is as difficult as writing provably-secure software for any other Turing-complete platform: i.e. only a small percentage of developers can do it. Furthermore, the software that comprises the platform itself has not been stringently verified.

Of course, we are using lots of software in banking and finance that is not formally verified, but there are significant differences: it runs in secured environments with controlled and very limited external access, and there are out-of-band methods for correcting mistakes. In contrast, blockchain currencies are actually promoted as being immune to this sort of interference on account of transactions being irrevokable (and no, the hard fork that rescued the DAO participants is not a counter-example, as that will not be feasible in future.)

I cannot say these problems will not be resolved in the future, but why would anyone put any significant value at risk until they are?

> Therefore, there is no possibility of 'higher level abstractions' that will permit only legitimate contracts to be written (even if the abstractions are limited in their power, an attacker can make use of the full power of the underlying system.)

High level abstractions and Turing completeness are not in opposition. Haskell, for example, offers high level abstractions in the form of a functional language with abstract data types, strong typing and purity (unless you specify something else explicitly, functions only have access to their arguments).

I think Safe Haskell would be a good Turing-complete, general purpose contract language. Untrusted code can be compiled to machine code and executed safely, by using a restricted IO monad that only allows specific input/output operations[1], so the contract logic can be executed safely without a sandbox.

[1] https://downloads.haskell.org/~ghc/7.4.1/docs/html/users_gui...

I don't know if the abstractions of Safe Haskell, or something like it, will be sufficient. The link you gave seems to imply that the guarantee of trustworthiness is restricted to something less than every aspect of the code's semantics. One problem, as I see it, is that, from a computing point of view, a fraudulent contract may be indistinguishable from a valid one. You see this principle in the claim sometimes made that the DAO hack was not theft because a contract means exactly what its code does, nothing more and nothing less (that's not a view I hold, of course, or I would not be worrying that theft is possible.)

> Therefore, there is no possibility of 'higher level abstractions' that will permit only legitimate contracts to be written (even if the abstractions are limited in their power, an attacker can make use of the full power of the underlying system.)


Wouldn't "choose one of these 10 contracts which have been proven correct, and also choose the parameter for said contract" be using a higher level abstraction?

And if the 10 contract are proven correct+secure, then this would be secure, right?

I don't understand what you meant by "an attacker can make use of the full power of the underlying system" such that it is compatible with the security of the abstraction I described.

That is a fair point; I appear to have overstated the case there. However, at least two things remain to be seen: 1) to what extent the Ethereum foundation's vision of a vast web of concurrent, interacting contracts is feasible under such restrictions, and 2) an actual example of a formally-verified contract (which would, I believe, depend on the platform itself being formally verified as a prerequisite.)

To expand on point 1, given that your technique should be generally applicable, why has it not taken over all the other applications of computing where security and correctness matter? The reason, I believe, is that it is, in practice, infeasible for many of the sort of things that are useful and that we actually want to do.

Right, I wasn't really proposing that people should restrict themselves to 10 proven correct ones. It was mainly meant as an existence proof.

I believe that people have made formally verified (trivial?) contracts (based on the spec of the vm iirc? Not sure), but I don't remember anything about a formally verified contract being used in practice. People definitely are making progress on the formal verification front (building foundations/infrastructure/etc.) but they aren't really there yet. ("There" being, ready for widespread use, and in widespread use)

I don't really understand why people buy into many of these ICOs. I mean, I'm somewhat enthusiastic about "smart contracts", but I don't actually own any cryptocurrency.

I don't mean to say that I think all ICOs are bad, but given the number that are failing, I find it hard to imagine that the people buying into them are doing enough research into them before buying for it to make sense.

Also, I don't understand why people aren't building contracts on top of a contract layer that handles arbitration for reversing fraudulent transactions yet? I thought that would have been built by now.

I appreciate the reality check!

> Also, I don't understand why people aren't building contracts on top of a contract layer that handles arbitration for reversing fraudulent transactions yet? I thought that would have been built by now.

Ittay Eyal and Emin Gün Sirer have suggested at least a partial solution along those lines. I believe there is some opposition from those who consider the inviolability of transactions to be a non-negotiable feature of crypto currencies, as arbitration implies arbitrators, but this might be part of the future of smart contracts.


