Thankfully centralized things ljke laws, courts and police exist to bail out the code is law jungle of “decentralized” finance.
It’s becoming apparent to me that the main innovation of crypto is a form of regulatory arbitrage. You or me cannot sell derivatives like Goldman Sachs but in crypto land you totally can from your home with a laptop.
You can start a gambling casino on ethereum and get away with not following any of the laws regarding gambling as long as you couch it in financial and blockchain buzzwords.
Some people will make a lot of money doing legitimate work and some scamming others until all of this becomes big enough to become mainstream and regulated.
It's endlessly amusing to watch a group of (mostly) finance "outsider" engineering teams rediscover all the reasons the current financial system works like it does.
This story is only notable because mistaken transactions get reversed all the time. This scenario was the result of a strange but intentional quirk in the law.
Did you read your own link past the headline? Citi accidentally repaid the loan in its entirety earlier than necessary. No money was lost or stolen. The lender decided to keep the early repayment of its money which is legally allowed.
Yes, I did. Did you read the comment I was replying to? Isn’t it ‘endlessly amusing’ to observe one of the biggest banks in the world discover why the finance system works the way it does? And if it was ‘no big deal’ then why did Citibank sue to get the money returned?
I don’t use or advocate for DeFi, but the weird smugness of random people defending the existing financial system is quite off putting and frankly hard to understand given the last few decades.
You are forgetting the multi-millions of people that lost money on crypto so far. They are just written off as sore losers...
Confirmation bias plays a big role in the popularity of crypto, in unsettingly the same way as it does with people dreaming to become a famous soccer player... mostly through confirmation bias and very little value-add.
It's also endlessly amusing to watch traditional finance types take every crypto 'bump in the road' as an opportunity to justify their careers + justify their delusions about the status-quo & future of finance.
It can only be "endlessly amusing" because there are "endless" of these bumps, so far.
But, as with cryptocurrencies, it just doesn't make any sense. Maybe a boxer taking it on the chin round after round can derive some satisfaction from still being conscious. But they aren't making any progress and would be rather stupid to continue considering it a winning strategy.
For those with a longer history on Wall St, it was essentially a new asset class with all the easy money arbitrage opportunities that went away in equities 20+ years ago back again.
Or, like in the case of Ethereum’s DAO hack, they can hyper-narrowly renege on “code is law” for this one case, where the logic error affects politically connected leaders, which is soooo much better than the corrupt legal system it’s replacing.
I don't know about punishment, but the recovery rate for stolen/extorted crypto is much higher than for fiat cash.
This is likely an issue of sophistication -- crypto hackers don't have decades of "best practices" knowledge to draw from, and may also feel a false sense of security.
I can't find it for the life of me, but I remembered reading that recovery of stolen crypto was both faster and more successful. I'll retract that claim for now.
In the meantime, this article explains how and why that would be the case:
A distinction with MtGOX is that it was providing a centralized exchange and legally binding contract to its users (not a smart contract), which the owners violated. In this case they'd be criminally and civilly liable.
A person following the letter of a smart contract for their benefit, while not breaking the terms of any legally binding contract they've signed, has yet to be charged with a crime (to my knowledge)
There's a large difference in capex required to start and operate a lending/borrowing protocol on Ethereum vs starting a bank/credit union that has nothing to do with regulation.
Look at the size of a dev team for Uniswap or Aave, then look at the number of employees for Wells Fargo. Then look at the physical assets of a bank like their branches and office space.
I understand the whole point of crypto is the future bet that centralisation/regulation by state actors will eventually be _less_ trustable. This one hack means $600MM lost, but how much has been routinely lost to bad governance, inflation or corruption? How much value has been destroyed in the 2008 housing crisis?
In the long run, the crypto market can professionalize enough while remaining decentralised, such that the risk/reward is attractive compared to holding 100% fiat – this seems to be people's bet, not that crypto is inherently safe.
While I understand how inflation may, in theory, be something that could change with some breakthrough in economics (even though I don't buy that inflation is actually a problem, or that cryptocurrencies represent such a breakthrough), I have no idea how they would be of help fighting "corruption and bad governance".
Which is the problem with that community: they seem to have these extremely naive yet cynical view of politicians just being "stupid", money being wasted, everyone being corrupt etc. And that, somehow, their funny little hashes are the silver bullet to solve these issues.
I think the Bitcoin community give the rest of the space a bad name. There are too many people with fringe libertarian views in that space that dominate the narrative. Ethereum, I've found is a much more interesting space. It's valuable because you can actually use the blockchain for things more complicated than just sending coins around. As stupid as many of the NFTs are right now, they have the potential to completely change how the art, music and gaming industries are monetized. Defi has a huge potential to make banking more efficient and provide banking services to underserved areas as long as they have an internet connection.
Bitcoin is an attempt to redesign the international monetary system by people who are clueless about economics. The result speaks for itself. A payment system that doesn't work and can't work, and a currency that would sink any country adopting it into a deep depression. Defi is to finance what bitcoin is to currency. A bunch of kids who wanted to "do finance" without actually knowing anything about finance. They still haven't figured out that you can't do finance with unconfiscatable assets. The main problem isn't lack of professionalism, but the fact that it's broken by design.
There is about 80 billion being used in defi right now and growing, I'd say that they are "doing finance" pretty well. The scams are outliers, comparable to the number of scams pulled over the internet in general. Calling them kids is just rude, save your ad hominem attacks for another site.
That's a lot of money being used in defi (whatever that means) but do you have a single example of financing through defi? Financing means providing borrowers with resources (such as money) that they don't already have. I think you'll have a hard time finding examples, because it turns out financing requires the ability to seize assets from a defaulting borrower, an ability which defi lacks.
That's just untrue, all borrowers from defi apps are required to be overcollateralized. The ability to pull from their collateral in case of a default is built into the smart contract.
Currently looks like the attacker had legitimate access to the required keys, so perhaps more of a traditional compromise rather than a cryptocurrency/contract centric one.
Or the attacker had stolen the private key. But either way, I'm quite skeptical of Polychain's denial that a key was involved. We'll know for sure over the next few days at any rate.
This one is actually hilarious because of the messages onchain. People, including the hacker, are adding plain text to their transactions' metadata field to communicate.
But also, insurance products exist, they pay out pretty reliably. Are there any DeFi insurance products that would be able to cover $600M yet?
edit: some people seem to misunderstand, DeFi insurance products exist, the policies are not too expensive and they pay out reliably and quickly. The math is easy because of the transparency of "semi-untraceable internet money" and the Defi sector being much larger than any of the hacks. There are a lot of competitors in the insurance space. It is easy to make and rely on a claim because the damage is easily seen and verified for the policy holder. There are several sectors in the Defi space, such as AMMs, oracles, lenders, and some of those sectors are driving sentiment and attention more than others. Insurance is one of those sectors. My question was whether any of the insurance systems would be able to cover $600M, right now, it wasn't to entertain out of touch people's pre-existing skepticism.
