Slashdot Mirror

← Back to Stories (view on slashdot.org)

Digital Currency Ethereum Is Cratering Amid Claims Of a $50 Million Hack (businessinsider.com)

Posted by msmash on from the security-woes dept.

Digital currency Ethereum's value has dropped amid a hack on DAO (Decentralised Autonomous Organisation), an organisation with huge holdings of Ethereum (Wikipedia page). Its value is now below $15, down from more than $21 a few minutes ago. It is believed that as much as $50 million of the digital currency has been stolen. From a blog post on DAO: An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.From a Quartz report: It's no surprise that cryptocurrency markets are in a panic. Funds invested in the DAO represents more than 10% of all the ether in circulation ($81.8 million worth). A massive hack on the DAO's holdings would be roughly equivalent to a successful heist at a major financial institution.

116 comments

  1. Suckers by Anonymous Coward · · Score: 0

    "A sucker is born every minute"

        -- Bill Gates

    1. Re:Suckers by xxxJonBoyxxx · · Score: 1

      "You may have been a good smuggler, but now you're Bantha fodder. "

            -- Jabba the Hutt, Star Trek V ("Jedi Reloaded"), in her throne room on Arrakis

    2. Re:Suckers by el+cisne · · Score: 2

      Luke, I am your fodder.

    3. Re:Suckers by Anonymous Coward · · Score: 0

      Whoosh!

    4. Re:Suckers by PCM2 · · Score: 1

      Whoosh was from The Flash...

      --
      Breakfast served all day!
    5. Re:Suckers by sexconker · · Score: 1

      The line is "No, I am your fodder.".

    6. Re:Suckers by Anonymous Coward · · Score: 0

      You are my toddler

  2. Ethereal value by penguinoid · · Score: 1

    So you're saying Ethereum's value has become ethereal?

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:Ethereal value by Aaden42 · · Score: 1

      More like some Wireshark ate it all.

    2. Re:Ethereal value by arglebargle_xiv · · Score: 1

      My tulip bulbs! My tulip bulbs! Oh the tulipanity!

    3. Re: Ethereal value by Anonymous Coward · · Score: 0

      This joke wasn't funny in 2011 either.

    4. Re: Ethereal value by arglebargle_xiv · · Score: 1

      Oh come on, it's at least slightly funny, even if it's mostly schadenfreude.

  3. "heist at a major financial institution" by Anonymous Coward · · Score: 0

    Except you don't have to find a sucker who will give you real money for your imaginary currency first.

    1. Re:"heist at a major financial institution" by alexgieg · · Score: 1

      Except you don't have to find a sucker who will give you real goods and services for your printed paper currency first.

      FTFY.

      --
      Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
    2. Re: "heist at a major financial institution" by chill · · Score: 1

      Yeah, that problem was solved centuries ago. Considering I'm posting from inside a restaurant who is doing just that, after stopping at a gas station who did the same, the challenge of finding people to accept paper currency AND purely digital bits via a debit card is trivial.

      --
      Learning HOW to think is more important than learning WHAT to think.
  4. A successful heist? by jtownatpunk.net · · Score: 3, Insightful

    Doesn't sound very successful if the thing you're stealing becomes worthless because you successfully stole it. Unless you have significant holdings in other crypto-currencies which will increase in value due to their better security.

    1. Re:A successful heist? by Anonymous Coward · · Score: 1

      A real currency would not become worthless simply because it was stolen. However it is obtained, the value should remain the same.

    2. Re:A successful heist? by Anonymous Coward · · Score: 0

      Conventional currencies certainly could. If you were able to steal 10% of all the US dollars in circulation, it would cause the value of the currency to drop sharply. This can't happen because conventional currencies are too spread out: There's no one place where you'll find that high a percentage of the currency conveniently piled up for the stealing.

    3. Re:A successful heist? by ceoyoyo · · Score: 1

      Yeah right. Try stealing a significant supply of any particular currency and watch what happens to it's value.

    4. Re:A successful heist? by phantomfive · · Score: 1

      If you were able to steal 10% of all the US dollars in circulation, it would cause the value of the currency to drop sharply.

