Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Wednesday November 15, @02:12AM   Printer-friendly
from the vanishing-act dept.

Submitted via IRC for SoyCow1984

A crypto-currency collector who was locked out of his $1m Ethereum multi-signature wallet this week by a catastrophic bug in Parity's software has claimed the blunder was not an accident – it was "deliberate and fraudulent."

On Tuesday, Parity confessed all of its multi-signature Ethereum wallets – which each require multiple people to sign-off transactions – created since July 20 were "accidentally" frozen, quite possibly permanently locking folks out of their cyber-cash collections. The digital money stores contained an estimated $280m of Ethereum; 1 ETH coin is worth about $304 right now. The wallet developer blamed a single user who, apparently, inadvertently triggered a software flaw that brought the shutters down on roughly 70 crypto-purses worldwide.

[...] Cappasity has alleged the wallet freeze was no accident: someone deliberately triggered the mass lock down, we're told, and there's evidence to prove it. By studying devops199's attempts to extract and change ownership of ARToken's and Polkadot's smart contracts, it appears the user was maliciously poking around, eventually triggering the catastrophic bug in Parity's software. "Our internal investigation has demonstrated that the actions on the part of devops199 were deliberate," said Cappasity's founder Kosta Popov in a statement this week.

Source: https://www.theregister.co.uk/2017/11/10/parity_280m_ethereum_wallet_lockdown_hack/

Ethereum.

Previously: $300m in Cryptocurrency Accidentally Lost Forever Due to Bug


Original Submission

Related Stories

$300m in Cryptocurrency Accidentally Lost Forever Due to Bug 53 comments

User mistakenly takes control of hundreds of wallets containing cryptocurrency Ether, destroying them in a panic while trying to give them back

Unlike most cryptocurrency hacks, however, the money wasn't deliberately taken: it was effectively destroyed by accident. The lost money was in the form of Ether, the tradable currency that fuels the Ethereum distributed app platform, and was kept in digital multi-signature wallets built by a developer called Parity. These wallets require more than one user to enter their key before funds can be transferred.

Source: https://www.theguardian.com/technology/2017/nov/08/cryptocurrency-300m-dollars-stolen-bug-ether

This is less than 1% of the entirety of the total value of Ethereum (as perceived by speculators). One must remember that the national debts of issuers of some fiat currencies could effectively destroy 100% of those currencies, so is it appropriate for dollar users (which indirectly is all of us) to sneer at cryptocurrency users for this apparent weakness which will, presumably, be fixed and never happen again?


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough

Mark All as Read

Mark All as Unread

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Interesting) by Fluffeh on Wednesday November 15, @02:28AM (6 children)

    by Fluffeh (954) Subscriber Badge on Wednesday November 15, @02:28AM (#597105) Journal

    If this is just a flaw, a bug, a whoopsie-daisy in crypto world, it's pretty hard to sue someone and get a jury to agree that you should be paid damages. On the other hand, if someone is poking about all cloak-and-dagger then the law might look more generously to the damaged party.

    Of course they will be claiming to high heaven that someone was trying to do wrong.

    Of course, they might be right. Parity got the first salvo of comms out though - so sort of set the message on this one.

    • (Score: 2) by captain normal on Wednesday November 15, @04:36AM (1 child)

      by captain normal (2205) on Wednesday November 15, @04:36AM (#597152)

      Depends on whether the damaged party got a message that said, "All your cyber-coin now belong us."

    • (Score: 0) by Anonymous Coward on Wednesday November 15, @06:25AM (1 child)

      by Anonymous Coward on Wednesday November 15, @06:25AM (#597177)

      On the other hand, if someone is poking about all cloak-and-dagger then the law might look more generously to the damaged party.

      Depends. If the person was poking around to see if _his_ wallet was safe and then triggered the problem then I'd say it's not his fault.

      After all if someone sells you something they claim to be secure and you poke around to see if it's as secure as they claim and it breaks catastrophically then I'd be inclined to consider the seller a huge fraudster.