It's nonsense to suggest that any two Turing-complete programming languages are equally safe or secure. C, Rust, and Haskell are all Turing-complete, and while of course it's possible to write buggy code in all of them, certain classes of bugs that are possible in C are not possible in Haskell.

> there is no possibility of 'higher level abstractions' that will permit only legitimate contracts to be written

True, but there is the possibility of trivial changes that would prohibit some exceptionally catastrophic bugs. The language features that allowed last weeks multisig walled bug (delegation to an unknown function, public initialization code, the possibility of calling initialization code after initialization) need not be like that. A much better language could still be Turing complete but exclude such things (forcing you to write explicit code that shoots you in the foot, if you so wish).

> It's nonsense to suggest that any two Turing-complete programming languages are equally safe or secure.

Well, I didn't suggest it - it seems you are inventing that notion because you are obliged to agree with everything I actually wrote.

The point is not the relative safety of one language against another, but whether, in absolute terms, Ethereum will become safe enough for the sort of wide-ranging uses that its promoters envisage. If the sort of examples you present here are sufficient for that, then, given that security and correctness have been prized for long before Ethereum, one has to wonder why they have not already been used to create languages that are already secure and bug-resistant enough for Ethereum.

There is certainly some basic changes that could make Ethereum more secure, but past experience in this field suggests there is a whole range of hills beyond this one. And in security matters, going part-way is not much of an advance at all; such defenses can, like the Maginot line, be outflanked.

>> It's nonsense to suggest that any two Turing-complete programming languages are equally safe or secure. > Well, I didn't suggest it - it seems you are inventing that notion

You wrote: "Writing provably-secure smart contracts is as difficult as writing provably-secure software for any other Turing-complete platform". This is not true. Writing provably-secure smart contracts in something like C would be strictly harder than in Solidity because there are more classes of possible errors, and hence more properties to be proved. There are meaningful differences in the ease of proof even among Turing-complete languages. And some things you would have to prove explicitly for programs in one language are automagically "proved" for you by other languages' compilers.

So yes, you did suggest that any two Turing-complete languages are equally safe and secure.

> because you are obliged to agree with everything I actually wrote

Haha. No.

Not so - that quote suggests that there is a lower bound on the difficulty of proving security; that whatever language you choose, it is still difficult. And even if you were right, it would be a non-sequitur, on the grounds of relative versus absolute difficulty that I gave before.

Thanks! That's really interesting and makes sense. I should definitely do some research on the topics you've mentioned.

Your closing questions has a point I agree on.

Injection attacks including SQL injection are still at the top of the OWASP Top 10 vulnerabilities. They're still very common and very damaging. Don't expect those kinds of vulnerabilities to ever disappear.

SQL injection attacks are STILL frequent.

Heck, buffer overflow bugs are decades old but still happen all the time.

Software security has practically not gotten any better over the years. Best practices are now known but rarely followed. Even when you follow best practices, there are vulnerabilities. Software security is an illusion.

The argument I've heard is that it's abstracted but the abstraction is bad.

That would be true if it was steady-state, but there are a lot of people working things in the ecosystem that make it stronger.

I guess you can say that Ethereum is also in the "strong and stable" category.

I wouldn't get ahead of ourselves.

This "hack" doesn't have anything to do with Ethereum. Someone "hacked" a new coin ICO and then sold them for Ethereum.

Is anyone making money on Ethereum in ways that are unrelated to just currency appreciation/speculation?

Is Ethereum actually being used for something meaningful?

(I guess in a way though Ethereum found its first killer app, pure currency speculation/appreciation. That gives it time and money to find something more useful.)

Well, if you consider "showing the world how buggy code can lead to financial disaster" a meaningful activity, then Ethereum is quickly becoming one of our proudest achievement.

too me everyday ethereum/bitcoin don't go to 0 that further proves the premise and makes the ecosystem stronger.

I'm thinking that's what the Pets.com investors thought, too.

or google that's the risks of investing. I wouldn't sink my retirement in crypto.

