The dangers of immutable transactions on a blockchain became clear yesterday when about $ 30 million in ether was stolen due to a bug in the code of a well-known Ethereum wallet. It could have been worse: an additional $ 75 million was at risk due to the same coding bug, but a group of vigilante groups saved these funds and promises to return them to their owners.
The ether was taken from the wallets of at least three projects that had recently concluded so-called “Initial Coin Offerings” (ICOs). Even more worrying for the ICO boosters is that the vigilante hackers – who call themselves “The White Hat Group” – saved funds from wallets, which are among some of the largest coin offerings to date. The error has now been corrected.
With these wallets, several people had to sign transactions, which should make them more secure. Because of this, companies have preferred them to individual users. The mistake could have been catastrophic considering that nearly $ 1.3 billion was raised in ICOs in the first half of this year.
Even more annoying: The theft came after $ 7 million was stolen from another ICO called CoinDash a few days ago. This theft was made possible by a simple trick, rather than a problem with the wallet software or the Ethereum code: hackers replaced the legitimate Ethereum wallet address listed on the CoinDash website with one that belonged to the hackers .
The $ 30 million heist is the latest embarrassing and costly episode caused by an Ethereum encoding snafu. The offensive code had a single missing word, according to a longtime Ethereum programmer, Christoph Jentzsch.
Jenzsch actually knows the feeling. He wrote the code for the Decentralized Autonomous Organization (DAO), a project that started last April and was a forerunner of the current ICO craze. It was hugely successful, raising over $ 150 million with a promise to scrap traditional management structures and allow investors to directly determine how the DAO would distribute its capital and resources. Through a coding error by Jenzsch, an accomplished attacker succeeded in stealing around $ 79 million of this money. Additionally, it caused the Ethereum network to split or split up in an attempt to fix the theft. That is why we have two versions of Ethereum today – Ethereum and “Ethereum Classic”.
All software has flaws, but when that software is responsible for millions of dollars changing hands through immutable transactions, those coding flaws become serious business. This is one of the problems with trying to build an “unstoppable world computer” – the core of the Ethereum project.
Comments are closed.