Hacker News new | comments | show | ask | jobs | submit login
Bad code may be to blame for $500M of cryptocurrency losses in seven months (topbitcoin.lv)
86 points by agris777 8 months ago | hide | past | web | favorite | 69 comments



Consider this: Every single Bitcoin mined has either been lost/stolen, or will be lost/stolen, with probability approaching 1 over increasing timespans.

I’d argue that since January 2009 about 50% of the ~17M coins minted to-date are lost. But the realization that this number will asymptotically approach 100% of all coins is a bit striking.

The reasoning is simple - maintaining control of your coins is surprisingly difficult. The harder you try to secure them from theft, the more likely an accident will wipe them away. The more redundancy you keep to protect from losing them, the more they are exposed to theft. And as time goes on, the random noise of life conspires to blot your coins out of existence. And once they’re lost, there is simply no recovery.

The supply of Bitcoin is not asymptotically approaching 21M. The supply is approaching zero.


Once the number of of Bitcoins approaches zero, the finite value of the Bitcoin ecosystem divided by zero coins approaches infinity. This will create a financial singularity that will open a payment gateway to the hell dimension. This dimension is a land of endless opulence and limitless transaction time ruled over by that vengeful daemon, Satoshi Nakamoto. Good luck, Bitcoin users, you're going to need it! jk lol


Don't worry there's surely a bug in the hell dimension smart contract. We'll fork hell, steal their hellcoins, and force the vengeful demons to mine SHA hashes until the end of time.


This is a really interesting perspective ... though, I'm sure it could be argued that, "it only makes them more rare, and thus valuable!!11!1!" ;)


And that is exactly what you don't want in "money" in a functional economy. You don't want deflation. You want price stability.

So the more it gets artificially valuable, the more useless it becomes for its intended purpose.


It is valuable as a store of value though. Either pure like gold, or tied to something more like assets. USD is a bit strange because it is both a store of value used by many countries as well as a currency. there is an implicit peg to oil though. So the the price of oil is something fairly important to the US.


The USD is a currency. Due to its stability, it is also used as a store of value by foreign countries.

Oil is pegged to the dollar. The price of oil is relevant because of its effects on prices, not the dollar.


> Oil is pegged to the dollar.

Oil producers may target a dollar price and trade in dollars, but oil is not pegged (that is: trading with a fixed exchange rate) to the dollar.


It's not that hard. Do what you would do with a large amount of cash or gold coins: put it in a safe deposit box. Or a private vault, if you're ideologically opposed to banks.

Unlike gold, you can also add redundancy and cryptographic protection, but even without that you can at least be as secure as you are with gold, which plenty of rich people store in vaults without issues.


People are idiots. It's almost impossible to destroy gold, quite easy with bitcoins.


But it's also easy to store bitcoins in a way that makes them hard to destroy.

Idiots destroy wealth in all sorts of stupid ways.


Isn't a stolen coin still part of the supply? Do you mean to to mark them as stolen to prevent them from being used?


Backing your coins up is very easy, most wallets support BIP32/39/44. Just write the mnemonic down and put it under your mattress. Or a safe if you have one. But seriously, for most people under the mattress is equally safe. I don't understand why anyone would keep a non-trivial amount of coins in a wallet and not have a backup. That's irresponsible.


People losing their life savings because they kept it under their mattress is basically the reason that banks were invented. So I suppose this has all come full circle now.


There are web wallets today where you only have to remember a password, and can recover access if you can prove your identity. Like uhm… banks. If you don't trust yourself to keep the coins safe and backed up then go put them there. No shame in that.


> recover access if you can prove your identity

So hackable, you're saying?


Like banks.

The discussion is turning in circles. People lose coins. Have a backup. Too difficult. Put them in a bank. Banks are hackable. Manage the coins yourself. But then I might lose them.

(you can replace bank with 'trusted third-party', doesn't change the outcome)

Consider the two options: self-managed, or in a trusted third-party. Whichever has the smaller (perceived) risk, that's where you store your coins. Not everybody asses risk equally, and that's fine. My preferred solution may not be the same as your preferred solution. That's fine, still.


