Some time ago, I wrote that I had given up on Ethereum. While the problems coming from the DAO hack are now in the past Ethereum has had a few other problems.
Granted, these problems have nothing to do with Ethereum itself. They are all exploits in the surrounding ecosystem. Hacking the CoinDash website to replace their public wallet address was particularly cheeky. This all reminds me of tales of the Wild West, when money was transferred between banks by stagecoach or by train. The technology simply didn't exist to provide the necessary security way the heck out on the prairie.
Seems like that's where we are now. The necessary technology does not exist, to provide the security that currencies like Ethereum and Bitcoin really require. Website hacks are a dime a dozen, and when a hack can be worth $millions... The same for software: When professional programmers still write code vulnerable to SQL injection - when our platforms even allow this as a possibility - then we simply do not have the technology to secure the stagecoach.
Previously:
$30 Million Below Parity: Ethereum Wallet Bug Fingered in Mass Heist
Hacker Allegedly Steals $7.4 Million in Ethereum During ICO
Used GPUs Flood the Market as Ethereum's Price Crashes Below $150
Ethereum Mining Craze Leads to GPU Shortages
Ethereum Unusable, DAO Refunds Possible
(Score: 2) by Fnord666 on Thursday July 20 2017, @06:35PM (4 children)
CoinDash aside, Ethereum hacks are a bit more than just lax security practices. Ethereum is not just a cryptocurrency, it's also a platform where you can build "smart contracts", the terms of which are defined programmatically. A bug in the programming of Parity.io's multisig contract, for instance, allowed a thief to subvert the contract and transfer a bunch of Ether into their own wallet [financemagnates.com]. Programming these smart contracts is a relatively new field, and it must be done exactly right or someone will find a way around it. You can expect this to happen again and again until the developer of the smart contract is held liable for any losses incurred due to a flaw in that contract's code. That will be the only way to insure that these contracts get the scrutiny they truly need and companies can rely on them to do business on the Ethereum (or any similar) platform.
(Score: 2) by JNCF on Thursday July 20 2017, @07:36PM (2 children)
This is a realm that is particularly difficult to regulate; there is practically no physical supply chain. Software can be released pseudonymously on the blockchain itself. You can't touch what you can't see. There will be solutions to this problem, and they will be solutions that your courts can't even dream of. I have no idea how long they will take to create, but your wigs and gavels aren't going to help.
(Score: 0) by Anonymous Coward on Friday July 21 2017, @02:48PM (1 child)
i don't think anyone was talking about bringing the useless fucking courts and government into the equation...
(Score: 2) by JNCF on Friday July 21 2017, @03:09PM
I see no sensible interpretations that don't involve jackboots, but I'm open to new ideas. Care to enlighten me?
(Score: 2) by rigrig on Thursday July 20 2017, @07:48PM
It isn't like people gave the developer a bunch of smartcoins and told him to write a secure contract: the contract was there first, so everybody could(and should) have had a look at it themselves before storing their money in it.
And if you can't properly verify a contract (or know someone who you trust who can), maybe don't trust it with your savings?
As this tweet [twitter.com] about the pull request that introduced the bug [github.com] points out:
No one remembers the singer.