developer asks token holders to spam the network to delay the attack o.O
griff [10:05 AM]
@channel The DAO is being attacked. It has been going on for 3-4 hours, it is draining ETH at a rapid rate. This is not a drill.
You can help:
If anyone knows who has the split proposals Congo Split, Beer Split and FUN-SPLT-42, please DM me We need their help!
If you want to help, you can vote yes on those aforementioned split proposals. especially people who’s tokens are blocked because they voted for Prop 43 (the music app one).
We need to spam the Network so that we can mount a counter attack all the brightest minds in the Ethereum world are in on this.
please use this: for (var i = 0; i < 100; i++) { eth.sendTransaction({from: eth.accounts[4], gas: 2300000, gasPrice: web3.toWei(20, 'shannon'), data: '0x5b620186a05a131560135760016020526000565b600080601f600039601f565b6000f3'}) } to spam the chain
I'm curious how much of Hacker News' kiss of death is trying to access the page in the browser, and how much is following that up when it doesn't immediately work with pinging, "curl -I -v", etc.
- 2,436,828 Ethereum has been routed to the address starting "0x304a554a310c7e546" [0]
- This is worth roughly $46,000,000.
- This has happened because there is some weakness in the Ethereum security
- The conversion between Ethereum and USD is dropping significantly, now down to 16. [1]
Due to this security threat, the developer is telling people to try to effectively DDOS the service in order to stop all transactions. Also, people are being told to split, but I can't see why.
I can't read the page but I was under the impression that recently someone found a problem with the DAO and then they put all DAO activity on hold until they could fix it. Perhaps someone is exploiting that problem or another one they found.
The fact that many scripts written suffers similar vulnerabilities unless extensive (and, seemingly failure prone) mitigations are applied, suggests that the root cause is a known design flaw in the ethereum smart contract architecture.
Doubly so when the latest reviewers of this systems and custodians of the DAO include the system's creators.
When building systems that provide irreversible transaction processing, safe only under perfect use is not sufficient.
Ethereum is a general purpose system: it has sharp edges. We can use the same reasoning to condemn C/++'s pointers (people trip over themselves all the time, even serious audits occasionally miss big bugs), but we still survive with C code running much of our lives. If there's issues with implementing in ethereum code directly, there are many ways of addressing it and only some of them view the issue here as a 'flaw' rather than a 'hard to use feature'.
Ethereum just has to work. It doesn't have to be pretty. It doesn't have to be easy. Being pretty will help it work, but there's enough money on the table, and TheDAO demonstrates this, that it will advance on alternative institutions if it works.
TheDAO may never be 'safe' or 'perfect'. It only has to be safe right now, from the threats that real, interested parties are capable of implementing. This list of threats is quite large at 250,000,000$, and will be larger when/if TheDAO/its descendants hit 250,000,000,000$+.
I started archiving the slock.it #general slack channel when this attack began. This is where most of the discussion has been taking place. Here's up until a few minutes ago:
"Ethereum is a decentralized platform for applications that run exactly as programmed without any chance of fraud, censorship or third-party interference."
No, it isn't directly related to Ethereum(ETH). The DAO is a thing built on top of ETH that is supposed to operate like a decentralized corporation direct through direct democracy of it's constituent investors. It's website is, https://daohub.org/
Oh, it is absolutely right (as far as we know). But "exactly as programmed" doesn't mean "exactly as intended" it means "exactly as programmed", with bugs and vulnerabilities and all.
' “This is the land where dreams–dreams, do you understand–come to life, come real. Not daydreams: dreams.” There was about half a minute’s silence, and then with a great clatter of armor, the whole crew were tumbling down the main hatch as quick as they could and flinging themselves on the oars to row as they had never rowed before. . . . For it had taken everyone just that half-minute to remember certain dreams they had had–dreams that make you afraid of going to sleep again–and to realize what it would mean to land on a country where dreams come true. ' - C. S. Lewis’s Voyage of the Dawn Treader
This pretty directly contradicts a lot of the hype around Ethereum. Yes, bad contract code is bad, but a lot of money is about to evaporate. If it isn't easy to write secure contracts then there is a serious deployment problem.
well the market price of ETH went from $22 earlier today to as low as $15 in the last 30 minutes so I would say a lot of value has evaporated even if the eth itself hasn't.
This is what really annoys me about the Ethereum VM, there was no need for turing completeness. Bitcoin has a perfectly good scripting system that they keep adding opcodes to, and is not vulnerable to some of these kind of attacks.
Could you point me to some resources showing recently added opcodes?
Last time I looked at the Bitcoin code they had actually disabled some of the original opcodes due to security concerns. I'd be interested to see that this trend had reversed.
Sorry, I should probably edit my comment to say "over the years" and not necessarily recently.
I think my point was more that the conservative approach Bitcoin takes works better on the long term, and there's still proposals that slowly get implemented.
I first got into Bitcoin in 2011, and since then there's been plenty of new opcodes, and as you say some original ones that got disabled as they presented risks.
Latest one I can think of that got implemented would be OP_CHECKLOCKTIMEVERIFY in 2014/15 (?), but I haven't really kept up with the BIPs that much with all the infighting
It's a giant pain in the ass to code Bitcoin. In a few years, all of these kinds of attacks will have been tried against various Ethereum contracts and it will be hardened and still easy. It will still be very cumbersome to code Bitcoin.
Just remember, when the developers inevitably appear with suggestions about how to stop the hack, roll back the blockchain, or come up with other schemes to block the hackers, they are showing everyone that all the talk of blockchains being decentralised, or being beyond the control of governments or other powers... is a complete lie.
If this hack can be stopped, then it demonstrates that the currency can be manipulated, that the decentralised system is not so fault tolerant or uncensored after all, and that people out there know this.
Let's call it self delusion. A "lie" needs the intention to deceive. I think most developers of these systems truly believe that they are building the First Distributed Republic or something like that.
We already knew that blockchains are vulnerable to 51% attacks. There are real problems with points of centralization (including the developers), but events like this don't prove anything.
Edit: to be clear, the 51% attack I'm referring to is actually the defense of the network by developers/miners/users that the parent post is complaining about.
If this is just a 51% attack then we didn't learn anything about etherium qua etherium or blockchains qua blockchains... but we'll learn something about the lower bound for being big enough that they're not a realistic possibility.
Rolling back the blockchain would have some pretty serious ramifications, as the possibility of that becomes greater it makes sense to sell as quickly as possible into another chain to retain value.
