I haven't seen any evidence there was in fact a hack at all. A digital contract was used in a way that complied with the contract that the bonehead writers of that contract did not intend. That's it. If bad contract writers get to cry "hack" and beg for their money back there is no point to digital contracts at all.
If someone had physically or electronically broken into systems and illicitly copied private keys that would be a different story. Here someone executed permissible actions on chain that people didn't like, wah wah.
You have to be an absolute tool to use the poly network for anything serious ever again.
It’s so funny to me when everyone touts crypto + smart contracts as revolutionary™ then when you follow a system implemented with them to its logical conclusions you have analogs to everything that already exists. Lawyers to audit the contracts for bugs (and yes there can be bugs in a formally verified spec as well), courts to arbitrate disagreements, and an authority to enforce rules when someone finds a security hole. Hmm maybe the entire federal bureaucracy is not entirely redundant, and there were reasons that it grew to what it is today. Maybe we should understand the existing system before advocating complete disruption.
> Was entering a negative number in a web form "hacking"? Should that be illegal?
Many hacking laws were drafted in the 80s and are exceptionally broad. What you did was almost certainly illegal hacking, as the laws define it.
Of course, whether the victims would care to complain; and whether they could get the police to take them seriously; and whether they can find you; and whether you and they are in the same jurisdiction; are other matters. I certainly wouldn't recommend you rely on the CFAA to protect you from ransomware gangs.
I dunno whether it would be considered hacking, fraud, or plain old theft, but if you hadn't returned the BTC, this would be a clear example of exploiting a bug for financial gain. if nothing else, the operator should have some legal recourse to get their money back. if it can be shown that you did it deliberately, I don't think it would be unreasonable to consider it a criminal offense.
of course, this is not quite the same as misunderstanding some subtleties in an explicit contract. for example, the mere fact that I did not understand an auto-renewal clause in a lease does not get me off the hook for payment. although I might have some recourse if the lease stipulates something absurd (eg, notice to vacate must be hand-delivered to office in antarctica).
crypto does not necessarily mean you get to do a complete end run around the laws of sovereign nations. what it might mean, if designed well, is that you don't have to depend on those nations enforcing things.
Yes, but the point of a digital contract is that everything doesn't hinge on proof of a meeting of the minds. If lawyers and the digital contract can now be so far apart that one says you get the money and the other says you get jail time that isn't an improvement over local law.
They need to go back and wrap all this stuff in actual legal boiler plate to have a meeting of the minds limiting what any individual digital contract can mean, if anything, rather than pretending this is orthogonal when it clearly is not.
You were exploiting a bug, an egregious one, and I don't think any reasonable person would think that behavior was the intent of the service provider. In other words, "the code let me do it" isn't going to fly in court.
To your original question, entering a negative amount in a web form should not be illegal. That's silly. But you're responsible for the effects and what you do after noticing the odd behavior. If an ATM machine vends me an extra $20 because the bills were stuck together, I should return the extra $20.
Just because there are similar mechanisms doesn’t mean they haven’t been improved on in some way. Lawyers and courts are notoriously inefficient if this implementation achieves efficiencies, even if the mechanisms are analogous, seems like progress.
> It’s important to remember that when you start from scratch there is absolutely no reason to believe that you are going to do a better job than you did the first time. First of all, you probably don’t even have the same programming team that worked on version one, so you don’t actually have “more experience”. You’re just going to make most of the old mistakes again, and introduce some new problems that weren’t in the original version.
The irony whenever someone references this article is they always seem to forget that he was arguing against the decision to rewrite Netscape, specifically, to create version 6, also known as Mozilla.
This is an impossible counterfactual to figure out. Microsoft crushed Netscape, and it's far from clear that continuing Netscape as it had been going would have had anywhere near the success that Mozilla ultimately had.
Mozilla’s success had a lot to do with Microsoft practically abandoning internet explorer. IE6 which came out in 2001 was only replaced with IE7 coming out in October 18, 2006. Meanwhile Mozilla 1.0 came out in 2004 which was effectively the perfect time to gain market share.
This was at least an observed property of some modern reformers in 1929:
> In the matter of reforming things, as distinct from deforming them, there is one plain and simple principle; a principle which will probably be called a paradox. There exists in such a case a certain institution or law; let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, “I don’t see the use of this; let us clear it away.” To which the more intelligent type of reformer will do well to answer: “If you don’t see the use of it, I certainly won’t let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it. [0]
> we seem to want to tear down all the institutions and values that got us here.
Strike a "we", replace by "rich elites". "Small government" means in practice that most of what governments are doing now with taxpayer money at no-profit will be done by private for-profit companies, at a worse service level, or that regulations/regulatory agencies will be torn down.
For the first, just look at private prisons - make a lot of profit for their owners, while the level of care for the prisoners (access to healthcare, drug withdrawal treatment or education is often spotty, human rights abuse claims the norm).
For the second, look at how e.g. environment regulations were "relaxed" during the 45th.
I don't agree. My 'poor' leftie friends are all about tearing shit down, while most 'rich' people I know are pretty happy with the way things are, wanting only to make small tweaks here and there.
Sorry to invoke a No True Scotsman here but if you ask an advocate of truly small government (of which I am one) I very much doubt private prisons would be an example they’d accept as a fair representation of their position. The expansion of criminal law is often in pursuit of and to justify growing government and its reach. By all means end private prisons, they’re only needed at that scale because big government is violating its position and the rights of citizens by criminalising actions it should have no part in.
Contracting out the running of prisons by the government is a recent innovation[1]. Are we to say that government was historically small in 1983 and has remained small and then notice that somehow there are more private prisons in the US now? That's not a description I'd want to defend.
The US is also not the only place where prisons are private[2], there's the southern hemisphere's Sweden a.k.a. big government paradise, and it has a private prison.