Some recognized projects that didn't have an ICO:

https://etherdelta.github.io - decentralized exchange is getting decent volume. Ironically the hacker dumped the veri tokens there.

https://ethlance.com - freelancer market. Looks like a place where once can earn Ether for coding in Solidity and related gigs.

http://ens.domains - .eth domain registry. Highly successful, will be integrated into the upcoming 'mist browser' release, plus a few other places (wallets & exchanges) support it already. Over 133k names registered.

Probably more I've missed.

There are over 3,000,000 Namecoin domains registered[0], but nobody uses it. Not a worthwhile metric IMO.


Wow, amazing. That's a lot. Is there any reason or incentive why so many names despite not many use it?

Btw, full ENS stats here https://ens.codetract.io

Squatting and premptive defense against it, maybe.

Or simply curious people trying something new. I know I registered a name for fun, and there was quite a bit of curious interest in tech circles in my area (even outside of cryptoanarchists types).

But then, for the moment most people see ICANN regulation as okay. Maybe if that changes, a distributed alternative will get traction.

> Is anyone making money on Ethereum in ways that are unrelated to just currency appreciation/speculation?

Yeah, the hackers seems to be doing alright out of it.

They aren't hackers, they are scammers and crackers. Hackers are builders and creators, they persevere in the face of improper tools by being creative.

That ship sailed a long time ago. The commonly accepted definition is now the one you're contesting.

Both definitions are commonly accepted, for certain values of 'common'. The positive definition is limited to the tech industry, of course. I don't think that there is any appropriate situation to try to correct other people's usage, but I'm sympathetic to the idea that one should use the word properly on this site.

I think this is not the kind of answer you're expecting and will probably find this underwhelming and unimaginative, but etheroll (https://etheroll.com/) is an ethereum gambling website which I believe is profitable.

A very good question for which the answer was NO for a long time.

Prism is a live service using Ethereum smart contract(s).

It is from the Shapeshift people and is a kind of "digital asset portfolio". You can invest in many types of digital assets without having to hold them.

People are spending real money on this Ethereum smart contract.


If I read that correctly, "digital assets" is just a fancy expression for "other cryptocurrencies". So that does come back to pure cryptocurrency speculation, except that it's across a range of them, not just Ethereum itself.

Man, this is JUST like the .com v1 bubble: "I'll buy your over-inflated N billion dollar company using the stock from my over-inflated M billion dollar company."

Technically Prism is a means of investing in cryptocurrency (which is primarily motivated by speculation in these cryptocurrencies), thus I think it still falls into the idea that most things are pretty incestuous still in this market.

I think one thing that plays against using these cryptocurrencies for other things besides speculation is that they are so speculative, huge ups and downs with lots of opportunities to win just trading them. Because of that they are being treated a lot like stocks (which often appreciates if you hold it) rather than currency (which is usually slowly depreciating, which encourages spending.) I think the incentives for these cryptocurrencies is sort of wrong, they are cryptostocks.

The 'killer app' for the time being are indeed ICOs. Unregulated, messy ICOs.

I do think it is too early to judge the cryptocurrency world or blockhain in general for not having 'killer apps'. Analogies to the early internet are no good either since there is no reason as to why this would behave like that. Time will tell. Can't deny it is an interesting space!

During the internet bubble fundamentals didn't matter because it was a new economy, valuations shot up, everyone was seemingly raising a lot of money to be the next best thing and then the music stopped. Reasoning of the form "this seems crazy but it must obey different fundamentals we don't understand so let the music keep on playing" should make us uncomfortable.

> Can't deny it is an interesting space!

I'd actually disagree exactly because of the lack of "killer apps". There are plenty more interesting things happening in technology when you consider no one really seems to know what to do with this. Right now blockchains sound like get-rich-quick catnip for geeks.

I kind of equate ethereum to HTTP or FTP. did anyone make money on those when they first came out? Also, if the decentralized "goal" is manifested the wealth wouldn't be concentrated. If you paid a transaction fee of .5% instead of 2%-3% you didn't make a lot of money but collectively the ecosystem would benefit immensely.

Somebody appears to be making a pretty penny stealing.

If you've received VC money, I suppose you're getting a salary - if you want to include that as making money.