They do if the developers suddenly come up with schemes to block the attack or hack the DAO. vbuterin has posted on reddit a plea for any DAO holders who were about to 'split' their holdings to contact him - presumably he has a way to hack the DAO more effectively and so grab the money before the attackers grab it.
But when did he know how to do this? Was it a secret that he was sitting on, or has he only learnt about it from the existing attack?
True! It's definitely a situation where the 'market cap' of bitcoin gives it some extra stability. If the DAO contained bitcoins, it would be a far smaller % of the total and there would be fewer calls to roll back the logs.
They're now talking about essentially blacklisting the hacker's ETH address, how is that decentralised?
Halting trading is a show of force too, if they believed a single thing of what they preach they'd let the free market continue its course with the hacker walking away with the money.
Looking at your comment history it seems clear you have an agenda here, so I'll ignore the ad hominem.
Decentralization doesn't mean complete lack of central control, or anarchy, it means that balance of power is in the periphery with the broader organization largely controlled by protocol and policy. Issuing an edict in a crisis doesn't necessarily imply centralization if the member nodes can ignore the edict.
In the history of organization structures, for example, Peter Drucker in 1946 wrote the "Concept of the Corporation", a study on General Motors, which was arguably one of the early detailed studies of Decentralized governance in an organization.
how is that decentralised? [..] Halting trading is a show of force too
Decentralisation does not preclude "force". The one really has nothing to do with the other. Unless your idea of "decentralization" is actually the solipsist view that every person is an island, and social structures hold no benefit for survival.
Actually, I'd say the fact that he has to publicly ask for exchanges to stop the trades, and can't simply press a button or send out an order, shows the decentralization.
I think you're missing the point. The fact that one man can bring the whole of Ethereum trading to a halt with an announcement really demonstrates just how much power he has. So it doesn't matter that he doesn't have a physical kill switch if the end result is the same.
...but they didn't halt trading until they were asked to, so clearly it wasn't totally in their interests?
Exchanges are in a difficult position once the 'head' of ethereum tells them to stop. It's a sign that the blockchain might be forked, so any further trades they make might be undone - they simply have little choice but to stop after being told to do so.
> but they didn't halt trading until they were asked to, so clearly it wasn't totally in their interests?
Not at all. This is a classic "coordination problem". It is advantageous for many participants in the overall system to take an action, but only if the other participants are ALSO taking the action. In such a case, a widely followed and popular leader is one possible coordinating mechanism. And it does not give that popular leader the ability to do ANYTHING, only things that actually ARE popular but require coordination.
Nobody has to follow the leader. Want to keep your exchange trading? Go ahead - nobody can stop you. It just so happens that everybody agrees this time.
I don't agree. Centralised control would mean one person can change anything. Decentralised doesn't mean that nobody can propose a solution - only that others have to agree on it before it goes live.
How do you imagine decentralised decisions happening otherwise? Everyone choosing their own solution without ever talking to each other and seeing what is most popular?
I'm not sure whether we are redefining it... I suppose it depends on what definition you were starting with!
My idea of "decentralized" includes things like "continues to function perfectly well if any one person or small group is removed from the process" and "continues to function perfectly well if any one person or small group becomes malicious".
In this case, if Vitalik Buterin were not around to announce the problem, someone else could announce it and that would provide a coordinating signal for all of the independent players to act on. If Vitalik Buterin were malicious and decided to announce a rollback of a big spend he had done, then the independent miners and mining pool operators would (I hope) choose to ignore the announcement and refuse to participate.
I guess to me, having a centralized group or individual make decisions seems to violate "decentralized", but having one of several possible groups or individuals make announcements which signal the population to take action does not.
A surprising number of people seem to believe in the near-perfect efficiency of markets, that every participant is making optimal decisions based on their own goals.
Why, has anyone thought that decentralization means no one has a lot of power? I figured that people who prefer decentralizations prefer feudal power over centralized power.
He wouldn't have that power in just any old circumstance. He could have the power to launch nukes, but if that power would only work if all of the world agrees, I'd still not be afraid of him.
> I think you're missing the point. The fact that one man can bring the whole of Ethereum trading to a halt with an announcement really demonstrates just how much power he has.
The reason for this is that ethereum exchanges are not decentralized and the "program" that the owners of the exchanges execute on their brains partly allows "dynamic mental code update" by Vitalik Buterin.
Governmental currency printing has zero effect on the negotiated transaction between two people, and it does precisely nothing on my ability to choose to continue using that currency. That's the underlying freedom; use dollars or blueberry scones if you want. You just need to find a willing counter-party.
The anti-fiat crowd should think for a minute on how money actually works in practice.
Also remember that this isn't the first time this idea of 'lets rollback a blockchain due to a hack/attack' has been floated or even tried. The first major blockchain rollback almost completely destroyed the cryptocurrency [1]. Since then, some major hacks have happened and the community/developers rejected the idea of a rollback [2][3]. That was a hard lesson, and hopefully the current developers will learn from the short history.
Also to your point, yes, Ethereum is not as decentralized as some would like to claim, either from a stakeholder perspective, or from a mining perspective, or even from a 'who holds the power' perspective. I suspect that's what makes it so efficient though, in terms of changing protocol, or making decisions on behalf of stakeholders.
One could argue that at this point in its history it stands to benefit more from that efficiency than it would from more robust decentralization.
When adoption is low it stands to reason centralization would be high, and so it enables them to move faster to increase adoption, and hence lower centralization as other players and stakeholders enter the game.
However it does also stand the risk of allowing the current influential parties (the developers or miners) to influence the system in their favor. So far though, I don't think this has been the case, but we'll see how this situation plays out.
There is no doubt that centralization is more efficient than decentralization. The problem comes when developers or other stakeholders don't understand or underplay this feature.
Also, centralization/decentralization is a a scale, not discrete boolean values.
It will definitely be interesting to see how this plays out. Good luck to everyone involved.
If there is consensus that this is a problem and shouldn't be allowed, then there presumably is also consensus for even a hard fork if necessary. As an outside observer, I don't see why this is a demonstration that the decentralised system can be manipulated, is not fault tolerant, or censored.
Since if this is a problem and will be fixed, it will presumably be by consensus. We already know that with consensus the entire system can be changed (or forked, if you like). This is no secret and there was never any claim otherwise. This is exactly what they mean by decentralised.
