-
Using generic blacklists to "fix" major contract bugs (and there will be many) means you're now debugging by censorship. #Ethereum #TheDAO
— elizabeth stark (@starkness) June 19, 2016
Cryptocurrency faces political fight to clean up $53 million theft
By Russel Brandom for the Verge
On Friday morning, one of the central institutions in the Ethereum cryptocurrency was hit with a $53 million theft. Thieves had targeted the smart contract system used by a collective investment bank called the DAO, draining out $53 million in Ethereum coins in a matter of hours.
It was terrible news for anyone involved, but by the end of the day, the core developers seemed to have a solution in place. Miners would adopt a new version of the protocol (a “fork”) that would refuse to honor the stolen coins. If the fork was adopted, the coins would be unspendable, like bills marked by a dye packet after a bank robbery. It was a messy solution, but it would stop the thief from walking off with the money.
Then, politics got in the way.
“BLACKLISTS ARE HERE”
In the days since the fork was proposed, the community has been roiled by both genuine concerns from within and bizarre, anonymous proposals from the outside. The rules of the DAO give developers 24 days more before the thief can move the stolen money from its current position. That should be plenty of time for such a simple fix. But the emerging political divisions are already threatening the fragile consensus that made the fix possible.
The division first became clear on Saturday, when a Github update made it clear that any fork would leave the door open for blacklisting other coins in the future. If the majority of miners decided a group of coins was fraudulent, they would have a way to keep those coins from being spent. In some sense, that’s simple coding practice: when you code in a particularly novel trick, it’s considered good form to leave instructions. But the political implications were troubling to many users, and ended up spilling across the Github comments. As one user put it, “I lost some ETH when I made a bad contract too, can I get a soft-fork flag?”
Longtime Bitcoin observer Andreas Antonoopolous criticized the move on civil liberties grounds, saying simply, “Blacklists are here.”
Ethereum founder Vitalik Buterin disputes those criticisms. Any subsequent blacklist would require a consensus of miners, Buterin argues, which will never be an easy thing to arrange. “We definitely do not want to create a ‘generic blacklisting process’ or any other mechanism that institutionalizes forks,” he wrote in an email to The Verge. “Every single one should be an extraordinary process.”
Still, Buterin’s hands-on approach to the fork has drawn criticism from the highest ranks of the cryptocurrency world. On Sunday, Andrew Vegetabile of the Litecoin Association publicly called for the fork to be abandoned, arguing that the attacker had acted well within his legal rights. “Never in the history of crypto for as far as I can remember has a developer been intimately involved with a third party application in attempting to resolve said applications issues,” Vegetabile wrote in an open letter to Buterin. “Your involvement thus far is unprecedented, and needs to stop.”
For Buterin, that involvement is still necessary, although he sees his role as more of a facilitator for the community at large. “I personally am really willing to go along with whatever the bulk of the community wants,” Buterin says. “I am trying to make this the community’s choice as much as possible, though given the lack of existing standards I recognize that that’s a challenge.”
“I AM TRYING TO MAKE THIS THE COMMUNITY’S CHOICE”
At the same time, there’s been a string of more unorthodox proposals, apparently aimed at undermining support for the fork. On Saturday morning, a note claiming to be from the attacker was posted anonymously on Pastebin, arguing the coins were rightfully his and threatening legal action against any miners who participated in the fork. The signature on the message was later revealed to be fraudulent and it’s unlikely that anyone will follow through on that threat, but it was still an unsettling message to read as miners were weighing their options.
Another group seems to want to take the law into its own hands. Going by the name “Goldman Cucks,” the group pledged to use the same loophole exploited by the initial thief to steal even more funds, either for payment or for free in smaller transactions. The group says they could just take the money and run, as the initial thief did, but they’re asking for community participants who want to make a little money in exchange for political support. “We have hundreds of our own contracts deployed waiting to complete a full heist of the DAO,” the message explains. “We need other users to participate so it will be impossible for the hard fork to redistribute funds back.” (The “hard fork” is a more extreme plan that would forcibly relocate the coins rather than simply making them unspendable.)
It’s unclear if that scheme would work or if the authors of the notes are capable of pulling it off, but they seem confident in their skills. Reached by The Verge, the group said it was offering the heist-for-hire service because, “we want to give the chance to empower the community.” When asked if anyone had taken them up on the offer, the group said simply, “We’re swamped with e-mails. That’s all I’ll say.”