Price of popularity: the attacker who attacked Ethereum, received $ 53 million cryptocurrency
Over the past few months, the cost of Ethereum has grown more than 10 times, and this attracts fans of easy money.
A couple of days ago, the administration of the Ethereum blockchain platform announced the withdrawal of Ethereum's blockchains by an intruder in the amount of $ 53 million (at the rate at the time the system was hacked). Unknown, using the features of the platform’s protocol, launched an attack on the foundation of the Decentralized Autonomous Organization (DAO). This organization has significant reserves of Ether cryptocurrency, which allowed the attacker to withdraw such a large number of blockchain tokens.
')
Due to the fact that the Ethereum system is open, developers and participants of the system can see who and how much has withdrawn virtual money. In addition, under the terms of the system, the cryptocurrency derived from the DAO purses cannot be spent for 27 days. However, the unexpectedly successful actions of the attacker put pressure on the course of Ethereum and reduce the level of user and investor confidence in the system.
In order to understand the essence of the problem that caused the withdrawal of a large number of cryptocurrency units from DAO accounts, you need to understand what Ethereum is. This is a platform for creating decentralized online services based on the blockchain (Đapps, Decentralized applications, decentralized applications) operating on the basis of smart contracts . Such contracts are a specific electronic algorithm that describes a set of conditions that entails certain events both in the real world and in digital systems.
Being an open platform (open source), Ethereum greatly simplifies the implementation of blockchain technology. Ethereum technology makes it possible to register any transactions with any assets on the basis of a distributed base of blockchain-type contracts, without resorting to traditional legal procedures. This feature is competitive with the existing transaction registration system. According to some experts, the technology of "smart contracts" marks a new era in financial technology. The system is considered experimental, but it managed to attract the attention of large companies, such as Microsoft and IBM. On the Ethereum platform, you can emit your own cryptocurrency, which does not require special programming skills .
DAO is a new type of organization that works with Ethereum technologies. DAO can be described as a digital company that is not tied to a specific legal entity. It is managed by a group of investors who have invested in it in the form of tokens (Ethereum works on their basis). Investors initially exchanged these tokens for special DAO tokens. The organization allows all investors to manage the total fund of funds. The control system is decentralized.
And here lies the problem. The implementation of smart contracts, the basis of Ethereum, includes a bug that allows third parties to withdraw tokens from escrow accounts using a balance check mechanism. Previously, this problem has attracted the attention of some independent researchers. But the developers did not consider the problem too serious, although they knew about it.
After the incident, they decided to fix the bug, but the issue of returning tokens of the system in the equivalent of $ 53 million remains open. The funds are still in the system. As mentioned above, they can not be displayed in the next three weeks. But if the project community doesn’t do anything, the attacker who makes the attack will be able to get everything out. This means a significant drop in the rate of Ethereum and the hazy future of the system itself. But at the very beginning of the year, Ether cryptocurrency on the Ethereum platform added about 1200% in just three months, coming in second place in terms of market capitalization after Bitcoin. Now the rate of this cryptocurrency is rapidly falling, and it is unlikely that it will grow over the next few months.
The status of the blockchain tokens withdrawal procedure from DAO accounts is now questionable.The attacker The user Ethereum, who used the bug to withdraw funds, published an open letter , informing that he used only the legal functions of the DAO, therefore, no return of funds or prosecution of his representatives of the law is possible.
He reported on a thorough preliminary work: “I studied the DAO code very carefully, after which I found the function of remunerating additional cryptocurrency units for splitting. I used this function, legally obtaining 3641694 units of cryptocurrency. I would like to thank DAO for this reward. I think this function has been added to the source code to popularize decentralization [Ethereum, - approx. Ed.]
“I do not agree that the use of such a function is assessed as theft. My lawyers declare the full legitimacy of my actions under the laws of the United States, ”says the culprit of the incident. He also said that he would go to court if the developers changed the Ethereum program code, and this would make it impossible to withdraw money: “I consider it necessary to take any possible legal actions against any participants of illegal thefts, frost or attempts to withdraw my legitimately received Ether tokens, and I continue to actively cooperate with my law firm. All partners in the near future will receive relevant notifications to their mail. "
Many experts on the blockchain technology agree that the hacker’s actions fully comply with the rules of the organization. Emil Gün, a cryptographic specialist at Cornell University, said that this whole situation was “a job well done”, which would not necessarily be considered a violation of the law.
For those users of the system who have invested their own funds and have now lost them, hacking (or using a bug) of the Ethereum system is a problem. No matter what the security and cryptography experts say, no one likes to lose money. And now those who have invested real money in Ethereum and lost it are not very happy. Perhaps the creators of the system will be able to block the "stolen" funds and return them to the previous owners. But in this case, the question arises whether Ethereum can be considered a truly open and independent system. After all, if the transaction described above (or their series) can be canceled, will not the administration of the resource do the same for other transactions in the future?