What should worry you is if a change happens without consensus, but there is no such indication here.
slock.it are now implying that opponents of the proposed hardfork are probably the thief and asking people to contact them with information about the identity of anyone who organizes opposition to it: https://twitter.com/christopherhesh/status/74379447973649612... It's going to be a very interesting kind of "consensus", that's for sure.
So can random people who agree with each other completely control everything that happens with the currency? So if there is a company who they dislike can they just decide that they have no money?
Majority of ethereum holders would want to rollback. That is consensus. If they don't hard fork they can keep running an old node. What is the problem?
Isn't that basically measuring which side has more hashing power? It's not obvious to me why that necessarily represents "the majority of ethereum holders". Or am I missing a mechanism?
The hashing power is the voting power. Since it is not obvious how one could even define what "the majority of ethereum holders" even means (and who says that every ethereum holder who is a physical person has to have the same voting power? If this were the case one would simply split your ethereum "account" into many who are hold by stooges).
It has been proven impossible to reach full consensus at scale in a fully decentralized, asynchronous system (the FLP theorem).
So, in computer science terms, consensus algorithms are about approximating distributed consensus in the face of benign and malicious threats or communication failures, which devolves to "quorum / majority" pretty quickly in a crisis.
After the crisis, some kind of compensation, reconciliation or excommunication has to happen with the portion that disagreed.
So that means if you are against majority thought you are shit out of luck. Just think of any time when majority consensus hasn't been the optimal solution.
If you believe that there is a better way to find a consensus in a distributed system than majority you are free to implement a system based on it. I consider it as quite plausible that such a system exists, but cannot even imagine how it might look like.
There is a better way but it unfortunately requires the system to have an understanding of what the decision is about - in other words, no longer decoupling the mechanics of the decision from the meaning of the decision.
A distributed system can easily make a majority decision that is unwise, like if the votes are based off of bad information. But if the different options of the decision could be formalized and checked/proven as part of the decision making process, based off of axioms and values that participants all agree on, then perhaps the most rational decision could be selected even if it's not what the majority was initially in favor of.
The incentive here isn't to pick the side of the fork you agree with; it's to pick the side of the fork you believe will win. So you can't really say that the rollback side winning means that most miners agreed with the rollback - rather it means that most miners thought the rollback side would win. There's a strong element of "self-fulfilling prophesy" here.
What is 'network consensus'? It certainly isn't giving everyone a vote as to whether they think the rollback is a good idea or not. Instead, it's connected people wielding influence.
And if it can't be stopped, the argument about decentralized apps being "unstoppable" won't be that appealing anymore after all :)
It's sad, being able to write blockchain apps like with ethereum and lisk is cool tech, but we'll have to deal with the idea that once is out, it's out. Programming NASA style.
The only way any of that can happen is if most of the community agrees to run the software implementing the change. If you know of a way to get more decentralized than that, I'd like to hear about it.
If it takes a vast majority of participants to agree, then not really. It's decentralized, not 100% immutable. Will get harder as it gets larger but at this stage it is good to still have the ability.
At this stage yes. That's why I don't hold ether as being solid enough yet to be a store of value, aside from the fact that it's being inflated at ~25% pa. Needs to go through these teething problems now while that is still the case.
Why would that be different at later stages? Bitcoin grew more centralized with time, not decentralized: The miners with the most powerful equipment also have the most ability to become even more powerful.
It's not that simple. In the end it's what users actually use that matters. Mining on a fork that sees no use would be suicidal. So miners need to follow users, or their investment is for nothing. And users tend to follow developers, at least until there is a contentious fork.
So while there is no clear single party that makes decisions, active developers have the most say.
This is FUD, broadly speaking. The devs have put out a patch for miners which allows them to decide whether or not they wish to fork over these transactions. Centralization is not required for this decision, instead, distributed consensus.
The counterpoint to your statements is simply that consumers need safety with their money. It is no badge of honor to let unsophisticated technical people lose money for some extreme libertarian ideals.
I agree with your points. But the miners who actually have a say, if I am not mistaken, are the big ones and the pool owners. These are just a small fraction of all people running mining software.
A soft fork will undeniably require distributed consensus. It is the number of people with the actual right to vote that may be worrisome.
Perhaps the pool owners should extend their voting rights to their pool contributors, pooling votes as they pool mining shares.
(Disclaimer: I hold a small amount of ETH and participate in a mining pool.)
> This is FUD, broadly speaking. The devs have put out a patch for miners which allows them to decide whether or not they wish to fork over these transactions. Centralization is not required for this decision, instead, distributed consensus.
With all respect Peter, this is not FUD and OP is raising a valid concern. Yes, the miners vote on the patch - but given the infant state of the ecosystem and the large loss incurred, even further controversy or delay in finding a resolution may cause them permanent economic harm; so it would appear that there is little leeway in the choice involved.
> The counterpoint to your statements is simply that consumers need safety with their money. It is no badge of honor to let unsophisticated technical people lose money for some extreme libertarian ideals.
Yes, that's certainly the argument, particularly that if there is majority agreement than the protocol change is justified. But this doesn't at all invalidate OP's concern that fundamentally algorithmic contract's aren't binding if such an alteration can be adopted. The case could be made that in a more mature ecosystem such case specific alterations are more potentially damaging than useful and that this is a transitional phase, yet I think the burden of proof is on the one responding.
>so it would appear that there is little leeway in the choice involved.
I think we agree on this. The reality is that an active choice will still have to be made by a consensus group, though. It's not a matter of something being forced down the throats of a majority by an oligarchy, it's utilizing the existing consensus mechanism.
I think OP should be well warned here as to what is binding with smart contracts, for sure. This isn't any different than risk calculations in Bitcoin, though -- early days advice was to wait six blocks for transactions over $20, because the cost of subverting the network was very low. This is part of the give and take of mining and distributed consensus with current technologies.
> If this hack can be stopped, then it demonstrates that the currency can be manipulated, that the decentralised system is not so fault tolerant or uncensored after all, and that people out there know this.
My thought exactly. And despite putting a little money into the DAO myself, this is the kind of risk I was willing to take. I should lose my money. Miners should vote strongly against this fork.
I know in the Bitcoin community this wouldn't be accepted, not so sure about Ethereum though where the developers have a lot more control (than they should IMO).
Also just remember, that Rome was not built in one day. Progressing mankind with a functioning DAO is most likely worth much more than even a $200M failure (worst case scenario) if you look at how it could increase world productivity/efficiency.