      Why? Wouldn't removing the dollars from circulation cause deflation? (Or if you spent them, to cause them to remain in circulation, of course)

      --
      "First they came for the slanderers and i said nothing."
    5. Re:A successful heist? by Nunya666 · · Score: 1

      Conventional currencies certainly could. If you were able to steal 10% of all the US dollars in circulation, it would cause the value of the currency to drop sharply.

      Only if you try to cash in the stolen currency in another country, which considers the value of the US Dollar against the value of the local currency.

      Businesses don't raise their prices just because the international value of the local currency changes.

    6. Re:A successful heist? by PRMan · · Score: 1

      When they seize it, it becomes worthless to you.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
    7. Re:A successful heist? by radarskiy · · Score: 1

      Was anyone willing to sell a credit default swap against DAO?

    8. Re:A successful heist? by dwye · · Score: 1

      If you were able to steal 10% of all the US dollars in circulation, it would cause the value of the currency to drop sharply.

      Nonsense.

      Firstly, 10% of all US currency is a small fraction of all dollar-denominated accounts.

      Secondly, the value would rise, since a finite and now smaller quantity of dollars was chasing the same sized pool of value.

      Perhaps you were thinking of the case of 10% of US currency being counterfeited (aka Gresham's Law)?

  5. This panic is the equivalent of by Anonymous Coward · · Score: 0

    someone yelling that the Dollar is not a safe currency (well the U.S. Dollar IS crashing but it's besides the point of the analogy) because someone's wallet got picked, and they happened to have Dollar-bills in it.

    1. Re:This panic is the equivalent of by bazmail · · Score: 2

      You either suck at reading or suck at metaphors.

    2. Re: This panic is the equivalent of by Anonymous Coward · · Score: 0

      Against other currencies the dollar is quite strong. Not good for us Canadians though.

    3. Re:This panic is the equivalent of by Anonymous Coward · · Score: 0

      You either suck at reading or suck at metaphors.

      Like putting too much air into a balloon!

  6. Silver lining by Nidi62 · · Score: 1

    On the bright side, as the value of the currency drops, the amount stolen would drop as well. So given a roughly 30% drop in value that $50 million is now only worth about $35 million!

    --
    The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  7. Say it ain't so... by __aaclcg7560 · · Score: 1

    Another digital currency in the bit bucket.

    1. Re:Say it ain't so... by Yvan256 · · Score: 1

      Mooncoin will rise again, you'll see! To the moon!

      Also, does anyone want to buy one million Flappycoins?

    2. Re:Say it ain't so... by __aaclcg7560 · · Score: 1

      Also, does anyone want to buy one million Flappycoins?

      Do you take continental dollars? :P

    3. Re:Say it ain't so... by Anonymous Coward · · Score: 0

      Also, does anyone want to buy one million Flappycoins?

      Sure! i've got 50 Million Ethereum to trade. The faster the better.

      Make that 49 Million ... 48 ... only 47 .... uhhh, how fast can you hit the Enter key?

    4. Re:Say it ain't so... by Gr8Apes · · Score: 1

      Mooncoin will rise again, you'll see! To the moon!

      Also, does anyone want to buy one million Flappycoins?

      I've got a $500 bill from Life....

      --
      The cesspool just got a check and balance.
    5. Re:Say it ain't so... by dwye · · Score: 1

      Hey! Continentals were convertible to gold-backed dollars after the Constitution went into effect, at par. Granted, in the years before that they were often sold at pennies on the dollar, but that is the mistake of those who sold them so low.

  8. Maybe I'm showing my age but... by bazmail · · Score: 3, Insightful
    ...that is all complete fucking jibberish.

    An attack has been found and exploited in the DAO, and the attacker is currently in the process of draining the ether contained in the DAO into a child DAO. The attack is a recursive calling vulnerability, where an attacker called the "split" function, and then calls the split function recursively inside of the split, thereby collecting ether many times over in a single transaction.

    1. Re:Maybe I'm showing my age but... by Anonymous Coward · · Score: 0

      It's "gibberish", old man.

    2. Re:Maybe I'm showing my age but... by Anonymous Coward · · Score: 1

      An attack has been found and exploited ...