Given the rampant fraud in the tangible asset insurance business, imagine the premiums and due diligence to deal with semi-untraceable internet money. I’d consider anyone selling it to be either a fraud or an idiot.
Our boring non-crypto services business just saw a 100% increase in our cyber premiums due to all the rampant theft and ransomware this wonderful little corner of the internet has given birth to. Great work DeFi world!
I'm trying to imagine absolutely ridiculous amount of money you'd need to pay to insure something like a DeFi product. OTOH, there's a market opportunity to create DeIns products to handle the demand. Do it right and it's blockchains all the way down.
The premium would have to be insane for someone not to go bankrupt when they have to cover a 600M theft or even the more common 50M level. There are only a handful of profitable DeFi companies to buy the plan and I’d imagine most have a policy of YOLO when it comes to security
A cursory look at Nexus shows 1 year policies are about 2.5% of the amount needed to cover, I tested a quote up on their calculator up to 20,000 Ether ($62 million at time of writing)
I mean, thats what we are talking about here, products that already exist and are live right now and compete with each other. You can enter it though, there is room for differentiation.
They may try to sue exchanges that let the funds be transferred out, as the addresses where the thieves sent the stolen funds have been published.
There's absolutely no need for a central authority, but as always we need local courts and law can be different in different places where those exchanges are registered.
Screw globalism and screw central authorities.
Having said that, this DeFi stuff is laughable. As if the main use case is to find greater fools or scam people.
Because the project was not very well known, or known at all, outside China and it looks like an insider job, I would say in China by Chinese authority.
I am not advocating, I am speculating what could likely happen. The Poly project seems to be obscure, low quality, so maybe it’s better for investors and users to lose what they had, so they can be smarter next time?
Also it seems the project was not very decentralised if everything was stolen with a single private key.
Which federal government? The whole point is that these are assets that are not tied to any country.
The country you reside in may tax you non-state-currency assets, like selling a painting. But if a painting is stolen around the world at the same time, many governments may have collected taxes on part of that painting. Which government should be the government to persue the theft?
In a different way, if 600 million USD was stolen in cash in France. The US would work closely with the French government to close that case. The US would not be the one to foot the entire bill of solving the case.
Here no government has any real stake or harm to reputation to close the case.
Yes but cryptobros want to have it both ways..
1) It's not a security so it doesnt need to be regulated
2) But also if something bad happens the law should save me
Do the police get involved if someone steals your sword in WoW?
Do they get involved if a bigger Twitter account "steals" your meme and reposts it without attribution?
> If the federal government mandates their citizens pay taxes on crypto, it most definitely should come with federal help in catching criminals.
Not necessarily. The OP is pretty light on details on what this "hack" was, but if this was the case of someone playing "code is law" games with a flawed smart contract, then I think it'd be totally legitimate for the government to require taxes be paid but not swoop in with law enforcement when someone made a bad deal (i.e. had their flawed contract exploited).
Just because there is no central authority in control of crypto transactions like traditional banks does not mean laws and courts no longer exist. You can steal someone’s bitcoins by hacking their wallet but you can still be ordered by a court to pay it back and/or face jail time.
> does not mean laws and courts no longer exist. You can steal someone’s bitcoins by hacking their wallet but you can still be ordered by a court to pay it back and/or face jail time.
I'm not aware of any court that would, for example, jail a Chinese citizen who stole virtual money of a US citizen? Are you?
If judges have the last word on who owns how many bitcoins why are you wasting all that electricity for? I thought it was to avoid relying on an authority...
My understanding is that decentralization helps avoid things like runaway inflation or banks deciding at will how much money they want to siphon off each transaction. If you are stealing someone else’s money, a court is not going to dismiss charges just because the transaction is not reversible according to the protocol of whatever cryptocurrency you used.
Decentralisation doesn't help with inflation, it only makes everything more expensive due to the extravagant cost of the consensus mechanism. Banks are already decentralised (should be obvious since there are many banks, not just one) and competition among banks is what prevents them from charging high fees.
No central authority within the system. Treating the hacked crypto as stolen property to report to a central authority who can use the threat of physical violence is not incongruent with the current defi system. Its a false dichotomy presented by those naive to the pros and cons of all this.
Ideally governance would also be done in a decentralized manner, but we’re not there yet.
It's completely incongruent. The whole point of "decentralized" is to avoid relying on a central authority, and the price to pay is inefficiency. But if you're relying on a central authority anyway, why be inefficient?
Physical matter is decentralized but that doesn't give you a right to steal someone's gold without legal action.
Decentralized systems have different benefits for different people. For instance, some people like to trade 24 hours without corporate middlemen stopping you from trading at night. That's not the same as avoiding legal authority.
It's funny, this is in many ways exactly the same thing that corporations try to achieve over and over again: reap the profits if they are there and externalize the costs. Of course crypto isn't any different. But if designed properly they've closed the door on this and that makes badly implemented crypto far worse than the alternatives, because the whole reason to exist is the lack of recourse.
> The user told the hackers to try depositing the stolen tokens without Tether, which the hackers did successfully and they deposited all the addresses into Curve. The hackers then sent the anonymous user about $45,000 worth of ethereum for their help.
The hacker can earn a bunch of Curve and treat this more like a larger flash loan. The market values Curve and this would either mint new Curve or distribute more Curve from the Curve organization's existing treasury.
It was too hard to fork the bitcoin codebase to make things like dogecoin so people figured out how to use ethereum smart contracts to make coins based on ethereum and then they did that again to make entire chains of coins based on chains on ethereum or something.
PolyNetwork (whatever it is, first time I heard of them) has tokens (its own) and apparently some ETH, and USDC on the Ethereum and BinanceChain. These "assets" are locked with a smart contract (instead of a private key), so anyone figuring out the smart contract can move the money (which they did) and they posted the address to where they moved the money.
Same boat. I read this and the key take away is a bunch of buzzwords and smart contracts are still stupid.
eth peeps get rugpulled again! lest we not forget ETC ethereum classic is actually the real eth chain except they forked it to salvage the DAO debacle - except the internet has a short memory and no one remembers this any more.
Haha, smart contracts are as stupid as the average "intelligent home" only worse: They cannot be updated.
People writing smart contracts should be the ones coming from a firmware/embedded writing background, not "webdevs". Right now DeFi smart contracts look like the 90s web: Tons of "Defaced" website every week. Of course now there's a stronger incentive given that monetary value is involved.
Upgradable contracts look like a good idea until some hacker finds bug and upgrades the contract and the upgraded version is just a contract that sends all the money to her/his account.
> People writing smart contracts should be the ones coming from a firmware/embedded writing background, not "webdevs". Right now DeFi smart contracts look like the 90s web: Tons of "Defaced" website every week. Of course now there's a stronger incentive given that monetary value is involved.
This is an overly broad statement that doesn't accurately represent the entire space. There are a good number of projects with very experienced developers that use rigorous testing, multiple audits, etc. There are also teams that yolo smart contracts with very little testing. Assuming every project in the space is the latter is quite inaccurate.
Exactly th le same as the 90s. There were several serious companies and other not that serious. A cursory look at rest.news shows the amount of projects that have been pwned.
Polygon is a protocol described as an 'Internet of blockchains' that is compatible with Ethereum and connects with other Ethereum-compatible blockchains.
They suffered an attack on its blockchain that affected other blockchains and the coins affected were sent to the hacker's address.
This was Poly Network, not Polygon, that got hacked.
From my understanding:
Polygon (formerly MATIC) is a token related to (built off?) ethereum.
Poly Network was a bridge layer that spanned polygon and ethereum.
Polygon and Poly Network are distinct entities as far as I can tell, but they are all overlapping and using each other, so I don't fully understand the distinction.
> The user told the hackers to try depositing the stolen tokens without Tether, which the hackers did successfully and they deposited all the addresses into Curve. The hackers then sent the anonymous user about $45,000 worth of ethereum for their help.
Best part of the article is how an anonymous person helped the hackers launder their money and got a tip for it.
Yes, you can use mixers and coinjoins to launder non centralized crypto. The tip was in etherium, so it shouldn't be an issue to swap to monero, mix, and deposit to an exchange.
I think swapping to monero would be the weak link there. If they do it on a "legit" exchange, it at least makes an attempt to get the client's identity. If they do it directly with someone who has monero to sell, that person gets stuck with "tainted" ethereum.
There are defi(lol) swappers you can use. The hacker was using curve.fi, the tipster was actually telling the hacker why his transaction to curve wasn't going through.
The message, "DONT USE YOUR USDT TOKEN YOU VE GOT BLACKLISTED",
appears to be knowingly offering how to advice to someone actively committing the crime of hiding stolen money.
18 U.S. Code § 3 defines an "Accessory after the fact" as "Whoever, knowing that an offense against the United States has been committed, receives, relieves, comforts or assists the offender in order to hinder or prevent his apprehension, trial or punishment, is an accessory after the fact." and states that it's worth half the jail time as the primary offense.
However, it could also be argued that hanashiro.eth is aiding someone in committing the crime of money laundering, not just helping them avoid being caught, in which case 18 U.S. Code § 2 says that planning, ordering, or knowingly helping commit a crime makes one eligible for the same full full punishment as the primary actor.
It remains to be tested in court whether a smart contract exploit is illegal, since there's an argument one is simply following the 'letter of the law' aka the contract.
edit: this is also something different governments may take a different stance on. If the U.S. finds someone criminally liable, El Salvador may not. Also, it's contentious what the 'location' of the crime even is, as there are no physical servers which have been attacked; could the blockchain as a distributed database be considered to exist 'everywhere' or 'nowhere'?
To be clear for other skimmers like me, the "helper" who got 45k is donating to various addresses, not the 600m hacker. (Posting this because I misinterpreted, not because parent was wrong)
Poly Network has asked digital asset exchanges and miners to block any tokens coming from the above addresses [...] Tether froze more than $30 million in response to the hack
Decentralized finance at its best - so decentralized that individuals and centralized companies can decide to block transactions by themselves.
Decentralization doesn’t mean everything is decentralized, it’s a range of decentralization from fully decentralized to fully centralized. You can use DeFi without ever touching centrally-controlled assets like USDC or Tether. The key thing is that you get that choice.
And I think you arefalling for the "true scotsman" fallacy. Tether backs 70%+ of daily BTC trading volumne, saying criticism against Tether is invalid because Tether isn't real crypto is a cop-out given how important it is in the ecosystem.
They are not saying criticism against Tether is invalid, merely that you cannot criticize Tether and call it a "DeFi" critique.
At the end of the day, centralized assets on Ethereum are as legitimate as decentralized ones. The whole point of Ethereum is that it permissionless. If we celebrate Iranians or 16 year olds being able to build on top of it then certainly Goldman Sachs may do so as well.
Miners have always been free to implement whatever logic they like, though. If you send out a mass communication saying "Address 0x12345 belongs to a very mean guy" and every miner out there denies service to that address, the decentralization properties of your system haven't been violated anywhere.
Decentralization usually includes the assumption that parties are acting independently and are not all colluding.
[Edit: Following the incentives of the protocol is not collusion. In a crypto context I would define collusion as something like multiple parties working together against their own incentives (e.g. rejecting valid, fee-paying transactions).]
If a majority of banks and businesses agree to block transactions of a known terrorist, is it collusion or cooperation? I don't see a meaningful distinction at that point, other than the negative connotation of "collusion" poisoning the well. Which is why I referred to "cooperation" instead.
if they can pursue their own interests freely and if those interests they pursue align with the majority or the totality it does not negate their decentralized nature.
Decentralization doesn't mean isolation and that nobody is cooperating. It's a centrality measure. More decentralized networks have less nodes that hold outsized importance in the network.
But I imagine the reason exchanges are refusing these transactions is at least half because they would be receiving stolen property. I'm not sure but I don't imagine "I'm receiving property stolen from another country" will stand up as a defense in any court.
Does law enforcement bother it's self with internet play money? Until it touches an asset or currency governments care about I assumed they just let the kids have their fun.
The miners will not block as it would destroy the credibility of eth itself. It would probably hard fork if such a thing were attempted. So dumb for them to even suggest it
They can only block if you are moving around centralized assets, which really isn't that shocking to anyone. There is a reason the hacker quickly tried to convert it to ETH, etc.
I knew someone once who, in the very early days of BTC (before it was worth more than $10 or something), helped someone with a technical issue and, unbidden, was sent something like 80 BTC as a thank you.
The running joke, before all the nightmares cryptocurrency has spawned since it took off, was that he'd helped some drug lord fix their metaphorical printer, but not so funny now...
> The user told the hackers to try depositing the stolen tokens without Tether, which the hackers did successfully and they deposited all the addresses into Curve. The hackers then sent the anonymous user about $45,000 worth of ethereum for their help.
It looks like they were able to write themselves a check using or spoofing a legit signature. A traditional bank would put a hold on any amount over a certain threshold to prevent this kind of fraud. I wonder if DeFi has some kind of option for an Oracle to a human verification step over a set amount. An attacker could flood transactions to avoid that limit, but maybe network delay and/or some kind of throttling would buy enough time to ensure some safety.
I’m still bullish on defi but there is a lot of incidents like this that need to happen before these systems become resilient.
Very unlikely to succeed if you choose someone with enough vested interest in the company. Also “Dave is the only one that could have approved this, he’s who we sue”
I phrased this glibly for comedy value, but this is not a silly problem; it is part of the "Oracle problem" and it imperils the entire fundamental value prop of defi.
If it's not clear why, consider: what keeps defi from implementing gambling (or as it's known in the financial world, "options trading") on real-world data outcomes, like stock prices? Answer: that data isn't programmatically available on the blockchain. You can make a smart contract that depends on the closing price of ETH, but not AAPL.
So, what if it were? What if someone decided to publish AAPL's closing price to a ledger somewhere? Then people could make a smart contract that effectively implements options trading against AAPL stock, right? In theory, yes. But in practice, the people that trade options will say, "How can we trust that you won't screw up, get hacked, get bribed, go out of business, etc? Every dollar we entrust to a smart contract that relies on your data is a prize to be won by the first person to find a way to subvert your service's data integrity."
And they'll be right. There are lots of people trying to find fancy solutions to this problem, but to my knowledge we're no closer to a real solution than we were the day Ethereum went live.
Part of the problem is in the nature of one of the ‘pluses’ of crypto - lack of the ability to roll back a transaction.
If someone breaks into the fed and transfers a billion dollars to their account, it’s pretty pointless, because the next day or hour or whatever, it will be rolled back and except for them being in jail, it will be like it never happened.
For it to be worthwhile, you would need to avoid having any of the oversight mechanisms step in, AND get the cash out in a way that is independent of the system AND won’t leave a trail for the army of slow and methodical investigators. And that is waaay harder.
Providing an ability to do something criminal that will cause a non-reversible transfer of value? Ho boy. That raises the stakes a LOT - and it’s why you see so many bank robberies and why gold transports are guarded so heavily.
Based on another link posted here it looks like the hackers just called the half of a cross chain transaction that does the Eth payout. Could they not just make sure that there is a corresponding TX in the other half of their handshake rather than trusting the caller is actually their other contract
It wouldn't be too hard to make a smart contract only be able to transfer X amount out per time period and then still allow individual users to emergency exit. Then you can concentrate auditing logic on the emergency exit code as opposed to the entire surface area.
> I wonder if DeFi has some kind of option for an Oracle to a human verification step over a set amount.
Sometimes I feel like crypto doesn’t stop to ask if the institutions and processes they seek to deprecate exist for a reason?
I absolutely believe that blockchain/DLT have some very promising use cases. But so much in crypto land just screams out that people don’t truly understand the systems they oppose so strongly.
Tether just froze a bunch of funds. Like a bank. Or PayPal. One of the most repeated slams against TradFi is the “PayPal locked my funds! Money belongs to the people! Self sovereignty!” But we’ve seen time and time again with the ETH fork, Tether freezings (they’ve had multiple), that we end up right back at these processes. People will claim that if everyone in a decentralized network decides to do something (like hard fork), that doesn’t violate the decentralization. But what do you think society is? We’ve all come together and decided on a bunch of rules we want to live by. Hack by hack we are seeing these same functions replicated in crypto.
> Tether just froze a bunch of funds. Like a bank. Or PayPal. One of the most repeated slams against TradFi is the “PayPal locked my funds! Money belongs to the people! Self sovereignty!” But we’ve seen time and time again with the ETH fork, Tether freezings (they’ve had multiple), that we end up right back at these processes.
Tether is one of many assets on Ethereum, each with their own properties. Some are centralized, some are decentralized, some are stable, some aren't, etc. It's about choice at the end of the day, and crypto actually gives you this choice vs paypal or your bank.
> But what do you think society is? We’ve all come together and decided on a bunch of rules we want to live by.
And whatever those rules are, a minority has to accept the decisions made by others. When it comes to the rules for a financial system, you now have many choices.
I purposefully didn't put "Stolen" in the title because who's to say that this contract was not executed as intended. Who defines what is the intended use of functions that reside on the blockchain?
The article would have benefitted from an explanation of how operation of this code in a 'Code is Law' scenario can result in 'stolen' ledger entries. It's like complaining about an 'illegal' court judgment, after the appealing court says it wasn't illegal.
If I have a bank vault that can only be opened by one key, an attacker comes to my house, steals the key, opens the bank vault, and takes everything valuable inside, I think that it would count as stealing in every sense of the word, regardless of the correct behavior of the bank vault in only opening for the right key.
I know there's a fun semantic debate about smart contracts hacks, but at the moment this theft does not appear to be in that category.
I'm eagerly awaiting the https://www.rekt.news/ writeup, which as of this moment is still missing. They have decent technical analysis, and certainly far more than the linked article.
Was going to post about rekt.news . I was surprised that I didn't learn about this hack from them. That site is golden, and reminds me to the early 90s era of the internet: Where you had tens of "defaced" web pages (private and government) every day.
Interesting that everybody accepts that this was a "hack".
Initially the idea of crypto was that "Code is Law". The code sent the funds somewhere, correct? So by the "Code is Law" standards, this would have been just a legit transaction.
Now it is like in the old world. Whoever has the highest reputation is right.
That is exactly what I mean with "Whoever has the highest reputation is right".
The initial promise of crypto was the opposite: That the little Joe has the same rights as the big guys. Because code is law. And code does not care about the budget of your legal department and your marketing department.
"Code is law" is either nonsensical or redundant when applied to a complex Turing complete language such as Solidity.
If you can't accurately predict the implications of the lines of code in a smart contract, then it's as good as saying "The laws of physics are laws. That ball ended in my garden following the laws of gravity and thermodynamics, asking for me to return it to you is breaching the initial promise of the physical world". This may change with better smart contract languages that can reconcile intent with effect[1], but while talking about complex Ethereum smart contracts, the "Code is law" argument has no value.
Furthermore, as long as you keep within the bounds of trustless cryptocurrency (unfortunately not a tautology these days), code is indeed law. The ETH this person acquired cannot be confiscated.
> The ETH this person acquired cannot be confiscated.
That's only because there's no ETH. All there is is a ledger. And ledgers can be "ammended", as they have been in the past, effectively stealing the hacker's ETH back.
The main issue with law is that it is written in an ambiguous language.
Theoretically you could write more precise laws with code.
Maybe they should have let a group of contract lawyers proofread what the code does. Lawyers look for bugs, inconsistencies, errors, loopholes all the time.
Well, we don’t follow the law to the letter basically anywhere. The law gets interpreted and judged by courts (at least in the English common law tradition, though it happens to some extent everywhere), precisely because people generally dislike someone doing something against the spirit of the law, and using technical terms to try to pretend it’s ok.
Doesn’t stop people from arguing that no one could tell what the intent was, or the intent was actually what they did, or the law was so badly written that they are right because. And sometimes they win. But it’s rare.
I think it's worse than that. I think the core problem is that the world is a messy complicated place and any time you take a simple, straightforward set of rules and require strict obedience to them in the real world, you're going to end up with situations that produce absurd results.
It's like trying to fit a finite-term polynomial to a fractal - there's literally no way to make things match up everywhere. [1]
People complain because law/finance/whatever seem to be too complicated, so they try simpler, more "obviously correct" sets of rules that perform even worse in practice than what we already had because the world is still a fractal, and simpler rules just mean you're trying to use fewer points to fit that infinitely complicated curve. It's easy to look at existing law/finance/whatever from the outside and say "it's too complicated, we should refactor everything from first principles" but there's good reason to believe that is always a mistake [2].
Simple, obvious rules like "Transactions should be immutable once they are completed" seem like a good idea, but then they encounter incredibly common real world situations like "what if somebody made a mistake when they specified the amount of the transaction or the account number in the 'to' field?" Real world finance has ways to handle this - if nothing else, you can take it to court and ask a judge "does this seem reasonable?". "Code-is-law", like Procrustes "perfect bed", only has admonitions to be completely perfect yourself or suffer the consequences.
So IMO it's not just that most code is not well written, it's that the very idea that any finite amount of code, no matter how "perfect", can be a good fit for all the intricate needs of the actual lives of billions of people is fundamentally flawed.
And also, most of the code is not very well written :)
[1] as an alternate analogy, it's like trying to fix Godelian incompleteness in a formal system by adding a finite number of axioms.
The ethereum crowd has never really bought into the “code is law” thing, except maybe in marketing. There was that whole fork a few years ago between ETC and ETH when ETH reversed a big hack transaction.
Up until the DAO hack (that you're referring to) "code is law" was commonly believed.
That is until the Ethereum Core developers were massively affected by the hack and decided on an unprecedented rules rewrite to address the hack. (Which they haven't considered ever since, despite other hacks of the same type.)
The largest community I know of that truly believes that "Code is Law" is the side of Ethereum that simply accepted the DAO hack: Ethereum Classic.
EDIT: here's a pretty good write up of why you might think that ETC doesn't follow "Code is Law" either. In short after forking from ETH years ago because they had a stronger conviction that code is law they decided to break compatibility of existing code deployed on the chain to keep in sync with ETH development.
They are also probably the most popular chain to suffer multiple successful 51% attacks. I have no idea how they're still worth anything at all, but then again I have no idea why any cryptocurrency is.
the DAO hack and the resulting outcome was the first major thing that shook my faith in the idea of cryptocurrencies. I never had any skin in that game, but I liked the idea of Ethereum as it was posed at the time, it seemed really cool. then the DAO hack happened and everybody kept trying to justify a reason to pretend like the hack didn't happen and move on ("it's not a rollback! it's totally different! here's why it's justified!! it's totally not because us DAO folk have so much invested in it!!!"), and it all just seemed to me to be completely at odds with the "code is law" idea, i.e. the thing that was supposed to make Ethereum different from both fiat currency and e.g. Bitcoin. the fact that Ethereum enthusiasts were largely saying, "well, if we don't 'undo' this hack, it'll cripple Ethereum as a cryptocurrency going forward, and we'll never recover!," but to me, collective human action overriding the "code is law" concept was exactly what destroyed any faith I had in Ethereum, and largely damaged it w.r.t. other cryptocurrencies as well. you're not making a true ideological alternative to fiat, you're just making a new kind of currency with its own vested interests controlling what happens to it... which, I thought, was the main reason for moving to crypto in the first place. when push comes to shove, you're still going to get The Government involved in resolving your disputes.
I thought that too. I didn't touch Ethereum until 2020.
My feelings have now changed and IMO Ethereum will or already has overtaken bitcoin in importance. In general if you want to do "dapp" development you will write for the EVM, although you probably won't deploy on ETH L1 as your first place.
Ethereum has some very serious network effects building up behind it even if your favorite aspect of it was shed during the DAO hack.
Your honor, that outdated Apache server let me gain remote access to the machine. I was only doing what the code allowed me to do. This should be considered legitimate use of the software.
I mean here in the real world that argument falls flat. Our legal system isn't code. It is warm fuzzy meatspace with concepts like "intent" and stuff.
But that isn't what The DAO was advertising. It was "code is law", which was supposed to remove the element of messy human judgement from things.
Of course, it was a spectacular failure because nobody actually really wants "code is law"... instead all they did was re-invent mob rule and those with the loudest voices decided what to do about the "theft".
> Of course, it was a spectacular failure because nobody actually really wants "code is law"... instead all they did was re-invent mob rule and those with the loudest voices decided what to do about the "theft".
IMO Ethereum did something that would be really nice to be able to do in the real world. A chain split, each participant got their resources on each side of the split (except the hacker) and each person got to choose which one to support, or both.
There was no need to bend to the "loudest voices" as to what to do with the theft, but rather to create two parallel chains and let each individual decide.
Yes, generally law doesn’t work as code and allows for retroactive human interpretation rewriting of transactions.
But the DAO contract specifically said, “we are bound by the results of this state machine, and it takes precedence over any human description of it”, and then wanted take-backsies as soon ask they didn’t like the result.
That’s right, and then they fork in such a way as to return to themselves more than they put in (because later theDao shares were sold at 100x, and they refunded equally).
In this case it looks like it wasn't a smart contract hack, but instead a traditional key compromise [0]. From what I can gather it looks like it was essentially a custodial provider that allowed users to easily swap between different crypto networks.
Please note there are different meaning of the "law". And for blockchain it's "law of nature", i.e., just how it works, the principles you have to accept, not legal laws.
So at least for the Ethereum Classic thing, the code was written in the way that just allowed such action and therefore you should not reverse the transaction. Note that the hack was still illegal, that's the fact, so you can (and should) go to the law enforcement to do something with it. But there was no bug in the code of the blockchain itself, it was working exactly as it was supposed to. There was a bug in the smart contract though, but it's not a part of the blockchain, so it's not a violation of principles/nature of blockchain ("code is law") but a 3rd party mistake.
Same here, no principles of the blockchain was broken. So the "code is law" stands. But the transaction is still illicit, and is a hack.
This is what I don’t understand... There is nothing that prevents something 10 times bigger to happen and cause many people to quit crypto en masse leavingg others holding the bag... this is going to embolden other hackers. It’s an awful lot of money!!
Because stolen crypto effectively lowers the supply.imagine if binance were hacked and everything stolen. 50 billion taken out of circulation because its not like a hacker can cash out to fiat or sell their loot on an exchange.rather it must be sold very slowly or on the street. A major hack is sorta like a bunch of ppl at once losing their keys
354 comments
[ 2.9 ms ] story [ 260 ms ] threadIt’s becoming apparent to me that the main innovation of crypto is a form of regulatory arbitrage. You or me cannot sell derivatives like Goldman Sachs but in crypto land you totally can from your home with a laptop.
You can start a gambling casino on ethereum and get away with not following any of the laws regarding gambling as long as you couch it in financial and blockchain buzzwords. Some people will make a lot of money doing legitimate work and some scamming others until all of this becomes big enough to become mainstream and regulated.
Just sayin…
I don’t use or advocate for DeFi, but the weird smugness of random people defending the existing financial system is quite off putting and frankly hard to understand given the last few decades.
Confirmation bias plays a big role in the popularity of crypto, in unsettingly the same way as it does with people dreaming to become a famous soccer player... mostly through confirmation bias and very little value-add.
But, as with cryptocurrencies, it just doesn't make any sense. Maybe a boxer taking it on the chin round after round can derive some satisfaction from still being conscious. But they aren't making any progress and would be rather stupid to continue considering it a winning strategy.
Oh, wait.. maybe it does make sense.
For those with a longer history on Wall St, it was essentially a new asset class with all the easy money arbitrage opportunities that went away in equities 20+ years ago back again.
Always look for the chump at the table. If you can't spot them, you're the chump.
This is likely an issue of sophistication -- crypto hackers don't have decades of "best practices" knowledge to draw from, and may also feel a false sense of security.
Citation needed for such an extraordinary claim.
In the meantime, this article explains how and why that would be the case:
https://www.nytimes.com/2021/06/09/technology/bitcoin-untrac...
Basically the openness of the ledger allows law enforcement to skip some slow and difficult tracing and requesting of warrants.
On top of that, cybercriminals seem to make exploitable mistakes that have enabled stealing their private keys.
A person following the letter of a smart contract for their benefit, while not breaking the terms of any legally binding contract they've signed, has yet to be charged with a crime (to my knowledge)
I haven't seen news of anyone from DarkSide being arrested for that hack yet though.
[1] https://www.justice.gov/opa/pr/department-justice-seizes-23-...
I understand the whole point of crypto is the future bet that centralisation/regulation by state actors will eventually be _less_ trustable. This one hack means $600MM lost, but how much has been routinely lost to bad governance, inflation or corruption? How much value has been destroyed in the 2008 housing crisis?
In the long run, the crypto market can professionalize enough while remaining decentralised, such that the risk/reward is attractive compared to holding 100% fiat – this seems to be people's bet, not that crypto is inherently safe.
Which is the problem with that community: they seem to have these extremely naive yet cynical view of politicians just being "stupid", money being wasted, everyone being corrupt etc. And that, somehow, their funny little hashes are the silver bullet to solve these issues.
https://twitter.com/PolyNetwork2/status/1425130017546149891
https://twitter.com/mudit__gupta/status/1425150994778787841?...
https://blocksecteam.medium.com/the-initial-analysis-of-the-...
You could argue that paper money lacks the features of bitcoins so it's easier to lose your funds inadvertently with bitcoin.
Dogecoin for example has some config changes to block size that make transactions cheaper.
It's factually "better" as far as code goes.
Crypto/BitCoin currently delivers mostly on the last one "store of value". So the hackers keep them. Indefinitely.
But also, insurance products exist, they pay out pretty reliably. Are there any DeFi insurance products that would be able to cover $600M yet?
edit: some people seem to misunderstand, DeFi insurance products exist, the policies are not too expensive and they pay out reliably and quickly. The math is easy because of the transparency of "semi-untraceable internet money" and the Defi sector being much larger than any of the hacks. There are a lot of competitors in the insurance space. It is easy to make and rely on a claim because the damage is easily seen and verified for the policy holder. There are several sectors in the Defi space, such as AMMs, oracles, lenders, and some of those sectors are driving sentiment and attention more than others. Insurance is one of those sectors. My question was whether any of the insurance systems would be able to cover $600M, right now, it wasn't to entertain out of touch people's pre-existing skepticism.
Truly, we live in the future.
I mean, thats what we are talking about here, products that already exist and are live right now and compete with each other. You can enter it though, there is room for differentiation.
Legal action? By who? A central authority!? No way...
There's absolutely no need for a central authority, but as always we need local courts and law can be different in different places where those exchanges are registered.
Screw globalism and screw central authorities.
Having said that, this DeFi stuff is laughable. As if the main use case is to find greater fools or scam people.
Also it seems the project was not very decentralised if everything was stolen with a single private key.
If the federal government mandates their citizens pay taxes on crypto, it most definitely should come with federal help in catching criminals.
The country you reside in may tax you non-state-currency assets, like selling a painting. But if a painting is stolen around the world at the same time, many governments may have collected taxes on part of that painting. Which government should be the government to persue the theft?
In a different way, if 600 million USD was stolen in cash in France. The US would work closely with the French government to close that case. The US would not be the one to foot the entire bill of solving the case.
Here no government has any real stake or harm to reputation to close the case.
Do the police get involved if someone steals your sword in WoW? Do they get involved if a bigger Twitter account "steals" your meme and reposts it without attribution?
Not necessarily. The OP is pretty light on details on what this "hack" was, but if this was the case of someone playing "code is law" games with a flawed smart contract, then I think it'd be totally legitimate for the government to require taxes be paid but not swoop in with law enforcement when someone made a bad deal (i.e. had their flawed contract exploited).
I'm not aware of any court that would, for example, jail a Chinese citizen who stole virtual money of a US citizen? Are you?
Ideally governance would also be done in a decentralized manner, but we’re not there yet.
Decentralized systems have different benefits for different people. For instance, some people like to trade 24 hours without corporate middlemen stopping you from trading at night. That's not the same as avoiding legal authority.
I remember when the crypto market tanked and the fine folks on r/cryptocurrency were demanding the SEC shut down Bitmex and arrest its CEO.
Seems that at any given time, rugged crypto individualists are 10 percentage point losses from begging Big Daddy Government to step in.
People are typically "rugged individualists" only so long as they feel they're winning from the system.
The hacker can earn a bunch of Curve and treat this more like a larger flash loan. The market values Curve and this would either mint new Curve or distribute more Curve from the Curve organization's existing treasury.
Coming soon.
But now a days it's hard for me to understand what's going on in crypto world. For example I couldn't even parse their statement:
"#PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:"
Source: https://twitter.com/PolyNetwork2/status/1425073987164381196
Some more details here if you're curious: https://news.ycombinator.com/item?id=27812093
I'm getting CDO, CDO^2, Synthetic CDO vibes reading this.
eth peeps get rugpulled again! lest we not forget ETC ethereum classic is actually the real eth chain except they forked it to salvage the DAO debacle - except the internet has a short memory and no one remembers this any more.
inb4 ETH3 fork
Haha, smart contracts are as stupid as the average "intelligent home" only worse: They cannot be updated.
People writing smart contracts should be the ones coming from a firmware/embedded writing background, not "webdevs". Right now DeFi smart contracts look like the 90s web: Tons of "Defaced" website every week. Of course now there's a stronger incentive given that monetary value is involved.
This is an overly broad statement that doesn't accurately represent the entire space. There are a good number of projects with very experienced developers that use rigorous testing, multiple audits, etc. There are also teams that yolo smart contracts with very little testing. Assuming every project in the space is the latter is quite inaccurate.
Polygon is a protocol described as an 'Internet of blockchains' that is compatible with Ethereum and connects with other Ethereum-compatible blockchains.
They suffered an attack on its blockchain that affected other blockchains and the coins affected were sent to the hacker's address.
From my understanding:
Polygon (formerly MATIC) is a token related to (built off?) ethereum.
Poly Network was a bridge layer that spanned polygon and ethereum.
Polygon and Poly Network are distinct entities as far as I can tell, but they are all overlapping and using each other, so I don't fully understand the distinction.
Best part of the article is how an anonymous person helped the hackers launder their money and got a tip for it.
18 U.S. Code § 3 defines an "Accessory after the fact" as "Whoever, knowing that an offense against the United States has been committed, receives, relieves, comforts or assists the offender in order to hinder or prevent his apprehension, trial or punishment, is an accessory after the fact." and states that it's worth half the jail time as the primary offense.
However, it could also be argued that hanashiro.eth is aiding someone in committing the crime of money laundering, not just helping them avoid being caught, in which case 18 U.S. Code § 2 says that planning, ordering, or knowingly helping commit a crime makes one eligible for the same full full punishment as the primary actor.
edit: this is also something different governments may take a different stance on. If the U.S. finds someone criminally liable, El Salvador may not. Also, it's contentious what the 'location' of the crime even is, as there are no physical servers which have been attacked; could the blockchain as a distributed database be considered to exist 'everywhere' or 'nowhere'?
binance charity and donations to archive.org, etherscan, infura.io, rekt... and Vitalik!
it was 13.37 Ethereum
https://etherscan.io/tx/0xdf3afc47c7914e06ddb1be19afcd769e55...
Decentralized finance at its best - so decentralized that individuals and centralized companies can decide to block transactions by themselves.
At the end of the day, centralized assets on Ethereum are as legitimate as decentralized ones. The whole point of Ethereum is that it permissionless. If we celebrate Iranians or 16 year olds being able to build on top of it then certainly Goldman Sachs may do so as well.
[Edit: Following the incentives of the protocol is not collusion. In a crypto context I would define collusion as something like multiple parties working together against their own incentives (e.g. rejecting valid, fee-paying transactions).]
If a majority of banks and businesses agree to block transactions of a known terrorist, is it collusion or cooperation? I don't see a meaningful distinction at that point, other than the negative connotation of "collusion" poisoning the well. Which is why I referred to "cooperation" instead.
if they can pursue their own interests freely and if those interests they pursue align with the majority or the totality it does not negate their decentralized nature.
Humans are social creatures and collusion is the natural order. Humans will cooperate unless doing so is clearly to their detriment.
The running joke, before all the nightmares cryptocurrency has spawned since it took off, was that he'd helped some drug lord fix their metaphorical printer, but not so funny now...
This is pretty amusing, if anything.
https://mobile.twitter.com/Mudit__Gupta/status/1425150994778...
DINO, not defi
I’m still bullish on defi but there is a lot of incidents like this that need to happen before these systems become resilient.
"For safety, all transactions have to go through Dave" == "Free money to anyone who manages to hack/bribe/kidnap/etc Dave"
If it's not clear why, consider: what keeps defi from implementing gambling (or as it's known in the financial world, "options trading") on real-world data outcomes, like stock prices? Answer: that data isn't programmatically available on the blockchain. You can make a smart contract that depends on the closing price of ETH, but not AAPL.
So, what if it were? What if someone decided to publish AAPL's closing price to a ledger somewhere? Then people could make a smart contract that effectively implements options trading against AAPL stock, right? In theory, yes. But in practice, the people that trade options will say, "How can we trust that you won't screw up, get hacked, get bribed, go out of business, etc? Every dollar we entrust to a smart contract that relies on your data is a prize to be won by the first person to find a way to subvert your service's data integrity."
And they'll be right. There are lots of people trying to find fancy solutions to this problem, but to my knowledge we're no closer to a real solution than we were the day Ethereum went live.
If someone breaks into the fed and transfers a billion dollars to their account, it’s pretty pointless, because the next day or hour or whatever, it will be rolled back and except for them being in jail, it will be like it never happened.
For it to be worthwhile, you would need to avoid having any of the oversight mechanisms step in, AND get the cash out in a way that is independent of the system AND won’t leave a trail for the army of slow and methodical investigators. And that is waaay harder.
Providing an ability to do something criminal that will cause a non-reversible transfer of value? Ho boy. That raises the stakes a LOT - and it’s why you see so many bank robberies and why gold transports are guarded so heavily.
I prefer cryptographic fraud proofs.
Sometimes I feel like crypto doesn’t stop to ask if the institutions and processes they seek to deprecate exist for a reason?
I absolutely believe that blockchain/DLT have some very promising use cases. But so much in crypto land just screams out that people don’t truly understand the systems they oppose so strongly.
Tether just froze a bunch of funds. Like a bank. Or PayPal. One of the most repeated slams against TradFi is the “PayPal locked my funds! Money belongs to the people! Self sovereignty!” But we’ve seen time and time again with the ETH fork, Tether freezings (they’ve had multiple), that we end up right back at these processes. People will claim that if everyone in a decentralized network decides to do something (like hard fork), that doesn’t violate the decentralization. But what do you think society is? We’ve all come together and decided on a bunch of rules we want to live by. Hack by hack we are seeing these same functions replicated in crypto.
Tether is one of many assets on Ethereum, each with their own properties. Some are centralized, some are decentralized, some are stable, some aren't, etc. It's about choice at the end of the day, and crypto actually gives you this choice vs paypal or your bank.
And whatever those rules are, a minority has to accept the decisions made by others. When it comes to the rules for a financial system, you now have many choices.
The article would have benefitted from an explanation of how operation of this code in a 'Code is Law' scenario can result in 'stolen' ledger entries. It's like complaining about an 'illegal' court judgment, after the appealing court says it wasn't illegal.
I know there's a fun semantic debate about smart contracts hacks, but at the moment this theft does not appear to be in that category.
I am still waiting for Rekt to cover this one.
Initially the idea of crypto was that "Code is Law". The code sent the funds somewhere, correct? So by the "Code is Law" standards, this would have been just a legit transaction.
Now it is like in the old world. Whoever has the highest reputation is right.
This happens all the time in traditional written law. Legalese exists for this very reason.
Just because one side says so?
Because that side has a big brand name?
That is exactly what I mean with "Whoever has the highest reputation is right".
The initial promise of crypto was the opposite: That the little Joe has the same rights as the big guys. Because code is law. And code does not care about the budget of your legal department and your marketing department.
If you can't accurately predict the implications of the lines of code in a smart contract, then it's as good as saying "The laws of physics are laws. That ball ended in my garden following the laws of gravity and thermodynamics, asking for me to return it to you is breaching the initial promise of the physical world". This may change with better smart contract languages that can reconcile intent with effect[1], but while talking about complex Ethereum smart contracts, the "Code is law" argument has no value.
Furthermore, as long as you keep within the bounds of trustless cryptocurrency (unfortunately not a tautology these days), code is indeed law. The ETH this person acquired cannot be confiscated.
[1] e.g. https://scilla.readthedocs.io/en/latest/
That's only because there's no ETH. All there is is a ledger. And ledgers can be "ammended", as they have been in the past, effectively stealing the hacker's ETH back.
Theoretically you could write more precise laws with code.
Maybe they should have let a group of contract lawyers proofread what the code does. Lawyers look for bugs, inconsistencies, errors, loopholes all the time.
Doesn’t stop people from arguing that no one could tell what the intent was, or the intent was actually what they did, or the law was so badly written that they are right because. And sometimes they win. But it’s rare.
It's like trying to fit a finite-term polynomial to a fractal - there's literally no way to make things match up everywhere. [1]
People complain because law/finance/whatever seem to be too complicated, so they try simpler, more "obviously correct" sets of rules that perform even worse in practice than what we already had because the world is still a fractal, and simpler rules just mean you're trying to use fewer points to fit that infinitely complicated curve. It's easy to look at existing law/finance/whatever from the outside and say "it's too complicated, we should refactor everything from first principles" but there's good reason to believe that is always a mistake [2].
Simple, obvious rules like "Transactions should be immutable once they are completed" seem like a good idea, but then they encounter incredibly common real world situations like "what if somebody made a mistake when they specified the amount of the transaction or the account number in the 'to' field?" Real world finance has ways to handle this - if nothing else, you can take it to court and ask a judge "does this seem reasonable?". "Code-is-law", like Procrustes "perfect bed", only has admonitions to be completely perfect yourself or suffer the consequences.
So IMO it's not just that most code is not well written, it's that the very idea that any finite amount of code, no matter how "perfect", can be a good fit for all the intricate needs of the actual lives of billions of people is fundamentally flawed.
And also, most of the code is not very well written :)
[1] as an alternate analogy, it's like trying to fix Godelian incompleteness in a formal system by adding a finite number of axioms.
[2] https://www.joelonsoftware.com/2000/04/06/things-you-should-...
That is until the Ethereum Core developers were massively affected by the hack and decided on an unprecedented rules rewrite to address the hack. (Which they haven't considered ever since, despite other hacks of the same type.)
EDIT: here's a pretty good write up of why you might think that ETC doesn't follow "Code is Law" either. In short after forking from ETH years ago because they had a stronger conviction that code is law they decided to break compatibility of existing code deployed on the chain to keep in sync with ETH development.
https://that.world/~classic/2020/06/10/deprecate/
It is worth noting that they also have been subject to several 51% attacks [2].
[1] https://investorplace.com/2021/06/ethereum-classic-will-stan...
[2] https://ethereumclassic.org/knowledge/roadmap
[3] https://www.coindesk.com/ethereum-classic-blockchain-subject...
My feelings have now changed and IMO Ethereum will or already has overtaken bitcoin in importance. In general if you want to do "dapp" development you will write for the EVM, although you probably won't deploy on ETH L1 as your first place.
Ethereum has some very serious network effects building up behind it even if your favorite aspect of it was shed during the DAO hack.
I much prefer this interpretation. I think this should be considered ipso facto legitimate use of the contract.
The more frequent these contract "failures" become the more suspicious I am that the authors of the contract themselves are the ones exploiting them.
It's an obvious scam in this frothy market: introduce a contract with an intentional defect and then exploit it yourself.
Again, I am tempted to consider this a legitimate use of the contract.
But that isn't what The DAO was advertising. It was "code is law", which was supposed to remove the element of messy human judgement from things.
Of course, it was a spectacular failure because nobody actually really wants "code is law"... instead all they did was re-invent mob rule and those with the loudest voices decided what to do about the "theft".
IMO Ethereum did something that would be really nice to be able to do in the real world. A chain split, each participant got their resources on each side of the split (except the hacker) and each person got to choose which one to support, or both.
There was no need to bend to the "loudest voices" as to what to do with the theft, but rather to create two parallel chains and let each individual decide.
But the DAO contract specifically said, “we are bound by the results of this state machine, and it takes precedence over any human description of it”, and then wanted take-backsies as soon ask they didn’t like the result.
[0] https://twitter.com/Mudit__Gupta/status/1425115177771405312
So at least for the Ethereum Classic thing, the code was written in the way that just allowed such action and therefore you should not reverse the transaction. Note that the hack was still illegal, that's the fact, so you can (and should) go to the law enforcement to do something with it. But there was no bug in the code of the blockchain itself, it was working exactly as it was supposed to. There was a bug in the smart contract though, but it's not a part of the blockchain, so it's not a violation of principles/nature of blockchain ("code is law") but a 3rd party mistake.
Same here, no principles of the blockchain was broken. So the "code is law" stands. But the transaction is still illicit, and is a hack.
This is what I don’t understand... There is nothing that prevents something 10 times bigger to happen and cause many people to quit crypto en masse leavingg others holding the bag... this is going to embolden other hackers. It’s an awful lot of money!!
> DeFi has survived so many individual hacks and exploits that people are less scared of their assets going to zero as a result.