Slashdot Mirror
Hacker Allegedly Steals $7.4 Million In Ethereum After Hijacking ICO (vice.com)
An anonymous reader writes: An unknown hacker allegedly took over the website of an ethereum startup called Coindash, directing investors to send money to his or her own ethereum digital wallet, instead of the one controlled by Coindash. While Coindash noticed the hack almost immediately, the damage was done, and the hacker amassed more than $7 million in stolen cryptocurrency.
How do I hijack an icon file (*.ICO) to get $7.4M?
It can but it's a PITA and threatens to devalue currencies. See:
http://www.coindesk.com/ethereum-classic-explained-blockchain/
No different than a hacker changing a mailing address to amass money sent to an address.
Why the hell did they not sign it with a PGP key to authenticate that they were who they said they were?
Ethereum has done it before in a previous hacking. They could write a patch, in theory, to do a fork and invalidate all transactions to the Hacker's address.
If that is their intention, they should announce it immediately to help mitigate damage (Make sure the hacker doesn't spend further and leave other people holding the bag).
Sure, but the precedent is very un-cryptocurrency. Reverting the transfer means that a central authority has the ability to invalidate transactions they don't like. Today it may be theft, but tomorrow it could be political contributions or purchases of "bad" items. It seems like that kind of thing would undermine the value of having a cryptocurrency in the first place.
Will only be worth $3.5million in 2 weeks anyway the way these currencies are going.
Of course you could. Technically it's not even a problem, create some kind of master key that clients will accept the signature of instead of the user's key and it'll be the almighty god of that crypto-currency. And who would you like to have sitting on that key? What makes them trustworthy, what standard of proof, what appeals process in what jurisdiction against having your assets seized? The Internet Court of public opinion and loose allegations? What happens if the hacker manages to spend the money first, do you take the money away from an innocent third party effectively creating a counterfeiting problem?
By the time you're done with the dispute process you'll basically have poorly re-invented banks and credit cards. And what would happen if a hacker got hands of the key and started randomly moving money around? There would be total chaos. The lack of any kind of centralized control is the headline feature. As a consequence done is done and there's no undoing it, a crowd-sourced blacklist would be useless. All that would happen is that a lot of people would get stuck with "tainted" money that would be randomly rejected, they'd get pissed from being scammed and the currency would collapse.
Live today, because you never know what tomorrow brings
Some of my buddies were bemoaning not having bought some Bitcoin after one of its runups in price. I told them they'd be better off in Vegas. At least there you get free drinks while watching your money disappear.