To say either "public" or "private" and ascribe some sort of good or bad to them without providing any reasoning is presumptuous in the least, but to then tell someone what their actual position is - in your view - after making such a presumption would only be to compound an error.
I know what I meant, try to focus on what you mean and fixing that before mischaracterising my views again, thank you.
You claim to know what you meant, but that isn't clearly the case. GP's post was short and to the point. Your posts are long and confusing.
We do have private prisons. As you note, they started under Reagan, in response to Reagan's "anti-crime" policies. Reagan is notorious for claiming to support small government and balanced budgets while actually spending us deep into deficit in order to purchase boondoggles. How are your preferences different than Reagan's?
What’s the average length of a post on HN and where does that post stand?
> How are your preferences different than Reagan's?
You just stated that he acted contrary to his claims, if your position is that I say I’m for small government but wish to spend, spend, spend, then I can see why you’re confused. Try dropping the assumption I’m lying, the principle of charity is a wonderful thing.
More to the point, as you are confused by sarcasm in the service of proof by contradiction, I’ll rephrase:
Would you claim that the government was historically small in 1983?
Is today’s government smaller or bigger?
How do both of your answers correlate with the increasing number of private prisons?
Finally, since your answers should be no, bigger, and bigger government correlates with more private prisons, what on Earth are you on about?
Correlation is not causation (I hate having to post this.) This is an awful lot of words to avoid the question of whether the small-government philosophy you personally subscribe to, whatever it may be, would prefer that government contract out prison services, or run them itself. If you prefer contracts, stop arguing, if you don't, explain why you think the operation of prisons is a proper function of a small government. It's not hard.
> Correlation is not causation (I hate having to post this.)
And yet you're going to avoid defending it, or even looking at, nor answering any of my questions and then accuse me of such matters. Ironic.
> This is an awful lot of words to avoid the question
What is it with those who support big government ascribing mendacity to their opponents? I'm not avoiding anything (except fallacies like ad hominem and false dilemmas).
> whether the small-government philosophy you personally subscribe to, whatever it may be
Here you admit that there is more than one possible outlook, yet you go on to produce this:
> If you prefer contracts, stop arguing, if you don't, explain why you think the operation of prisons is a proper function of a small government. It's not hard.
A false dilemma. Make your mind up, are there many types or only one?
Perhaps if my questions were answered I might feel more in the mood to answer those from people who accuse me of avoiding theirs.
> would prefer that government contract out prison services, or run them itself
My answer is either, it's irrelevant. The government is regulator and enforcer. It should promote (high) standards which it then enforces regardless of whom is running a service. Problems may arise when:
a) the one running the service is also the regulator, a clear conflict of interest and though in some cases permissible, it's not one for incredibly powerful entities like government.
b) the ones providing the service are also over-represented in government i.e. they have more than a vote, they have lobbying power (or straight up corruption) which in this case would lead to criminalising essentially non-criminal behaviours to produce whatever positive outcome for them and not for the populace they're supposed to serve. How many people are in gaol for marijuana possession?[1]
More criminals means more prisons, more tax money, more staff and budget (hence more power), more cheap labour… how does that sound anything like small government?
The joy at a standup when you hear someone talk about fixing bugs they had to fix the first time they wrote the thing in a different language. We learnt nothing
The program is the implementation of an intention, if the conception of how to achieve that intention was itself faulty the program does not actually implement the intention.
A program that does not implement its intention is buggy.
SpaceX didn’t start from scratch. The goal for Falcon 1 was to be as conventional a design as possible and save money via vertical integration. By comparison many other companies tried to reinvent things by launching from aircraft etc.
> SpaceX didn’t start from scratch. The goal for Falcon 1 was to be as conventional a design as possible and save money via vertical integration.
This is still starting from scratch. The design may be conventional, but you're benefiting from a modern approach to processes and design from the beginning.
This is one of those differences between engineering and software. For physical projects how much something is starting from scratch is kind of arbitrary. Knowing for example the ideal nose cone shapes and tradeoffs is a huge advantage.
I mean this is the best way possible, the Falcon 1 didn’t reinvent the wheel. They basically said what’s the simplest useful rocket for getting stuff to orbit copying as much of the design as they could, and built that.
You could make the same argument for software. Where do you draw the line "starting from scratch" in software? Does incorporating third party libraries make it not from scratch? What about the standard library of your language of choice? What about using the abstraction of a high level language in general vs a low level language, or straight machine code? For that matter, is it from scratch if you didn't design the logic gates on the chip itself? Or perhaps even come up with the concept of logic gates from electrical and material science principals.. etc..
I'd say that if you are gluing together a bunch of known-good components into a specific configuration that isn't a full copy of something else, you're building from scratch.
Falcon 1 also included 3rd party equipment and software. IMO, that’s fairly analogous to using 3rd party libraries. I am specifically talking about elements they where designing and building in house which where directly copied from earlier designs.
Take say all those identical looking highway overpasses. Even if one of those projects started with a blank file, applying standard solutions to standard problems isn’t starting from scratch.
If you're going to just quote someone and pretend that serves as a cogent argument you'll probably want to pick someone a little smarter and more well-rounded than Spolsky.
Inefficiency implies that we can fathom a way to navigate the same space more efficiently. Do we? Or do we, for this mental gymnastics to work, actually have to change the space, to one where people are kind and the whole complicated system is less so?
Certainly having lawyers in big business must be efficient enough that they beat not having lawyers or else the market would adjust around that, no?
If instead of lawyers running around with reams of paper and reinventing legal wheels every time (and then testing those every time in various court), the parties could use a website where they can customize the standard business contract that might help clear and speed up things. Ideally, in an advanced economy a kind of centralized/trusted entity, like the state could provide this, like it provides the system for filing taxes. Oh wait...
>Lawyers and courts are notoriously inefficient if this implementation achieves efficiencies every if the mechanisms are analogous seems like progress.