      ...that is all complete fucking jibberish.

      It's a Fork Bomb with money.

      In other words, tying value to a bit doesn't work so well after a .... bit. ;-) But don't worry, it's the next big thing since the stock market. Invest now before you lose out!

      It's "gibberish", old man.

      Yeah, give us a break, our memory's not quite what it used ... what was i saying?

    3. Re:Maybe I'm showing my age but... by Anonymous Coward · · Score: 0

      oldpeople.jif

  9. I'm almost glad by Anonymous Coward · · Score: 0

    I keep reading about Ethereum being better than Bitcoin, this just proves that it's not.

    1. Re: I'm almost glad by Anonymous Coward · · Score: 0

      Better than bitcoin isn't tough. Take a big shit in a public toilet and it's worth more than a bitcoin.

      All the cryptomoney is bullshit.

    2. Re:I'm almost glad by sexconker · · Score: 2

      You keep reading that because the clown behind Ethereum is a known charlatan who has been shouting about how his shit is better than Bitcoin non stop for the past 3 years. Anyone who knows anything about Bitcoin knew that Ethereum was horse shit. I wouldn't be surprised if said clown was behind this, or at least on the take. But I don't care enough to find out. I wasn't dumb enough to drop money into Ethereum and I got out of the Bitcoin game years ago (wish I hadn't though).

    3. Re: I'm almost glad by Coren22 · · Score: 1

      You shit is worth more than $760? What are you the golden goose?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    4. Re:I'm almost glad by pantaril · · Score: 1

      You keep reading that because the clown behind Ethereum is a known charlatan

      Could you provide some links to back up your claim, that Vitalik Buterin is "known charlatan"?

    5. Re:I'm almost glad by sexconker · · Score: 1

      Vitalik Buterin is a puppet they fly around to do interviews while claiming he's the developer.
      He's not. It's developed by a farm of Indian's working, ultimately, for Goldman Sachs.

      Ethereum is an IPO alt-coin (meaning it's a scam). The initial volume was fake (pre-arranged) in order to pump up value, as per usual.

      I get that you see someone making a claim on the internet and your instinct is to assume it's bullshit. But what I don't get is why you spent time to Google "Ethereum" so you can throw out a challenge using "Vitalik Buterin" and not also spend the time to actually read about it.

      If you had, you'd know that the clown behind Ethereum is Anthony Di Iorio - https://www.linkedin.com/in/an... .

      If you actually care, so a search for his name or read this thread https://bitcointalk.org/index.... .

  10. The ever topical Nelson Muntz by smooth+wombat · · Score: 1

    Ha ha!

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    1. Re: The ever topical Nelson Muntz by Anonymous Coward · · Score: 0

      Madman Muntz.

  11. This Summary Is FUD by Anonymous Coward · · Score: 1, Funny

    The fact that this bug occurred is a black mark on DAO and an utter embarrassment, but nothing has actually been "stolen". As the DAO blog post says, a community effort is underway to fork and lock out the attacker. They have a month to make it happen. No money will be lost.

    Basically, this system is based on programming contracts (think legal contracts, usually written by lawyers and reviewed by judges). Someone left a bug in the contract, and because this is a programmed contract, not a written one, no one could enforce the "spirit" of the contract over the exact (erroneous) content of the contract.

    This huge community panic and fork undermines the idea of these "programmed" contracts, and thus the system itself.

    1. Re:This Summary Is FUD by Anonymous Coward · · Score: 1

      Programmed contracts undermine the idea of programmed contracts. There will always be some shifty motherfucker who is smarter than you think you are. How can you enter a trust relationship when you can't trust anyone?

      Law is in the hands of humans because we understand the idea of unforeseen circumstances. Real contracts require real, legal good faith action on both parties.

      Ethereum always strikes me as the place where the real frightening and intelligent sociopaths when after they wrung all they could out of BTC.
      Smart contracts are particularly creepy - At the heart of every libertarian is a kid that watched a lot of cartoons growing up. Remember in kids shows how contracts are always presented as having some kind of magic, indelible force as strong as the universe itself? Sign a contract and no matter what it was law. (Of course this trope was just lazy writing)

      Remember the contract in The Little Mermaid? Remember how even the king (Who was an analog for the god Poseidon) could not annul it with all his power?