      • (Score: 0) by Anonymous Coward on Wednesday November 15, @02:47PM

        by Anonymous Coward on Wednesday November 15, @02:47PM (#597288)

        DMCA disagrees with you

    • (Score: 3, Touché) by bob_super on Wednesday November 15, @06:52PM (1 child)

      by bob_super (1357) on Wednesday November 15, @06:52PM (#597404)

      Sure, go ahead and sue in the courts that have jurisdiction over your transactions in government-free decentralized cryptocurrency.

      • (Score: 0) by Anonymous Coward on Thursday November 16, @08:10AM

        by Anonymous Coward on Thursday November 16, @08:10AM (#597611)

        You mean East Texas, right?

  • (Score: 0) by Anonymous Coward on Wednesday November 15, @02:31AM (1 child)

    by Anonymous Coward on Wednesday November 15, @02:31AM (#597106)

    There is no intrinsic value to diamond and gold. At least they have some industrial use. You think the US dollar, backed by the US Fed, is a fiat bullshit, what does bitcoin/etc. has to offer?

    Talk about a pyramid scheme.

    Come to think of it, Uber and bitcoin should bang up each other.

    • (Score: 4, Touché) by All Your Lawn Are Belong To Us on Wednesday November 15, @03:28PM

      by All Your Lawn Are Belong To Us (6553) on Wednesday November 15, @03:28PM (#597304)

      Uh, what?

      There *is* an intrinsic value to diamond and gold. You can *do* things with them, not just look at them, therefore no matter how high (or low) the prices go they have tangible value that can't be taken away.

      You're welcome.

  • (Score: 2, Interesting) by Anonymous Coward on Wednesday November 15, @03:19AM (14 children)

    by Anonymous Coward on Wednesday November 15, @03:19AM (#597122)

    This was perfectly acceptable behavior.

    Imagine computers were all replaced by really obedient people who followed company policy to the letter.
    In this world you notice a store has a buy one get one free coupon without the usual T&C, and so buy two.
    You immediately return one and keep the second, without any manner of deception mind you, assume they have a no-fault return policy or something.
    The obedient people playing the part of computers just accept it and carry on.
    Should you be imprisoned because the manager was an idiot and didn't realize that BOGOF+no-fault return is a shitty idea?

    So why if the agent is a computer rather than a person do we cease to hold people to their foolish decisions?
    The equiv. of T&C being formally correct programs, and yes this is more expensive, but so is having to hire lawyers to write T&Cs, we just have to eat the cost in return for a sane legal system which holds the people who make mistakes responsible for their actions rather than the people who notice and exploit the mistakes.

    Getting mad at hackers is the same bullshit as getting mad at tax avoiding (evading? whatever the legal one is.) companies. Stop, think, change the tax code they hacked instead of demanding they follow the spirit of the tax code rather than the letter.

    • (Score: 0) by Anonymous Coward on Wednesday November 15, @03:31AM (2 children)

      by Anonymous Coward on Wednesday November 15, @03:31AM (#597126)

      BOGOF+no-fault return

      Know a store where I can do this? I would like to eat for free.

      • (Score: 1, Informative) by Anonymous Coward on Wednesday November 15, @04:02AM (1 child)

        by Anonymous Coward on Wednesday November 15, @04:02AM (#597136)

        http://nypost.com/2014/01/29/man-uses-first-class-plane-ticket-to-eat-free-for-a-year/ [nypost.com]

        Also I see "if you're not perfectly happy with this product then return it ..." on ASDA store-brand stuff in the UK IIRC (owned by WALMART IIRC), but I've never believed they truly follow that policy. Maybe there's an asterisk and link to T&Cs like they should have, maybe they ban people who do as their packaging exhorts, maybe they legit just eat the cost because most people don't notice and it makes returns easier and therefore cheaper.