Lynching/mob justice is much more efficient than lawyers and courts, and that is what comes to mind seeing how the crypto reacts.
Depends what your aim is, and how long your time horizon is. You might feel better today but when new information comes out showing the mob was wrong, that's the kind of guilt that can lead you to a very dark place.
by its nature the mob action being right or wrong is akin to a dice roll.
My point here is that it happens time and time again - people do revolution, be it real bloody one like French or Russian or just a tech one like crypto, and from the very beginning dispense with the old mature system and replace it with what they see as a very efficient new one - like the "emergency committee" system of Russian revolution which was able to quickly execute millions of "counter-revolutionaries" - yet with time the system again matures into what is perceived as a very inefficient one.
The implementation can be formally written and verified, but the specification itself cannot be automatically verified.
That's effectively what a contract is anyway - it's a specification for a 'legal agreement' which is this sort of invisible obligation that is created after it is signed (for instance, the time spent in contract negotiations is usually spent debating what should happen in edge-cases).
> It’s so funny to me when everyone touts crypto + smart contracts as revolutionary™ then when you follow a system implemented with them to its logical conclusions you have analogs to everything that already exists. Lawyers to audit the contracts for bugs (and yes there can be bugs in a formally verified spec as well), courts to arbitrate disagreements, and an authority to enforce rules when someone finds a security hole.
Tech people tend to think of technology as computerized things, but all those things you listed are also technologies that solve real problems that people encountered in the past.
IMHO, crypto is like a new car with the revolutionary new feature of not having seat belt technology. Maybe the inventor has some dumb idiosyncratic or ideological hatred of seat belts, and maybe some people buy into it... Then the new cars get popular, people start crashing them in numbers, and we realize, "hey maybe seat-belts weren't so dumb after all."
Of course, when that happens someone in that community will call it a seat-strap and claim it's a revolutionary new invention.
> IMHO, crypto is like a new car with the revolutionary new feature of not having seat belt technology.
Crypto is like that new car that can have a seat belt but you don't need to. The fact that it still doesn't have that seat belt doesn't means much, just that you need to be aware of it.
For sure any new paradigms will takes time to solve every indirect issues that comes with it, Rome wasn't build in one day.
> Of course, when that happens someone in that community will call it a seat-strap and claim its a revolutionary new invention.
Oh seems like you acknowledge that... but twist it like a bad thing? For sure it will be a great thing to add to cryptos, you just said it yourself that it's something lacking in cryptos...
What's amazing about crypto is the flexibility, the openness, the accessibility. Anyone can join theses networks, thus it can be done anywhere too, and because of the financial incentive, it's gonna happen anywhere. You'll probably say, but there's Western Union, Paypal, Visa, banks, etc... for all that... but check the Chikaordery story from Pleasant Green (as a Canadian I often laugh when the list include Venmo, or any US exclusive service, that just show how so many forget that the US isn't the world).
So yeah, some people will makes mistakes from time to time in their smart contract, it will happens, but we will get better each time to avoid that, when it's needed, just like we did with the previous ways of doing things. We will accept the risk when it can't be done, and that will be it (never heard of fraud using credit card, or bouncing checks? We are just used to them and accept the risks.)
>> IMHO, crypto is like a new car with the revolutionary new feature of not having seat belt technology.
> Crypto is like that new car that can have a seat belt but you don't need to. The fact that it still doesn't have that seat belt doesn't means much, just that you need to be aware of it.
You're missing the point. To put it slightly differently: crypto is like the overconfident kid who thinks seat belts are stupid because he doesn't truly realize he can get into an accident, let alone die. He actually does need a seat belt, he's just not wise enough to realize it. When he gets in an accident and files out his windshield, then he'll discover he wants to use one.
>> Of course, when that happens someone in that community will call it a seat-strap and claim its a revolutionary new invention.
> Oh seems like you acknowledge that... but twist it like a bad thing?
Reinventing the wheel when everyone else around you is riding in cars and on bicycles is not actually inventing anything, let alone anything revolutionary. Then, if you'd previously spent the previous few years mocking wheels as stupid and useless, there's the angle of refusing to acknowledge that you were wrong.
The fact that some order is better than no order does not imply that more order is better than less order.
If you assume that adding more government always makes things better, then why not go all the way to complete totalitarianism?
If you agree that totalitarianism is too far, then I don't see why reasonable people can't disagree on which direction (more government or less government) is an improvement on the status quo.
any anarchy is just one step away from despotism. when power lies on the ground, it doesn't take much for anyone to pick it up and wield it. you really need a strong government to preserve anarchy.
"Liberty" is a wonderful lag measure, but a terrible lead measure.
The only thing you can really do to immediately create more liberty is deregulating. But in a world without laws, the only law is that of the jungle.
In which case we have a might makes right tyranny.
But as a lag measure you can do things like legislate worker rights, minimum wages, term limits, etc. With the long-term effect of more "liberty and freedom"
"Why would anyone want your new elevator buttons? The ones we have already let you choose the floor you want without letting a stranger steal all your money by pressing it."
It's not too bad to invent the same thing over again based on some new and (potentially) revolutionary technology. It's a try, which is unclear to succeed. What are the alternatives to do? There are some, but working on Cryptocurrency is something valid (even "hot") to do these days.
I have to agree. I was going to counterargue that technically all hacking is executing permissible actions in the sense that the system you're hacking into ends up allowing you to do what you want. That leads to why we have laws around unauthorized access etc., and that leads to digital contracts that need to be interpreted by a human with some ability to enforce their interpretation.
So yes. As the main point of digital contracts seems to be that they are self-enforcing, then it seems to follow that there can be no complaining about the results of using them.