      Ethereum is an effort to make that real - Magic contracts.

    2. Re:This Summary Is FUD by ameline · · Score: 1

      The value of Etherium will rebound, but the underlying problem is that the contracts are written in a Turing-complete language -- it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

      --
      Ian Ameline
    3. Re:This Summary Is FUD by Anonymous Coward · · Score: 0

      Sounds like they could use having formal verification or proof-carrying code. That way people won't get burned when some seemingly innocuous code only pays up when someone finds a counterexample to the Collatz conjecture or something.

    4. Re:This Summary Is FUD by Anonymous Coward · · Score: 1

      It's a very childish, literal, techno-centric way of thinking but it rears its ugly head over and over. "If I can prove X is effectively the same as Y (whatever 'effectively' means to the speaker), and X is legal, then the courts and lawyers and whole rest of the world will automagically see my way and make Y legal". Ask Aereo how well that worked out for them.

    5. Re:This Summary Is FUD by Anonymous Coward · · Score: 0

      Why is that a problem? Add to the protocol that if a contract doesn't resolve within X virtual machine instructions, it's void and has no effect.

    6. Re:This Summary Is FUD by ceoyoyo · · Score: 1

      The halting problem says it is impossible to prove [blah blah] for every program.

      It's quite possible to prove whatever you like about many, many programs. It might be quite difficult for non-trivial ones though.

    7. Re:This Summary Is FUD by Anonymous Coward · · Score: 1

      This is a good point. You can formally prove code, but it's incredibly labor intensive academic process. .. Not really in line with the cowboy coding you typically associate with the cryptocoin community.

    8. Re:This Summary Is FUD by mbkennel · · Score: 1

      | Someone left a bug in the contract, and because this is a programmed contract, not a written one, no one could enforce the "spirit" of the contract over the exact (erroneous) content of the contract.

      A perfect instantiation of a naive (is there any other kind?) libertarian's dream and everybody else's nightmare.

      http://www.startrek.com/database_article/landru

    9. Re:This Summary Is FUD by rickb928 · · Score: 1

      "Someone left a bug in the contract"

      Seems like a feature to me. Solution? Beyond hard forking and a reset of the DAO, perhaps not allowing recursive splits.

      This is debugging in 'real'-life. How many online games have you played where you bought in-game swag and it was stolen/destroyed? Yeah, I don't either. Right.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    10. Re:This Summary Is FUD by sexconker · · Score: 1

      It's not a problem. An instruction count limit and a valid input range solve it.

    11. Re:This Summary Is FUD by Anonymous Coward · · Score: 0

      Let's entrust $50m to cowboy coders! What could possibly go wrong?

    12. Re:This Summary Is FUD by Jeremi · · Score: 1

      the contracts are written in a Turing-complete language -- it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

      True... but isn't that also true of just about every other piece of software in use today? And yet the world continues to turn, and people continue to use software to get things done (knock on wood), modulo the occasional catastrophic bug...

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
  12. action is being taken by Anonymous Coward · · Score: 0

    Important to note that the exposed vulnerability has nothing to do with the Ethereum code or blockchain, but a smart contract (the DAO) written atop of it. The Ethereum developers responded this morning by proposing a soft fork that would prevent the hacker from withdrawing the Ether for long enough for the community to decide on next steps. Next steps could involve (if miners choose to accept the code) a hard fork that would allow original investors in the DAO to withdraw their Ether.

    https://blog.ethereum.org/2016/06/17/critical-update-re-dao-vulnerability/

    1. Re:action is being taken by Anonymous Coward · · Score: 0

      So if the developers can impose an emergency stop to prevent funds being moved within the system, what's to stop the developers in receipt of NSL from doing the same thing? Haven't Ethereum basically just admitted that their digital currency lacks the very aspect that makes Bitcoin so attractive, the fact that no third party or the developers themselves can impose restraints on the flow of funds?