The developers appear to be treating this as a dev environment - "We were starting a new team (welcome @hiddentao, @evertonfraga and @luclu) and I was pushing for weekly releases, without proper testing. Meanwhile the DAO happened, and we wanted to make a release that had support for events subscription without realizing the performance impact it would have..."
I realize this is the wallet development but they are absolutely related and shows the culture of this software is not as professional or thought out as it should be.
It's almost as if a cryptocurrency system used by the grey market and black market sections of the internet contained actual blackhats. What a surprise.
Much as I hate to link to reddit, for effective and biting criticism of cryptocurrencies: http://reddit.com/r/buttcoin
And USD are used for all kinds of illegal things; solutions include restricting paper transactions to $100 units of currency (so that large amounts of currency are bulky and heavy) and all kinds of restrictions on transactions over $10,000.
This wasn't the impression I got of Ethereum. Nor am I terribly shocked at their talk of a hard fork. They always seemed more "pragmatic" about these things than typical bitcoin fans, more of a "if a majority of the participants are OK with it, what's the problem?" attitude. Which is IMO more realistic.
The DAO, though, that always seemed slightly fishy to me. "A company for carrying out an undertaking of great advantage, but nobody to know what it is right now".
Buttcoin in my experience has been less about insightful criticism and more about ... well, the kind of criticism the name suggests.
Yeah, I mean, did anyone NOT see this coming? All these crypto currencies are a disaster already, then someone has the bright idea to have them execute code. Gee, what could go wrong.
The provided link is just a page showing a bunch of transactions. For someone like me, who is not so intimate with the Ethereum terminology in use (but who is still interested in the DAO, as an observer), could someone provide a layman's explanation of what's going on?
Somewhat more specifically, I'm wondering the following:
- At a high level, what does this attack actually consist of?
- How does ethereum "go missing" in a distributed blockchain, where you can see all the transaction endpoints?
- Who loses and who gains from an attack of this scale?
- How severe could this attack be - does it pose an existential threat to The DAO (or Ethereum, more broadly)?
- How is this attack being perpetrated? Has the attack vector been previously anticipated? Why is this unexpected?
It's a reentry bug - native ETH always calls the recipient contract's code on transfer, which can call back into the current function. If you manage native ETH do accounting in the wrong order, you can "withdraw" multiple times.
It doesn't "go missing", presumably the hacker will drain it into Bitcoin via any anonymous exchange accounts they have. Everyone loses big time (except the attacker if they manage to launder some of the coins). Watch for a wave of rebranding.
> How severe could this attack be - does it pose an existential threat to The DAO (or Ethereum, more broadly)?
We will see. The group behind TheDAO has a lot of pull - if Ethereum successfully rejects calls for a hard fork that will damage it severely in the public's eye, but will be the ultimate proof of concept.
> How is this attack being perpetrated? Has the attack vector been previously anticipated? Why is this unexpected?
"""
No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery
Our team is blessed to have Dr. Christian Reitwießner, Father of Solidity, as its Advisor. During the early development of the DAO Framework 1.1 and thanks to his guidance we were made aware of a generic vulnerability common to all Ethereum smart contracts. We promptly circumvented this so-called “recursive call vulnerability” or “race to empty” from the DAO Framework 1.1 as can be seen on line 580:
// we are setting this here before the CALL() value transfer to
// assure that in the case of a malicious recipient contract trying
// to call executeProposal() recursively money can’t be transferred
// multiple times out of the DAO
p.proposalPassed = true;
Three days ago this design vulnerability potential was raised in a blog post which subsequently led to the discovery of such an issue in an unrelated project, MakerDAO. This was highlighted in a reddit post, with MakerDAO being able to drain their own funds safely before the vulnerability could be exploited.
Around 12 hours ago user Eththrowa on the DAOHub Forum spotted that while we had identified the vulnerability in one aspect of the DAO Framework, the existing (and deployed) DAO reward account mechanism was affected. His message and our prompt confirmation can be found here.
We issued a fix immediately as part of the DAO Framework 1.1 milestone.
The important takeaway from this is: as there is no ether whatsoever in the DAO’s rewards account — this is NOT an issue that is putting any DAO funds at risk today.
"""
Slock.it are the cheerleaders of the DAO (and were the likely recipients of its funds had it not been hacked). They previously boasted about how their audit of the code found no issues other than a slight rounding error if the DAO became worth trillions of dollars. It's entirely in character for them to post further messages reporting how wonderful, secure and perfect their code is, in the face of terrible problems.
In my understanding the attack vector was anticipated for the executeProposal() function, but the attacker is using a recursive call of the splitDAO() function.
This blog post[1] from the Ethereum Team describes the possible attack.
I find it truly amazing that a project with hundreds of millions of dollars at stake could have such a simple bug. After they discovered the first bug, it seems like they should have sat down to carefully audit all other places where that could happen - because it seems like the attackers certainly did!
From reading the article on Smart Contract security (https://blog.ethereum.org/2016/06/10/smart-contract-security...), I get the feeling that the programming model might be somewhat to blame. The "obvious" ways of implementing something are subtly broken, in ways that are very difficult to anticipate without a very deep understanding of the protocol. The programming model demands that the program be capable of calling functions that are not under the programmer's control, and which can do nearly anything. This is very, very difficult to get right, and very easy to screw up, as anyone who has tried to write a sandbox environment can attest to.
i'm surprised they don't have inbuilt support for some kind of async transfer primitive. so instead of doing:
address.call.value(amount) and the call being synchronous
you do:
address.call.queue_value(amount) and then at the end of your contract execution it runs the asynchronous calls that have been queued
a lot of the DAO calls (all of them??) to external addresses don't need the result so having an asynchronous transfer primitive would have just solved the problem.
these external callbacks are very dangerous. for example you have function _entry_ call function _logic_ and everything is ok. then someone decides to change function _logic_ to perform an external callback and this breaks the behaviour of function _entry_. when you have this non-local side effects from changes you will create security bugs very easily.
Or, they could just plow that currency into BTC at diminishing value as fast as possible. That's presumably what I would do if I discovered a bug like this and wanted to make bank.
I think they could also be shorting ETH, in dollars/euros/rubles/yuans, in which case destroying the currency would be excellent business for them, even if they can't extract what they stole.
Poloniex seems to be the exchange with the largest volume (I somehow doubt anyone is buying long-positions larger than that) - so it looks like they could at least cash out several thousand bitcoins - although it's been a while since I've been on their site and if they offer API access some of those positions might be automatically diverted as the price moves.