Softbank has invested in various applications.

"In a post-mortem announcement, Middleton posted online today, the Veritaseum CEO said "the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material."

what... 0.07% was worth $8.7 million. So the market cap is $12,428,571,428?

Looked through most of the website and still have no idea what they do...

I love how the "Downloads" page only tells you... how to buy veritaseum tokens.

Apparently their team consists of 3 people too, only one of them being a dev.

I'm trying very hard to figure out what they do exactly, apparently they create "Forensic Analysis and Valuation reports" and then sell them but instead of selling them for ETH or BTC they sell them in their own VERI tokens?

I think there's more to it than that since the homepage says (in an image I've had to transcribe): "Veritaseum enables software-driven P2P capital markets without brokerages, banks or traditional exchanges".

I wonder what percentage of their ICO "investors" really understood what they were pumping their money into.

I also hope that some people are thoroughly documenting and archiving all these ICOs, it will make for a very interesting and I'm guessing entertaining post-mortem.

If I'm not mistaken, he was comparing the stolen amount to the entire market cap of ETH (currently 19bil), to make it sound like it was a small amount.

The hacker stole their BS coin VERI, so he stole 0.07% of all VERI. I guess he can't even sell this crap coin anywhere, because why the fuck should anyone buy Veri now?

The hacker turned around and sold stolen VERI right back to the ICO investors, so he/she got ether back right away.

That seems to be closer to Ethereum's value, not Veritaseum's market cap, which is "only" $350 million:


When there is a "$", as in $8.7 million, does that mean $8.7 million USD or 8.7 million internet points?

If USD how do they come up with that exchange rate?

Title is also misleading ... They stole veri tokens and sold for eth not directly stealing any Eth... There was a story here last month that had a headache line like 'guy buys bit coin as 12$/coin is now worth millions' when what he actually did was sell those coins and use the money to start a company which he in turn sold for millions

Were they really able to sell the stolen VERI for that amount of ETH? That would be really impressive...

Not unless they sold before the news was out. Any mention of a hack is basically a fast track to flash crash in the cryptocurrency space.

They were dumping it at 50% market price for ETH a few days ago. Don't know if they dumped it all or still sitting on a bit for when the market recovers.

So I somewhat follow r/Ethereum and I remember seeing a good number of posts about Veritaseum... the general consensus is that it is a scam and has been the target of pump and dump schemes, like many other tokens.

This sure does look like an inside job...surely they reported to whatever Government crime bureau in their jurisdiction? But given the terms of many of these sales, there are literally no repercussions if the "company" decides to just take the money and run. Buyer Beware.

I think if anything, this whole ICO thing, as I've observed, just enlighten me about what we have consumer protection. It's not so the big corps and such won't scam people...they don't need to even try, people will time and time again, fuck themselves over. It's a sad reality. There was even a "Useless Ethereum Token" that did an ICO and raised something like $50k in a matter of days. Maybe the internet likes paying for jokes... regardless, I know countless people are dumping their next months rent on whatever ICO is happening that day with little regard to anything behind it.

Disclaimer: I do believe in the Ethereum platform and am long in it. I also hold FunFair tokens, which I believe to be one of the first platforms that really takes off.

Why are you still long? At this rate it seems ethereum can be easily "disrupted" by something with a similar idea that provides more trust

I am very intrigued by this FunFair technology. Do you know when the next Token Event will be held? Or how I can get some? I read I can do development work for FunFair tokens, but don't see any more details.

They had a one time token offering. But yeah, the demo looks good and the CEO of it is well known in the gaming community, https://en.wikipedia.org/wiki/Jez_San

Why don't the ETH people actually put out some decent templates for smart ICO contracts. It seems nonsensical that their platform is supposedly a "world computer" designed to enable smart contracts when a vast majority of the created contracts fail because of being hacked.

I invested in the ETH pre-sale and have done very well from it, but I have been selling a bit lately because I think someone else will come along with a system that open sources some really solidly vetted template contracts that have been thoroughly penetration tested by professionals.

It's not just the templates, Solidity is a terribly designed language. It reminds me of the original JavaScript before 10+ years of dedicated attempts to make it usable.

