A Hacking of More Than $50 Million Dashes Hopes in the World of Virtual Currency

The money that the hacker moved appeared to be frozen on Friday as a result of a safeguard previously built into the code. The thief was caught in what might be thought of as a digital version of the airtight double doors that sometimes protect valuable sites (known in security circles as man traps).

Programmers working on the Ethereum network, which hosts Ether, were debating on Friday whether to make a one-time change to the code to recover the frozen money. That faced immediate opposition from many virtual currency purists who were attracted to the technology because of its ostensible freedom from human meddling.


Christoph Jentzsch, co-founder and chief technology officer of Slock.it.


“The strength of blockchain tech is that it is a ledger, a statement of truth,” Bruce Fenton, a board member with the Bitcoin Foundation, wrote on Friday. “That ledger is only as good as its resistance to censorship, change, demands or attack.”

If the leaders of the Ethereum project decide to move forward with a change to the code — known as a fork — they will need to win the support of the people who lend their computing power to the network, and who have what amounts to a vote over any changes to the Ethereum software.

The hacking on Friday underscored the complicated governance structure employed by so-called cryptocurrencies. These currencies are not run by any company or individual but by the computers of anyone who chooses to support the network.

The D.A.O. was supposed to be a further extension of this concept of group decision-making. Thousands of people around the world financed the project by sending in Ether. The D.A.O. was supposed to act as a sort of venture capital fund, investing in projects that were voted upon by people who contributed money. The attack on Friday took place before any projects had been funded.

The specific mechanism the hackers used is known as a recursive call vulnerability, — essentially a malicious transaction that moves money away from the D.A.O. into a side fund in an endlessly repeating loop.


Stephan Tual, co-founder and chief operating officer of Slock.it.


The attack led to chaos on the online message boards where D.A.O. investors and Ether users gather.

“How can we help and protect our funds?” one user wrote on the Slack chat channel for D.A.O. investors.

The programmers who wrote the D.A.O. code immediately suggested that investors vote to move their money to another, unrelated project known as Congo Split, primarily to protect their investments.

“The community needs to spam the network so that it can mount a counterattack,” Stephan Tual, an employee with Slock.it, wrote on that company’s website. Programmers with Slock.it wrote the code for the D.A.O. but said they had no formal continuing role with the project.

By the time it was over, the hacker had managed to gain control of 3.6 million Ether — more than a third of the 11.5 million that were there at the beginning of the day.

“The D.A.O.’s journey is over,” Mr. Tual said in an email on Friday.

The incident on Friday was a reminder of the dozens of hacking attacks and thefts that have rattled Bitcoin since it was released in early 2009. In 2014, Mt. Gox, which was previously the largest Bitcoin exchange, announced that it had lost nearly half a billion dollars worth of Bitcoin.


Griff Green, community organizer of Slock.it.


The attacks on Bitcoin have generally led to a temporary lull in public interest in virtual currencies. But Bitcoin has bounced back each time. Over the last week, the price of Bitcoin has risen swiftly to the highest level since the Mt. Gox fiasco; it stood at $770 on Thursday night.

Some of the recent demand for Bitcoin has come from anticipation of a coming event known as halving. Currently, the Bitcoin software releases 25 new coins — a block — every 10 minutes or so to computers helping support the network. In mid-July, the blocks will shrink to 12.5 coins. The shrinking supply has led some to assume that the price will go up.

The price of Ether had been rising alongside Bitcoin over the last month, in part because of the interest generated by the D.A.O. On Thursday, both were up more than 60 percent over the previous month. But the attack Friday morning sent the price of Ether into a downward spiral.

By Friday afternoon, the price of Ether had fallen 33 percent from its high a day earlier, to around $13. Bitcoin had also fallen, though less sharply, to around $750.

The founder and lead programmer on the Ethereum project, Vitalik Buterin, wrote on Friday that he supported a change to the code that would reclaim the money from the hacker. But he said he recognized that he might not win the argument.

“I recognize that there are very heavy arguments on both sides, and that either direction would have seen very heavy opposition,” Mr. Buterin wrote on Reddit.

Mr. Sirer, the Cornell professor, wrote: “There is no good solution here.”

Continue reading the main story

Source link

About admin

Check Also

How Technology Is (and Isn’t) Changing Our Reading Habits

How is technology affecting the publishing industry? About a decade ago, when Amazon introduced its ...

Leave a Reply

Your email address will not be published. Required fields are marked *