Epic Ethereum Attack, $60 Million USD Stolen and Counting as Attackers Continue to Siphon Ether | dinbits


I hate to say "I told you so" ... but ....

The DAO smart contracts on the ethereum network have been compromised (exploited DAO code vulnerability) and in a big way. Somewhere around 6% of all Ether in existence has been stolen and the drip of siphoned funds is more comparable to a gusher. It's so bad that the brain-pan of the operation, Vitalik Buterin, has requested that exchanges cease activity. 



Doesn't mean they will, and so far doesn't appear that they have, the entire thing continues to implode as people rush to dump anything remaining Ether they have left, if it hasn't been stolen that is. So, unfortunately it doesn't look like it's going to matter. 

Just look at the chart, it's brutally painful to look at. 



It looks like someone just jumped off of a cliff. It's quite possible some Ether holders may do exactly that before the day is out. This is sad.

The ugly truth is that this is exactly what we've been trying to warn people about. Ethereum is a very weak network. These things take time, lots of time. This was going too far, too fast, and you could see the brick wall a mile away. Despite the warning signs, Ethereum just smashed head-on right into it. It's a classic talking on a cell phone while headed straight for a freight train type thing. 

How Big is The Hack

Simply put, the DAO Ethereum hack is: EPIC

At the time of the first notice of the token drain, the value thus far had totaled to nearly 60 million USD. Unfortunately its not over. It's still being drained while folks try dumping what they can to scrape any value left out of it and the hacker(s) themselves may be shooting themselves in the foot.

By the time this is over they may have the majority of all Ether in existence and it also may not be worth more than $1.95 in total. Typical of scammers, they find a source of exploitation and instead of moderately exploiting it for financial gain over time, they go all out in full force until they completely drain the source of revenue. In other words they make a few bucks really fast whereas had they been smart, they could have made 100 times more over time. Instead of being set for life, they immediately find themselves scratching for something else to take advantage of. 

The Warning Signs

We have been trying to stress this point for some time now. In this article we explain specifically to be careful.

...and I quote:
"Honestly, we're likely 2 or 3 years away from any realm of stability. The killer app could change all of that and there are some neat ones in the works, but Ethereum isn't ready for prime time with the network yet and nobody can make that happen." -dinbits 
and

" Ethereum is a weak network. It needs more power for mass adoption and it will get there eventually. Slow and steady is the best course of action for the network." -dinbits 

It's not like we haven't been trying to alert folks that slow and steady is the best course of action, however, we don't live in a slow and steady world. Everybody wants things fast and now

Bitcoins network. the Blockchain (which has never once been hacked), didn't not get to the level of security at which it is today overnight, or even in a year. It took years and years to get to the point it was legitimately almost impossible to hack. It took nearly 8 years to get to be the most powerful and secure network system on earth. 

The aforementioned article goes over the speed and security as well so let's not hash through that again now, but the point is that just because you build an amazing system that does cool things, doesn't mean it's going to do cool things. Another point to review is that one issue many have with ethereum are the smart contracts themselves and the manipulation that can be hidden with complexity over an average user.

Outside of the Blockchain (nothing comes anywhere near it) ... Ethereum trumps just about anything else out there as far as that goes. IBM's and Microsoft's services have nothing on its speed and power and just look at the resources those two companies have. This is exactly why "private blockchains" are a bad joke and the "40 banks making a network" thing is like giving a thief a key to the banks front door and leaving the combination to the vault under the mat. (no, they don't actually work like that, I used that for dramatic effect).

This is why we kept saying take it slow. This is what we were trying to prevent.

Just last week in a Coindesk article, this very thing happening was compared to a Mt Gox implosion if it were to occur. Cheif Executive Officer Stephan Tual of Slock.it who created the code the DAO is built on said:

"You don’t want a bad story about Ethereum. If [The DAO] were to crash, people would compare it to Mt Gox."

Irony is not without a sick sense of humor.

Now, to solve the problem there are mentions of forks, debates, and all kinds of chaos ensuing. Others are calling DAO dead, and Ethereum is claiming the network is not harmed (although there's enough of an issue to need a fork, seem not fine).

Like I said, SLOW and STEADY is the best course of action. 

Not to sound like a broken record, but do you really want to know why  experts and industry folks (myself included) thing that tokenless blockchains, bitcoinless blockchains, private blockchains, other altchains, and other private distributed ledger-type things won't work safely, securely, or reliably within any realm of realistic expectation?

Look at what just happened to Ethereum. Ethereum is a network that actually had the potential to be secure and other glorious things that none of the other aforementioned efforts can be. It was already more powerful than all of them.

Yet, it could not prevent this from happening and that is exactly why. 

Recovery

Ethereum's return depends on how this is handled and in all honesty this may be the end of the DAO experiment (likely not). Right now there's quite a bit of debate on how to handle it and folks additionally have concerns about ethereum as a whole given that this happened in the first place.

As far as its token, Ether, and price recovery. That could well be a ways off now. That was a big scare and allot of money is gone with a broken system that nobody can agree on how to fix, so this is certainly something to be cautious of.

This may be the beginning of responsible investing into ethereum and careful network execution. This is undoubtedly the beginning of a long investigation of digging through smart contract code to look for "anything else".

This should have already happened and nobody has a "warm fuzzy" that a hacker found a vulnerability through a code review faster the the developers and people on that front responsible for code reviews, but hey. Shit happens. Usually not with such epic fail fashion, but ... it does happen.

I'll just say it once more ... slow and steady.





Report by dinbits
Image by dinbits.com staff

The opinions expressed by authors of articles linked, referenced, or published on dinbits.com do not necessarily express, nor are endorsed by, the opinions the of dinbits.com or its affiliates.




Post a Comment

Powered by Blogger.