    2. Re:action is being taken by Anonymous Coward · · Score: 0

      The hacker imposed new restraints on the flow of funds at odds with the DAO in agreed upon contract design.

      All party to the agreement concur that the error was in implementation. All sides believe the contract has not been fulfilled due to its malicious exploitation by an outsider or minority interest.

      If something is bought with Bitcoin but the company delivers the purchase to the wrong address one would also seek a reversal of funds as the agreement had not been fulfilled. The vendor would seek to recoup what was misdirected through error.

      In this case, the affiliation between Ethereum and the DAO place Ethereum in the role of a vendor. The hack does not undermine Ethereum itself. However, the DAO as an investment vehicle for Ethereum may now appear to be a bad and potentially compromising idea.

  13. Federal Reserve by captaindomon · · Score: 4, Insightful

    Except if this happened at a "major financial institution", the Federal Reserve would step in and stop a panic by insuring the funds. That's why we *have* a federal reserve. See the Panic of 1907 for an example.

    --
    Just because I can hook a shark from a boat, I do no offer to wrestle it in the water.
    1. Re:Federal Reserve by Anonymous Coward · · Score: 0, Informative

      Lol. Not even close.

      The "Federal" Reserve is a *private* bank whose purpose is entirely self-serving. They don't insure jack sh*t. Every single Federal Reserve note in circulation is exactly that--a private bank note *borrowed* by the US Treasury then circulated among the population--they are ultimately debt notes that the US owes and pays interest on BTW.

      The *FDIC*, a government entity completely unrelated to the "Federal" Reserve bank, is what insures bank account deposit balances against bank heists and bank collapses.

    2. Re: Federal Reserve by Anonymous Coward · · Score: 0

      Lol and he got +2. Smh. On every bank commercial and at the bottom of every printed material for banks it says FDIC insured.

    3. Re: Federal Reserve by Anonymous Coward · · Score: 0

      Ever heard of the NCUA? Hint, credit unions are not insured by the FDIC. At least you can be smug about being wrong.

    4. Re:Federal Reserve by Anonymous Coward · · Score: 0

      Actually he was close, he just mixed up two entities.

      You being so pedantic... now that's spot on douchery.

      Captcha: Gilded (thought that would be banned here)

    5. Re: Federal Reserve by Anonymous Coward · · Score: 0

      I know! So weird that he was talking about banks when everybody knows the NCUA insures credit unions.

    6. Re:Federal Reserve by mbkennel · · Score: 1

      | The "Federal" Reserve is a *private* bank whose purpose is entirely self-serving.

      It's not a private bank. Its creation and operations are detailed in U.S. Federal Code, its top management is chosen and confirmed by elected government officials, it regulates private banks with force of law, and its profits are turned over to the U.S. Treasury. It does not have the same motives and behavior as a private bank. Intentionally, the Fed is not a direct part of the political cabinet departments and is more of an independent agency, similar to NASA, CIA and EPA, and not similar to Treasury, whose chief serves at the discretion of the President and is a member of the cabinet.

      The Fed does, as part of its very nature, interact heavily with private banks.

      The US or Fed do not pay interest on Federal Reserve notes. The U.S. does pay interest on Treasury bills, notes and bonds.

      The FDIC is an agency which is created by Congress, the same way as the Federal Reserve. The FDIC's protection of depositors is guaranteed by law, but the Federal Reserve's bailout of institutions is discretionary.

    7. Re:Federal Reserve by magarity · · Score: 1

      Lol. Not even close.

      The "Federal" Reserve is a *private* bank whose purpose is entirely self-serving

      A common misconception. The Federal Reserve is an independent entity of the federal government, similar to the USPS: See "Who owns the Fed": http://www.federalreserve.gov/...

    8. Re:Federal Reserve by Anonymous Coward · · Score: 1

      No, no, no. You're not listening to the facts- any gold bug or libertarian can tell you, as did the parent post, that the Federal Reserve does nothing useful for anyone anywhere except themselves. That whole bit where they shored up Bank of America, Citigroup, and others, by merely preparing to take equity positions, was all just a ruse to collect termination fees. They absolutely don't operate as any kind of insurance. And that money to AIG? It was cool how they bypassed the Treasury entirely and loaned those Federal Reserve Notes directly to AIG. Of course, they still collected the interest that the Treasury would otherwise have paid. Neat trick, considering they even duped Congress into passing legislation authorizing that, given that no authorization was necessary at all since they're a private bank.