Fiat banks can recover money though - cash can be found and transactions unwound - and there are techniques to poison what is stolen without permanently decreasing the money supply. Freezing a wallet basically destroys the btc forever with no way to print more.


And the bitcoin software is written in stone, can never be changed.


Basically, yeah.

I mean, the wallet software is obviously open source, and you can change it however you want of course, but allowing for transactions to be undone would basically require rewriting the entire protocol and everything which interacts with the bitcoin network - and that's if it's even possible in the first place, without removing vital parts of bitcoin like the decentralization or being able to trust the entire network without trusting any one entity.



To call that a solution is generous.. it is unlikely the average person could follow the Glacier Protocol.


Isn't the problem keeping the coins in on online wallet or exchange? If you store your personal wallet offline how can you be hacked?


Lots of ways:

- Software you use for key generation uses a known random-seed.

- Compromised software that converts your seed into an address/priv key.

- Compromised transaction generation software.

- Offline wallet physically stolen

- Malware / firmware exploit on USB used to transfer transactions between online & offline computers


As the parent pointed out, that increases the risk of theft.


Curious how that factor into the price of BTC?


Very severe price swings. Since supply is decreasing, the demand for bitcoin well whip the price all over the place. Fiat currencies can keep a stable price by liquidity injection (they can also drive it to zero that way too).

Bitcoin over corrects by not allowing any new coins to come into existence. Imagine the day there is only a single bitcoin left. Regardless of how small you can split it, massive deflation.

Currencies with a fixed or decreasing supply are a disaster.


Supply is increasing though through mining. Stolen coins are still coins. And there's no way that lost coins are out pasing newly mined coins. True loss/data destruction/inaccessibility is fairly rare.

Even in the Bitcoin community it's a huge misconception that Bitcoin is somehow inherently deflationary. The supply increases predictably through mining. It can be price deflationary when demand exceeds supply. But there is nothing inherent or guaranteed about that at all.

Bitcoin is inflationary, with a predictable inflation schedule.


Btc has a fixed supply that will be hit. About 17 of the 21 million have already been mined. That's a hard cap unless bitcoin radically changes. We will hit a time of zero miner reward, and even before that when the reward in miniscule in relation to float.

We don't know the extent of lost coins. We can make an estimate based on inactive accounts. And stolen coins that have been blacklisted are essentially lost too.

> Bitcoin is inflationary

Crypto people are deluding themselves.


Just a small note: we won't ever hit a point where a miner will get zero money from mining a block, because people sending transactions pay a fee to the miner to have their transaction prioritied over people who pay a smaller fee, and the number of transactions per time unit is limited (and pretty small), and can't be easily changed radically (as in by orders of magnitude).

I think you're technically right, as the "miner reward" (as in the coins the miner cand give itself as a reward for finding a block) goes to 0, and you probably know that already, but I wanted to clarify for people who didn't yet know that.

Otherwise, I agree.


I've been using cryptocurrency for over five years and haven't lost as much as a satoshi. It's no more difficult than keeping other sensitive data secure.


The argument still holds. As long as there is a tiny probability for you or someone else to lose their private keys, and I don't see how that probability can be reduced to zero, bitcoin supply will approach zero over time.

And I don't think we are talking about some theoretical astronomical time span here - after a few hundred years (assuming in a few hundred years someone still cares about the bitcoin ledger), the proportion of lost coins must be huge - just think about people passing away without providing a way for their heirs to find the keys, maybe because they die young or because they have no heirs etc.


to be fair, by commenting on this very forum, you're already not "the norm" ... the average user can barely keep track of their password!! I'd argue that most users already have some form of 2 factor auth, because they can literally never remember their password, so they (barely) remember their password as the 1st, and then the "change password" email serves as the 2nd.

So yeah, not very good at maintaining data secure for the average person ;)


So it's hard as hell?


It looks like you're being downvoted, but you're not wrong.