I've wondered about things like this with video games. I played RuneScape a while back and one of the things my brother and I would do is lure unsuspecting players into the wilderness to kill them and take their stuff. That stuff, RuneScape gold, weapons, and armor, has some real world value. We took it from other people, often by lying to them (e.g. "follow me into the wilderness, I'll show you something cool"). Could this somehow be construed as a crime? And if not, because everything we did was permissable actions in the game, how could any computer hacking be a crime?
In games we usually separate between exploits and hacks. Exploits are vague but typically things allowed by the game, but not intended (or have for more impact than expected).
I believe if you lied in the game that would constitute a written/verbal contract and what you did is fraud. Some games enforce written agreements, others say it's the wild west so too bad, this is role playing by a character, not the person. I'm not sure if either has ever been tested in court.
For the hacking thing I don't really agree that all hacking is 'allowed', phishing is of course a type of fraud, your access is unauthorised even with the correct credentials - authority to enter a building does not derive from stealing a key from someone. Likewise a buffer overflow is 'allowed' much the same way a window allows itself to be broken by a brick.
>Patrick had an interesting mating ritual: Apparently the task of convincing a girl to meet you involves sending her a digital photograph of your wang, as Naughton did on several occasions. He described his flights of fantasy as role-playing as himself, pretending to be a successful, rich executive with everything going his way. When he bragged about running a company and owning a boat in chat sessions, he was telling the truth, unlike so many chatters before him. [...]
>If Mickey cried a little that night then certainly Michael Eisner had a bad day after learning that his young Vice-President in charge of E-mail and Chat Rooms had been arrested for, well, very un-Disneylike behavior. [...]
>Despite all of the evidence and the decades of prison time hanging over him, Naughton would eventually walk free. The jury in his trial deadlocked over the more serious charge and to avoid a retrial, he plead out to lesser charges.
Former Internet Exec Says Online Pursuit of Girl Was Role-Playing
DEC. 10, 1999 12 AM PT
>Taking the stand in his own defense, former Internet executive Patrick Naughton testified Thursday that he never intended to have sex with a minor and that his steamy online encounters with an undercover FBI agent posing as a teenage girl were part of a fantasy life he pursued to escape emotional problems and mounting pressures at work. [...]
>Naughton’s unexpected appearance represented a bold move by a defense team that is pursuing what many consider a risky and unprecedented legal strategy. Their central argument is that Naughton’s statements online and subsequent actions aren’t incriminating because they were grounded in an online fantasy world. [...]
>While claiming that role-playing is rampant online, Naughton admitted that he always provided accurate information about himself during online chats, even pointing his supposed 13-year-old correspondent--actually an agent--to one Web site that had a news article about him and another that had a picture of his exposed genitals.
>Asked why he furnished such information if fantasy was his real objective, Naughton replied: “The role I was playing was a character of me. If you ask my psychiatrist, I have a lot of self-image and ego problems. I was looking for approval.”
>His line of defense was that he claimed he was persuaded to participate online in a ritualized sexual role-playing exercise, dealing with a mature woman acting as a girl.[14] His then-novel defense, became known as the fantasy defense for pedophiles.[2]
>The fantasy defense is where a defendant accused of attempting a crime (enticing minors into sexual activity, for example) claims that they never intended to complete the crime. Instead, they claim they were engaged in a fantasy and, in the case of luring a minor, believed they were dealing with an adult.[1]
>The fantasy defense was developed by Donald B. Marks, the attorney for Patrick Naughton,[2] the Disney executive who eventually pleaded guilty to traveling in interstate commerce with the intent to have sex with a minor, in violation of 18 U.S.C. § 2423(b).[3][4][5] The "fantasy defense" used in the Naughton case was novel; however, since the closely watched Naughton fantasy defense was successful, defense lawyers were expected to use it to help other clients.[4]
>Donald S. Yamagami, Comment, Prosecuting Cyber-Pedophiles: How Can Intent Be Shown in a Virtual World in Light of the Fantasy Defense?, 41 Santa Clara L. Rev. 547 (2000).
So I scammed at the duel arena for a few years. Made quite a lot of gp, then RWT it all.
I know what we did constituted a violation of terms of service, and we were subject to bans at any time. However, I was reasonably confident there was little Jagex could do to pursue legal action against us. Generally, we were relatively small fish compared to things like the Mod Jed scandal.
I am not sure the courts would find this to be in any way illegal. But I find it very interesting.
Lures still exist and apparently work in osrs, but they've gotten far more complicated. Unsurprising as osrs gold still has a real world value. Really its the equivalent of the Nigerian Prince email scam and its ilk.
KempQ on YouTube does a lot of videos on modern luring methods. There's also a guy on YouTube called Hermano, a former Venezuelan gold farmer, who has some interesting insights into the real world value of osrs gold and why Venezuelans do it.
We used to do this in Habbo Hotel. I don’t know how RuneScape worked back then but in Habbo you could buy virtual furniture dropping their valuables into one of our rooms and then kicking them out and making the room private. So, it is different from your example in that “killing” was by-design meant to take stuff from other people, whereas what we did was closer to “fraud” (good luck regulating that in 2006) as other comment said.
Such interesting food for thought. You are deceiving people for your own gains but then you're not breaking any rules (i guess since i don't know much about runescape), and it would really matter if it was an NPC who did that to them.
Bringing NPCs into it makes it really interesting. You could imagine an NPC lying to the player in such a way that incautious players might lose game items that are worth real world money. That NPC, in a large MMO, could scam large numbers of people out of a large amount of value.
Is that wrong? Is it part of the game? Obviously there would be something wrong if you sold people your digital tokens and then took them away from players - you agreed to give them digital tokens and then took them away. But if an in-game character is making false representations as part of the game, that seems different.
> You have to be an absolute tool to use the poly network for anything serious ever again
agreed
> A digital contract was used in a way that complied with the contract that the bonehead writers of that contract did not intend. That's it
I kind of disagree in philosophy here. If there's a bug in a bank API that lets me transfer funds to my account, I'm still "hacking", even if I'm doing exactly what the API lets me do, because I know very well that I'm not supposed to.