Shorting small illiquid markets is very difficult and prone to blowing up in your face. The most recent famous example of this is Porsche/VW: http://www.economist.com/node/12523898
The purpose of a hack (or any crime) is not to extract the maximum possible value, but to extract the maximum value and get away with it. Cashing out quickly and disappearing is part of the escape strategy. They probably won't care if it destroys the currency.
- I don't think there's any definitive details yet, but it could be an instance of this attack [1].
The code behind the DAO is available here [2].
Apparently [3], there's a bug where one can recursively call `splitDAO` multiple times to extract ether from the contract if one has a split open.
- Ether can go missing when it is sent to a public address which has no known corresponding private key. It's a "we can't inverse a hash" type of problem.
- People lose if they're holding a long position on ETH, or have DAO which they can now no longer recoup to ETH. People gain if they're shorting ETH, or are the attacker themselves (it looks like the ETH from the dao is going to this address [4])
- Looks to be an existential threat to the DAO from where we're standing right now. I can't see any mitigations but an entire Ethereum blockchain split.
This is astonishing. The company behind the DAO knew that the bug in question affected withdrawals from the DAO rewards balance and wrote a blog post saying this isn't an issue because it's empty, but either didn't bother checking whether withdrawals of of people's original capital through the splitDAO mechanism (which is possible) had the same bug, or did and pretended it didn't exist and everyone's funds were fine.
Ah, I see: the money isn't missing, it's just gone to an unknown party (the hacker) - so we're practically watching a bank heist in progress, where the "good guys" are trying to slow down the robber's getaway vehicle (by flooding the transaction network).
I looked into this a bit more, and it seems very likely that the attackers are exploiting a recursive call - from https://live.ether.camp/account/304a554a310c7e546dfe434669c6..., I can see that most of the transactions are internal, with the API reporting monotonically increasing call-depth values. It seems like there are three recursive calls involved here: one call in the DAO, a second call to transfer money to the attacker, and a third "dummy" call which appears to transfer nothing (but presumably kicks off the next recursion into the DAO).
The scary thing, to me, is that someone else could figure out the bug right now and start exploiting it - presumably, all the relevant code is open source.
I'm not sure someone else could start exploiting the bug - I suspect that they need to have DAO tokens and successfully vote to split their share off into a new sub-DAO they control first, and if I recall correctly there's a minimum voting period that has to elapse for that to happen.
> - At a high level, what does this attack actually consist of?
At a high level, The Dao is like Pokemon. Casual observation suggests that it may be a more or less consistent world internally and that a lot of people are very excited about it. A few of those people even claim to fully understand how it works. But there's a lot of fat guys with acne blindly spending on Pokemon cards thinking it's a wise investment.
Unfortunately, the fans are so excited that they jump up and down clapping all the time and forget to breath while they're talking. This makes it very difficult to understand what they're trying to say. If you manage to understand, you will hear something like:
"Most Pokémon have only one type. However, EX Team Magma vs Team Aqua introduced Dual-type Pokémon, which have two different types. For a while, all existing dual-type cards had either Darkness or Metal as their secondary type, with the exception of certain Pokémon cards with the Dual Armor Poké-Body, such as Medicham from the EX Crystal Guardians expansion, which can have multiple types when certain energy are attached."
Now what possibly happened during the attack is that Pokemon cards are spontaneously catching fire! This is particularly troubling, because Pokemon just came out with a super-duper fire defence card and told everyone to buy it for lots and lots of money. And everybody did.
Now while all of this is clearly very troubling for heavily invested Pokemon fans. But in the grand scheme of things, well a butterfly flapped it's wings in China: there's a theoretical possibility that this affects anything, but in practice no one but fans cares.
> - How does ethereum "go missing" in a distributed blockchain, where you can see all the transaction endpoints?
1. keep the exp you earned
2. lose some money
3. wind back at the pokemon center at the pokemon league
4. have to start over on the e4
> Who loses and who gains from an attack of this scale?
Pokemon fans, obviously.
> How severe could this attack be - does it pose an existential threat to The DAO (or Ethereum, more broadly)?
Synchronoise when used by Pokémon like Umbreon. It deals damage to every Pokémon that shares the user's type, so in Umbreon's case it hits every Dark type Pokémon. Only it doesn't, because it's a Psychic move and always fails.
Funny, but to be fair this doesn't apply to Ethereum only, the vast majority of discussions here on HN would look like this to a person not interested in programming or tech.
And that's fine, nothing wrong with having a hobby and being passionate about it. Not everything needs to have an impact in the grand scheme of things.
I always though that Etherium had a huge attack surface. Each script has to be security audited, etc. That's the thing about Bitcoin. It's as simple as possible while still being secure and useful and has been beat up and audited by the best security pros in the world. Distributed Systems are not easy. Secure distributed systems with Byzantine fault tolerance are even harder. Etherium is just trying to do too much.
Doesn't this show an issue with the Distributed Systems on Ethereum, with every script that has to be audited individually, and not with the platform itself?
I'm with you on the fact that proper auditing is an absolute must, as this DAO fiasco shows, but I don't think this event exposes any flaws in the Ethereum platform itself.
I recently attended an Ethereum workshop that was scheduled for two hours. Three hours later and most of the audience were no more wise about Ethereum than when they first entered the room. It certainly didn't help that workshop was led by web developer (a passionate Ethereum supporter) who had no interest in the concensus algorithm or other dense technical issues, but what was quickly apparent to me was that Ethereum has a steep learning curve. With such technologies, it is important to take more time to understand the concepts and the details. Maybe in the rush for VC money, some developers have failed to grasp that.
I've held a similar opinion, but lately with the run up in the Ethereum price I was worried that I was missing something other people saw. Apparently this isn't a vulnerability in Ethereum itself, but it may still have serious consequences for the network.
There are plenty of proposals to add complexity to the Bitcoin system. I hope that people promoting those proposals pay attention to this example of the problems complexity will inevitably cause.