With how many VM's we already have for Java and JavaScript it's idiotic that ETH designed their own language and eventually they will pay the price. This will probably be another coin that comes along without an idiotic language/VM

fwiw the VM's instruction set seems just fine, the problem entirely lies within the crap programming languages available at this time. This seems to all be fixable if someone comes around and designs a language that makes it harder to shoot yourself in the foot.

The VM also has severe problems. Whether or not you are required to check exceptions at a call site depends on how you call a function, for example. It also does not have a monotonically increasing time value, since operations are allowed to manipulate the clock time up to some value.

Isn't this the purpose of lisk?

Actually, the last multi-signature hack was because of the "decent" template contract produced by Ethereum developer.

I'm not so sure about that. Comparing the vulnerable source code to the original (which you can find here https://github.com/ethereum/dapp-bin/blob/master/wallet/wall...) tells a totally different story. It looks like the vulnerable version tried to condense everything into a single contract (think class), when it had originally been split up into multiple contracts (think classes). The result was that functions that were originally initializers were no longer callable only once. Someone's refactor of the original code seems to be what lead to this issue. The vulnerable functions even started with "init" but were not actually initializers.

Unless the original author also introduced the bug, I don't think it's fair to blame the original contract.

Meaning that the template itself was messed up? Did they hire professionals to attack it in a test scenario or did they just roll with it?

Some work is being done: http://vitalik.ca/general/2017/06/09/sales.html but tl;dr no perfect models for ICO's exists.

Contract templates and libraries are being developed as part of OpenZeppelin: https://github.com/OpenZeppelin/zeppelin-solidity

This is a youtube video of by one of the founders: https://www.youtube.com/watch?v=VbdQ3Q6FQYE

It is linked from the "prospect": https://drive.google.com/file/d/0By5WJsM3KjltOGJHYS1HT3Uyczg...

What kind of fools invest into this?

So shocking it's funny – in the same vein that "American Psycho" was funny. The next step for ICO's will surely be a reality-TV show.

A fool and his money are soon parted.

ROFL, this guy should be in prison.

I'm really sorry to be that guy but.. again? Even the article says it's 4th time this month. What's going on?

What's going on is that this is just showing what any sane people already knew: any kind of commercial transaction must be backed up by actual real life laws or sooner or later one of the parts gets ripped off.

Nobody can - or I would dare say, likes - to be watching is own back every single moment or their existence... but that's what crypto in general expects you to do.

I've been in crypto since early 2013 and I only check my wallet balance when I need to transfer coins to/from it. I may have opened my wallet 5 times in the past 4 years. The risk is increased when you don't control your own private key, if you do, the risk of losing your coins is very small.

Still, I'm not into crypto currencies at all and I only hear about Bitcoin (that's understandable) and Etherum (due to all these hacks, the first being the one that lead to ETC vs. ETH fork).

Totally.Misleading.Headline!!! :(

Hacker stole $8.4M worth of Veri coins, not Ethereum!!!

>Middleton said that a hacker had somehow managed to steal VERI tokens during the ICO.

Somehow? they couldn't even figure out how the hack happened? How convincing for their clients.

Anyone have knowledge about this project? Looking at their website, the best I can tell is it's just a wallet? Looks pretty sketchy to me.


No HTTPS? Amazing...

https://veritas.veritaseum.com It’s just not enforced.

Yeah, that is bad because anybody can MITM you without difficulties.

You gotta be kidding me.

Recommended browser plugin: https://www.eff.org/https-everywhere

I have this plugin. Does nothing for this website.

Oh, those naughty, naughty hackers. Oh, well, bad luck everyone. Do keep sending money. You'll soon be able to buy this bridge I'm selling.

"Hacker". On the Ethereum subreddits a lot of people think the CEO is just cashing out and running.

You can tell by how disinterested he seems to be in getting the money back. Anybody who really lost $8 million would be losing sleep, crying, and doing absolutely everything they could to get it back. This guy is not some billionaire, $8 million is a life changing amount for him.

You don't just shrug off losing that kind of money. If I had invested in this project, I'd be in touch with the FBI.