It's easy for most people to keep their personal data safe, because they're not targeted by attackers because there's little of value. It's hard for people whose sensitive data is valuable to keep it secure; if valuable white house secrets were stored with my strategies for protecting my personal sensitive data, they'd have been leaked ages ago.

Once your sensitive data is highly valuable, like if you store a decent amount of cryptocurrencies (or is an attractive female with private nude pictures[0] or have a big YouTube channel[1]), protecting sensitive data from the likely targeted attacks is hard.

[0]: https://en.wikipedia.org/wiki/ICloud_leaks_of_celebrity_phot... (I'm not sure if there was monetary value in those pictures, but they certainly had other forms of value.)

[1]: https://www.youtube.com/watch?v=LlcAHkjbARs (He talks a lot about unrelated (to this discussion) about his Amazon links; go to 3 minutes in for the discussion about being compromised.)


Ever heard the rumor that nearly every $20 bill in circulation has detectible residual cocaine on it? In other worlds, the probability that a bill has been involved in a drug deal approaches 1 over increasing timespans.

Interesting anecdote, but not really super informative.


Notes having cocaine on them doesn't show they've been involved in a drug deal. More likely someone rolled one up to snort the drug and then when it went through a sorting machine it got cocaine on to the machine and then many other notes.


Seems like sort of a theoretical argument, so I have to point out that I believe it's theoretically wrong. Caveat that I'm not a blockchain programmer so somebody may be able to correct me here, but I believe it's true. Bitcoin aren't individually identifiable, the "state" of ownership in the chain is stored as "unspent transactions." Meaning, once stolen are mixed with un-stolen, you can't differentiate them.

Obviously, the next step is we can reformulate your statement to say that the total number of Bitcoin lost or stolen will eclipse the total supply, given enough time. However, since the total supply is fixed, and time is not, that's not a very profound revelation.


Who says it was lost? I suspect quite a few of these 'hacks' are inside jobs to take coins from the general public and move them to the founders/owners/employees of exchanges.

Yes, that's a pretty harsh accusation to make, but there is plenty of evidence that this happens with some regularity and the number of instances is high enough to make that claim. And it will continue as long as gullible people place 100's of millions in unsecured accounts without oversight.

Who knew that regulatory oversight was a good thing?


My current favorite saying: "Cryptocurrencies are like poker. If you don't know who the sucker in the room is, you're the sucker."


Related, my favorite explanation of ICOs is:

"Imagine that a friend is building a casino and asks you to invest. In exchange, you get chips that can be used at the casino’s tables once it’s finished. Now imagine that the value of the chips isn’t fixed, and will instead fluctuate depending on the popularity of the casino, the number of other gamblers and the regulatory environment for casinos. Oh, and instead of a friend, imagine it’s a stranger on the internet who might be using a fake name, who might not actually know how to build a casino, and whom you probably can’t sue for fraud if he steals your money and uses it to buy a Porsche instead. That’s an I.C.O."

(from https://www.nytimes.com/2017/09/15/business/cryptocurrency-b...)


Hmm. I'd say it's a combination of inside jobs and general poor coding/security practices. The inrush of customers has prompted lots of people to follow the "sell the shovels, not mine for gold" mentality and try to open up their own exchanges... and every exchange is a prime open target for any hacker because of the massive amounts involved.


In addition to all you said, I would add that some more advanced test frameworks/library a missing. There are only good ones for unit tests and UI test automation like Selenium, for integration tests there is a huge gap of decent test frameworks missing.


Wrong thread? Or do you feel that test frameworks/libraries are going to take care of sloppy security practices and inside jobs?


From the bugs described in the article, specially the one a person could withdrawal from another account to its own account, I believe better test libraries could help. Normally people develop tests using the same input data from beginning to end of test execution, since it becomes cumbersome to use different test data for input in the same round of test execution. Mainly because how these data come from fixtures.


I don't know if this is a good example of the value of testing. This 'mistake' strikes me as so colossal that the idiot who allowed it to happen would not be saved by writing tests.


I think this is more or less how it is.

I don't think it's mutually exclusive though. Tux was an awful coder and Mt. Gox was a scam at the same time.


Yea but that's pretty much all hacks reported in the news. It's often social more than technological.


Regulatory oversight isn't universally a good thing.

It's illegal to steal, regulated or not.



I've lost .38 Eth because of the Mist wallet on macOS.

Seems they've a password issue where the password is always wrong even if you wrote it down at the time of setup.

The suggested solution on the GitHub issues is to use a brute force attack using a python script. Such an issue just screams poor testing.


Is it this script? https://github.com/burjorjee/pyethrecover

That is atrociously bad. It appears to use a pure-python implemention of AES (!!!) [1]. Holy cow. This is going to be miserably slow. Using all the CPUs isn't going to help when it's going to be literally tens of thousands of times slower than better techniques.

You will literally have time to learn hashcat [2] from scratch, learn how to implement the plugin, test the plugin with some sample passwords, and run it yourself, and still save time over running the Python script, because even if you leave the Python script running during the entire, say, week you spend learning all this, the hashcat script will still outrun Python in the first minute or so, by my somewhat conservative estimate that it will run 10,000x faster. (I wouldn't consider 100,000x out of reach. Depends on your GPU. But hashcat will still be faster even just on the CPU alone.)

(Also hashcat shows some ethereum support, but neither of the two things it says say "aes". I don't know whether hashcat would support this out of the box, I'm just saying that you literally have time to implement this from scratch and still be faster than running that Python script.)

(I also want to be clear that this isn't GPU fanboying. It can't be, because I'm not one. GPU computing is very often oversold. But this is legitimately one of those cases where GPUs can smoke CPUs by multiple factors of magnitude.)

[1] https://github.com/burjorjee/pyethrecover/blob/master/aes.py

[2] https://hashcat.net/hashcat/


If a coin is stolen, it is still in circulation. No affect on the holders of that cryptocurrency.

If a coin is lost, it is out of circulation, and the net effect is that it is distributed to all the remaining holders of that cryptocurrency.


Both of those assume that desire to acquire a cryptocurrency is unaffected by trust in its exchange infrastructure and the integrity of others parties offering to make payments in that cryptocurrency. That doesn't seem like a reasonable assumption to make.


> If a coin is lost, it is out of circulation, and the net effect is that it is distributed to all the remaining holders of that cryptocurrency.

Meaning the value of the remaining coins increases a tiny bit because supply was reduced?


Correct


Tipping point is bulk of everything Seeing more of this further solidifies the case for decentralized exchanges

I used to remember how every hack hits the market really bad

This time every hack is like business as usual https://www.coingecko.com/en

Which is why when I get into investing in crypto. I take coin hack risk and volatility risk into account from day


On the flip side, the combined market cap* of all cryptocurrencies has increase approximately $400B in the last year.

* Yes, I know market cap is a poor metric, but it’s equivalently bad to the $500M “lost” metric used here.


That's assuming the total number of coins still exists. I would not be surprised if 20% of all bitcoins have already been lost.

EX: Satoshi's coins could all have been lost at this point.


I wonder how much the rise in btc or eth can be attributed to lost or blacklist coins?


Not necessarily code, not necessarily lost and not necessarily $500M


Not necessarily a reply.


..and, yet, nothing of value was lost.


Lots of electricity was wasted.


Indeed, the vast majority of this cryptocurrency was not lost, but remains in circulation.


One man's loss is everyone else's gain. If $500MM of a coin is irrevocably lost or destroyed, everyone just gained $500MM in value through an increase rarity.

It's equivalent to the losers transferring all their coin to the rest of the network participants (in proportion to their stake).


> If $500MM of a coin is irrevocably lost or destroyed

But the examples in the article are about coins being stolen, not lost or destroyed. Someone somewhere still has it and is presumably able to spend it.


>But the examples in the article are about coins being stolen, not lost or destroyed. Someone somewhere still has it and is presumably able to spend it.

quite a lot of these stolen coins were tracked down and weeks later locked by exchanges when someone tried to sell them.


Well, it wasn't a very germane comment to start it with. I guess I should have read the article...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: