629 comments

[ 4.4 ms ] story [ 303 ms ] thread
And here's to the crypto skeptics who were saying the number is going down
What does this mean?
This highlights an incentive issue and a paradigm issue in the blockchain space. There is a strong incentive to get new protocols up and running and even though users are technically responsible as they can audit the code, most users, of course, are not qualified to do so, and stand to make more from exploiting any vulnerabilities they find than they are pointing for them out.

The issue of paradigm is just how poorly suited EVM is as a smart contract language. It is too hard to manage the complexity of bytecode with memory managed on chain and in contract code. When small errors have huge consequences and there are no second chances, EVM is and should be pointed out to be one of the worst standards Ethereum has brought to crypto.

When it comes to high stakes programming and especially in a space where new programs are written quickly and often, its almost objectively obvious that functional styles with more guard rails is the better choice. Nothing running on chain needs an infinite loop or many other fancy features one typically expects from a programming language - restrictions and readability in smart contract code are more important to computational chains than seat-belts are to automobiles, but the network effect is slowing the space down.

Edit: Some people have pointed out this was an issue with Solana contracts, which run on Rust - so I was wrong to use this as an example for half of my point, but still believe the point stands. Even Rust IMO is not tied down enough for contract code, but the fact that it can happen on Rust which is loads better then EVM for bug catching I think proves the point a bit more if anything.

I think the exploit took place using Rust contracts on Solana.
> most users, of course, are not qualified to do so, and stand to make more from exploiting any vulnerabilities they find than they are pointing for them out.

The incentives are even worse then that.

Participants who aren't active crooks are actively incentivized to not look for vulnerabilities, because the easiest way to make money in this space, but to sell to a bigger fool. The quality of the underlying 'investment' doesn't matter.

Crypto projects tend to be the best in the entire world about paying out bug bounties. The connection to dollars is really obvious. In the last three months there have million dollar plus bounties paid out.

Here's an article from today about a million dollar bounty paid out:

https://medium.com/immunefi/notional-double-counting-free-co...

Here's another whitehat save in the last two weeks of 480 million dollars:

https://media.dedaub.com/phantom-functions-and-the-billion-d...

Imagine how many other world problems we could have solved of cryptos were not a thing. No scams, rugpulls, or bounties.

All that money could have gone towards world hunger and climate change. Would that have been a better use of it for marginalized people?

(comment deleted)
(comment deleted)
Capital tends to get allocated where it can be the most product for its owner. The alternative to putting it into crypto would not have been to solve world hunger, climate change, or to create a more equitable world.

It’s like saying “think of all the ways we could have made the world better if people didn’t invest in Apple.”

Some things can't be solved with money. (Or rather, it would take infinite money to solve them in a given amount of time, but allow enough time and solving it is free.)
It helps to realize the USD values of the amounts involved are mostly bullshit. Things like NFTs wouldn’t be worth a small fraction of what they supposedly are if people had to buy them with actual USD.
Getting the corrupted governments and their money out of the equation (even if to only to some extent), solves more problems in the long run.

These days are the upfront prices we pay for a much bigger financial revolution that would be good for humanity in the long run.

What percentage you think that speculative wealth would be sitting in hedge funds if crypto was not a thing?
Imagine how many people could be fed if people just stopped buying Starbucks… People have varied motivations but reward for self is a pretty common theme across them.
cue joke about cryptocurrencies being self-funding bug bounties
were they actually paid in dollars, or some crypto that cant be exchanged into that many dollars?
Close enough to dollars, although one project did also give out a bonus of their own tokens on top of the promised reward.

Large projects tend to be pretty good about paying out as promised, and not in weird tokens.

That's partially true in short term pump and dumps, but not for anything long term or with innovation. Investing in practical innovation and holding is still the easiest way to make money in crypto.
Could you name five successful non-crypto products produced by this innovation? Could you name what sort of risk-adjusted returns they have produced?
Most crypto are pump and dumps, but there is also the bizarre practice of a community of bagholders continuing a project after it has already been dumped by the promoters
Not altogether unprecedented though; the suicide cult Heaven's Gate had people stay around to maintain their website, etc. and apparently they still believe the Hale-Bopp comet was some portend of the end of times.
This was on the Solana side of a Solana to Ethereum bridge. The vulnerable code was written in rust, and living on the Solana side. Not an EVM issue or EVM code.
But Rust is memory safe! How can it ever have a bug? /s
I think the trippiest bit of cryptocurrency economics I have ever witnessed is how Ethereum and Ethereum Classic forked after the DAO hack and both chains were still worth considerable market caps. It blew my mind.

What matters is the order book. How many bid/asks are there on it. The contracts and debts outstanding in it. That's all there is. Everything else. Store of value. Whatever. Doesn't matter. Cryptocurrency is people persuading each other to do things in an organized fashion, believing there will be reciprocation at some later date.

I wish we had someone around who really understood currency at a deep level like F.A Hayek to write about crypto economics in a painfully cerebral careful way that avoids all handwaving. There is something very deep going on here that is entirely new or very old and never quite clearly elucidated.

Insightful comment. Do you have some books or resource recommendation to learn more on this topic?
F.A Hayek wrote a book titled "The Denationalization of Money" in the 70s where he predicted that we'd have competing private currencies not tied to any government at some point. Reading Hayek is difficult because he writes in a very intellectually dense style with very long sentences that assume the reader is already familiar with a lot of technical jargon. Here's a more general introduction to some of his ideas on private currencies with footnotes pointing to the source material: https://mises.org/wire/will-cryptos-fulfill-hayeks-vision-pr...
Get rid of 'store of value,' 'decentralization,' 'smart contracts' and all that's left is a ledger. Its really not that complex or special - if that's what fascinates you then you can just as easily approach the topic from the examples of traditional credit or even the history of semi-arbitrary currencies.

If your implication is that the only thing backing crypto currencies is an expectation of reciprocation then you are mistaken. The qualities you want to hand waive away, and most importantly (though often trivialized), is the inability to roll back the chain which is a function of "consensus power." Consensus power simply quantifies the cost of rolling back x blocks. Bitcoin currently has the highest cost to roll back blocks and therefore the most assurance.

You’re saying things that are true but don’t really make sense.

The history of transactions has no importance to the value currency. A dollar that was stolen is just as valuable as any other because they are bearer bonds (like most currencies).

The whole Immutable thing is just translating the concept of a bearer bond to digital space, nothing to do with its intrinsic value.

What is "the value currency" supposed to mean?
> What is "the value currency" supposed to mean?

People are willing to trade their labour and opportunity cost for entries on this ledger.

>Bitcoin currently has the highest cost to roll back blocks and therefore the most assurance.

This is false. Ethereum has higher block rewards (in $) for over a year now. Bitcoin is the second biggest PoW network by mining expenditure.

The "cost to rollback blocks" is a cost in computational power (to run a 51% attack), _not_ the cost of the block rewards
In theory a higher block reward will incentivize and allow for greater computational power to be thrown at it, thereby increasing the cost to attack it.
The only way to measure that is by looking at expense over longer timescales.
https://www.f2pool.com/coins shows Bitcoin on top in daily dollar issuance. Ethereum was on top a few months ago, but not for over a year.
That appears to not include fees.

https://bitinfocharts.com/

Ethereum ($38,451,803.7)

Bitcoin ($34,875,489.84)

Before EIP 1559 fees were much more important. Ethereum has higher rewards since about Q3 2020

edit: even worse, f2pool just multiplies the base reward (2 eth) - ignoring uncle rewards and fees, by the wrong number of blocks (based on 15 sec block time - it's actually 13.2s). Trash calculation.

Thanks for the correction. Is there a site providing historic graphs of daily miner revenue?
"Bitcoin currently has the highest cost to roll back blocks and therefore the most assurance."

Bitcoin was rolled back at the cost of sending out emails several times.

> the only thing backing crypto currencies is an expectation

This is, however, true regardless. The value of cryptocurrencies are measured in USD, and it is expectations of this future valuation that backs up the current price.

The only way to make it more certain than expectations, would be by some sort of government decree.

Is something new really going on here, or is this just standard asset speculation with the word “currency” incorrectly applied to it?

I mean, nearly nothing is priced in units of crypto and almost no GDP transactions pass through it…

> persuading each other to do things in an organized fashion, believing there will be reciprocation at some later date.

Sounds like it has parallels to society in general. It is just that society with it’s deeds, titles, government issued promises to pay etc. has been around for a very long time, so has proven itself. But it is all based on faith.

For example borrow 1M tokens in exchange for a piece if paper that says you own some land, with confidence that you can earn more tokens (or get someone to rent the land for tokens) and that the legal system will give you continued access to that land and so on.

Well - faith, taxes, guns, and a monopoly on legal violence.
You can live on land or work land to create wealth. Trading crypto tokens does not create wealth, it's simply shifting around bits.
> What matters is the order book. How many bid/asks are there on it. The contracts and debts outstanding in it. That's all there is. Everything else. Store of value. Whatever. Doesn't matter. Cryptocurrency is people persuading each other to do things in an organized fashion, believing there will be reciprocation at some later date.

you just described options trading

I was actually disgusted by the fork - it was a 'the emperor wears no clothes' moment: Instead of standing by the proposed system, the stakeholders instead chose to change the rules. This can happen again any time for whatever reason.
Happened to Bitcoin as well, the moment was the big block debate and UASF - the narrative from Bitcoin Core developers for years had been "miners hashrate 1 CPU 1 vote" (this is how they drove BitcoinNG out, the client by Andersen the person Satoshi left maintainership to). Then over a day decided to flip "well fuck the miners it is the users running node software which can activate a fork". No clothes.
I was amazed that in the DAO hack everybody made money, even the victims! You ended up with coins on both chains, more value then you started with.
The amount of ETH doubled immediately. That doesn't mean everyone made more money. It's more like a stock split.

It also shows that the number of tokens isn't limited. It can immediately be doubled with a fork, infinitely.

exploit on Solana side, minted wrap ether and moved that over the bridge.

only the solana side was partially uncollateralized

fascinating hack actually

Did the cavemen finally rewind all of history to finally rediscover while we organized around justice, legislation and law enforcement or we're still waiting for a few more fortunes lost ?
Pretty much all recent bugs are logic errors which have nothing to do with the language. The actual bugs are often things like typos that use > instead of >=, lagging price oracles or using oracles that can be manipulated. You asserted that loops are 'insecure' but in reality dumb restrictions only force people to invent complex workarounds to obtain the same functionality, making everything less secure, not more. The absolute disaster of trying to make dexes work on Cardano is the best recent example. Their 'safe' utxo design is so limiting dexes like Sundae had to implement a trust-based sidechain just to be able to trade tokens, and it barely works.

After years of iteration, Solidity is now the safest smart contract language in existence. All common pitfalls are either well known or have been fixed. There are code analyzers. The problem with EVM isn't security, but the fact its word is 32 byte long which limits computational performance - but not that much really.

What about the DAML smart contract language? It's currently being used to digitalise the world's largest stock exchange (Hong Kong) and the Australian Securities exchange
There's clearly plenty of money to be made in crypto if you're clever.
The entire ecosystem is one big bug bounty.
I'd say this whole ecosystem is the strongest proof we have so far that the secp256k1 curve is not backdoored. At least there's that.
Over time it will become extremely robust
Any financial ecosystem is a bug bounty.

Banks are bug bounties.

Stock market is a bug bounty.

...

Is the implication of your comment that the solution is for everyone to just stop committing crimes? I'm not sure how realistic that is.
Maybe. You can just walk into a bank and claim you are robbing them, and walk out with money, because tellers are trained not to refuse. Is that a security loophole? Probably not, because you can easily be tracked and caught.

Similar with the stock market. If you find a "bug" it's likely that the SEC will want to have a chat with you.

crime pays. who knew. someone would have to work 500-1000 years at google to make what this person did instantly
So - you have an open-source smart contract with code that allows you to do “X”. You go ahead and do “X”. Not sure if hack is the best word here. Exploit, maybe?

Interested to see one of these cases going to court.

(IANAL) Don't contracts have intent of the contract and in some courts the interpretation of the contract is as important as the contract itself. What was meant versus what it literally says so to speak?
Where is the intent other than in the contract?
Github comments, tweets saying you didn't mean to get hacked like that.

Contracts also need things like consideration and not being "against public policy".

I guess we’re just waiting for a court case to test this. Smart contract code as an exhibit for the defense, and GitHub comments as an exhibit for the plaintiffs.

We need a smart court to handle it.

Yes, but a "smart contract" is not a (legal) contract: it's just a fancy name for "a software program that runs on a blockchain".

Thus, "smart contracts" behave like software programs (what happens is what is actually written in the "smart contract", not the intent that programmer had when he wrote it, nor the expectation of the user when he interacts with it), and not like legal contracts (where intents and expectations come into play, and courts can be involved for arbitration).

Besides, which exact court would have jurisdiction over a smart contract exploit that happens in Ethereum, for example? A court in the country of the person deploying the contract? A court in the country of the person that interacted with the contract and lost their assets? A court in the country of the (unknown) exploiter? A court in the country of the blockchain developers?

(comment deleted)
Code is lol
I would love to become a crypto dev for these people.

Me: Hey boss the code is to spec ready to deploy? Just need my payment in USD.

Crypto Entrepreneur: Yes, here is your 50k, I will now turn my 100k into 5M, with my smart contract.

Me: actually it looks like your money is gone. They used feature X that you requested in a way that you didn't expect.

It's not even clear that "exploit" applies, since exploitable behavior usually exists somewhere in the undefined weird machine[1] of triggerable but not intended program state. But Code is Law in cryptocurrency land, and it's not clear what "intent" means when philosophically the code and not a human has the final say.

[1]: https://en.wikipedia.org/wiki/Weird_machine

you know what you're right. now that I think about it nothing in computing can ever be considered a hack, because computers are merely following the (poorly construed) instructions given to them. your post meaningfully adds to this discussion

furthermore courts all operate on phoenix right "gotcha!" rules where one slight mistep in a business contract means the other party can go Scott free off the hook, and not have to worry at all about reasonable intentions or fairness

If only banks could say they are sorry that they lost your money cause they accidentally left the vault open for their friends to come raid it.
No, what banks do is take most of the money you deposited and make high risk investments with it. Then when the unthinkable happens, and that 0.001% chance that their models said could happen happens, they turn to the government (which means taxes and debt for you) to bail them out.

Neither scenario is good.

Banks are required to maintain capital reserves (distinct from the federal reserve rate) sufficient to weather most financial upsets. And the fact that the federal reserve moves to compensate customers in the (extremely rare) case of bank insolvency is an incredibly good thing, probably among the single greatest stabilizing factor in consumer banking in the US.
It's not actually the fed who does it. It's the FDIC, which is a different entity. The FDIC's money comes from... banks. Technically the FDIC is backed by the US Government and has a credit line with the US Treasury, but they seem to get along fine with the money they collect from banks.
I had always thought that the FDIC was a division of the Fed! Thanks for the correction.
Yes, that's what they're supposed to do. Each of the individual bailouts in that list tells a pretty interesting story: in each case, the FDIC only had to pay out a small fraction of the bank's total assets, indicating that the reserve system functioned as intended.

WaMu, the biggest on the list, didn't require a single cent from the FDIC fund! But again, it would be okay if it did, because that's what it's there for.

Or, if you're in China the government just prints a bunch of electronic money, gives it to the banks to recapitalize them, and shoots any bankers who didn't follow proper lending guidelines.
The last time the US government got involved in bank bailouts (TARP), the government made a profit of something like $15 bill or so...
Yeah, at least the stablecoins are putting the money into safe things like Chinese commercial paper
If the bank loses your money in a bad transfer it can simply be reversed, which is the largest difference from crypto where you can easily send it nowhere.
Wish that were the case. When my CC was stolen I immediately reported the fraud to the bank (it was under 24 hours after the theft/skimming that I noticed the charge). The fraudster replied to the bank with a fake invoice showing my name, address, payment, and a UPS tracking number which went to my city (UPS will not tell 3rd parties what actual address a tracking number goes to, so they refused to tell the bank it wasn't actually to me). The e-mail address they said I used? It was something like Arrrrrrrrr343434@yahoo.com -- Literally they were taunting that they were a pirate. I imagined this process with bogus invoices from a fraudster would only delay things long enough for the fraudster to cash out, but that I would eventually be refunded, but oh how I was wrong.

I went through the formal process of reversing the charge, and was laughed at over the phone, and made to feel like I was defrauding the bank. The bank was openly hostile to me for suggesting someone had committed fraud with my account. (The item in question? Some religious dolls and expensive perfumes. I am an atheist man with no use for either.) They even had a formal panel where like a dozen people examined the facts. I got a letter from the bank telling me to go fuck myself and that my claims were false. I appealed and they sent me another letter to go fuck myself. Not long after that, the bank rebilled me for the money, closed my checking account, and then showed me another letter from e-Bay where some officer there meticulously, over something like 10 pages, documented that _I_ was the fraud and the fraudster was the real.

This has never happened to me with crypto, because a fraudster can't intercept my private key just by intercepting a transaction. My personal experience with banks is if you're a victim of fraud you'll get a lot of judgement from the bank, they may or may not accuse you yourself of fraud, and in the end they do anything to avoid reverting the charge. If you're lucky they'll just send you a letter telling you to fuck yourself and if you aren't lucky they may refer you to the police to be charged.

Hopefully you sued your bank cause that is one benefit of banks is that in the event of a loss it is also much easier to sue those involved than someone difficult to find.
Maybe someday. It happened a week before a cross country move. I could have filed in small claims court, flown back and gotten a hotel, and maybe broken even.

Frankly after the piles of paperwork I saw from both the bank and e-bay essentially claiming I myself was the fraud, I felt like it was a losing battle and that their lawyers and legal teams were going to drown me with paperwork. I'm shocked the lengths they went to over $500. If it had been 4x as much money I certainly would have sued.

I'm just kind of meh on the banking system reversibility. The most common frauds I've seen in my friend circle are a few hundred dollars. When the bank can make you wait half a day on the phone just to dispute the charge and then over a month to go through the claim process, while fighting you tooth and nail every step and then suing is maybe break even if you win and lose hundreds if you lose. It starts to look like crypto is a real win in some areas. Being able to sue means little if it's a net loss.

It sounds like your damages could have been much higher, and I'd imagine there are some other laws that they probably broke that may include statutory and possibly punitive damages. If it is a national bank, then they probably have offices where you live now and you can still sue there.
Your experience depends on the bank issuing CC, there are good and bad ones. The cheaper / no annual fees ones also generally have poorest service, the best experience I have had is with AMEX. Even without any actual thefts I have had rollbacks go through smoothly no questions asked, the onus is on seller to prove service was rendered.

Crypto world has little recourse for any sort of fraud, people rarely keep money on their own wallet, it is usually a wallet managed by the exchange which are vulnerable to technical hacks, frauds and scams and are just as bad or worse than a bank when it comes to service. Even if you keep your money in your own cold private wallet, the private key can be easily lost, so many stories about millions of dollars in BTC locked forever with private keys misplaced.

> the onus is on seller to prove service was rendered.

The issue I have seen is the fraudsters set up their own e-bay store (they set up a second account with a fake you as the customer), and then e-bay is very agressive about defending any charge backs. Even when e-bay knows a store is a fraud, they will agressively defend any charge backs to that store, even when they themselves have shut that store down for fraud. You're not just defending yourself against fraudster, you're defending yourself against an extremely powerful corporation with experts that have boilerplates that drown the bank in 'proof' that the service is rendered.

E-bay has officers who generate a lot of paperwork that exactly walks them through the legal requirements they need to stall and fend off chargebacks from the bank and in practice the bank doesn't have the patience to overcome this. The fraudsters seem to have evolved to either provide the compliance officers the exact information they're looking for, or formed some weird symbiotic relationship where it's easier for them just to go along with the fraudsters than fight it. You'll be shocked at how convincing they are in 'proving' the service was rendered. After 24+ hour on the phone with a bank, months of formal processes and claims/appeals, and continual mocking by the bank you'd be surprised at just how much money they will invest in making it unprofitable for you to get your charge reversed. Hell just _initiating_ the chargeback took me half a working day -- how many people can spare that ? I only did because I had the day off to move.

In short, e-bay has evolved a legal team and process with extensive and expert experience in absolutely steamrolling chargebacks and they use the full force and power of a massive well of knowledge, human labor, and funding they have in this area to crush you, with little regard for the veracity of your purchase.

> people rarely keep money on their own wallet

Well I do

>the private key can be easily lost

It's actually not that hard to memorize a cold storage seed, and you definitely won't forget it if you have money on that account. Hard to lose that and impossible to steal.

But sure it's true, crypto is fraught with fraud and misplaced keys, as well as DeFi hacks and all sorts of other issues.

> “ETH will be added over the next hours to ensure wETH is backed 1:1,” the protocol wrote.

Where would the ETH come from?

Giant investors, who have put a huge amount of money into the Solana blockchain, or into the company behind the Wormhole bridge. It's also likely that these same companies/individuals were the same ones that took most of the loss anyway, so they may mostly be paying back themselves, while at the same time keeping up the value of their investments the projects.
From the looks of it, they've closed up shop and left. Their website is just a massive banner pointing to their twitter [1].

If this is temporary, than this is extremely shady behaviour for an organization handling "millions" of crypto tokens.

[1] https://portalbridge.com/

Even if they left for Cuba - it's the famous "bank the unbanked" principle in action. They will be distributing the cash among the poor! Strong fundamentals! Legit team! Bright future!
That's a very good question. Where do they get a quarter of a billion dollars on short notice? Do they have that much of their own capital? Or are they taking this out of some other fund that nominally belongs to others?
It came from ETH owned by the bridge, essentially in a kind of escrow. That ETH is supposed to represent the tokens called "wrapped ETH" circulating on the Solana chain, in turn having been previously transferred from Ethereum through the bridge. The attack consisted of magic-ing some wrapped ETH out of thin air, then using them to release the escrowed ETH to the attacker on Ethereum.
Doesn't that mean they now have less backing than they did before?
> It came from ETH owned by the bridge, essentially in a kind of escrow.

This thread is about where the now-stolen ETH will come from (to restore 1:1 backing of wETH to ETH). Not where the stolen ETH originally came from.

Excerpt explaining the exploit:

"Preliminary analysis from CertiK shows that the attacker exploited a vulnerability on the solana side of the Wormhole bridge to create 120,000 so-called “wrapped” ethereum tokens for themselves. (Wrapped etherum tokens are pegged to the value of the original coin but are interoperable with other blockchains.) It appears that they then used these tokens to claim ethereum that was held on the ethereum side of the bridge.

Prior to the exploit, the bridge held a 1:1 ratio of ethereum to wrapped ethereum on the solana blockchain, “acting essentially as an escrow service,” according to CertiK.

“This exploit breaks the 1:1 peg, as there is now at least 93,750 less ETH held as collateral,” continued the report."

The actual exploit (simplified for brevity):

    if (validSignature == signatureFromGuardian)
        approve()

If you send an invalid signature from a non-guardian, the condition also resolves to true..
It’s more than this no? I think the attacker substituted their own ECDSA verify function contract because the load call didn’t check it was the system verifier?
Seems like it accepted a point to the verification function from the thing it was supposed to be verifying?
Isn't it in line with what the parent comment said? (Though in a simpler manner)
(comment deleted)
(comment deleted)
That's simply wrong. Stop copying random stuff from Twitter.

Several others here have explained how the attack actually happened.

(comment deleted)
The actual exploit (simplified for brevity):

    if (validSignature == signatureFromGuardian)
        approve()
If you send an invalid signature from a non-guardian, the condition also resolves to true.
Maybe I'm having a dumb day here but I'm not following... is the code block there the intended behavior or the exploit? In the case you mention, both conditions are false...
Apologies, == instead of &&.

false == false

Can you link to the code. This seems bizarre to me that someone would write it this way.
(comment deleted)
Microbugs always look like that. Weird stuff pops out of our brains when transcribing ideas about rules into logic. The overwhelming majority of such thinkos are clearly wrong and don't work, or often even build. And sometimes you get bugs that take a while to find because the case where it would fail is an untested edge case.

And then, once in a while, one of those edge cases...

The longer it takes to find the cause of a bug, the more likely the bug is a thinko.
(comment deleted)
(comment deleted)
> If you send an invalid signature from a non-guardian, the condition also resolves to true.

Huh? That resolves to false && false, which equals false.

I think dannyw meant something like this:

  # This function is defined by the system
  def validSignature(sig):
    return false

  # This function is defined by the system
  def isSignaturefromGuardian(sig):
    if sig.validator == "guardian":
      return true
    return false

  # A bug in the system compared both return values
  if validSignature(tx.sig) == signatureFromGuardian(tx.sig):
    approve()
```
I looked at your post, then at these Twitter threads recommended in the other comments https://news.ycombinator.com/item?id=30187898

I think "something about not checking signatures right" is about as deep as I'm going to understand this.

There is a parameter passed in as part of a function call that basically says “here’s where you can find the function to validate the signature”. The attacker was able to point that to a function they wrote instead of using the real one, so the function returned saying “yep, that’s a valid signature” when it wasn’t.
I understand the first part, "There is a parameter passed in as part of a function call that basically says “here’s where you can find the function to validate the signature", but I'm having trouble understanding the second part, "The attacker was able to point that to a function they wrote instead of using the real one". In other words I (relatively) understand the 'what', but I don't understand how was the attacker able to do the redirect?
Something something system addresses.
Wait.. are you saying that the conditional was actually:

    if (isSignatureValid == isSignatureFromGuardian)
As variable names, “validSignature” and “signatureFromGuardian” sound like they’re storing the literal signature values, but from your description these are actually holding boolean results _describing_ the signatures, and not the signatures themselves?

Geez, if you name variables that it’d be amazingly easy to make a mistakes like what you describe, and then just read straight over them when you’re reviewing the code.

Best description of the hack I have found yet. The hack is on the solana side not the ethereum side of the bridge https://twitter.com/kelvinfichter/status/1489041221947375616

*edit: another good thread https://twitter.com/samczsun/status/1489044939732406275

(comment deleted)
Every one of these attacks reads more like a chemical process than a hack. “First, synthesize o2 by borrowing an oxygen molecule…”
Exploit is a more apt description than hack.
From the first thread:

> A commit was made ~9 hours ago replacing usage of load_instruction_at with load_instruction_at_checked, which actually confirms that the program being executed is the system program. It's interesting that this commit was made ~9 hours ago and the exploit happened a few hours after that. Possible that an attacker was keeping an eye on the repository and looking out for suspicious commits. Could be that the Wormhole team spotted the bug, patched it, but the attacker got to it before the patch could be rolled out. Super important to keep these sort of patches lowkey and to try to stuff them into larger commits.

> It looks like maybe Wormhole tried to do this by including the change in a much larger and unassuming commit called "Update Solana to 1.9.4". Not sure exactly what happened here, but a clear lesson to try to deploy before making any patch details public, if you can afford to do that. Of course this ends up being at odds with Web3 ideals, so not always clear how to best handle these sort of things.

One thing that would be healthy for the larger ecosystem would be for chains to build in regular "maintenance windows" where trades are halted by contract, at which time sensitive security patches can be rolled out to the codebase and then to the network by the maintaining team. Of course, this requires a lot of foresight. But the alternative is something like this.

Also - why would you ever set up a system where the majority of its assets can be drained by a single transaction, whether legitimate or not? Just because it's not centralized doesn't mean every transaction is made equal; one could require timeout periods for transactions above a certain amount, or any size of transactions could trigger a halt once a certain amount has been bled in aggregate, that requires supermajority consensus to "unlock" the chain. That this wasn't built in, in an ecosystem where hacking is rampant, by a team focused on creating a cross-chain transmission utility, is surprising, to say the least.

There are far, far worse things than a halt on trading. There are many domains where unsupervised 100% uptime on systems with access to a substantial portion of an organization's assets is ideal; finance, whether centralized or decentralized, is rarely one of them.

This is why multi day settlement is a feature not a bug. For big money it really does not need to be instantaneous.
Which is funny because you always hear how fast crypto transactions are. What everybody seems to leave out is that fully settling on the blockchain is slow and costly.
> What everybody seems to leave out is that fully settling on the blockchain is slow and costly.

What do you mean?

I assume they mean that the major cryptocurrencies have fees to clear transactions, and the more you pay the faster they clear.

At the moment the transfer fee for Bitcoin/Eth is about $1.80/$4, so if you are buying a $5 coffee it’s not really cost effective to do that on chain.

The main issue that drives up cost is that Bitcoin has a scalability problem for transactions, particularly as the market cap/difficulty has gone up.

This is why the lightning network was introduced - although that comes with its own drawbacks compared to “pure” crypto.

So if transferring cryptocurrency isn’t free, then how is it ever going to replace cash, theoretically? Right now I can buy a coffee for cash and the exchange of currency is free if I hand over the bills right then and there. I guess the alternative would be to actually transact on the exchange instead of the blockchain? But then we’re just back to centralized banking?

What’s the ideal scenario here? Transactions on chain eventually become free and then we truly have a useful distributed currency?

The exchange of cash in your coffee example is definitely not free. Vendors spend a lot of money in cash management. Compliance costs, loss prevention, storage & movement etc. They price that in to the $5.

But frankly that’s besides the point. There are very few physical transactions in the “cash” world. Crypto can become very successful and never touch those transactions if it can work to standardize & disintermediate the electronic movement of money it could be a massive change.

I don’t know if that will happen and it’s not a goal of the crypto diehards I’ve met, but that’s a path to success that allows for fees along the way.

> The exchange of cash in your coffee example is definitely not free. Vendors spend a lot of money in cash management. Compliance costs, loss prevention, storage & movement etc. They price that in to the $5.

Fair point. But there are still many more informal cash transactions that don't have that issue, but maybe that's not what cryptocurrency will solve. That's fair.

> But frankly that’s besides the point. There are very few physical transactions in the “cash” world. Crypto can become very successful and never touch those transactions if it can work to standardize & disintermediate the electronic movement of money it could be a massive change.

Definitely agree traditional electronic money transfer today has many issues. But I don't yet understand why cryptocurrency is the necessary solution. Sure it's a solution, but surely it's possible to fix the issues without cryptocurrency.

I think I understand the core principle and appeal of crytpocurrency as a decentralized currency, underground currency among those wishing to avoid traditional financial institutions. But everywhere I look I see cryptocurrency turning into traditional banking and I don't really understand the overall benefit. It seems the few benefits it does have over traditional banking (speed, ease of transfer, univeral currency) are outweighed by the drawbacks (power hungry, surprisingly insecure, easy to simply lose everything you have with no recourse).

> fully settling on the blockchain is slow and costly.

That depends on which blockchain you're fully settling on. There's more than one, Ethereum != "the blockchain".

Fundamentally, the more popular the chain, the more expensive transactions are going to be.
Not if the chain can scale -- ie not "fast finality" but being able to throw more resources at the problem as adoption increases (unlike Bitcoin, Ethereum and most single-chain POS systems however). Gas' true function is to stop griefing, the fact that it sends tx costs through the roof is because immature tech.
How can they ever solve the fundamental problem of slow worldwide, globalized, decentralized consensus?

Have I missed some Turing Award discoveries while I was away?

> the fundamental problem of slow worldwide, globalized, decentralized consensus?

That's not necessarily a problem. Slow is ok if it's highly secure, reliable, and inexpensive relative to the amounts being moved or compared to other alternatives.

Blockchain settlement is far too slow for small payments and far too fast for very large payments.
As long as all transfers are final it has achieved the intended goal - no chance getting your money back at all!
Unless you're omniscient owner of said chain who just been robbed. Then decentrzlization wont stop you from reverting said event.
For sufficiently large transfers, there’s the good old “I’ll track you down and break your kneecaps”. Which often results in most, but not all, of the funds returned.
Fast and cheap on solana, slow and expensive on ethereum. Not all blockchains are directly comparable.
> you always hear how fast crypto transactions are

Where do you hear that? One of the big criticisms of the biggest cryptocurrencies as currencies is that transactions are glacially slow for most practical uses (small transactions). Improving on that seems to be the main selling point of Solana.

At this point I'm convinced Satoshi Nakamoto was actually a public administration professor trying to teach kids why financial institutions have the rules in place that they do

given enough time the entire crypto space will have reinvented every regulation they tried to get rid of and understood why they existed in the first place

Chesterton's fence writ large
I wasn't aware of the name of this. But often during code review have asked why some code is being removed, and asked the developer why that code was there in the first place.

Some googling found this article on the origin of the phrase "Chesterton's fence".

https://fs.blog/chestertons-fence/

> given enough time the entire crypto space will have reinvented every regulation they tried to get rid of and understood why they existed in the first place

And the hilarious thing is that they see the absence of this regulation as a feature and don't even recognize just to what extent they are reinventing the wheel.

My favorite example is kleros.io, a "decentralized arbitration service". There's an app "Kleros Court". Can't wait for the "Kleros Supreme Court" version, for appeal processes and such.

> given enough time the entire crypto space will have reinvented every regulation they tried to get rid of and understood why they existed in the first place

Just like modern-day web development!

> given enough time the entire crypto space will have reinvented every regulation they tried to get rid of and understood why they existed in the first place

Right, but they have to get through the robber baron and feudalism phases first.

Yeah but the regulations would be opt-in, for people who want a safe avenue. Anyone else will still be able to interact with the underlying permissionless blockchain network.
Have you heard of social engineering?

"Hey, grandma, run this command and press enter and I'll send you the Fountain of Youth™ creme tomorrow."

That works with the current banking system as well. That's what made the Nigerian scams so successful.
Yup, but the current system is not a decentralized, immutable database.

At least you kind-of-sort-of have a chance at reverting a transaction.

Heck, my bank completely blocks my transactions over a certain limit (I need to ask for temporary limit increases through a separate process) and frequently delays transactions larger than another limit and they call me to verify that I want to do them.

Sure, blockchains could do the same, through intermediaries, but then... they've reinvented banks.

But this time they get to be the ones who make money off the regulations. Modern crypto is about becoming the new banks, not getting rid of the concept of banks and such.
There are applications that would really not perform well under a whole chain gets locked situation, e.g. anything that requires collateral ratios, things protected by timelocks, bridges.

You can build in things that limit velocity of transactions, send limits etc in the smart contract it's self, no need for it to be at the chain layer, it's just that many of the largest protocols haven't done that (also you either enable some form of DoS or you are vulnerable to sybil attacks)

They're not talking about locking the whole chain. They're saying individual contracts should fail to execute at certain times.
Easily programmable if someone wants to add that!
> Could be that the Wormhole team spotted the bug, patched it, but the attacker got to it before the patch could be rolled out.

It's a dark forest. Many predators who are smarter, faster and better connected than you are silently watching, ready to exploit your mistakes and ignorance for their profit.

Dark Forest -> https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-forest

Ugh this is the coooolest thing ever to see the ideas in that book come to life.
Huh? Why didn’t he use flashbots to avoid the mempool???

https://docs.flashbots.net/

His super-devs may not be so clued up after all

He didn't need to since the actual attack happened on Solanas side. The Ethereum transaction was completely legit.
No - I’m referring to the comment above regarding some LP tokens…
was flashbots a thing back in aug-2020? i think they only launched a few months later.
(comment deleted)
Flashbots wasn't around when this was written. It's relatively new.
> Also - why would you ever set up a system where the majority of its assets can be drained by a single transaction, whether legitimate or not? Just because it's not centralized doesn't mean every transaction is made equal; one could require timeout periods for transactions above a certain amount, or any size of transactions could trigger a halt once a certain amount has been bled in aggregate, that requires supermajority consensus to "unlock" the chain. That this wasn't built in, in an ecosystem where hacking is rampant, by a team focused on creating a cross-chain transmission utility, is surprising, to say the least.

Easier said than done. This is obviously vulnerable to sybil attack- the attacker just make a lot of different transactions. You could build in a circuit breaker that would slow down transactions to only allow a certain rate of increase in total dollar volume going through the bridge. Hopefully this would slow the attacker down enough.

Now you're basically trying to devise a heuristic of what every single attack might look like in terms of transaction volume increase. If you're wrong, the bridge will freeze right when a lot of people want to use it. Plus, you also need to build a price oracle now.

All of this is possible, but maybe it's better to spend that effort on just making sure the code is secure in the first place.

Where did you learn this skill/field? Would love to learn up on it and get my hands dirty.
Sybil attacks are common problems in many blockchain related problems. Especially for governance and “sources of truth” such as price oracles. Just google it.
I'm not trying to be mean here, but this is your chance to learn now so I say seize it if you find the passion! It might be daunting because the parent commenter is referencing several vast and technical fields, but it's very doable and my preferred way of learning is to start with what is immediately in front of me so I can gain somewhat of an understanding and then dig in every time I don't understand something again (depth first search).

The parent commenter is referencing several fields:

> Sybil attack: https://www.sciencedirect.com/topics/computer-science/sybil-....

This is a type of peer-to-peer strategic attack. So you could postulate that this broadly falls under the category of "common p2p network attacks and vulnerabilities". Google that!

> Circuit breaker: https://en.wikipedia.org/wiki/Circuit_breaker_design_pattern

This is a type of software pattern for making sure a signal (usually bad) doesn't keep recurring and its blast radius is contained.

> Now you're basically trying to devise a heuristic of what every single attack might look like in terms of transaction volume increase. If you're wrong, the bridge will freeze right when a lot of people want to use it. Plus, you also need to build a price oracle now.

This is blockchain specific, but you can definitely deep dive into how blockchains work to get to a point where you understand the concept of a "bridge", "price oracle", etc.

All this said, some people are more breadth-first-search learners, so, if you find yourself in a situation where this is overwhelming but you still want to know, you can always start teaching yourself fundamentals that lead to these areas. I'm roughly breaking down the stack for you here:

First stack: * intro to programming (and getting deep into programming in general) * understanding the basics of an CRUD database app (client-server systems) * understanding multiple services (microservices and systems architecture) * distributed systems (consensus algos, time drift + vector clocks, etc.) * specialization in understanding the blockchain data structure * specialization in understanding p2p systems and their faults

> This is blockchain specific, but you can definitely deep dive into how blockchains work to get to a point where you understand the concept of a "bridge", "price oracle", etc.

Circuit breakers based on price/volume/volatility is standard finance tech.

Win/lose/draw on blockchain long-term, in between the generally scamminess some of us are trying to figure out if we can create lasting utility/value in the space. Honest answer: we don’t know!

With that said smart-contract programming is (at least for now) an in-demand skill set.

The company I work for is interested in developing that skill set because such people are in short supply. A background in conventional distributed systems is very helpful, but anyone with a solid grounding in CS fundamentals can pick it up. It’s a different execution cost model and it’s an adversarial environment, so one needs to keep their wits about them, but it’s learnable like anything.

If you want to know more: ben@rocinanteresearch.net

* CryptoZombies is a good entry to Solidity that is pretty gamified and enjoyable.

* The solidity docs are very good - dry and daunting but not too bad to get through.

* Ethernaut has some great CTFs you can play with.

Read the Polkdadot Wiki at https://wiki.polkadot.network/. It explains most of the concepts involved in blockchain.

Also some other books: Mastering Bitcoin Mastering Eth The Sovereign individual

Then i would read the first 10 chapters of the rust book, then dive into substrate.

You don’t need to worry about throttling dollar volume. Instead, you can just use a system like Optimistic Rollups use - build your system so withdrawals are delayed to give others time to submit fraud proofs. A successful fraud proof submission gives you a bounty and stops an invalid withdraw.
Yea, again, very complex and experimental technology. Now the entire blockchain you are bridging to needs to be written in an experimental VM technology which is being developed real time by dudes on twitter. And this Solana hack was a VM issue on Solana. That vm issue would presumably be present in whatever was running the fraud proofs on the other side. Rollups are only useful if the scenario you are worried about is a 51% attack
> Now you're basically trying to devise a heuristic of what every single attack might look like in terms of transaction volume increase.

Is that really that hard though? It does require a price oracle but otherwise it's a pretty easy limit to set.

> If you're wrong, the bridge will freeze right when a lot of people want to use it.

I mean, this stuff should be staying in beta a LOT longer than it is, and in a nice long beta you could be increasing limits gradually.

> why would you ever set up a system where the majority of its assets can be drained by a single transaction

Because, as always, if you were competent, you would not be working on cryptocurrencies.

Why not? Porn drove much of the storage technology and video codec technology forward we use today. Electronic trading drives much of the networking technology the world runs on today. As much as it is mostly scamming and haxx, there is some genuinely interesting computer science research happening around Byzantine fault tolerance and distributed systems in the blockchain space. Just because you don’t like it doesn’t mean it isn’t legitimately moving the needle forward in tech we will all use eventually.
> Super important to keep these sort of patches lowkey and to try to stuff them into larger commits

That's a bananas philosophy

Whether it is bananas or not, it's the same principle Microsoft uses for patch Tuesday (ie slow down patch analysis by bundling everything into a big monthly release)
For those not following the space, solana has a smart contract language (a DSL in rust) that is new. Ethereum's primary smart contract language is solidity which has iterated many times & has linters and auditors that have learned their lessons through plenty of bugs in the past. (e.g. the DAO hack that split ETH into Ethereum and Ethereum classic) was a bug of the type "re-entry", it still crops up.

The new language & platform will likely need to learn the classes of bugs that can crop up through a similarly painful process, although this one was using something that was unknown to be unsafe :shrug:

> smart contract

They need a new name for these things that better communicates the risk level. Right now calling these "smart contracts" is like calling dynamite a "lovely candle". There's nothing smart about something that lets you screw up this badly.

If they didn’t formally verify the smart contract in a way that covers all edge cases including known “exploits” they kinda deserve to have their ethereum transferred to its new holder. Code is law.
> If they didn’t formally verify the smart contract in a way that covers all edge cases including known “exploits” they kinda deserve to have their ethereum transferred to its new holder. Code is law.

It boggles my mind that anyone would want to participate in anything like that, let alone believe it's the future of anything. It's like volunteering to live in a hole in the middle of a WWI no-mans-land, when there are nice homes available in town where you don't have to worry about being killed all the time. It's one thing to be forced to live in a dark forest, it's quite another to choose to live in one (as anything other than the apex predator).

You're forgetting that the biggest community on cryptocurrencies are ancaps thinking they are the apex predators.
"formally verify the contract" it would help if Solidity was as well though out as Ada, and not something more like JS.

I'd even argue that imperative programming is the wrong paradigm for such smart contracts.

Apparently not, as the hard fork into Ethereum and Eth. Classic proves. Once every big stakeholder decides the game isn't in their favor anymore, they change the rules.
>> in a way that covers all edge cases

That is simply not possible. No-one can think of all edge cases.

It takes an extreme level of hubris to ever think your code covers all edge cases and potential exploits.
You can crash a plane with C++ (Boeing did this a few years ago)
> using something that was unknown to be unsafe

As a security researcher, I absolutely assure you, the pattern of "checking signatures by checking that the last instruction executed was, in fact, a correct signature check over the right data with the right results" sets off ALL my alarm bells. This is so backwards I don't even know what to say. Just reading through the linked code I'm getting "this might be exploitable" feelings, and not just the aforementioned bug, other parts of it too.

I can't believe others trust these people with their money. They have no idea what they're doing. They're building a ridiculously overcomplicated system layered upon layers of systems where any single mistake can cost them all the funds with no recourse, and aren't even doing it in ways that make sense. It's insane.

I'm interested in learning more about this- do you have any recommended resources for getting started?
I don't have any specific pointers handy, but it might be a good idea to look through historical security vulnerabilities in widely-used protocols like TLS (and x.509 certificates). The cryptography/security community has slowly understood over the past couple of decades that complexity is the enemy of security, and it is much better to build stupid simple systems that you can validate (and ideally prove are secure) over complex systems which are almost certain to contain exploitable corner cases.

This also ties in with general security hygiene and understanding; you need to know what is trusted, what is untrusted, and how to make them interact. Ideally you don't validate untrusted data; instead you build your system so that is not necessary. Every validation that needs to be performed is one more place where something can go wrong. If you need to validate a signature, you go and validate it; you don't ask the user to do it and then validate that they really did it properly and the validation happened. That's what happened here, as far as I can tell. The extra, avoidable validation went wrong.

That's great, it seems it's trivial for you to make a better one and help a lot of people.
It can be trivial to see an unfixable problem.
Yeah I hadn't looked into Solana's contract language much and this sounded like a nightmare. Another good one is that Cardano follows a UTXO model for everything, including contracts. So the address of a contract changes every time someone interacts with it
How can you communicate with a contract if its address changes every time? Don't you need a stable address?
It's not just that Solana is fairly new; the entire way the chain works is “torment the programmer on behalf of chain speed”, and if one of those decisions causes trouble down the line, instead of taking a step back and going with the simple and elegant approach, they choose an ad-hoc patch that causes more trouble down the line.

One example of this is rent. You can store data in accounts. But if the balance of the account is lower than some amount (that depends on the size of the data), the entire account might disappear. Depending on the amount it might disappear immediately and you would find out, but if it is just below the threshold, the account could survive for years. So in any kind of transfer that involves an account that holds data, you need to be careful to check that its balance does not drop under the threshold. If you forget to check in just one place, your state may disappear.

Another example: program calls take a list of accounts. You need to manually serialize and deserialize your data into accounts. It's like writing a program in C where every function can only take an array of void* as arguments, and it is up to the caller to cast (serialize) all arguments to void* and pass them in the right order, and up to the callee to unpack the array again, cast back the pointers, and check that they are valid before dereferencing ... That's fine for a low-level target if a compiler could generate the tricky code for you. But on Solana it's your responsibility to do it manually, in Rust. Much of Rust's safety is useless here. (There exist eDSLs that alleviate much of this, but if you don't understand the underlying model, it is still easy to make a fatal mistake.)

Wow! This was the most surprising to me in the thread:

> It's interesting that this commit was made ~9 hours ago and the exploit happened a few hours after that. Possible that an attacker was keeping an eye on the repository and looking out for suspicious commits.

https://twitter.com/kelvinfichter/status/1489050921938132996

> Could be that the Wormhole team spotted the bug, patched it, but the attacker got to it before the patch could be rolled out. Super important to keep these sort of patches lowkey and to try to stuff them into larger commits.

https://twitter.com/kelvinfichter/status/1489051698329014273

Is this something inherent in the cryptocurrency space? Where monitoring for security patches and exploiting them before they are rolled out results in an instant multi-million dollar payday? Is this a common risk? If so, that seems crazy. Vendors already struggle rolling patches in closed source environments.

I thought these contracts lived on an immutable blockchain, how can they even be patched?
This bug was on the Solana blockchain. Solana has built in support for updating code.

Even on Ethereum, with it's mostly immutable contracts/programs, there is a super common pattern of a tiny shim contract that forwards all calls on to another contract that does all the work. By changing a storage variable which changes the contract the shim points to, you can effectively upgrade the code.

And therein lies my biggest frustration with crypto evangelism. Almost every theoretical benefit that gets trotted out is such a detriment in practice that the ecosystem tosses it aside. While still proclaiming it as a virtue.
I would wager most contracts deployed these days are immutable. Upgradable contracts are frowned upon in the space, moreso every day.

But given that humans are prone to making mistakes, when code is fresh and unproven, proxies are a practical way to go. Once you've ironed out all issues, you blow the fuse so that the contract can't be changed anymore.

> can't be changed anymore

.. which means that when an undiscovered vulnerability is found all the investors are guaranteed to lose their money.

> Once you've ironed out all issues

Yeah this is something that famously happens with software development, you just iron out all the issue and then never have to change anything ever again.

> the ecosystem tosses it aside

This is false. Many of the most heavily used Ethereum contracts, such as Uniswap, are non-upgradeable.

The one to which you can send back the stuff it sent you, and it essentially burns the money?

And that can’t be fixed because it’s immutable?

Correct, but what they can do is hard fork and encourage users to switch to the new version. Users will vote with their feet and choose the version that benefits them most. In a sense it's still upgradable, but only through direct democracy instead of delegated democracy / oligarchy. (and for the record I don't necessarily think that's a good thing for a financial system, but we'll see how it plays out in the next few years)
A common pattern is to deploy a proxy contract, which simply forwards all function calls to an implementation contract, then an upgraded deployment generates a new address, the proxy contract is changed to point to the new address, and all end users only interact with the proxy contract. This is a little bit frowned upon in the community because it's a point of centralisation and control.
Yes, this is a risk. Exploiters will be running legit nodes with software analyzing the mempool for profitable transactions to abuse, they will be running nodes using the GitHub branches looking for changes in advance of merges so they can run exploits, they will be looking at framework changes and automatically running tools like fuzzers to find errors in downstream chains and projects that use the framework. It's a really really hard space for this reason. I work as a test engineer in DeFi and have been in the blockchain space for years but releases still give me stress like no other domain I've been in.

The nice thing is that engineering isn't usually financially bound so you can use all the toys and hire all the consultants to build really extreme testing environments that most domains won't use. It's also fun to flex tools like TLA+, property based testing tools, fuzzers, etc because it's financially sensible to be as sure as possible that you won't release a bug.

Why waste ones time hoping for 5-6 figures from big tech bug bounties? Smart contracts seem like the ultimate bug bounty program.
Bug bounties are legit money that you can spend as you want without trouble.
In the 'code is law' world of crypto, so are/should be these hacks. How are they any different than lawyers pouring over the fine print of a law or contract to find a loophole to exploit?
it is not that hard obfuscating the money in small amounts
Thanks for sharing but I immediately drop stories that are sliced into a million twits instead of being put in a single blog post. I hate modern internet.
“Code is law”? No, VM implementation is law!
The total crypto market cap is just over $1 trillion. The two biggest hacks alone have made off with almost $1 billion. That’s just under .1% of all cryptocurrency stolen, with no recourse for those on the losing end. When can we acknowledge that this is an absolutely insane basis for a financial system?
You have to compare that to the equivalent of the float in stocks. Most crypto holdings are not that liquid and come from early backers. If the big holders (mostly pump and dump) sell, the market will collapse.
It’s closer to two trillion. But I think 0.1% is a hilarious number to assert is too high a price to pay. How much is skimmed as central banks flow money to citizens? How much is embezzled in corrupt orgs/nations?

Traditional finance puts power in men that don’t even need to hack anything to take far more than 0.1%.

Half of everything would be likely worth it if crypto lives upto even a smidge of it’s true promise.

90% of Coinbase’s Q3 revenue was from transaction fees. One benefit of crypto is you have options to move to a zero-fee alternative, but let’s not get overly optimistic either. Many tradfi solutions will be copied at the outset because they work.
I'd rather have 0.1% of my money stolen than do business with banks.
lol ask the victims of the mtgox scam and ask if they only lost .1% of their money
Didn't mtgox end up with dollar-valued assets in excess of the losses due to the massive rise in BTC?
The overall crypto market is already down 50% in 2.5 months with no sign of slowing. the problem of crypto crime will fix itself as the market keeps crashing. This market is propped up by air.
(comment deleted)
For comparison, in the US four-party system provided by credit card networks (Visa/Mastercard), interchange fees paid by consumers (~2%) more than cover the costs of fraud. (IIRC < 0.5% of transaction volume.)

In my view, the insanity there is that the amount of money sloshing around in the system is enough to mask the effects of fraud with close to zero consumer liability.

We are working on an insurance product for crypto. :-(

The more we dig into it the more scams we find. Everywhere. Wash trading, click baiting, pump and dump, code is law, etc. You will find the biggest bazaar there is in the crypto world. Biggest than the Nevarro bazaar.

The anonymous ecosystem is a paradise for scammers and money launderers. And a terrifying "crypto lord" on Telegram or Twitter may just be your nicest coworker.

I am not sure we will ever find a backer. So far we are working on the private risk management side of the venture.

I would expect more mainstream users, and they will hammered day one. Look at what is going with NFTs, all the wash trading pushing price ups (source: https://blog.chainalysis.com/reports/2022-crypto-crime-repor...)

Seeing cryptocurrencies grow so much over the last few years, it seems to me that without governance over cryptocurrency transactions, cryptocurrencies tend to incentivize scams and black market trading, and they tend to function as speculation/gambling schemes. "Shilling" is common among everyone I know that has purchased cryptocurrencies, and many of them have been ruining friendships over it.

I used to be more optimistic, but I can't help but see cryptocurrencies as a strong negative on society now.

It's pretty wild cryptocurrencies are still legal in many parts of the world.

Agree. Very hard for regulators (=protect the consumer) to keep up with it. I compare that to the massive fires we have in California, so big that only the rain coming in November saves the bacon.
It was Charles Stross, I believe, who once described Bitcoin as an enormous social experiment educating hackers on the historical needs for financial regulation.
Except that "financial regulation" doesn't seem to really stop much of anything in the traditional finance sector. How quickly we forget 2008 and the litany of other failures.
Isn't that a whataboutism?
"the technique or practice of responding to an accusation or difficult question by making a counteraccusation or raising a different issue."

I didn't raise a different issue or make an accusation.

I do agree that history plays an important part in the future, but the assumption that 'hackers' are not versed in history, seems awkward at best.

Never mind that a lot of the people building DeFi and writing the contracts today, have traditional finance backgrounds.

What I meant is: The crypto space lacking regulation doesn't imply a claim that other currency systems don't also lack regulation in some form, nor that regulation is necessarily effective in either case. Stross didn't say regulation is perfect, he said it arose for a reason.

Stross' original statement is about regulation of traditional systems having historic drivers the crypto community had yet to re-discover, in his opinion, either in terms of broad awareness or appreciation. Challenging that would be fine (and interesting); saying "so what if it's bad? this other thing is also bad", though ...

FWIW, I think he's both right and wrong. I think there was a subset of the crypto community (and it likely strongly correlates with the productive one) aware of and actively rejecting a lot of history, but also a larger majority swept up in the hype without awareness of that information.

The 2007-8 crisis wasn't about the illicit movement of money. In fact financial regulation is what allowed us to detect and mitigate the business practices that lead to the crisis. The response was the massive QE that everyone feared would lead to terrible consequences yet instead it spurred a soft landing to what could have been 100x worse. There were no bread lines, no mass displacement, no political turmoil. You can't stop people from losing money on bad investments but you can prevent it from pulling the rest of the world down and that's what happened. That crisis should have everyone on their knees in awe at the Altar of Fiat Currency.
It didn't really fix Americans' fundamentally dysfunctional relationship with housing.

Now we live in an economy with asset inflation, and everyone's going "housing market is robust" as if that's a good thing.

Sure, it doesn't 'hurt', but we're leaving huge amount of money on the table.

90% of the reason for that is fiscal policy, not monetary. Neither the Fed nor Satoshi can make houses get built faster.
Nah, but nice job whitewashing QE as anything but a massive upward wealth redistribution.

Instead, the bad CDOs and CDSs could have just been unwound one by one with investment banks eating the losses and a lot of rich people becoming poor. Sure some _actual_ banks might have needed a holiday or two but instead we got TARP and QE.

Sure, but let's not pretend like bank regulations are perfect.

Micro: Right this second, one of my checking accounts at a "reputable" institution (efirstbank.com) is blocked from ACH transfers until April due to hitting an inactivity threshold they refuse to elaborate on. The only way I can move money out is by paying $50 per wire.

Macro: the BTC coinbase says it all: "The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"

Bitcoin does not replace banks. People and business still need loans, they still want to invest money and have money invested with them. Crypto doesn't solve that problem.

The 2008 collapse had nothing to do with ACH or any of the aspects which crypto has a plausible case for improving.

My understanding is that (one of) the point(s) of Bitcoin was to de-centralise the control of the currency so that "banks getting a bailout" isn't possible since the currency control of Bitcoin doesn't allow printing it out of thin air for handing out to the businesses that caused the crash that seemingly necessitated the bailout.

Secondly to that, I find it amusing that the cause of the GFC (amongst numerous other large-scale issues) is both poor regulation and ineffective enforcement of an industry that's over a century old. Proving, basically, that the regulation of cryptocurrency is a pure talk-fest (or that any US regulation is a pure talk-fest). It will result in the honest folks doing the right thing and getting screwed in the process whilst the dishonest still do the bad things because the US' will to enforce regulation is weak.

A few years later, the TheDAO hack happens, and Vitalik and friends pretty much force a fork on the network by spamming FUD and threatening to stop the entire thing because they're losing too much money and they're too big to fail.

Totally different from banks: it's no longer the government deciding to bail them out, it's straight up the bank printing the currency telling people to bail them out or their currency becomes worthless.

I wasn't paying a lot of attention back then, but from what I've read about it, it was far from the worst decision in the world despite the fact it went against the most basic ideology.

I give it a bit of a free pass because it was a new thing built on top of a new thing, so somewhat of a beta test, which failed, so roll back to a working state.

Not sure what would happen now, although there are regular hacks that no longer see rollbacks.

Also, Ethereum Classic still exists, so that path is still available to those who want to follow it.

That's Ethereum though, not Bitcoin.
" so that "banks getting a bailout" isn't possible since the currency control of Bitcoin doesn't allow printing it out of thin air for"

?

What part of 'the economy would crash and burn' do people not understand?

The banks would have gone down like dominoes and taken the entire system with it. This isn't 'fear mongering' it's basically just math, you can see how the system is connected and what will happen.

That's what happens when systems are tightly intertwined. We could entirely firewall them, but then they wouldn't be remotely as efficient.

The fallacy of 'Hard Currency' is that people think we can avoid these problems with some extant construct, like 'Gold' or 'Digital Proof' but that doesn't solve the problem at all.

Economies are integrated systems that have to be regulated as best we can there is just no way around it.

'Hard Currency' is an 'instinct' that develops into an ideology that just doesn't hold up.

Far from 'weakly enforced regulations' most Western nations have very well and strongly enforced regulatory regimes. There are rules upon rules about what is allowed and what is not.

Securities Regulation are maybe a bit iffy, particularly insider trading, but that's only one thing.

The only way to avoid the problems we saw in 2008 would be to have more effective regulation of the parts of that system that failed, crypto won't save us there.

Finally, the banks were bailed out mostly with loans which they paid back, not free money. If there was a big funny business bailout, it was the mortgages that the Fed accepted as collateral at face value, which was more or less a bailout of homeowners, related to the fact the issue was with homes, not so much currency.

> The banks would have gone down like dominoes and taken the entire system with it. This isn't 'fear mongering' it's basically just math, you can see how the system is connected and what will happen.

And the fact that the Fed could just QE a bailout is why there's no will to properly regulate or enforce.

It's a double edged sword.

I would have liked to see what would happen in a pandemic if Bitcoin were the world's reserve currency; if no QE were possible to help the suddenly unemployed etc. If / when Bitcoin fails in such a situation, we could see an increase in trust for fiat currencies and government monetary policy. It's a purely hypothetical situation though.

"I would have liked to see what would happen in a pandemic if Bitcoin were the world's reserve currency;"

We already know the answer to it: the economy would collapse in a hulking mass.

The 'advantage' of Bitcoin, which is 'integrity' (i.e. can't be debauched) becomes a big 'disadvantage' during a time of crisis, when reallocation has to happen.

It's like nailing your boat with a plank to the dock: string and reliable. But then the tide goes out and everything breaks: better in the long run to use ropes.

BTC is inflationary, people would rush to it during a crises and credit would evaporate, the dominos would all fall down.

Something 'unforeseen' will always happen, meaning we have to be able to change the rules sometimes.

Much like a pandemic situation, a lot of the normal rules for operating the economy go out the window. Vaccine production and distribution is fully socialised, not part of normal healthcare etc..

And yes, it's a giant double edged sword which is why there's no excuse for not having 'intelligent, comptetent and responsible leadership' at all times.

> Far from 'weakly enforced regulations' most Western nations have very well and strongly enforced regulatory regimes. There are rules upon rules about what is allowed and what is not.

They are as regulated as the system will allow. That is, companies dump lots of money into Congress to increase the chances of existing regulations being weakened and new ones neutered, and it works (see: Dodd-Frank [0]). And sadly, I don't see things changing anytime soon, as the American political landscape is basically divided into those who talk big on progress (but who, upon gaining control of Congress and the presidency, just barely uphold the status quo) and those who want to deregulate things even further.

> The fallacy of 'Hard Currency' is that people think we can avoid these problems with some extant construct, like 'Gold' or 'Digital Proof' but that doesn't solve the problem at all.

This is accurate. While cryptocurrencies might not allow for spending more than you have in your wallet, there are many ways you can trade on margin and "stable"coins which only have a fraction of their issued volume backed by any assets [1][2][3], including propping up an exchange with stablecoin funds [4]. I would not be surprised if someday there was a "bank run" on these unsecured stablecoins which caused huge knock-on effects.

I think that the fundamental problem is greed combined with people who might not be very greedy but who are desperate to improve their financial situation. And unlike traditional financial institutions, crypto is quite difficult to regulate or provide any consumer protections for.

[0] https://en.wikipedia.org/wiki/Dodd%E2%80%93Frank_Wall_Street...

[1] https://www.bloomberg.com/news/articles/2021-08-11/coinbase-...

[2] https://www.ft.com/content/529eb4e6-796a-4e81-8064-5967bbe3b...

[3] https://www.singlelunch.com/2021/05/19/the-tether-ponzi-sche...

[4] https://amycastor.com/2019/01/17/the-curious-case-of-tether-...

"Banks get bailed out" seems to be a feature for stability of systems (counterargument: "Let all the banks fail" would have been helpful for what part of society?)

There is of course the very legitimate argument of bailing out homeowners (banks still get their money and people get to actually be in houses), but letting the pieces fall where they may is extreme orthodoxy when the real world is at stake. And of course the crypto ecosystem has shown this pragmatism so many times now when basically forking off to other things to reverse unwanted transactions.

Yeah, let's privatize the gains and socialize the losses because the banks are too big to fail. What a great system! But hey, at least it's stable.
Didn't say we should privatize the gains. I just don't think that it's useful to tear down a bunch of infrastructure on principle. I would not have minded just nationalizing as much as would have been needed either. And of course bailing out a bunch of homeowners would be extremely ideal.

Gov't intervention when systems are falling apart are not a bad thing (well, at least when they actually do helpful things).

The bank bailouts were ultimately profitable for the US government. Banks paid back the loans with interest.

https://money.cnn.com/2014/12/19/news/companies/government-b...

15.3B in profit on 426B investment is 3.6% yield, and that's over 6 years. US inflation alone between 2008 and 2014 was about 10%.
Most of the commentary about the 2008 bank bailouts presumes all the money was spent or given to banks. Banks paid everything back. A couple billion dollars in opportunity cost because of inflation is definitely worth preventing a collapse of the financial system.
Yes, but you insisted that the loans were profitable, not that they had "a couple billion dollars in opportunity cost". There is a difference between profit and loss.
They were profitable. They collected more money than they lent out on a dollar to dollar basis.
You’re describing as profitable lending by an entity funding itself by issuing Treasuries and then ignoring the cost of the interest paid on those Treasuries when deciding if the use of the money was profitable.
Inflation is not a direct cost of interest. If we are going to included opportunity costs in the definition of profit and loss, then we should include the opportunity cost of tax revenue plummeting if the financial system collapsed.
It’s not inflation. It’s literal money paid out via the government paying interest on its debt obligations (which were higher as a result of the bailout money than they otherwise would have been).

I agree that they should have done what they did. I do not agree that it was net profitable.

"Guys, we would actually have been richer instead of poorer if six years worth of inflation hadn't happened! Let's celebrate!"

If I can buy n units of goods and services for the money before the investment and n-1 units of goods and services after the investment, I've lost. I don't see how the particular numbers you print on currency enter the equation. How is nominal profit at all interesting?

How is the bank bailout materially different than the Eth fork?
> Micro: Right this second, one of my checking accounts at a "reputable" institution (efirstbank.com) is blocked from ACH transfers until April due to hitting an inactivity threshold they refuse to elaborate on. The only way I can move money out is by paying $50 per wire.

https://www.federalreserve.gov/faqs/credit_12666.htm

https://www.consumerfinance.gov/complaint/

https://www.helpwithmybank.gov/file-a-complaint/index-file-a...

You have some recourse with regulators when dealing with fiat banking systems. You have zero recourse when dealing with crypto losses (unless you’ve lost enough that a criminal prosecutor makes it their problem and you can convince them it’s worth their time).

Very good point. Democracy can govern banks. Democracy cannot govern cryptocurrencies. That is both why it is hated and loved by different groups of people.
The ACH thing sounds annoying, but your money is not at risk.

I think the more concerning thing I have seen is banks deciding that they no longer want to do business with you with no appeals process or recourse as to why your account was flagged.

My GF attempted to transfer money to a CEX that was verified and her money was frozen abritartly for 3months by her "bank" until they "investigated it thouroughly".

Banks are nice until they arnt. Crypto is a wild west but its the future of investments. The older traders will die out, those who had the money and the advantage will be replaced like the older bootleggers turned into multi-nationals.

Somehow I suspect there are details to this convenient anecdote that you're not telling us...
> Right this second, one of my checking accounts at a "reputable" institution (efirstbank.com) is blocked from ACH transfers until April due to hitting an inactivity threshold they refuse to elaborate on. The only way I can move money out is by paying $50 per wire.

You can't... write a check? It's right there in the name.

TARP was profitable for the US government. The “bailout” loans were paid back with interest.
Just because the US has terrible consumer protection doesn't mean you need to build a worse system with no consumer protection at all.
"Sure, but let's not pretend like bank regulations are perfect."

Nobody claimed that. And whataboutism is not a solution, right?

Not having a central single governance is the whole point of the exercise, it's a trustless system driven by mathematical rules and decentralized consensus. You can't stop a transaction, you can't kick anyone out (good or bad), the rules can only be changed by decentralized consensus and certain rules are pretty much guaranteed to not change (for example, any Bitcoin chain that has more than 21M Bitcoin issued wouldn't be called BTC, it would be treated like a fork, etc).

> It's pretty wild cryptocurrencies are still legal in many parts of the world.

I think there's a few reasons for that, one is, it actually makes money (ex: Coinbase generating billions, tax money generated from all the capital gains, electricity paid for by miners, etc), capitalist systems won't ban money making machines. It's also impossible to ban, you can ban on/off-ramps, you can't ban Bitcoin from running and transacting, by banning on/off-ramps, you'd lose any visibility into what's actually happening on the pseudonymous network. And last but not least, if this ends up being the next big thing, nobody would want to be left behind, so there's some game theory mechanics as well.

I think you would have less risk if you were selling life insurance policies to Soviet soldiers in Stalingrad in 1942.
Or even a German or Romanian soldier in Stalingrad in 1943.
a backer? have you seen the other insurance products in crypto? theyre pretty good and community funded
Agree, lots of options. Nexus Mtual and others focus on smart contracts on a protocol, rug pulls, and de-pegging risk. Our target: consumers buying and selling NFTs and crypto. As I said when we launch I'll be scared to death 24/7.
Well hope the upside is way better for you to offset that fear
If anyone wants to see an example of a company that is currently doing well at crypto insurance https://app.nexusmutual.io/cover
Why are they any more trustworthy than your typical crypto company? (i.e. not at all)

They don't have a list of board members/investors or a mailing address anywhere that I can find

because you can get claims approved pretty fast after making cheap policies for specific protocols and transactions. consensus on unexpected behavior of a smart contract is pretty quick. the insurance pool is filled by the risk tolerance of people wanted that form of passive income.

If it doesn’t function as intended then complain about that and launch a competitor.

How many claims have they paid out?
I don’t know.

I know of dozens of high profile hacks over the last year that left entire communities scrambling where some members and users had previously opened policies on one of the various insurance protocols and got paid out the same day as the hack. They were often recipients of the recovery path the communities took too.

There is more than just Nexus Mutual. You can ask in their respective communities if they have stats on that, or perhaps run a query on dune analytics to see what actions their associated smart contracts have taken, isolate a claim payout and tell the query to count

What I envision is the insurance choices being shown at the wallet level or opening policies is concatenated in other coverable smart contract transactions.

That's a completely nonsensical answer to the question that was asked. It's frigging insurance--the whole damn point of buying insurance is to offload risk.

Insurance where you can't be certain the company will be around (or actually pay out) when the shit hits the fan is completely useless as insurance, and it's either naïve or disingenuous to suggest that the solution to that is to "complain". And suggesting launching a competitor is just an extra special kind of stupid: if you have enough capital to start an insurance company, you're obviously not in the market for buying insurance.

In this model the protocols are often community funded and there is sentiment for more competitors. Just copy the same model and tweak a small variable.

Its not the same as the highly capitalized opaque insurance company you need to be skeptical about, the analogy from a lived experience almost doesnt work at all. it does have the function of derisking things though.

So it exists, I know it exists, you dont know it exists, I’m not the encyclopedia of the specific nuances of each protocol, so go check it out

The basic argument you seem to be making is "This exists, and there is self-evidently a market for it, therefore it must be good. (Or, if it isn't good, tweaking some parameters could make it good.)" That's a bad way to evaluate the risk of something so new, in a market that is so volatile. People get suckered into buying bad insurance all the time, even in highly regulated markets.

But anyway, I went ahead and checked out the white paper of nexus mutual [1], because I was curious. It appears to have a serious amount of hand-waving on one of the most important topics: the risk correlation between offered insurance products. They do reference the correlation matrix, but the only mention of how the value of the matrix is determined is to say that if independence between cells can be assumed, the math is very simple. Doing a quick search through their website and code, it looks like they are indeed just assuming that products aren't correlated, instead of trying to estimate real correlation values. This means that their minimum capital requirements (and thus the implied risk of default) are incorrectly calculated if that assumption is violated--which it certainly is.

This seems to be by design, and baked into the incentive structure of the whole concept. There's just no practical way to crowdsource proper correlation evaluation and adjustment, and the economics stop being remotely competitive if you just guess at correlations and treat it as another risk to be hedged. You can see this later on in the white paper (appendix A), where they point out that the economic viability of the project depends on lowered labour costs because product creation, assessment, and policy issuance are crowdsourced or automated. Their game theory/tokenomics are focused on providing incentives for individual products to price risk accurately, however: they do not propose any mechanism for adjusting or calculating MCR based on correlation risk when new products/coverage are offered. This is further evidence that they're just assuming independence without any real justification, and thus being chronically undercapitalized.

[1] https://nexusmutual.io/assets/docs/nmx_white_paperv2_3.pdf

It wasn’t an argument, it was acknowledgement. I would consider to both open a policy in defi insurance protocols including Nexus mutual, or consider to provide capital to the insurance pool for passive income or simply trade the associated token. But that’s because all 3 may periodically fit my personal risk profile. This post only acknowledges that they exist and work and are options that require evaluating differently than a traditional insurance company. I don’t care thaat much about how they currently function or your own personal risk tolerance. I’m fine with them blowing up on occasion or permanently, I expect it to happen and for more resilient ones to exist in their place.

You’ll be better off asking around in their community or using the product to see what the current state is, usually they diverge far from the white paper such that analyzing it that was is a waste of energy. Sorry about your dissertation. You can branch the chain onto localhost to prod at it if you don’t want to spend any money.

From the link on the home page for the "notice of general meeting" for Nexus Mutual Ltd, the directors are:

KARP, Hugh DANILA, Ionela Roxana MELBARDIS, Reinis MUNOZ-MCDONALD, Nicolas THURGOOD, Graeme George

This matches the company and director information registered in the UK since 2017. Company mailing address is here as well:

https://find-and-update.company-information.service.gov.uk/c...

The office address in that link is just a virtual office.
Got it, the trust level is pretty low when you the very basic due diligence.

I think Nexus Lexus is legit. They had to in order to get UK clearance. But I understand that they want to demutualize now and become a DAO. DAO is the gold standard for no corporate oversight.

Fake profiles on Twitter and Linkedin. Thousand of fake followers. Incorporated in banana countries. And if they are incorporated at all. If the plan is a rug pull, then bypass incorporation, of course.

I know nothing about the company but I do know about UK company law. A UK company is very easy to open, there's no oversight, you declare the truthfulness of your statements and that's it: it takes about 10 minutes, you could have a UK company by the end of today. The directors of the company in question are not British, so even in the worst case scenario where they break the law and are pursued, they can just skip the country and face no real recourse.

There are some opportunities that can be a meaningful demonstration of credibility, like registration with the FCA, but I don't see any evidence of that for this company. I would consider their incorporation (as a cic, not a for-profit company) meaningless in determining if they're credible.

Nexus Mtual and others focus on smart contracts on a protocol, rug pulls, and de-pegging risk Our target: consumers buying and selling NFTs and crypto. When we launch I'll scared to death 24/7.
Why does your insurance have to cover all aspects and all cases? It can be as simple as insuring BTC storage only. No involvement of smart contracts or NFTs.
Insurance has to be able to pay out if all the shit hits the fan at the same time (like in 2008) or it is worthless. That takes a hell of a lot of capital.
If you consider Dan Olsen's argument, the scams are built in to ensure that the crypto founders have liquidity to cash out with. You're not going to win trying to fight against what the whole system is designed to do.
Who is ends up paying for this in the end? I am not familiar with what this smart contract is doing. Were these user held coins or was it part of an institution?
Looks like they're eating the cost themselves: https://twitter.com/wormholecrypto/status/148900194988197888...
What would be the actual cost in USD to do this, assuming a short term resolution?

Let's they actually had $320M USD ready and waiting. I assume the order book would not allow them to reach the fixed amount of ETH lost.

.. Sort of curious what would be the actual USD cost if someone actually tried to purchase the amount of ETH lost given a fixed order book. Do any exchanges make that information available where you could calculate that?

(comment deleted)
In practice the people who are doing this very likely have that much ETH on hand and can simply use it, then rebuy over time to get back to their preferred holding levels.

If you had $320mm USD and needed ETH, you'd want to use an OTC desk, because the markets will feel it, even though they won't actually run out of depth. Right now the "+2% depth" (https://coinmarketcap.com/currencies/ethereum/markets/) on Coinbase, Binance, and FTX is about 5mm, and there's probably a dozen other markets with similar depth, though you'd want to execute the trades simultaneously. Decentralized exchanges have depth too; uniswap's USDC/ETH pool would let you buy $40mm for 2% slippage. All in all, you could probably get it all at about a 5% premium if you were really prepared for it.

I think this is the most sensible response ^
Interesting! Thanks for the response.
they'll just get handed a bale of tether & everyone will just go on pretending
$320M is the kind of money where it's sufficient motivation for organized crime to simply kidnap and torture major crypto company officers/techies or individual crypto holders to force them to do whatever needs to be done.

The reason why it's not done as much for ordinary businesses is that you can't just force someone to surrender $320M worth of stocks, real estate or wire transfers and actually keep that, it's reversible and traceable so most of it will be reversed and the rest traced. At best you can expect briefcases of cash ransom which is physically limited to much smaller amounts (e.g. it's simply impossible for a person to carry $320M in cash or fit it in a random car) and still needs laundering, and as the payoff is less lucrative then it's not worth the risk compared to other activities like trafficking drugs. Crypto, on the other hand, has this possibility to just force a large transaction and actually get away with it - so I'm just wondering why we aren't seeing cases of violently forced crypto transfers; perhaps they're just kept under wraps.

I've wondered this too. Three reasons:

- It's currently easy enough to hack the same money. Way less effort.

- Doing something physical puts the crime into areas where law enforcement is used to working, used to catching people, and leaves physical evidence in the world. At least in the developed world, kidnapping rich people goes to the head of the line for police resources.

- Most large projects use multisigs. This means you may need to kidnap a half dozen people in multiple counties. Doable, but the odds of none of these failing and exposing the whole operation goes way up.

That is exactly what the parent comment is saying. $320M makes it worthwhile to do all that for organized crime.
not a single defi hacker has ever been caught or identified. pretty amazing when you consider the amount of money involved.
As far as I know, not one has been caught by law enforcement.

But several attackers have been tracked down by blockchain sleuths, or by the hacked projects themselves. In the usual case, when messaged with personal details about themselves, the attacker gives back 90%, and everyone calls it a day.

Except for this guy.

https://www.coindesk.com/policy/2021/12/22/teenage-suspect-i...

Who might be first DeFi hacker to go to trial.

Look at the Indexed Finance hack, the hacker has been identified, and is fighting it in court (or claiming he will anyway), under the argument "code is law"

Definitely an interesting one to watch

Are any of these hacks actually illegal? Genuine question, as I have not been able to find references to DeFi hackers that have been chased by law enforcement. IANAL, but if they are illegal, then it suggests that smart contracts are just to be viewed as automatations of some underlying contract which is subject to legal interpretation. But if such a legal contract does not exist prior to the deployment of the smart contract, then how will one determine which uses of the smart contract are legal, and which that are not? Even the hacks are just making the smart contracts do things that they were programmed to, although PROBABLY unintended.
If the person who was "robbed" involves the law, the executive might compel the "robber" to return the "money". This would be extremely bad looks for the "robbed" in the Crypto Community and unless the identity of thief is known it is impossible.
> Though I think this hacker has a greater than average risk of being caught

Why?

Another factor might be that actually kidnapping and torturing someone is a very intense thing to do. I don't think a lot of people in the crypto space would have the stomach to do this (and that's a good thing!).
Crypto also needs laundering. If someone forces me to hand over $50MM in Eth, I’ll file a police report with the addresses and they’ll get exchanges to block any funds coming from it. The thief may try to anonymize it with something like Tornado Cash, but that would take a very long time due to the largest pool being 100 ETH.

The alternative is demanding payment in a privacy coin, but it will be difficult for any potential victim to get as much as you need quickly enough.

Even with a privacy coin the attacker still has to be in close enough physical proximity to the victim or hostage to threaten them which leaves behind physical evidence.

Overall, I’m not sure you gain much by demanding payment in crypto over cash.

You can script tornado.cash deposits

This amount would be up to half of the tornado cash anonymity pool, but can be withdrawn over time

they can always withdraw a bunch of tornado cash notes to virgin addresses and pump a random cryptocurrency they already own and bought with their separate clean money

if $SHIBDOGE rises 30,000% because virgin tornado cash funded whales are buying it, the prior owners are just going to be seen as lucky traders indistinguishable from the rest, all with clean money. one of those owners would ideally already own a lot of the chosen token and be the bridge exploiter. they will be seen as having much more clean money after selling their pumped crypto.

> I’ll file a police report with the addresses

You are assuming you are still alive.

In a previous life I was involved in K&R (kidnap & ransom) insurance. You just pay the ransom and never recover your money, so you price the insurance contracts accordingly.

The police: "we don't prosecute those crimes" , "this is not our juridiction", "why don't you try the FBI?"

I used to work in the Presidio of San Francisco. An ex military base. The only canons left are from the 1800's. I needed to file a police report (car theft), called the Police in San Francisco. OK, what's your address? Sorry, we don't handle those cases, call the Federal Police. Then later we had to file a lawsuit, so based on previous experience we filed in Federal Court. They told us, sorry even though you are on Federal land, you must file in a California court. Go figure.

Just to say that nobody can help our dear crypto bros. BTW did you declare the existence and the amount of your crypto holdings last year? Oops, now you'll regret that police report you filed (goes into waste basket) and you have to deal with the IRS. The crypto world is better than the proverbial kid in the candy store.

No one has been arrested either for defi hacks. perfect crime.
No different for crypto.

What I can I do with 100's of millions of dollars worth of tainted ETH ?

The only thing you can really buy with coins are NFTs, if I want to buy a house or car or plane or whatever with the loot, I still have to convert that ETH to cash, major exchanges will blacklist these tokens, washing services/ coins cannot easily handle this volume, extracting value out of this size is just as complicated as regular crime.

> What I can I do with 100's of millions of dollars worth of tainted ETH ?

For instance you can spent few millions and get literally every re-used address tainted. Just sent $1 worth of ETH to top 1,000,000 single address holding meaningful amount of ETH, or expensive NFTs, etc.

Then every legit exchange will have huge issue with maintaining blacklists. Oh and you can also sent 1 million to random people and 1 million to your own addresses.

Or just sell some of your crypto on P2P exchange at 2-3x rate with collateral. There will be literally thousands of people who gonna be happy to accept your tainted ether if you pay them good enough.

PS: So I literally see tons of opportunities how to do this kind of mixing. Yeah you'll lose huge percent of money, but even half of 300 millions is a lot of money.

> What I can I do with 100's of millions of dollars worth of tainted ETH ?

You wash them through different coin swap contracts. Even losing $10 million worth, in gas/processing fees, is just 3.125% at the current estimated value.

I found it interesting that the patch was apparently published before it was exploited: https://twitter.com/kelvinfichter/status/1489050921938132996
(comment deleted)
I wonder how their deployment system works. They should probably be deploying security patches before they land in a public repo.

Also, if it auto deploys from a git repo, then you just need a committer's git keys to exploit it. Having code auditing and multisig git tags has to be rare.

Doesn't it have to land in a public repo before it can be patched?

Somebody else is going to run that code publicly, and each person who runs it will find out about the patch with some time delay

If it's a library normally you'd share a security patch with important customers privately, if they're otherwise going to lose $300 million. I thought this was the service's own repo though.
Smart Contracts always have their source openly available on the chain, so it’s not that easy
I could be wrong but I believe only the compiled machine code is on-chain, you don't have to publish the source

this just happens to be a project that does

But that's also the executable form of it - just patch it first, and then people can't hack it when they see fixes land in the +1 release somewhere else.
> Doesn't it have to land in a public repo before it can be patched?

No, they could have patched the contract before publishing the commit on GitHub. Granted, an attacker could watch the chain for such "contract upgrade" transactions and attempt to front-run it, but that would be a lot harder than just discovering undeployed security patches on GitHub.

Yeah that definitely smells like someone was watching the commits for a security patch so that they could exploit it quickly before it deploys.
what is stopping someone from going through each protocol and finding an explioit. no one has been arrested despite dozens of these hacks.
Nothing stops them, but that’s why you shouldn’t put your crypto assets into random contracts and just hope for the best.

This is especially true for chains that haven’t had a long history of being attacked and having the right tooling built.

Ethereum isn’t easy to securely develop for, but Solana is too new and untested to be trusted with the amount of money it’s in control of (and that’s ignoring how it’s largely centralized and has gone down multiple times recently).

Can you elaborate on how it's centralized? I keep hearing this but they have 1400 active validators all over the world, which is more than most smart contract chains except Eth
I wish I remember where I saw this but someone described crypto like this: imagine you're a smart person who is super knowledgeable about something like software engineering, distributed systems and consensus. That's great. But then you make the mistake of thinking because you're really smart and good at this thing you must be smart about something completely different, like oh I don't know the financial system. That's crypto.

Basically, we're going to go through a process where a ton of people realize that things like reversible transactions in the traditional financial system are a feature not a bug. Thing like KYC/AML are a feature not a bug. The idea that crypto is extragovernmental is a myth. And things like smart contracts and NFTs only really work when they're completely self-contained on the blockchain. Like, I can create an NFT for a song but that doesn't mean I have the legal right to sell that (there's lots of scams like this). Even if I do, you still need traditional systems to enforce such rights anyway.

That's very "pigeonholey" way of looking at things though, no? Just because you're good at something doesn't mean you can't become good at something else too. If you're super knowledgeable about very technical things, learning other hard sciences is feasible as well given enough time.

At the end of the day, if you create anything that's worthless, it will be worthless independent of whether you're an insider or outsider.

I think GP’s underlying point (besides paraphrasing a popular YouTube video) is that for good reason, society elevated “computer engineers” because the work they did (e.g., build Google) was very impactful and value-creative.

A bunch of computer engineers are now burning through that good will in a misguided attempt to accumulate personal wealth.

Good will built when building Google (and others from that era) is already burnt by Google (and others ) of today. You rarely here positive stories about tech in general media these days compared to say 00's.
The argument isn't that they couldn't become knowledgeable in finance and economics, if they invested enough time and effort, but that they aren't, because they haven't, because they think that their expertise in one area makes them automatically experts in other areas. This is pretty accurate in my experience.
I can have all of those positive things on a blockchain for when I need them, and I can do without them when I don’t need them. Blockchains are about choosing the degree of trust you want to have in others and the amount of control you want them to have over you, not completely throwing out ideas that work.
Actually, I disagree. People have said the same about paper voting systems, that the inefficiency is a feature not a bug… yet they have major downsides

eg to take the highest profile example with the most consequences, George W Bush got elected because people were confused with butterfly ballots and then it took too long to do a recount in Florida so the Supreme Court had to step in and stop the recount … as a result we got 9/11 (negligence) the invasion of Iraq (lots of excess deaths and destruction of large swaths of the middle east) the PATRIOT Act (erosion of civil liberties) and much more. Imagine if we had a secure system alongside the paper ballots that involved Merkle Trees and multi-factor verification for voting, so everyone could verify theirvote and participation would be higher. Banking apps are secure enough for people, why not this…

I wrote an article on CoinDesk about this very thing two years ago: https://www.coindesk.com/tech/2020/03/12/in-defense-of-block...

Anyway, going back to “feature not a bug”. The real problem is Blockchain. It uses the full power of the network on every transaction, so it costs just as much to transfer $500 million in one shot as it does $0.50 — that is the wrong pricing structure. It is too cheap to transfer huge amounts and circumvent capital controls, do money laundering etc. The “world computer” is a glorified mainframe with “gas” playing the role of renting time on the mainframe. “Flash loans” shouldn’t be possible, they only are because one transaction in the world can happen at a time.

When we move past blockchains, we will have proper pricing of securing transactions (in % of the amount being managed). And then we can build reversibility ON TOP OF the non-reversible architecture.

The non-reversible architecture and finality in the vast majority of transactions is a GOOD thing just as it is in most databases. Reversibility should be explicitly built on top of it.

Smart contracts and other things are great and we have only scratched the surface because Blockchain holds them back. Having the rules stated upfront and enforced without government violence is great. For example copyright and DRM is being replaced with NFTs and POAPs. Old boys clubs are being replaced with DAOs. New non-coercive business models are emerging. Open source and journalism and other digital content can be monetized without SWAT teams raiding grandmas. Just one of hundreds of innovations.

People just cling to the old ways because the technology is not mature yet.

Paper ballots are better than any purely electronic form. Like that's not even a debate except by people who are trying to sell electronic voting machines. The gold standard is either print outs from a voting machine or a ballot you fill in with circles with a pencil that a machine can verify. Counting these ballots is nondestructive (unlike punch cards) and highly accurate. Audits of elections involving these can be done easily by hand.

As for the 2000 election, this is a whole rabbit hole. You're right the butterfly ballot probably caused miscast votes. But that's user error. Punch cards are a ridiculous form of voting technology. All the recounts weren't about being more accurate. They were about passing punch cards through counting machines that would knock out chads every run through and changing voting standards after the fact (eg pregnant and dimpled chads).

Blaming 9/11 and the grand misadventure of the Iraq war on paper ballots is... a stretch. I mean, 9/11 had been in planning for years and probably would've happened anyway. I suspect a war in Iraq would've happened anyway with Gore in office. I mean a good chunk of Democrats (including Hilary Clinton) voted for the Iraqi war resolution. Many of these same people (including Biden) are now threatening to start a war with Russia over Ukraine.

> Just one of hundreds of innovations.

I disagree. Contracts enforced by the blockchain only have value when the entire context of that contract is on the blockchain. As soon as you leave that system you need traditional infrastructure and systems to enforce contracts and handle disputes.

Ha ha ha. Not even a debate? Why would something so non-obvious not be up for debate? Are you afraid to lose the debate?

What's next, telephone switchboard operators are better than VOIP? We went from paying $3 a minute for long distance audio calls to nearly free calls with multi-way high res video broadband, simply by automating away the infrastructure to get things done. Why can't the same be done with voting? Today we spend 16 billion dollars on a national election with shitty turnout, tomorrow any small organization can have a poll and vote about anything, in any number of ways, and turnout will be much better too.

There was a time that chess playing programs were laughably bad. And within a couple decades they are able to beat any grandmaster. Give it time.

About the 2000 election: I regret even mentioning the butterfly ballots, because the real point is that it took TOO LONG to recount the votes, BECAUSE it was paper ballots, and thus GWB was elected because the Supreme Court stepped in. Paper ballots and their inefficiency have consequences and downsides, you just might choose to ignore them in order to not have the debate of pros and cons vs electronic form.

(9/11 may not have happened if Bush had acted on intelligence like "Osama Bin Laden Determined to Attack in the United States. https://www.youtube.com/watch?v=3L2513JFJsY) Agreed about the war with Russia over Ukraine, Democrats have their own issues, absolutely. (As do leaders of other countries).

> I disagree. Contracts enforced by the blockchain only have value when the entire context of that contract is on the blockchain. As soon as you leave that system you need traditional infrastructure and systems to enforce contracts and handle disputes

Even if that were strictly true, we can have all these applications on the blockchain today: https://intercoin.org/applications

But it's not even true. People don't need the entire source of truth in a byzantine fault tolerant network. They just need to secure that it wasn't tampered with. The key is that you can turn over control to a computer program + protocol rather than elected representatives, magazine publishers, librarians or telephone switchboard operators. And we have been increasingly doing that.

> Ha ha ha. Not even a debate?

You brought up paper ballots for voting and then blamed them for 9/11 and the Iraq war. If that's your definition of "debate" I don't think I can help you.

> What's next, telephone switchboard operators are better than VOIP?

If you're so into debate you might want to look up "straw man argument".

The key design principle for a voting system is that voters should be confident in the results. That means if there's a paper ballot, the voter should be able to understand what it says (ie not just some QR or PDF417 or similar code). The worst that can really happen with paper ballots is ballot-stuffing but there are lots of checks and balances in place such that there's no evidence of this having ever been a widescale problem in the US, let alone has changed the result of an election. A pure electronic count has no such safeguards and no real capability for an audit trail.

> There was a time that chess playing programs were laughably bad. And within a couple decades they are able to beat any grandmaster. Give it time.

Here you come across as the very kind of person I mentioned, a Blockchain Andy who has completely drunk the Kool-Aid. Chess is a compute power problem. Electronic voting is not a computing power of algorithm or even a technical problem.

> ... because the real point is that it took TOO LONG to recount the votes,

No, it wasn't. The real problem in 2000 was that multiple recounts were done selectively to a changing standard of what constituted a valid vote even contradicting the instructions given to voters to "divine the intent of the voter".

> and thus GWB was elected because the Supreme Court stepped in

GWB won because he got more votes with the rules that existed for that election. Period. I don't say that as a partisan (for the record, I'm a leftist closest to the Bernie camp). It's just fact. Even a comprehensive review of ballots by the NYTimes after the election showed GWB won even with the most favourable change of rules (eg dimpled chads).

> GWB won because he got more votes...

I am aware that there are various opinions on it, but once again, it's not so "clear cut" as to not have a debate. In fact, the sources I'm following, such as Wikipedia, say exactly the opposite about the media recounts:

https://en.wikipedia.org/wiki/Bush_v._Gore#Recount_by_media_...

In 2001, the National Opinion Research Center (NORC) at the University of Chicago, sponsored by a consortium of major United States news organizations, conducted the Florida Ballot Project, a comprehensive review of 175,010 ballots that vote-counting machines had rejected from the entire state, not just the disputed counties that were recounted.[3] The project's goal was to determine the reliability and accuracy of the systems used in the voting process, including how different systems correlated with voter mistakes. The study was conducted over a period of 10 months. Based on the review, the media group concluded that if the disputes over the validity of all the ballots in question had been consistently resolved and any uniform standard applied, the electoral result would have been reversed and Gore would have won by 60 to 171 votes.[4] On the other hand, under scenarios involving review of limited sets of ballots uncounted by machines, Bush would have kept his lead. In one such scenario — Al Gore's request for recounts in four predominantly Democratic counties — Bush would have won by 225 votes.[a] In another scenario (if the remaining 64 Florida counties had carried out the hand recount of disputed ballots ordered by the Florida Supreme Court on December 8, applying the various standards that county election officials said they would have used), Bush would have emerged the victor by 493 votes.[b][81]

The emphasis above was added by me... far more media organizations, and a comprehensive analysis, and so forth. How much more extensive can you get, and the result is that Al Gore would have won under any uniform standard at all. And again ... this was all because of the outdated technology. Call it what you want, paper ballots, rejecting by voting machines that counted them, etc. The fact is, the election would have been a lot MORE reliable if it was done with Merkle Trees and private keys, as I said.

And no, I'm not a Blockchain Andy who's completely drunk the Kool-Aid. I often critique Blockchain right here on HN, I think Blockchain holds Web3 back. But the actual applications are very viable (if we move past blockchain as the technology on which they are built) and we'll all be voting from our phones in 10 years. Do you think that somehow voting is one application that won't make the switch from manual paper-based counting to technology, because people can't be "confident of the results" from their electronics?

> About the 2000 election: I regret even mentioning the butterfly ballots, because the real point is that it took TOO LONG to recount the votes, BECAUSE it was paper ballots, and thus GWB was elected because the Supreme Court stepped in. Paper ballots and their inefficiency have consequences and downsides, you just might choose to ignore them in order to not have the debate of pros and cons vs electronic form.

Germany counts 50 million ballots in a single night (from 18:00 CEST to ~06:00 CEST). Even if the US had the same number of people counting ballots as Germany does, the US should be able to do a full recount in 36 hours.

Paper ballots aren’t the issue. The US just fucks it up in multiple different ways, and would find a way to fuck up electronic voting just the same (if not even more).

> Imagine if we had a secure system alongside the paper ballots that involved Merkle Trees and multi-factor verification for voting, so everyone could verify theirvote and participation would be higher

And rely on the same people who accidentally voted for Pat Buchanan on the butterfly ballot to understand merkle trees and verify their vote?

We already know how to increase participation if we wanted to - mandatory voting like they do in Australia.

Paper ballots work fine as long as they aren't silly designs like the butterfly ballot or the hole punch. Filling in circles with a pen and then running it through the machine yourself to verify the ballot is machine readable works very well.

Um, no. Do you expect people who use banking apps to understand bank-level security, elliptic curve cryptography, key generation and so forth?

You just give them a freaking app, to scan their vote on a website, confirm it's voting for the correct thing, and sign with their private key. Then they can check that their vote was included in the final tally (don't mention Merkle trees). OK?

The real question is, how do you make sure each person has only one vote (see this for example https://www.geekwire.com/2015/the-next-fraud-wave-when-banks...) without revealing the identity of every voter to the government. And also how do you prevent the final tally from being revealed to anyone until it's all ready? That last one is the hardest one (and we fail at doing it in our elections, the media already predicts the winner before the polls close).

> For example copyright and DRM is being replaced with NFTs and POAPs.

…no it's not, where's the contract that says someone gets "the rights" when you transfer an NFT? What if you split the rights up and sell Sony Pictures the movie rights to your ape then sell someone else the NFT?

Even actual NFT ownership isn't respected when it's a hack, it turns out. OpenSea blacklists it and the rest of the ape picture community doesn't start treating the hacker like they own it, even though the data says they can now set a hexagonal Twitter avatar.

The crazy part about crypto is somehow it looked for all the weird economic inefficiencies that don’t really make sense (Gold is valuable beyond its utility, buying art is buying the object not the image, etc) and turned those into the feature of the project.
Seems like it's half misconceptions (like Austrian hard money economics) and half regulatory arbitrage. There's no reason crypto things shouldn't be as regulated as traditional banking and securities, they just aren't because they don't stop to ask the SEC what to do first.

I wonder why BTC isn't taxed at the collectible rate (higher than ordinary income) like actual gold investment though.

Major newspapers performed the recount after the Supreme Court stopped it and found Bush won the recount. In fact they tried a few scenarios the Gore team wanted, and in each scenario Bush won.

While the butterfly ballot may have pushed votes to Bush, studies have shown he lost votes when Florida was called premature. Calling Florida before the polls closed suppressed the western panhandle vote which was highly Republican.

https://www.nytimes.com/2001/11/12/us/examining-vote-overvie...

Well Wikipedia says exactly the opposite, and it is based on far more extensive recounts and analysis by far more newspapers, years later:

https://en.wikipedia.org/wiki/Bush_v._Gore

New York Times is just one newspaper and often carries water for the Establishment.

>But then you make the mistake of thinking because you're really smart and good at this thing you must be smart about something completely different, like oh I don't know the financial system. That's crypto.

That's definitely crypto, but you also just described half of HN.

> imagine you're a smart person who is super knowledgeable about something like software engineering, distributed systems and consensus. That's great. But then you make the mistake of thinking because you're really smart and good at this thing you must be smart about something completely different

This is such a bad take that I'll be honest, it makes me angry.

Someone can't be super knowledgeable at more than one discipline? More than two? That's complete nonsense.

Just because you are smart in one field does not mean you are smart in a similar but unrelated field.
"We’d like to offer you a whitehat agreement, and present you a bug bounty of $10 million for exploit details"

So, um, wouldn't the person pulling off the exploit be a fool to try and accept this "bug bounty"? Even if the offer is fully sincere, the legal system doesn't run on "code is law", and it seems like the original hack could be prosecuted under CFAA whether Bridge wants that or not.

$10m for giving up details on the exploit is probably a good deal rather than operating in the shadows trying to exfiltrate such a huge amount. We've seen other ETH hackers get wiped out by their forks plus there could be voluntary flags on major networks excluding it to fringe markets.
Blockchain newb question. Would it be possible to add protection to a protocol so that when a theft occurs, the stolen tokens are erased/burned/retrieved and a credit for the stolen amount is automagically credited to the wallet from which the tokens were taken?
Yes. The USDT and and USDC stablecoins do this. Competent attackers immediately trade these for other currencies that can't do this. Newb attacker don't, and loose those funds back to the projects.
If you are building a truly distributed blockchain that is decentralized then very hard to do.

Building consensus to classify some trades as theft is hard to do in-band. Even if do build such a workflow in the chain, how do you get everyone to agree ? Distributed consensus will take lot more time than attacker quickly making trades and moving the coins across multiple chains etc.

If you centralize this action and have few people decide ( as has happened in some coins in the past) it is no longer a decentralized system.

https://portalbridge.com/#/

>A fix has been deployed and all funds are safe.

So...does this mean they reversed it or are they just promising to pay everybody back at their own expense?

All remaining funds are safe from future exploitation (of this particular bug).
Crypto Darwinism strikes again! Code is Law! This is the natural order!