Then again, as you say, the whole spiel of digital contracts is that theyre far too clever to need silly courts and judges and common sense and all that, so... meh
Isn’t that the point though, when you access a bank api you have signed a contract in order to access it that states what is allowed and what’s not, the api code is not the contract but a way to access what you are allowed. With smart contracts the code is that contract so if the code allows it then it should be allowed.
You don't have to sign a contract to find vulnerabilities in an API. The thing that you have to obey is the law. Just because we call it smart contracts it isn't above the laws.
Something that seems to be missed here, is that the bank has their physical servers owned by an institution, which you are exploiting. There is no physical server for Ethereum, the Smart Contracts don't exist anywhere.
You are likely also violating the terms of usage of the API and various other legally enforceable contracts by breaching the API.
If a smart contract included a terms of use however, it would be interesting to see whether this could be considered enforceable.
It's a decentralized network. I mean it remains to be seen what jurisdictions consider smart contract exploits to be prosecutable, or whether they're even crimes.
It looks like you are debating whenever the hack was moral or not.
From a moral standpoint, it's like, if you accidentally leave behind your wallet with cash on a park bench with a lot of passer-by, then it's your fault for leaving it there and whoever finds it deserves to keep it. I'm sure you're familiar with the "finders keepers, losers weepers" saying... After all, it's in public, similar to how public blockchains work, right?
However, different people may come to different conclusions about this. In some countries in the world, the overwhelming consensus would be to return the wallet to the owner, even if it's found in public. I guess it's because it doesn't matter if you had to break through the window, or simply reach out and grab it from the bench; the property does not belong to you.
More like a big sign says "A man named Jack may take this wallet", and you're named Jack, so you take the wallet, even though it wasn't meant for you. The smart contract is explicitly defined and on a public ledger.
A lost wallet is accidentally left there. The context of it being available to be taken by anyone is not intended. There is no declaration of rules by which you may take it by the owner.
More like a big sign says “Jack may take this wallet, because it belongs to Jack”, and you happen to also be called Jack, even though you're not the Jack the sign was written about, but the sign enforcer only checks that your ID is valid and that you are named Jack.
If we're really going to play this contrived example out. Let's say there's a camera watching the wallet, so Jack gets in trouble if he's caught doing this.
The debate being had is whether the sign was sufficiently well written ("It's the code's fault") vs. whether the sign system is just a terrible idea regardless of sign quality and you should use normal societal systems to transfer the wallet.
But it doesn't belong to that Jack. You can interpret the “smart contract” one of two ways:
• As a device to programmatically ensure the “owner” of some resource is the one who controls it; or
• As a system that decides who controls a resource, whomsoever controls the resource has a right to it, there can only be one.
The sensible interpretation (imo) is the first one, unless we're doing away with our conception of property rights. (Which would be an interesting experiment, but given the philosophical background of a lot of this cryptocurrency stuff I don't think that's what's intended.)
Yeah, look all I said that you can interpret this both ways depending on your moral compass, and also based on the ethics of your group / society.
You can argue all you like, but I think this dilemma never has a completely correct answer.
But I thought the goal of blockchain was to replace the messy, centralized, inefficient human concepts of "morality" and replace them with unambiguous code? Code is law and all that. If we still have both, why did we add all that weird code stuff anyway?
Blockchain are just databases. But they still run due to consensus and the consensus is made up by humans and it is humans who uphold it.
For example, humans came to a consensus that there will there will only ever be 21 million Bitcoin. However, we cannot guarantee that one day there may be more than 21. They also came to a consensus that that this shall never change. However, all that is protecting this consensus is a meme. The source code can be changed should everyone agree, especially if the future humans find that such a cap does not work.
The benefits of decentralization is that the consensus is hard to change by individuals or centralized organisations... Consensus must be reached by all of the participants of the network.
Which country would it be? Questions of morality are slippery slopes since one could argue the entire crypto system is immoral and who cares about the moral rules in a pirate village? As Jack Sparrow says famously, there are only two types of things out there: the things you CAN do, and the things you CANT. Crypto is the libertarians wet dream and to come and argue you should be a Good Samaritan from the opposite end of the spectrum because someone proved libertarianism is bulls*t suggests these people are just immature at best.
Using smart contracts doesn't mean you completely forgo human intervention. Blockchains themselves have standardized discretionary escape hatches in the form of hard forks. Nobody except straw-man'ing detractors claim current cryptocurrency systems work perfectly.
>In June 2016, users exploited a vulnerability in The DAO code to enable them to siphon off one-third of The DAO's funds to a subsidiary account. On 20 July 2016 01:20:40 PM +UTC at Block 1920000, the Ethereum community decided to hard-fork the Ethereum blockchain to restore virtually all funds to the original contract.[10] This was controversial, and led to a fork in Ethereum, where the original unforked blockchain was maintained as Ethereum Classic, thus splitting the Ethereum blockchain into two branches, each with its own cryptocurrency.
This is a disingenuous argument not written in good faith. You know very well that the contract writers did not intend for this to happen, and yet you are pretending otherwise just to make a provocative argument.
I don't think its disingenuous. The entire purpose of a contract is because neither party can trust the other to go along with what each other "intends" and therefore has to be written out explicitly in a legally binding document.
If you find a software bug in an ATM that gives you all the money from the machine it absolutely would be considered theft. A bad lock on a door (or even no lock) doesn't give you the right to steal things behind that door. IMHO this is how the law would look at it and not care a wit about whether or not there was a flaw in the software. IANAL but have seen this kind of argument play out ever since computer bugs were exploited by unauthorized individuals.