A couple of days ago, the administration of the Ethereum blockchain platform announced the withdrawal of Ethereum's blockchains by an intruder in the amount of $ 53 million (at the rate at the time the system was hacked). Unknown, using the features of the platform’s protocol, launched an attack on the foundation of the Decentralized Autonomous Organization (DAO). This organization has significant reserves of Ether cryptocurrency, which allowed the attacker to withdraw such a large number of blockchain tokens.
')
Due to the fact that the Ethereum system is open, developers and participants of the system can see who and how much has withdrawn virtual money. In addition, under the terms of the system, the cryptocurrency derived from the DAO purses cannot be spent for 27 days. However, the unexpectedly successful actions of the attacker put pressure on the course of Ethereum and reduce the level of user and investor confidence in the system.
And what actually happened?
In order to understand the essence of the problem that caused the withdrawal of a large number of cryptocurrency units from DAO accounts, you need to understand what Ethereum is. This is a platform for creating decentralized online services based on the blockchain (Đapps, Decentralized applications, decentralized applications) operating on the basis of smart contracts . Such contracts are a specific electronic algorithm that describes a set of conditions that entails certain events both in the real world and in digital systems.
Being an open platform (open source), Ethereum greatly simplifies the implementation of blockchain technology. Ethereum technology makes it possible to register any transactions with any assets on the basis of a distributed base of blockchain-type contracts, without resorting to traditional legal procedures. This feature is competitive with the existing transaction registration system. According to some experts, the technology of "smart contracts" marks a new era in financial technology. The system is considered experimental, but it managed to attract the attention of large companies, such as Microsoft and IBM. On the Ethereum platform, you can emit your own cryptocurrency, which does not require special programming skills .
DAO is a new type of organization that works with Ethereum technologies. DAO can be described as a digital company that is not tied to a specific legal entity. It is managed by a group of investors who have invested in it in the form of tokens (Ethereum works on their basis). Investors initially exchanged these tokens for special DAO tokens. The organization allows all investors to manage the total fund of funds. The control system is decentralized.
And here lies the problem. The implementation of smart contracts, the basis of Ethereum, includes a bug that allows third parties to withdraw tokens from escrow accounts using a balance check mechanism. Previously, this problem has attracted the attention of some independent researchers. But the developers did not consider the problem too serious, although they knew about it.
Its absolutely wonderful. Lets invent "programmable money", then program the money to steal itself. https://t.co/HzQGluSnbw
- Nicholas Weaver (@ncweaver) June 17, 2016
After the incident, they decided to fix the bug, but the issue of returning tokens of the system in the equivalent of $ 53 million remains open. The funds are still in the system. As mentioned above, they can not be displayed in the next three weeks. But if the project community doesn’t do anything, the attacker who makes the attack will be able to get everything out. This means a significant drop in the rate of Ethereum and the hazy future of the system itself. But at the very beginning of the year, Ether cryptocurrency on the Ethereum platform added about 1200% in just three months, coming in second place in terms of market capitalization after Bitcoin. Now the rate of this cryptocurrency is rapidly falling, and it is unlikely that it will grow over the next few months.
Criminal or legal user?
The status of the blockchain tokens withdrawal procedure from DAO accounts is now questionable.
He reported on a thorough preliminary work: “I studied the DAO code very carefully, after which I found the function of remunerating additional cryptocurrency units for splitting. I used this function, legally obtaining 3641694 units of cryptocurrency. I would like to thank DAO for this reward. I think this function has been added to the source code to popularize decentralization [Ethereum, - approx. Ed.]
“I do not agree that the use of such a function is assessed as theft. My lawyers declare the full legitimacy of my actions under the laws of the United States, ”says the culprit of the incident. He also said that he would go to court if the developers changed the Ethereum program code, and this would make it impossible to withdraw money: “I consider it necessary to take any possible legal actions against any participants of illegal thefts, frost or attempts to withdraw my legitimately received Ether tokens, and I continue to actively cooperate with my law firm. All partners in the near future will receive relevant notifications to their mail. "
Many experts on the blockchain technology agree that the hacker’s actions fully comply with the rules of the organization. Emil Gün, a cryptographic specialist at Cornell University, said that this whole situation was “a job well done”, which would not necessarily be considered a violation of the law.
For those users of the system who have invested their own funds and have now lost them, hacking (or using a bug) of the Ethereum system is a problem. No matter what the security and cryptography experts say, no one likes to lose money. And now those who have invested real money in Ethereum and lost it are not very happy. Perhaps the creators of the system will be able to block the "stolen" funds and return them to the previous owners. But in this case, the question arises whether Ethereum can be considered a truly open and independent system. After all, if the transaction described above (or their series) can be canceled, will not the administration of the resource do the same for other transactions in the future?
Source: https://habr.com/ru/post/395165/
All Articles