628 comments
[ 3.1 ms ] story [ 343 ms ] threadgriff [10:05 AM] @channel The DAO is being attacked. It has been going on for 3-4 hours, it is draining ETH at a rapid rate. This is not a drill. You can help: If anyone knows who has the split proposals Congo Split, Beer Split and FUN-SPLT-42, please DM me We need their help! If you want to help, you can vote yes on those aforementioned split proposals. especially people who’s tokens are blocked because they voted for Prop 43 (the music app one). We need to spam the Network so that we can mount a counter attack all the brightest minds in the Ethereum world are in on this. please use this: for (var i = 0; i < 100; i++) { eth.sendTransaction({from: eth.accounts[4], gas: 2300000, gasPrice: web3.toWei(20, 'shannon'), data: '0x5b620186a05a131560135760016020526000565b600080601f600039601f565b6000f3'}) } to spam the chain
http://www.coindesk.com/the-dao-just-raised-50-million-but-w...
If you wait long enough it loads for me.
- 2,436,828 Ethereum has been routed to the address starting "0x304a554a310c7e546" [0]
- This is worth roughly $46,000,000.
- This has happened because there is some weakness in the Ethereum security
- The conversion between Ethereum and USD is dropping significantly, now down to 16. [1]
Due to this security threat, the developer is telling people to try to effectively DDOS the service in order to stop all transactions. Also, people are being told to split, but I can't see why.
Copy of page at 9:45: - http://puu.sh/pvOqy/929f40bddb.png
[0] https://etherchain.org/account/0x304a554a310c7e546dfe434669c...
[1] http://puu.sh/pvOVw/5443a70ced.png
Doubly so when the latest reviewers of this systems and custodians of the DAO include the system's creators.
When building systems that provide irreversible transaction processing, safe only under perfect use is not sufficient.
Ethereum just has to work. It doesn't have to be pretty. It doesn't have to be easy. Being pretty will help it work, but there's enough money on the table, and TheDAO demonstrates this, that it will advance on alternative institutions if it works.
TheDAO may never be 'safe' or 'perfect'. It only has to be safe right now, from the threats that real, interested parties are capable of implementing. This list of threats is quite large at 250,000,000$, and will be larger when/if TheDAO/its descendants hit 250,000,000,000$+.
http://pastebin.com/DykumjLs
azzo [2:22 PM] what's DM
dan_tudor [3:49 PM] So who is buying Dao tokens right now?
So much self importance mixed with faux understanding of technology and a dash of desperate desire to belong to a special group.
On a more positive note, my bitcoin wallet is rapidly approaching steak dinner territory as of last month. It's the little things in life!
"Ethereum is a decentralized platform for applications that run exactly as programmed without any chance of fraud, censorship or third-party interference."
Right ...
' “This is the land where dreams–dreams, do you understand–come to life, come real. Not daydreams: dreams.” There was about half a minute’s silence, and then with a great clatter of armor, the whole crew were tumbling down the main hatch as quick as they could and flinging themselves on the oars to row as they had never rowed before. . . . For it had taken everyone just that half-minute to remember certain dreams they had had–dreams that make you afraid of going to sleep again–and to realize what it would mean to land on a country where dreams come true. ' - C. S. Lewis’s Voyage of the Dawn Treader
There was a bug in TheDAO's code. It got exploited in order to siphon off cryptocurrency worth many millions in USD.
Last time I looked at the Bitcoin code they had actually disabled some of the original opcodes due to security concerns. I'd be interested to see that this trend had reversed.
I think my point was more that the conservative approach Bitcoin takes works better on the long term, and there's still proposals that slowly get implemented.
I first got into Bitcoin in 2011, and since then there's been plenty of new opcodes, and as you say some original ones that got disabled as they presented risks.
Latest one I can think of that got implemented would be OP_CHECKLOCKTIMEVERIFY in 2014/15 (?), but I haven't really kept up with the BIPs that much with all the infighting
If this hack can be stopped, then it demonstrates that the currency can be manipulated, that the decentralised system is not so fault tolerant or uncensored after all, and that people out there know this.
Edit: to be clear, the 51% attack I'm referring to is actually the defense of the network by developers/miners/users that the parent post is complaining about.
I wonder how different ether will turn out to be, will they bail it out by rolling back the blockchain?
But when did he know how to do this? Was it a secret that he was sitting on, or has he only learnt about it from the existing attack?
All the talk of /ethereum/ being decentralized.
Halting trading is a show of force too, if they believed a single thing of what they preach they'd let the free market continue its course with the hacker walking away with the money.
Looking at your comment history it seems clear you have an agenda here, so I'll ignore the ad hominem.
In the history of organization structures, for example, Peter Drucker in 1946 wrote the "Concept of the Corporation", a study on General Motors, which was arguably one of the early detailed studies of Decentralized governance in an organization.
Decentralisation does not preclude "force". The one really has nothing to do with the other. Unless your idea of "decentralization" is actually the solipsist view that every person is an island, and social structures hold no benefit for survival.
Decentralization doesn't prevent coordination.
Exchanges are in a difficult position once the 'head' of ethereum tells them to stop. It's a sign that the blockchain might be forked, so any further trades they make might be undone - they simply have little choice but to stop after being told to do so.
Not at all. This is a classic "coordination problem". It is advantageous for many participants in the overall system to take an action, but only if the other participants are ALSO taking the action. In such a case, a widely followed and popular leader is one possible coordinating mechanism. And it does not give that popular leader the ability to do ANYTHING, only things that actually ARE popular but require coordination.
That's the exact opposite of decentralized. Are we going to have to redefine the word?
How do you imagine decentralised decisions happening otherwise? Everyone choosing their own solution without ever talking to each other and seeing what is most popular?
My idea of "decentralized" includes things like "continues to function perfectly well if any one person or small group is removed from the process" and "continues to function perfectly well if any one person or small group becomes malicious".
In this case, if Vitalik Buterin were not around to announce the problem, someone else could announce it and that would provide a coordinating signal for all of the independent players to act on. If Vitalik Buterin were malicious and decided to announce a rollback of a big spend he had done, then the independent miners and mining pool operators would (I hope) choose to ignore the announcement and refuse to participate.
I guess to me, having a centralized group or individual make decisions seems to violate "decentralized", but having one of several possible groups or individuals make announcements which signal the population to take action does not.
I didn't stop eating excess salt until my doctor asked me to do so - and it was totally in my interest.
This is, of course, absurdly optimistic.
The reason for this is that ethereum exchanges are not decentralized and the "program" that the owners of the exchanges execute on their brains partly allows "dynamic mental code update" by Vitalik Buterin.
And the governmental powers-that-be can press a button and prevent citizens from exchanging cash?
The anti-fiat crowd should think for a minute on how money actually works in practice.