    9. Re:Federal Reserve by Anonymous Coward · · Score: 0

      Lol. Not even close.

      The "Federal" Reserve is a *private* bank whose purpose is entirely self-serving

      A common misconception. The Federal Reserve is an independent entity of the federal government, similar to the USPS: See "Who owns the Fed": http://www.federalreserve.gov/...

      Despite the image that the Federal Reserve promotes, it operates without oversight. It has *never* been audited, and in truth it answers only to the international banking cartel. The US is at its mercy, not the other way around. We serve it. Both presidents of the USA and the ABA have admitted *on record* that the Federal Reserve exerts power and control over the government and is in fact *responsible* for orchestrating depressions in the economy to enrich their own coffers.

    10. Re:Federal Reserve by lgw · · Score: 1

      The US or Fed do not pay interest on Federal Reserve notes. The U.S. does pay interest on Treasury bills, notes and bonds.

      The Fed does, however, pay above-market-rate interest on bank money deposited with the Fed. It's relatively new program, and really quite odd. The Fed pays banks better interest than you or I can get from buying T-bills.

      While it's done wonders to keep the money supply from growing while QE was printing a couple trillion new dollars, it hardly seems fair.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    11. Re:Federal Reserve by Anonymous Coward · · Score: 0

      Wrong, because jooooooooooz.

  14. Re:Would using the Rust prog lang have avoided thi by Anonymous Coward · · Score: 1, Informative

    Good practice makes safe programs. Not programming languages.

    If magic bullet programming techniques were the cure we'd all be running microkernel operating systems programmed in lisp.

  15. I don't get it by slashmydots · · Score: 1

    I sort of looked into Etherium, and I'm an expert on bitcoins, and their website's marketing fluff bullshit sounded an awful lot like it's bitcoin but run by 1 giant central company and they're downplaying that fact and outright lying about it. Does that accurately sum it up or am I missing something?

    1. Re:I don't get it by Anonymous Coward · · Score: 1

      No, that's pretty much all wrong. Ethereum does provide significant functionality over BTC by allowing arbitrary "smart contracts", though people are in the process of bringing that to BTC as well. Ethereum isn't centrally run any more than other cryptocurrencies are (that is, the developers have some informal clout but it's ultimately up to the network what the blockchain looks like).

    2. Re:I don't get it by Anonymous Coward · · Score: 0

      There's no way you could have avoided knowing about Ethereum over the past year if you really are a "bitcoin expert"...

    3. Re:I don't get it by sexconker · · Score: 1

      To implement a contract in Bitcoin you just sign messages. People have been doing it for ages.

  16. There's a few surprises here by thegarbz · · Score: 1

    1. An unknown currency has such value?
    2. Someone bothers attacking an unknown currency?
    3. The attacker has a facility to convert a large portion of the digital currency into something tangible without it instantly being worthless?
    4. Slashdot assumes we know WTF the summary is talking about?

    1. Re:There's a few surprises here by Anonymous Coward · · Score: 0

      It isn't unknown, and it's no surprise that people are attacking the DAO (not the currency though, that would make no sense as it would devalue the stolen eth).

      The attacker can't convert the stolen eth into anything, as he/she/it has no access to it anymore.

  17. No it is not. by MartinG · · Score: 3, Informative

    "this is an issue that affects the DAO specifically; Ethereum itself is perfectly safe."

    Source: https://blog.ethereum.org/2016...

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
  18. Re:Would using the Rust prog lang have avoided thi by Anonymous Coward · · Score: 0

    No.

  19. You tell us by tomhath · · Score: 2

    Since you seem to be an expert. Rather than just listing vague claims about a language, describe how the features you listed are pertinent to this attack.

  20. it wuz haxx0rz! rilly!!!!1! by Anonymous Coward · · Score: 0

    Not the first time an altcoin cratered because of reasons. Always someone else's fault, of course. Always "haxx0rz". Sure.