        In the latter case, and if the employees actually follow policy, you may get away with returning fully consumed food to various supermarkets in your area on a rotation claiming (truthfully) it wasn't perfect (I don't think I've ever bought anything I would describe as literally being perfect). The rotation may help prevent the loss becoming large enough to be noticed and let you do it for ages.

        I wouldn't try doing this in reality, but damn I wish more people abused these systems so we didn't have to rely on society enforcing the spirit of things and guess at what's considered appropriate.

        https://youtu.be/ZNOTfhGqjUQ?t=318 [youtu.be]

        • (Score: 1, Informative) by Anonymous Coward on Wednesday November 15, @02:04PM

          by Anonymous Coward on Wednesday November 15, @02:04PM (#597276)

          I worked at Aldi for a while. One of their big selling points is they have a 60 day return policy on everything.
          Most refunds were on 'special buys' (Aldi's big ticket items) but some people would bring back stuff like half eaten jars of jam and ask for a refund because they didn't like the taste. We'd give it to them.
          If it was fit for resale it went back into stock. If it had a warranty, we said it was faulty and shipped it back for full credit. Otherwise we tossed it in the trash and Aldi ate the cost.
          Overall the amount of returns was about 1% of sales, and most of that went back into stock or was claimed from the manufacturer.
          The out of date fruit, vegies, meat, and deli we tossed each day was a much bigger loss.

    • (Score: 1, Funny) by Anonymous Coward on Wednesday November 15, @04:32AM (2 children)

      by Anonymous Coward on Wednesday November 15, @04:32AM (#597148)

      Indeed. I'm glad that this wasn't a mistake made by a violently imposed monopoly!

      Slight sarcasm. Only slight. All in all, it could be a better world where people think more deeply about the bullshit they write (which all too often means what the party with more power believes it means). Perhaps men would evolve into the Sheliak Corporate [wikia.com]. Not sure if that constitutes angels, though. Perhaps close enough in all honesty.

      • (Score: 1, Interesting) by Anonymous Coward on Wednesday November 15, @06:36AM

        by Anonymous Coward on Wednesday November 15, @06:36AM (#597180)

        Having the care and prescience to forestall genocide and war (judging from the wiki, not the ep) centuries in the future is an astounding act of good.

        For all the hate bureaucracy gets (even the damn name!) it's damn effective at getting shit done on a long enough time scale. Individuals just can't see the big picture, and what seem rational acts eventually, due to what are effectively rounding errors, become horrific disasters. You just can't run a country on gumption and proactive genius employees who have the full knowledge of your entire legal department, and HR department, &c in their one head.

        Sure they suck when they fail, and their inflexibility leads to frustration and poor service during periods of change, but when they get around to it then it'll be done passably well. I'll take boring mediocrity from my government any day, over exciting reform and individuals with enough personal power to obviate bureaucracy. Because when my boring system fails, it'll be shit. When the exciting power-to-individuals system fails it could be a disaster or a dictatorship. More likely an incredibly expensive mess that fucks people over for years to come due to non-standard practices making people fall through the cracks those addicted-to-helping-people folk have clawed open.

        e.g.: The DMV clerk who, realizing the form doesn't contain the required fields, just writes the info on the back. Then again when it happens next. Multiply by one gumptious fool per office and you have a disaster of unretreivable non-standard data which will cost a huge amount to fix. Oh, and did I mention ten percent of the data is illegible because they didn't block-print it with sufficient spacing between characters and are no longer around to read their shit handwriting?

        Shadow IT is not your friend, it's a nightmare with a suitable name.
        /rambling

      • (Score: 2) by JNCF on Wednesday November 15, @07:57AM

        by JNCF (4317) Subscriber Badge on Wednesday November 15, @07:57AM (#597202) Journal
    • (Score: 3, Informative) by MichaelDavidCrawford on Wednesday November 15, @04:54AM (2 children)

      by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Wednesday November 15, @04:54AM (#597163) Homepage Journal

      the courts have held that avoiding taxes through following the law - however unintentional that law may be - is legal.

      "Evading" is saving on taxes by breaking the law.

      You may be interested to know that simple failure to pay taxes is a civil, not a criminal offense in the US. The IRS will put a lien on your property or garnish your wages, but they won't prosecute you.

      --
      127.0.0.1 www.hosted-pixel.com # I Am Absolutely Serious
      • (Score: 0) by Anonymous Coward on Thursday November 16, @08:14AM (1 child)

        by Anonymous Coward on Thursday November 16, @08:14AM (#597613)

        Dude, forget source code and get into legal code. You seem to have a knack for the absurd word games required.

        • (Score: 2) by MichaelDavidCrawford on Friday November 17, @04:10AM

          I enjoy writing, though sometimes I become obsessed by it.

          I was considering going into law once, with the aim of practicing public interest civil rights law. If one commits to public interest law, one can often get one's law school paid for.

          I enjoy reading court opinions. Legislation is inscrutable but most judges are very good writers.

          --
          127.0.0.1 www.hosted-pixel.com # I Am Absolutely Serious
    • (Score: 3, Insightful) by ese002 on Wednesday November 15, @05:18AM (1 child)

      by ese002 (5306) on Wednesday November 15, @05:18AM (#597169)

      Getting mad at hackers is the same bullshit as getting mad at tax avoiding (evading? whatever the legal one is.) companies. Stop, think, change the tax code they hacked instead of demanding they follow the spirit of the tax code rather than the letter.

      The people getting mad at tax avoiding companies don't actually have the power to change the tax code. The best they can do is lobby Congress to close the loopholes. Unfortunately, tax avoiding companies are already lobbying Congress to create loopholes for them and they are better at the game than you are.

      • (Score: 0) by Anonymous Coward on Wednesday November 15, @05:50AM

        by Anonymous Coward on Wednesday November 15, @05:50AM (#597172)

        Having a system which requires voting for politicians swayed by lobbying you disagree with if one wishes to have a worthwhile vote isn't. We ought to use a system which is hard* to tactically vote in (IIRC Australia has something NP-hard) and push the number of candidates upwards (which I would assume is a natural consequence of practically having to vote honestly).

        *https://en.wikipedia.org/wiki/Gibbard%E2%80%93Satterthwaite_theorem

    • (Score: 0) by Anonymous Coward on Wednesday November 15, @05:39AM

      by Anonymous Coward on Wednesday November 15, @05:39AM (#597171)
    • (Score: 0) by Anonymous Coward on Wednesday November 15, @03:21PM (1 child)

      by Anonymous Coward on Wednesday November 15, @03:21PM (#597301)

      a sane legal system which holds the people who make mistakes responsible for their actions rather than the people who notice and exploit the mistakes.

      I disagree, you even use the word 'exploit' for the group of people you see doing no harm.

      That doesn't mean I think the people making the mistakes shouldn't carry part of the blame, but this is a very gray line, where the % blame for those making the mistake and % blame for the exploiters isn't correlated.

      Lets take a internet security example.
      Company x makes the mistake of not securing a web server, they do not have a security policy, didn't think about it, have no people in place to handle it, ... large % of blame
      Company y makes a mistake securing their webserver, a patch wasn't rolled out quick enough and someone exploits it. They do have a security team, policy, ... and already applied the patch on their staging system and were testing it out before patching their production system. % blame is very low

      Scoundrel A, is browsing around a web store, sees a button for a promotion and discount and clicks it several times as some network latency slowed down the website response. He triggers a bug and gets a huge monetary reward. % blame is very low (0 I would say)
      Scoundrel B, searches the intertubes for exploits and hacks, uses them on a bunch of webstores and finally gets through in one of them, being able to steal a small monetary reward. % blame is very high.

      In the above case, I think Parity holds a large % of blame, its their software and it had a bug against their core business. Holding and securing wallets.
      I'm not familiar with what the user did, but if he was trying everything he could think of to trigger bugs or exploits, he also holds a large % blame. (Unless he was doing it while considering using Parity and wanted to check out the quality of their systems first)

      I agree with the sentiment about the laws though, close the damn loopholes, and create a spirit of the law as law. E.g. A big section of law has a introduction of what the law is trying to accomplish and what the motives for the law are. Intentionally spending much effort to subvert that can then be considered illegal.

      • (Score: 0) by Anonymous Coward on Thursday November 16, @04:58AM

        by Anonymous Coward on Thursday November 16, @04:58AM (#597584)

        Consider a formally verified kerberos(sans DES)/NTP/microkernel system used to gain access to internal resources. All you need do is only grant creds to people who sign your contract stipulating they use the systems in good faith to perform their work, and you're good to go with liability once again being fully (and now justly) on the hacker without having to impose unknowable laws on everyone in the country.

        IIRC (IANAL) It's illegal in the US to retrieve information from a secured computer system without or in excess of your authorization. What exactly are you authorized to extract from whatever system www.google.com resolves to? How did you gain that authorization if it isn't implicit in them offering the information to the public? If it is implicit then how do you determine if it was intentionally offered to the public or if it's meant to be an internal website, or a customer-only website? Do you feel it's acceptable to visit 'simple' URLs without permission but not 'complex' ones? What about editing the GET parameters in a URL (?foo=bar), surely a feat beyond most users? (weev got time for that, and his mate 3 years probation)

        How would you feel about a lawyer who you hired as a freelancer who intentionally made it possible for the client not to pay --- because its easier to write a contract which doesn't require payment --- on the grounds that "they probably won't notice" or "I didn't consider that they wouldn't want to pay"?
        What if the same lawyer outright refused to write correct contracts on the grounds its far too hard/time-consuming/elitist/everyone knows that the client is meant to pay within a reasonable window of time?
        What if instead of actually doing his job the lawyer then advocated that client's be legally held to what he intended the contract to do, rather than what it actually says?
        What if he justified it by saying that it's obvious what the contract was meant to say, and while he can forgive innocent mistakes if someone spends the time to understand the contract and abide by it then they should be liable for the effects of his refusal to do his job?
        How would you feel if every lawyer you hired had the same attitude, and sighed and rolled their eyes when you pointed out a loophole before explaining that it's ok because nobody really cares if contracts are correct.
        How would you feel if your lawyer, whose work you're liable for and not him, was trained in six weeks and calls themselves a sports-star lawyer?

        If we lived in a world were important programs (such as the banking system/nuclear weapons systems/firewalls/car firmware/pacemaker firmware/remote CCTV cam firmware/Therac-25 firmware) were already formally verified, would you advocate for throwing it away to lower the cost of development for future products? What if you were given a sneak peak at the last ten years of tech security news and told voting machines and jumbo jet firmware would also be unverified in your new world? That ADS-B would be unauthenticated?

        >Intentionally spending much effort to subvert that can then be considered illegal.
        This assumes that intentionally vague legalese is unambiguous. I agree that a statement of purpose is a damn good idea, but I feel it ought only ever exonerate and never under any circumstances convict given that it is specifically written to be vague.

        tl;dr: Your solutions are pragmatic solutions for the short-term, and valuable during the transition period; they are not a suitable endgame.

  • (Score: 0) by Anonymous Coward on Wednesday November 15, @08:06AM (1 child)

    by Anonymous Coward on Wednesday November 15, @08:06AM (#597203)

    even if this was accidental you would expect it to undermine the value but seems that is not how crypto works.

    Personal unfounded suspision is that these markets are being heavily manipulated by entites with vast cash reserves.

    • (Score: 3, Interesting) by WillR on Wednesday November 15, @03:49PM

      by WillR (2012) on Wednesday November 15, @03:49PM (#597321)
      The Auric Goldfinger school of economics - If you have a billion dollars worth of something, and half the world supply of that thing disappears overnight, your stash is now worth 2 billion dollars.
  • (Score: 2) by bradley13 on Wednesday November 15, @09:58AM (1 child)

    by bradley13 (3053) Subscriber Badge on Wednesday November 15, @09:58AM (#597236) Homepage Journal

    There was a bug (or unintended feature) that allowed this to happen. Possibly the company can be held liable for that, possibly not.

    Claiming malicious action by a hacker - even if that's true, what does it buy you? Even if you can identify the hacker, they almost certainly don't have $280 million for you to sue and collect.

    Ethereum smart contracts are a genuinely clever idea: take contracts out of the reach of human subjectivity. A contract means what it says, nothing more and nothing less. However, they are also a demonstration of the fact that it is difficult - nearly impossible - to write perfect code. And since the contracts are beyond human reach (barring a hard-fork of the entire blockchain), maybe that isn't actually a good thing for most applications.

    --
    Everyone is somebody else's weirdo.
    • (Score: 5, Interesting) by citizenr on Wednesday November 15, @01:17PM

      by citizenr (2737) on Wednesday November 15, @01:17PM (#597268)

      There was no bug, they "forgot" to set ownership of the walled, becoming owner required 0 signatures hehe. They did it SECOND time in a row(first time July of 2017 = $30 mil stolen). devops199 claimed ownership and triggered one of the actions you can do as an owner - destruction.

  • (Score: 4, Insightful) by All Your Lawn Are Belong To Us on Wednesday November 15, @03:37PM (4 children)

    by All Your Lawn Are Belong To Us (6553) on Wednesday November 15, @03:37PM (#597310)

    Ethereum has value, apparently. That value is based on what? Oh, it's based on what everyone collectively assigns to it. So it's not a commodity or representative. So therefore holding it entails risk. So therefore you got nailed by an unanticipated flaw, are on the short side of the risk, and got burned. Them libertarian freedom/risk/caveat emptor values sure don't feel as well when you're on the losing side, do they?

    In other words, what dumbass sinks 1 MILLION dollars into a collective dream (or some would say delusion). Yeah, all investments are dreams of sorts. But this one is the worst dot-com style throw-money-at-it-and-hope-it-will-profit wishful thinking. If the loss was significant to you, you put too much into it because it's all just an experiment, mmmkay? I'm not sure it's a pyramid scheme because it doesn't need more people involved to make it work, but it does require an ever-increasing fervor of pushing the value of it higher because...... why again?

    • (Score: 0) by Anonymous Coward on Wednesday November 15, @04:17PM (1 child)

      by Anonymous Coward on Wednesday November 15, @04:17PM (#597332)

      I think it is very funny that the fervent "fight the Man" crowd gets burned by something that "the Man" prevents (or shields one from) from happening.

      • (Score: 0) by Anonymous Coward on Wednesday November 15, @05:40PM

        by Anonymous Coward on Wednesday November 15, @05:40PM (#597378)

        of course you do, you suck-ass, Renfield POS.

    • (Score: 0) by Anonymous Coward on Wednesday November 15, @04:19PM

      by Anonymous Coward on Wednesday November 15, @04:19PM (#597333)

      Yeah no sympathy from me either.
      So many people in this forum decry the insecurity of the cloud for data, yet putting your MONEY there is somehow OK?
      Fools. Why on earth would you depend on algorithms with NO ACCOUNTABILITY or INSURANCE to manage your money?

    • (Score: 2) by legont on Wednesday November 15, @06:28PM

      by legont (4179) on Wednesday November 15, @06:28PM (#597398)

      Not true. Ether - Ethereum currency - is needed to run Ethereum distributed computer. This computer is convenient for certain useful applications. Ether is a commodity similar to electricity and the fact that it is used for exchange making it money is a side effect which may or may not be used in the future. Either way it does not make Ether useless. It is, perhaps, over (or under) valued by the market.

      --
      "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(1)