Also to your point, yes, Ethereum is not as decentralized as some would like to claim, either from a stakeholder perspective, or from a mining perspective, or even from a 'who holds the power' perspective. I suspect that's what makes it so efficient though, in terms of changing protocol, or making decisions on behalf of stakeholders.
[1] http://247cryptonews.com/vericoin-lack-integrity-bailout-min...
[2] https://www.cryptocoinsnews.com/official-nxt-decision-blockc...
[3] http://www.newsbtc.com/2014/12/17/opal-recovers-1-7-million-...
When adoption is low it stands to reason centralization would be high, and so it enables them to move faster to increase adoption, and hence lower centralization as other players and stakeholders enter the game.
However it does also stand the risk of allowing the current influential parties (the developers or miners) to influence the system in their favor. So far though, I don't think this has been the case, but we'll see how this situation plays out.
Also, centralization/decentralization is a a scale, not discrete boolean values.
It will definitely be interesting to see how this plays out. Good luck to everyone involved.
Since if this is a problem and will be fixed, it will presumably be by consensus. We already know that with consensus the entire system can be changed (or forked, if you like). This is no secret and there was never any claim otherwise. This is exactly what they mean by decentralised.
What should worry you is if a change happens without consensus, but there is no such indication here.
So, in computer science terms, consensus algorithms are about approximating distributed consensus in the face of benign and malicious threats or communication failures, which devolves to "quorum / majority" pretty quickly in a crisis.
After the crisis, some kind of compensation, reconciliation or excommunication has to happen with the portion that disagreed.
A distributed system can easily make a majority decision that is unwise, like if the votes are based off of bad information. But if the different options of the decision could be formalized and checked/proven as part of the decision making process, based off of axioms and values that participants all agree on, then perhaps the most rational decision could be selected even if it's not what the majority was initially in favor of.
It's sad, being able to write blockchain apps like with ethereum and lisk is cool tech, but we'll have to deal with the idea that once is out, it's out. Programming NASA style.
[1] https://www.reddit.com/r/ethereum/comments/4oiqj7/critical_u...
Why is that different for Ethereum?
So while there is no clear single party that makes decisions, active developers have the most say.
Once it gets bigger the security goes up as events like this affect the currency less and less.
The counterpoint to your statements is simply that consumers need safety with their money. It is no badge of honor to let unsophisticated technical people lose money for some extreme libertarian ideals.
A soft fork will undeniably require distributed consensus. It is the number of people with the actual right to vote that may be worrisome.
Perhaps the pool owners should extend their voting rights to their pool contributors, pooling votes as they pool mining shares.
(Disclaimer: I hold a small amount of ETH and participate in a mining pool.)
With all respect Peter, this is not FUD and OP is raising a valid concern. Yes, the miners vote on the patch - but given the infant state of the ecosystem and the large loss incurred, even further controversy or delay in finding a resolution may cause them permanent economic harm; so it would appear that there is little leeway in the choice involved.
> The counterpoint to your statements is simply that consumers need safety with their money. It is no badge of honor to let unsophisticated technical people lose money for some extreme libertarian ideals.
Yes, that's certainly the argument, particularly that if there is majority agreement than the protocol change is justified. But this doesn't at all invalidate OP's concern that fundamentally algorithmic contract's aren't binding if such an alteration can be adopted. The case could be made that in a more mature ecosystem such case specific alterations are more potentially damaging than useful and that this is a transitional phase, yet I think the burden of proof is on the one responding.
I think we agree on this. The reality is that an active choice will still have to be made by a consensus group, though. It's not a matter of something being forced down the throats of a majority by an oligarchy, it's utilizing the existing consensus mechanism.
I think OP should be well warned here as to what is binding with smart contracts, for sure. This isn't any different than risk calculations in Bitcoin, though -- early days advice was to wait six blocks for transactions over $20, because the cost of subverting the network was very low. This is part of the give and take of mining and distributed consensus with current technologies.
My thought exactly. And despite putting a little money into the DAO myself, this is the kind of risk I was willing to take. I should lose my money. Miners should vote strongly against this fork.
I know in the Bitcoin community this wouldn't be accepted, not so sure about Ethereum though where the developers have a lot more control (than they should IMO).
https://github.com/ethereum/mist/releases/tag/0.7.5
I realize this is the wallet development but they are absolutely related and shows the culture of this software is not as professional or thought out as it should be.
Much as I hate to link to reddit, for effective and biting criticism of cryptocurrencies: http://reddit.com/r/buttcoin
eth is also traded to and from USD on various exchanges, so that's a parallel, too?
Listen, I'm no ethereum fanboy here, but logic, let's use it.
Sure, it's probably a contract issue, but we'd have some much better contract code if the VM didn't require you to code defensively all the time.
The DAO, though, that always seemed slightly fishy to me. "A company for carrying out an undertaking of great advantage, but nobody to know what it is right now".
Buttcoin in my experience has been less about insightful criticism and more about ... well, the kind of criticism the name suggests.
Somewhat more specifically, I'm wondering the following:
- At a high level, what does this attack actually consist of?
- How does ethereum "go missing" in a distributed blockchain, where you can see all the transaction endpoints?
- Who loses and who gains from an attack of this scale?
- How severe could this attack be - does it pose an existential threat to The DAO (or Ethereum, more broadly)?
- How is this attack being perpetrated? Has the attack vector been previously anticipated? Why is this unexpected?
It doesn't "go missing", presumably the hacker will drain it into Bitcoin via any anonymous exchange accounts they have. Everyone loses big time (except the attacker if they manage to launder some of the coins). Watch for a wave of rebranding.
> How severe could this attack be - does it pose an existential threat to The DAO (or Ethereum, more broadly)?
We will see. The group behind TheDAO has a lot of pull - if Ethereum successfully rejects calls for a hard fork that will damage it severely in the public's eye, but will be the ultimate proof of concept.
> How is this attack being perpetrated? Has the attack vector been previously anticipated? Why is this unexpected?
Why, take a look: https://blog.slock.it/no-dao-funds-at-risk-following-the-eth...