  21. More specifically, Rice's theorem applies... by ameline · · Score: 1

    https://en.wikipedia.org/wiki/...

    "there exists no automatic method that decides with generality non-trivial questions on the behavior of computer programs."

    --
    Ian Ameline
    1. Re:More specifically, Rice's theorem applies... by ceoyoyo · · Score: 1

      "with generality" Key words.

    2. Re:More specifically, Rice's theorem applies... by ameline · · Score: 1

      Indeed they are key -- what they mean is that even if you can come up with an algorithm to prove a property for *all* existing programs, it is possible (and in practice usually *trivial*) to construct a program where that algorithm will provably fail. Remember hackers need only find one hole to siphon off your ether.

      This system (or any currency for that matter) needs a mechanism for defining, detecting and reversing fraud, and unmasking those perpetrating it. You have to assume it's only a matter of "when", not "if" fraud will take place.

      Computability theory is *fun* :-)
      https://en.wikipedia.org/wiki/...

      --
      Ian Ameline
    3. Re:More specifically, Rice's theorem applies... by sexconker · · Score: 1

      The system does have that, It's called forking.

      Further, your link to Rice's theorem showed you have no idea what you're talking about. ceoyoyo called you out. Your next post was asinine drivel with another link to Wikipedia about something you don't understand.

      Your other post, including this gem, really drives it home:

      it is impossible to prove with an algorithm (reducible to the halting problem) any non trivial assertions about the behavior of such contracts.

      That's only true in the general case, so change "such contracts" to "such contracts in general" or "all contracts".
      It's also just as true if you remove "with an algorithm (reducible to the halting problem) ".

      it is impossible to prove any non trivial assertions about the behavior of all contracts.

      Your statement is functionally equivalent to "It is impossible to prove everything about everything.".

    4. Re:More specifically, Rice's theorem applies... by ceoyoyo · · Score: 1

      It wouldn't be difficult at all to require that any valid algorithm must be provably correct. The halting problem in particular is trivially easy to deal with. As another poster suggested, simply require that any algorithm run in X time otherwise it is considered invalid.

    5. Re:More specifically, Rice's theorem applies... by ultranova · · Score: 1

      It wouldn't be difficult at all to require that any valid algorithm must be provably correct.

      The problem is, "correct" here means "what the user intended", so your validator would need to read thoughts - and if it cold do that, there'd be no need to write contracts by hand in the first place.

      But why make your contract language Turing complete in the first place? It would seem that propositional logic would be both perfectly sufficient and easier to write and understand. Do you really need your payment processor to be potentially sapient?

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    6. Re:More specifically, Rice's theorem applies... by St.Creed · · Score: 1

      Do you really need your payment processor to be potentially sapient?

      Well... yes, yes I do.

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
  22. "Worthless" is relative. by Anonymous Coward · · Score: 1

    If I steal $1,000,000 worth of foobarcurrency from you, and it's value drops to $1,000, I'm still ahead $1,000. You're screwed but I don't really have to care.

  23. Crypto-Currency will never succeed by Anonymous Coward · · Score: 0

    It is already failing with fractured "anonymous" crypto currency groups. All you need for electronic currency is a UUID for whatever denomination probably with a PGP fingerprint to help guarantee legal funds.

  24. Re:Would using the Rust prog lang have avoided thi by ameline · · Score: 1

    Mod parent up.

    So long as the contract language used by Etherium is Turing-complete, they're pretty much doomed to having this sort of thing repeating. To their credit, they have mechanisms to, through community consensus, block and reverse these thefts.
    (A good currency design should be tolerant of fraud -- assume it will happen, and have in place mechanisms for detecting and reversing it.)

    In support, I give you Rice's Theorem;
    https://en.wikipedia.org/wiki/...

    "there exists no automatic method that decides with generality non-trivial questions on the behavior of computer programs."

    --
    Ian Ameline
  25. I want up to the minute values by Anonymous Coward · · Score: 0

    Shouldn't the headline say it's a 34.8 million dollar hack?

  26. Someone got clowned by PCM2 · · Score: 1

    I sense this attack was mostly about embarrassing the company. From the Etherium website:

    Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference.