There seems to be a lot of etherum heist latwly, yet i dont see any shocks in the valuation of etherum. Does the market at large simply not care?

This is what you would expect from a currency that is valued arbitrarily.

It may not be crashing the value, but if we keep seeing hacks sustained at this frequency, it could slow or halt what might otherwise be continued growth.

ETH did not participate in the big spike of BTC back-end of last week and is now tracking down today.

That is what we saw for bitcoin, however there is still more and more people buying into it.

I don't think they do. It's up 1000% or something since a year ago so it probably will take a while until people lose faith

I've thought about this after seeing a few ICO's. If you want to get super rich over night just start your own coin. I mean you could put in a legit effort and really try, still fail and make millions.

the amount stolen was miniscule (less than 00.07%) although the dollar amount was quite material

So this ICO has a valuation in the billions? Sounds quite fishy.

I just want to take a second and complain about the twitchy monstrosity that is the floating nav bar. I scroll up to read text above and it covers up the text I'm currently reading so I have to scroll up twice and then down once to get rid of it. It's obnoxious and ugly and I wish it wasn't so popular. /rant

The compiler should fire warnings to prevent injection like attacks. I understand solidity is a tool to program what to do with balance... A super set of rules that (at least) alerts the developers about dangerous operations will probably become a thing in the future.

Then the hacker proceeded in dumping the Veritaseum for 50% of market value.

Now if you believe the price will bounce back, you can make a lot of profit on stolen coins. Immoral? Quite possibly. Against the law? Not this year.

I think it should be tested in court. Many ICOs are the textbook depictions of Ponzi schemes. When there is stealing, possibly self-stealing, involved the word "fraud" comes to mind.

There are a few problems though.

- Since Cryptocurrency is international, the US SEC does not have jurisdiction everywhere in the world. When there is millions on the line, you could just move to another country and try a scheme, or direct a foreign lackey to do it.

- "The Federal Reserve simply does not have authority to supervise or regulate bitcoin in any way. To the best of my knowledge, there is no intersection at all in any way between Bitcoin and banks that the Federal Reserve has the ability to supervise and regulate."

- To count for an exchange you have to issue shares. Not everybody does this.

- Is cryptocurrency a token or a security?

- How to distinguish between nouveau riche BTC millionaires trying out their luck with an ICO and a criminal organization using it to launder money?

- Who is the single legal entity to target when the ICOs are distributed, and no single entity issues coins?

- What to do with those that profit from future illegal activity, as a 3rd party? Right now there is a lot of obvious market manipulation going on. Whales banding together to influence and set prices. Pumping up interest with bots and 5-cent army trolls. Selling stolen coins for 50% of market value. Sharing upcoming announcements with a small group of investors, devs, and supporters, allowing them to speculate on insider knowledge. How do they prove I must have known about the stolen coins, when the news hasn't even broken yet and I already put out a buy order of 50% of the price in case of a flash crash?

Not all ICOs are the same.

Their parameters (for example is the token for utility or just for speculation) vary.

There is a test in law that people can apply to try and tell whether a specific ICO is a security or not: the Howey test.


How is it not against the law? They're still fraudulently obtaining things which do not belong to them.

I'm talking about people buying the coins from the hacker on an exchange.

I think in my jurisdiction we have a law against pawning stolen goods: If the price is too good to be true (100$ macbook), and you still buy it, you can get your goods confiscated. But how does this translate to cryptocurrency and its volatile pricing (a 50% drop or increase in price is not extremely rare)? Is it illegal to set a buy order for 50% of the price? Especially if you set this before the hack, just hoping to cash in on a flash crash, I can't see which law you break.

About stealing coins, of course this (should) be against the law. But then again, data is not a good. For many jurisdictions, data isn't anything at all. You can not own data in the legal sense, because it only applies to tangible goods.

As to "stealing" coins by manipulating a smart contract, its a grey area. Of course in the real world, contracts can be breached in spirit, not only by the letter. But with smart contracts, you only have the letter of the contract: The code is law.

Looking at the coins as just "data" is ignoring a lot of what they are. Your bank account is just "data", but if I hacked into it and took the 1s and 0s making up your balance, well, there's no question that's a crime. Replace bank account with stock broker account and the same would apply. I don't see why it wouldn't be the same for cryptocurrency.