Copied:
""" No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery Our team is blessed to have Dr. Christian Reitwießner, Father of Solidity, as its Advisor. During the early development of the DAO Framework 1.1 and thanks to his guidance we were made aware of a generic vulnerability common to all Ethereum smart contracts. We promptly circumvented this so-called “recursive call vulnerability” or “race to empty” from the DAO Framework 1.1 as can be seen on line 580: // we are setting this here before the CALL() value transfer to // assure that in the case of a malicious recipient contract trying // to call executeProposal() recursively money can’t be transferred // multiple times out of the DAO p.proposalPassed = true; Three days ago this design vulnerability potential was raised in a blog post which subsequently led to the discovery of such an issue in an unrelated project, MakerDAO. This was highlighted in a reddit post, with MakerDAO being able to drain their own funds safely before the vulnerability could be exploited. Around 12 hours ago user Eththrowa on the DAOHub Forum spotted that while we had identified the vulnerability in one aspect of the DAO Framework, the existing (and deployed) DAO reward account mechanism was affected. His message and our prompt confirmation can be found here. We issued a fix immediately as part of the DAO Framework 1.1 milestone. The important takeaway from this is: as there is no ether whatsoever in the DAO’s rewards account — this is NOT an issue that is putting any DAO funds at risk today. """
This blog post[1] from the Ethereum Team describes the possible attack.
[1]https://blog.ethereum.org/2016/06/10/smart-contract-security...
I guess if Ethereum makes a hard fork, that will damage it much more - basically, it makes the "smart" contracts unenforcable.
From reading the article on Smart Contract security (https://blog.ethereum.org/2016/06/10/smart-contract-security...), I get the feeling that the programming model might be somewhat to blame. The "obvious" ways of implementing something are subtly broken, in ways that are very difficult to anticipate without a very deep understanding of the protocol. The programming model demands that the program be capable of calling functions that are not under the programmer's control, and which can do nearly anything. This is very, very difficult to get right, and very easy to screw up, as anyone who has tried to write a sandbox environment can attest to.
address.call.value(amount) and the call being synchronous
you do:
address.call.queue_value(amount) and then at the end of your contract execution it runs the asynchronous calls that have been queued
a lot of the DAO calls (all of them??) to external addresses don't need the result so having an asynchronous transfer primitive would have just solved the problem.
these external callbacks are very dangerous. for example you have function _entry_ call function _logic_ and everything is ok. then someone decides to change function _logic_ to perform an external callback and this breaks the behaviour of function _entry_. when you have this non-local side effects from changes you will create security bugs very easily.
[0] http://coinmarketcap.com/currencies/ethereum/#markets
[1] https://poloniex.com/exchange#btc_eth
[1] https://www.reddit.com/r/ethereum/comments/4oiesu/polo_froze...
The code behind the DAO is available here [2].
Apparently [3], there's a bug where one can recursively call `splitDAO` multiple times to extract ether from the contract if one has a split open.
- Ether can go missing when it is sent to a public address which has no known corresponding private key. It's a "we can't inverse a hash" type of problem.
- People lose if they're holding a long position on ETH, or have DAO which they can now no longer recoup to ETH. People gain if they're shorting ETH, or are the attacker themselves (it looks like the ETH from the dao is going to this address [4])
- Looks to be an existential threat to the DAO from where we're standing right now. I can't see any mitigations but an entire Ethereum blockchain split.
[1] https://blog.slock.it/no-dao-funds-at-risk-following-the-eth...
[2] https://github.com/slockit/DAO/blob/develop/DAO.sol
[3] http://pastebin.com/DykumjLs
[4] http://etherscan.io/address/0x304a554a310c7e546dfe434669c628...
I looked into this a bit more, and it seems very likely that the attackers are exploiting a recursive call - from https://live.ether.camp/account/304a554a310c7e546dfe434669c6..., I can see that most of the transactions are internal, with the API reporting monotonically increasing call-depth values. It seems like there are three recursive calls involved here: one call in the DAO, a second call to transfer money to the attacker, and a third "dummy" call which appears to transfer nothing (but presumably kicks off the next recursion into the DAO).
The scary thing, to me, is that someone else could figure out the bug right now and start exploiting it - presumably, all the relevant code is open source.
At a high level, The Dao is like Pokemon. Casual observation suggests that it may be a more or less consistent world internally and that a lot of people are very excited about it. A few of those people even claim to fully understand how it works. But there's a lot of fat guys with acne blindly spending on Pokemon cards thinking it's a wise investment.
Unfortunately, the fans are so excited that they jump up and down clapping all the time and forget to breath while they're talking. This makes it very difficult to understand what they're trying to say. If you manage to understand, you will hear something like:
"Most Pokémon have only one type. However, EX Team Magma vs Team Aqua introduced Dual-type Pokémon, which have two different types. For a while, all existing dual-type cards had either Darkness or Metal as their secondary type, with the exception of certain Pokémon cards with the Dual Armor Poké-Body, such as Medicham from the EX Crystal Guardians expansion, which can have multiple types when certain energy are attached."
Now what possibly happened during the attack is that Pokemon cards are spontaneously catching fire! This is particularly troubling, because Pokemon just came out with a super-duper fire defence card and told everyone to buy it for lots and lots of money. And everybody did.
Now while all of this is clearly very troubling for heavily invested Pokemon fans. But in the grand scheme of things, well a butterfly flapped it's wings in China: there's a theoretical possibility that this affects anything, but in practice no one but fans cares.
> - How does ethereum "go missing" in a distributed blockchain, where you can see all the transaction endpoints?
1. keep the exp you earned 2. lose some money 3. wind back at the pokemon center at the pokemon league 4. have to start over on the e4
> Who loses and who gains from an attack of this scale?
Pokemon fans, obviously.
> How severe could this attack be - does it pose an existential threat to The DAO (or Ethereum, more broadly)?
Synchronoise when used by Pokémon like Umbreon. It deals damage to every Pokémon that shares the user's type, so in Umbreon's case it hits every Dark type Pokémon. Only it doesn't, because it's a Psychic move and always fails.
And that's fine, nothing wrong with having a hobby and being passionate about it. Not everything needs to have an impact in the grand scheme of things.
https://en.wikipedia.org/wiki/Rai_stones
https://www.reddit.com/r/ethereum/comments/4oi2ta/i_think_th...
It's not just hard.
I'm with you on the fact that proper auditing is an absolute must, as this DAO fiasco shows, but I don't think this event exposes any flaws in the Ethereum platform itself.
Obviously it's not enough to just say "some guys did a security audit and everything looks fine."
There are plenty of proposals to add complexity to the Bitcoin system. I hope that people promoting those proposals pay attention to this example of the problems complexity will inevitably cause.
https://blog.daohub.org/the-dao-is-under-attack-8d18ca45011b...