    (emphasis mine)

    --
    Breakfast served all day!
    1. Re:Someone got clowned by lindseyp · · Score: 1

      For certain definitions of fraud. The key here is that the DAO contract was badly written. Not Ethereum itself. The 'attacker's open letter on the subject outlines a perfectly good argument. His actions were enforced by the very contract in question, hence there is no fraud.

      --
      j'ai découvert une démonstration vraiment admirable (de ce théorème général) que cette si
  27. "And nothing of value wa..." by GlennC · · Score: 1

    oops, I guess something of value WAS lost here.

    Carry on....

    --
    Go on, citizen, stamp the vote card. R or D, your choice.
  28. Re:Would using the Rust prog lang have avoided thi by mmell · · Score: 1

    A good currency design should be tolerant of fraud

    So the US economy is great!

  29. How much? by wonkey_monkey · · Score: 1

    a $50 Million Hack

    Wait, no, $5 million hack.

    Oop, now it's $5,000.

    --
    systemd is Roko's Basilisk.
  30. zero percent shocked by Anonymous Coward · · Score: 0

    It's no surprise that cryptocurrency markets are in a panic.

    Yet nobody is in a panic. $81.8 million dollars worth? What is the size of the US national debt? Global trade imbalances are how big?

    This story reaks of FUD. Where is the real story? If you are going to discuss money why wouldn't you discuss the loss in value of currency in the United States since the Federal Reserve snuck control of it in 1913.

    Creature from Jeckyll Island on YouTube all day and night for years.

  31. This is good for Bitcoin. by Anonymous Coward · · Score: 0


     

  32. Buy it... by Anonymous Coward · · Score: 0

    ...while it's cheap.

    1. Re:Buy it... by Anonymous Coward · · Score: 0

      It isn't cheap. It was around $7 maybe a month and a half ago? Two months ago? It's already $15 and going back up. Everyone who invested in eth but NOT the DAO is beginning to realize that they are safe from this theft. Furthermore, it has reduced the currency supply, effectively driving up the value of remaining eth in the wild.

      It does slightly undermine the idea of smart contracts, though in reality, the DAO is an incredibly complicated smart contract.

  33. Re:Would using the Rust prog lang have avoided thi by dow · · Score: 1

    EthCore's Ethereum implementation is written in Rust anyway, I believe.

  34. A DAO by any other name by bestweasel · · Score: 1

    "DAO (Decentralised Autonomous Organisation), an organisation with huge holdings of Ethereum"

    Might want to work on the Decentralised bit.

  35. ponzi by Anonymous Coward · · Score: 0

    create a digital currency
    get lots of people to invest in it.
    hack into your own system, steal the currency, cash it out before the value drops.
    winning

  36. Re:Would using the Rust prog lang have avoided thi by Anonymous Coward · · Score: 0

    "microkernel operating systems programmed in lisp"
    So Emacs?

  37. "Volatile cryptocurrency displays volatility" by Phlogiston+4+Lyfe · · Score: 1

    As of eight minutes ago, the price was at roughly $13.21, which looks bad compared to the $21 value that the original article talks about, but only if you don't pay attention to the numbers from further than five days back. If you look back beyond 6/13, it's been hovering anywhere from $11-$13 since 5/20.

  38. as real as ether by Anonymous Coward · · Score: 0

    bahahaha. The ponzi schemers probably sold off vulnerabilities to their NSA bothers so they could be moved to their mansions.

  39. Re:Would using the Rust prog lang have avoided thi by St.Creed · · Score: 1

    Existing fiat currency systems are surprisingly robust in the face of many problems, of which fraud is a minor one - and much more so than gold standards or bitcoin, IMO.

    --
    Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
  40. Re:Would using the Rust prog lang have avoided thi by peawormsworth · · Score: 1

    To their credit, they have mechanisms to, through community consensus, block and reverse these thefts.

    Reversing the "thefts" would be the quickest way to drive the value of Ethereum to zero.

    It is my opinion that the primary value in Blockchain currencies the decentralization. Reversing these funds would prove it is centralized and requires trust from authority figures.