I fail to see how smart contracts is a grey area; if you're abusing a fault in the code, that's very clearly fraudulent behavior.

In short, there's a lot of "This is new! Things are different! The existing laws don't apply!" regarding some of these things, but I'm just not convinced. It may be harder to enforce or to prosecute, but that doesn't mean that it doesn't fall into existing laws.

> but if I hacked into it and took the 1s and 0s making up your balance, well, there's no question that's a crime.

It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property).

> if you're abusing a fault in the code, that's very clearly fraudulent behavior.

Another way to put this is that you are using the contract in a manner how it was defined by the author. Compare with a misconfigured web server showing open directories of files, or a robots.txt with a typo in it (ignore: /adminn). What is a fault and what is a feature? Who decides this? Solely the author of the contract? The parties involved (who splits the ties)? A majority of 3rd party volunteers? If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?

> doesn't mean that it doesn't fall into existing laws

If law was a software product, we are definitely a few pull requests behind its intended use. Look at how long it took to update authorship/copyright laws with the evolution of the internet, and how ugly things are when wrestled into the old framework of: I create it, I forever own it.

"It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property)."

This is quite wrong; it's still considered a crime of stealing from the bank. The law does not care if you used a computer to do it instead of using dynamite to break into the safe, nor should it.

"Another way to put this is that you are using the contract in a manner how it was defined by the author."

No. If you are using an undisclosed exploit, then that is not true in the least. If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud. No amount of, "you should have known better" or "you should have done your research" will help you. Take the recent case of the hack involving Etherium. It exploited something in the "smart contracts" which very few people knew existed, and, judging by the actions of the team in charge, clearly was not meant to be there. But beyond that, if the contract were to be disputed in court, one thing that would become very clear is that no rational person would be expected to believe that was the intention of both signing parties. And thus, it would be decided that the contract was fraudulent.

"If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?"

So if I forget to lock my door, then my house should be free game for everyone?

> This is quite wrong; it's still considered a crime of stealing from the bank.

The law cares. Like I said, in many jurisdictions this was only recently amended with special clauses -- clarifying the distinction between physical and virtual goods. In some jurisdictions theft requires fraudulently taking a physical tangible good: virtual goods can not be stolen (but you can still be charged with computer intrusion). Remember also the debate about downloading a cam movie vs. stealing property of movie studios.

> If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud.

But the contract is out there for both parties and their lawyers to have a look at it, before agreeing to it. If Google indexes my /admin directory because I made a typo error in our crawling contract (robots.txt), who is ultimately to blame? Judging by my actions and panic, the directory was clearly meant to be excluded. If we end up with the "smell test" in court for smart crypto contracts, we should just go back to "dumb" paper contracts and signatures.

> So if I forget to lock my door, then my house should be free game for everyone?

Non-sequitur. If you publish an article on Wikipedia then it is free game for everyone to visit it, edit it, and you can not retro-actively say: you are not supposed to be here.

All these BS coins are going to destroy the entire idea. Not that it will be a great loss. :)

"hack" 100% wasn't stolen just a marketing stunt.

Anyone make else make a bunch on scooping up cheap coins on etherdelta then selling them the next day?

How is this related?

It's possible a group like this is the culprit. They have the means and motive. There were also massive DDOS attacks against BitcoinXT when it was picking up steam.

I'm calling shenanigans on this one, there are too many flags even for a cursory look at this story.

1) there is no code for this project that I was able to find;

2) blogger /personality CEO;

3) no report on the transactions (txHash) that would show the "theft";

4) https://steemit.com/money/@financialcritic/analysis-of-the-v...

5) https://steemit.com/veritaseum/@deobrands/is-veritaseum-a-sc...

Finally, and this is subjective but still "feels" odd: The Veritaseum project is built on top of Bitcoin but it was Ether that was taken? If it was a smart contract then number 3 on the my list is even more important because we can replay it as many times as needed until we find the bug or exploit used, if any.

PS: Ethereum = refers to the project, the network and the foundation name; Ether = currency issued by the Ethereum network.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact