How an experimental cryptocurrency lost (and found) $53 million
By Russel Brandom for the Verge
This morning, users of the Ethereum cryptocurrency woke up to some very alarming news. Someone was trying out a new attack on one of the currency’s biggest and richest institutions, the Decentralized Autonomous Organization or DAO. The DAO holds immense cash reserves, and someone had figured out a way to drain out $53 million.
Because of the nature of Ethereum, developers could still see where the money was and how much had been taken, and it would be impossible to spend for at least 27 days. But the massive and sudden theft created an unprecedented crisis for a project that was once hailed as the future of the blockchain, and a mad dash to keep tens of millions of dollars from slipping permanently out of reach.
A MAD DASH TO SAVE $53 MILLION
To understand how this could have happened, it’s necessary to know a little bit about how Ethereum works. The system is built on the same blockchain idea that powers Bitcoin, a system for holding and spending money based on cryptography rather than traditional intermediaries like banks and credit card companies. Applying that logic to finance has made for a powerful and controversial currency system, but Ethereum pushes it even further. Instead of limiting the blockchain to transactions, Ethereum lets developers build any kind of code on top of a blockchain ledger — that could mean blockchain-based contracts, blockchain-based businesses, or even wilder systems that haven’t been created yet. Like most blockchain proposals, it’s still experimental and more than a little starry-eyed, but it’s managed to raise $15 million and catch the attention of some of the industry’s biggest investors.
The DAO is one of the most ambitious systems built on top of Ethereum. It’s designedto function as a kind of decentralized venture capital fund. Ethereum users can purchase tokens that work like stock, entitling them to voting power on projects and investments, as well as a share of any profits. It’s still in the very early stages, but believers hope it could provide a model for a new kind of decentralized corporation.
But there was a problem. The contract programs that powered the DAO had a bug that, under the right circumstances, would allow escrow accounts to be emptied out through a balance-check mechanism. Those contracts were built on top of Ethereum, rather than being made a part of its core code, but they were crucial for the day-to-day operation of the DAO. A number of researchers had drawn attention to the bug, most notably former Bitcoin Foundation chairman Peter Vessenes, but developers didn’t seem to realize how devastating the bug could be once exploited. “This particular bug was not unknown,” says Vessenes. “The core developers knew about it.”
Its absolutely wonderful. Lets invent “programmable money”, then program the money to steal itself. https://t.co/HzQGluSnbw
— Nicholas Weaver (@ncweaver) June 17, 2016
In hindsight, it’s easy to blame the developers for not spotting the problem early enough, but the nature of the DAO project put them at a disadvantage. A coder building a web database has decades of code and security standards to draw on, but coding on the blockchain is a completely new field. It’s hard to predict which security problems will turn out to be severe and which protections will turn out to be effective. And with tens of millions of dollars at stake, there were plenty of attackers poring over that code for anything they had overlooked.
“This is the ultimate test of defensive software engineering,” Vessenes says. “You have to worry about attacks in four years with code you can’t modify. The tooling is not there, the documentation is not there, and the best practices are still being discovered.”
“THE FUNDAMENTAL PROBLEM IS THAT TEENAGERS CAN GET RICH REALLY FAST.”
Ethereum developers have put in heroic efforts to patch the bug, but that still leaves the question of the missing $53 million. The money is still in Ethereum coins, and because of the unique nature of the DAO contracts, it’s stuck in a specific holding account for the next 27 days. If the community doesn’t do anything during that period, the attacker will be able to walk away with it — but given how much is at stake, that’s unlikely to happen.
What’s more likely is that Ethereum’s leaders will figure out a way to take it back, but there’s still some debate over exactly how that should take place. In a post this morning detailing the attack, Ethereum founder Vitalik Buterin (pictured above) proposed a voluntary modification to Ethereum’s code that would make it impossible to spend the stolen coins even after the 27-day window expires. The same mechanism could eventually be used to refund the money, although it will require a lot of political consensus to do so. Some members of the community have argued against recovering the money — using some of the same moral hazard arguments made against the 2008 bank bailouts — but so far they seem unlikely to prevail. (Update: the attacker has since come forward to claim the coins are legally his, complicating these efforts.)
Incentives matter. Investors should lose if they fail to do due diligence, or they have no incentive to be responsible. #hardlessons
— (((Gavin))) (@gavinandresen) June 17, 2016
Still, the result leaves the DAO and Ethereum at large with an uncertain future. Theft is a long-standing problem for cryptocurrency, particularly for any institution large enough to make a tempting target. In 2014, the foundational Bitcoin exchange Mt Gox was revealed as massively insolvent in the wake of a $400 million theft, an event that resulted in permanent damage to the currency’s reputation.
Today’s theft wasn’t nearly as severe as Mt Gox’s collapse, but it’s led to similar concernsfrom some observers. Cornell cryptographer Emin Gün Sirer, a longtime skeptic of the DAO, wrote in a post today that the incident should mark the end of the organization entirely, calling on organizers to “dismantle the fund and return the coins back to investors in as orderly a fashion as possible.” Others are less pessimistic, seeing the DAO’s problems as a speed bump in Ethereum’s larger expansion.
For Vessenes, it’s an even simpler story: a project that grew too fast for its own good. “The fundamental problem is that teenagers can get rich really fast,” Vessenes says. “The developers are sober, responsible people, but the project has kind of taken on a life of its own.”
First appeared at the Verge