The thing about that is smart contracts are intended to not operate this way. The aim of a smart contract is that whatever happens is the ultimate rule - the contract enforces itself.
Such an intention doesn't cause laws and courts to stop existing or make things so courts won't interpret certain actions as theft. But it complicates things.
It's a hack because public statements about how the contract was supposed to behave describe the expected behaviour.
Anything outside the that was exploiting bad implementations and therefore a hack.
Some here might think the the code is a contract because that's the name. But that had never really been the case: public human statements supercede code.
That's like saying if a website allowed SQL injection because they made a mistake in their code, you're complying with their contract by waltzing on over to the browser and dropping all their tables. Just because something is allowed via code doesn't make that the intent. Use common sense.
To me, it boils down to incompetent auditing of the contract code.
Arguably things like this should make the future a bit more secure, from what gets learnt. In the same way other code industries learn from found bugs or exploits.
The code has now been competently audited and it costed them less than 600 mil. I'd say it was a bargain when the thing audited is multi-chain crypto financial smart contract.
Around the entire system saying, “this system’s behavior is not strictly/formally verified to mirror my exact intentions and behaviors can be defined as malignant or disallowed post-facto.”
But that’s antithetical to the value prop of smart contracts.
> You have to be an absolute tool to use the poly network for anything serious ever again.
Such a weak take. I guess we are also tools for using Ethereum after The DAO.
An error like this in the contract stack should have been caught by the auditor, Certik. It's not a fundamental flaw in PolyNet's system, just a very unfortunate oversight.
It does show why you shouldn't use "Smart Contracts". Unlike legal contracts they do not have phrases like "REASONABLE INTENT" and "FOR INTENDED PURPOSE" meaning that any loophole can be abused.
The article tries to imply that the hacker had a change of heart after a public plea to return the funds.
In reality, parts of the crypto community moved quickly to block transactions involving the funds and some security researchers claimed they had solid leads on tracking down the hacker’s identity. I think the hacker realized that if their identity was compromised then the legal system wouldn’t look kindly on someone stealing hundreds of millions of dollars.
Returning the funds and trying to portray the hack as a noble operation to identify flaws in the system is one way to try to re-spin the events as a positive. It appears they’re hoping to collect donations or some sort of reward as a sort of clean money takeaway.
It must have been a wild emotional roller coaster to go from securing $600 million dollars for yourself to realizing that you made a mistake that tied your real identity to the heist.
I love how the crypto community encourages circumventing laws, UNTIL someone steals from them using their own “smart” contract then calls on authorities for help.
There are two distinct pieces. One piece is the technology and white paper behind Bitcoin. Most engineers on HN think that is very impressive and a legitimate technological achievement.
The other piece is a reaction to the pro crypto crowd who are making claims about how amazing crypto is and why it is the future. Most of these people have a large financial interest in moving the price of various coins up. The use cases so far 10 years into this are buying drugs and ransomware and the price going up.
Another example "Smart Contracts" are supposed to be this amazing technology for changing the world, but as you see here they have some significant downsides that the pro crypto people seem to either ignore or not understand.
There are many here who have seen crypto to overpromise and underdeliver for over 10 years.
PS Mined some BTC in 2011 and some LTC in 2012-2013.
The original promise (per Satoshi) was that it could be used as electronic money. That goalpost was moved onto other currencies and sidechains and regular public acceptance has been low.
Most of crypto activity is related to other crypto(see Ethereum, see DeFi). All of the "cool" stuff happening in crypto seems to be dealing with other crypto...
It is useless to non-crypto people.
The only somewhat useful moral use case are remittances to unstable countries.
The rest of crypto is just bad bad stuff: scams, ransomware, large scale capital transfers by bad actors(tax evaders being the least evil).
I am in a business(high rate of CC fraud) where I would really benefit from an easy onramp for non crypto users.
PSS Last not least, POW and the horrible incentives going along with it is a serious issue as well. POS remains unproven in the field.
It’s not that HN is anti crypto, it’s that most (if not all) smart people are. The only smart people that are pro crypto are ones trying to sell shovels in the gold rush (like Elon or Dorsey).
It’s ironic you’re asking this question in a thread about news proving how stupid crypto is to begin with.
quite a bold assumption most are smart here. most people here are experts on a subject matter or two but we should still take their stances on crypto (and other industries) with caution.
maybe they dont just understand it at all, too. and its a lot, wrapping your head around all the defi fiasco alone is mentally challenging as hell, haha.
It used to be very strange to me, but honestly think the answer is that a large number of HN community members are - somewhat ironically - very closed minded. Once you start to think in that framework you see it everywhere, and it goes all the way back to the original DropBox thread where some guy said "this is stupid you could just combine FTP with SVN".
Of course that doesn't apply to everyone, and perhaps not even them majority, but certainly at least the majority that shows up in crypto threads. HN members tend to be very smart, very technical, and very confident, all of which combine into this ugly blind spot to creative/unusual forms of technical innovation. Crypto in particular is good at sitting right in the center of that blind spot.
This explanation has made more sense to me than anything else I've seen, you'll have to decide for yourself if you agree with it.
Crypto has been around for quite a few years already. How is everyone still close minded? Maybe the issue is that crypto has several problems that are consistently ignored by the community and crypto products keep on underdelivering on their promises.
In the end, it all boils down to one fact: the differentiating feature of blockchain is decentralization. That's mainly it. However, the crypto community keeps on promising changes and improvements in areas that don't have anything to do with decentralization without any actual arguments, ignoring what is the reality of those issues.
> a large number of HN community members are - somewhat ironically - very closed minded
The other side of that coin – excessive open-mindedness – however, leads to being susceptible to cults, snake oil salesmen, and hyped up technologies. Crypto currencies, in particular, frequently tick all three boxes. Skepticism is generally a good thing, and so far crypto currency proponents have failed to refute the arguments of sceptics.
The Internet also failed to refute the arguments of skeptics until one day it didn't fail and now several of the largest companies in the world are entirely Internet based and providing indisputable value.
Cryptocurrency offers new primitives that are unavailable in any other system known to man. It takes time to build up a backbone of technology that can take these new primitives and get them to the point where they can compete with established trillion dollar industries, but it is happening, and it's starting to happen very rapidly.
It's certainly true that crypto is full of snake oil salesmen, overhyped technologies, and culty communities. But the presence of those things doesn't change the fact that the technology is real, and that it can do things at a fundamental level that no other technology can do.
The most popular internet skeptic quoted was one who (correctly) pointed out that they are going to have trouble trusting Amazon not to send them junk, and that Amazon has to fight an uphill battle to earn it. Which they did, and then started squandering away.
It is wasteful, it is often pitched as solutions to problems that it is poorly suited to solve, it is often defended by people with a vested financial interest in seeing it go up, it is often defended by people who seem pretty darn paranoid and insane by common standards in regards to anarchist beliefs or some variant, it's often poorly defined or vaporware on top of a non crypto solution, it's increasingly reinventing existing systems but worse, it's often debated by people who don't understand it, and in general its constantly showing weaknesses like this article where you get splits of "Working as intended as that's bad", "Working as intended and that's good", "Not working as intended and unsolveable", and "Not working as intended but solveable with x framework."
> Can someone explain to me why HN is so anti-crypto?
Short answer: Crypto has been touted as a primarily technological advancement (blockchain!) while the primary use case for most crypto proponents is simply getting rich (flipping coins or spreading "HODL" encouragement).
Imagine if Venmo had launched with the requirement that all Venmo transactions had to be performed with VENMOCOIN instead of dollars. To transact on the Venmo platform, you had to buy some of this VENMOCOIN from the founders or early adopters, funneling your real money to them in exchange for tokens you could use on the Venmo platform. The VENMOCOIN early adopters really, really want you to use Venmo so the price of their VENMOCOIN goes up, so every online discussion gets filled with people talking about how amazing Venmo is and how it's the way of the future and everyone should buy as much VENMOCOIN as possible.
Sound ridiculous, right? That's more or less what the crypto discussions have become: People pretend to talk about technology but it's really about getting rich by flipping coins and pumping their value.
Skepticism is maybe the definitive cultural trait of this site. And I think a lot of folks see gaps and hype in the cryptocurrency narrative. There is much to be skeptical of at every level of engagement.
Personally I see it as trying to recreate the banking and financial systems without all the lessons learned from hundreds of years.
Not to to mention anything dealing with money that isn’t reversible or doesn’t have a clear method for recourse is not something I want to put my money into.
Most HN users are wealthy devs or they want to be wealthy devs or startup founders. They have no need for crypto and it threatens where their money is stored- equities and the traditional banking system. The “hackers” traded their soul for money.
It’s really no different than a wealthy old man hating crypto. He has no need for it, he doesn’t want others to use it to get past him. He sees no problem with the current wealth inequality because he is at the top.
Crypto inequality is FAR worse than the traditional finance system, both in power and capital. A very small number of people control the protocols, network nodes, and hold the tokens themselves.
The 100 richest ETH wallets own 25% of mined ETH. Many of those wallets are probably owned by the same person/organization. Switching to PoS will make inequality even worse.
Some critics are definitely jelly about not hitting the crypto-lottery...but crypto is not a solution for wealth inequality.
Anyone that thinks that crypto is somehow going to help fix inequality is delusional. If crypto isn’t a complete dud, which I think is likely, it will increase inequality.
I think it's simply because lots of people on HN didn't buy any and now they think that they've missed the boat. They're angry because "stupid" people got rich on it. HNers like to think that they're smarter than everyone else and missing the boat hurts their ego. Although that isn't true and it's never too late to buy bitcoin.
Another reason is that most people on HN don't realize that there are roughly two sets of people in crypto. There are bitcoiners and then there are all the shitcoiners and scammers (who talk about use cases, ICOs, NFTs etc.). It's ok to hate all the scammers, but bitcoiners should be left out of it, because they're totally different set of people.
Despite the relatively high level of education here, collectively the community can be extremely doctrinal or knee-jerky on a number of subjects. Most articles that mention crypto bring a cohort of « Ponzi scheme » and « destructive mining » posts, when you'd expect somebody writing a lengthy post on the economics of energy were it to follow the established conventions of the site.
I think the overly trashy environment of the crypto space made it an acceptable target for behaviour that's otherwise seen as childish and unacceptable when it comes to other subjects.
As a very long-term crypto-sceptic, I remember thinking this place was absurdly naive and pro-crypto early on. However, after a decade of, largely, pointlessness, it's not surprising that attitudes have changed.
My impression is that most of the pro-crypto communities are rather new; most people involved just haven't been disillusioned yet.
IMO, impatience/bitterness. A lot of people got sold on the idea that big change was coming, then it didn't. Now crypto is in a gross stage, and while it clearly has some future, many people would rather point out how far away that future may still be. Some with far more certainty of it never happening than others.
I was thinking about this a lot. I used to think that most HN users are very smart, but the crypto discussions here are extremely dumb full of misconceptions and hatred. For example yesterday there was an article upvoted and vehemently discussed here, but anyone having a basic understanding of crypto would know that the article was total garbage (and full of hatred). It was like someone with primary-school mathematics knowledge hating on mathematicians and wanting to reform modern mathematics with his 'idea'.
I think it has to do with a misconception about how much effort you have to put in to have a good understanding on crypto. If we are speaking about topics like high mathematics, most people realise that their knowledge is not enough to have a meaningful opinion on the cutting-edge. For some reason people on HN treat crypto like politics: almost everyone has a strong opinion without much knowledge. Crypto is a much deeper subject than how it is treated on HN. You need to have not just technical knowledge (like understanding why a proof-of-stake algorithm has no vulnerability is VERY hard), but also very deep knowledge of the philosophy of value/money/trust. For example any substantial interview with Vitalik Buterin discusses the topics in a much deeper way than it is treated on HN.
TL;DR: People are reasonably smart here but extremely uneducated on crypto, and for some reason they think that they are informed enough to have a strong opinion.
It's also possible that some people understand all of this and still don't think that crypto is a good idea, or that it has worked out well in practice, or that it does anything meaningful.
Ok. In my opinion an algorithmic censor-resistant, deflationary value network is a useful potential technology that can give us potentially the best store-of-value known to mankind so far. Why isn't it meaningful to further research this technology in your opinion? (While mathematicians are researching all kinds of esoteric topics?) In my opinion proof-of-stake research is one of the most-important research topics today.
> an algorithmic censor-resistant, deflationary value network is a useful potential technology
As the other commenter said, "censor resistant" is impossible to achieve. It's society the one that gives value to things, and society can decide to censor you and stop you from storing/getting value from that network. Not to mention that most blockchains are traceable, so it's not that difficult to know how money is flowing.
> potentially the best store-of-value known to mankind so far
Why? This always happens in crypto: somehow it's going to fix a lot of issues even if the features that differentiate it from existing solutions don't have anything to do with those issues.
Are you a gold investor? I am. There are lots of problems with gold: 2-3% inflation, hard to store, hard to transfer, hard to divide, hard to examine whether it is really gold. BTC has some advantages (and some disadvantages). Proof of stake ETH have even more advantages (but also some more disadvantages). It is meaningful to research this, experiment with this, and not treat it as complete bullshit.
Most people don't deal with those problems because they use banks and official currency. If the target of the blockchain is to replace gold, then I don't know why people insist on regular people using it.
> It is meaningful to research this, experiment with this, and not treat it as complete bullshit.
Of course it is. But it's also meaningful to not treat it as the revolution as the crypto community does, or say that the people who don't think crypto is great is just uneducated.
If you find it a good store of value for yourself that is fine, but you need to understand that value is defined by social norms not by technical features. Picasso paintings are currently a very good store of value. Gold has been a decent store of value for thousands of years. People bought beanie babies in 1998 because they thought the price would go up and stay up for a long time. Obviously they were wrong, but the same thing could happen to GOLD, BTC, or even Picasso paintings. It totally depends on what society values in the future.
I understand this. While you are right, there are some properties of these assets that can help us predict what could become a store of value: is it durable? is it easy to transfer? is it easy to censor? is it inflationary? also you can examine the network effect related to the asset. By developing new technical features, you can increase the chance of an asset to become a store of value. That's why researching proof-of-stake algorithms is meaningful. Not as important as to find cure for cancer? Maybe. But still meaningful. Lots of people on HN claim that it is totally bullshit, which is a strong opinion imho...
Do you mean proof of stake? If so, yes there is potential for new technologies to come out which could cause crypto to have more real world use cases and then cause the value of crypto to society to be higher. But we have been hearing about how crypto is "the future" for 10+ years. At what point is this future actually going to exist?
> but the same thing could happen to GOLD, BTC, or even Picasso paintings
In fact, it has happened to the first two, at least temporarily. Someone who bought gold in 1980, say, is probably not particularly happy with it as a store of value today (adjusted for inflation, they _may_ just about be breaking even now assuming that they paid no transactional or storage fees); the same goes for someone who bought bitcoin in May. Or, er, an hour ago.
First, I am very crypto skeptical, but I don't have any problem with "research continuing". However, that's not what I am experiencing. If crypto enthusiasts were off in a lab trying to figure out how to make it solve a real problem then great! Instead, I am the "tech expert" for many of my friends and family, and frequently have them reach out to me as they are on the verge of putting a non trivial amount of money into crypto that they can't afford to lose. Most of these people can barely keep their passwords safe, so I have to spend a lot of time talking them out of it because I care about them. A similar thing happens at work. Some random business exec has a great idea to "use blockchain" for some thing that frankly would be better solved with a regular database. I've had to spend a lot of time convincing business people to not use crypto or NFTs yet.
Second, what you're doing, and many crypto people do this, is identify real problems that would be great if we could solve them. And then you go, "and isn't crypto great because it hasn't solved these problems, but maybe it could". Yeah, maybe, but it hasn't yet. Crypto reminds me of the semantic web people in a lot of ways. They said, "wouldn't it be great if semantic information were embeded in data and APIs could be machine understandable". Sounds a lot like smart contracts doesn't it? Yes, it would be great if we solved that problem, but we never did. The most we got from the semantic web was the semi-useful json-ld you seen in HTML headers for SEO optimization. Here's the thing, the vast vast majority of new ideas don't pan out. It's a lot easier to identify legit problems than it is to solve them. Crypto people get super excited because it would be amazing to solve those problems, BUT there's no good reason to believe it's likely that it will. I say this as someone who spent years trying to get teh semantic web to work. It never did.
> In my opinion an algorithmic censor-resistant, deflationary value network is a useful potential technology that can give us potentially the best store-of-value known to mankind so far.
Neither of those things are true about Bitcoin (it will not become deflationary until 2140, and "censor-resistant" requires a lot of extra elaboration). But then what's the economic basis for that being a good store of value?
I'm mostly upset with crypto because it hasn't delivered on any promise, while still causing untold ecological damage, and has tilted the price of computing equipment so already rich industrialists can earn even more. Up until recently that was just GPUs, but the latest invention in the space is they made a cryptocurrency based around using up hard drives. The joy.
I don’t have time to compile a list, but if you listen to crypto proponents you frequently hear advocacy for circumventing democratically enacted laws and institutions like fiat currency, taxation, financial regulation, international regulation, etc.
... No we want more efficient and transparent systems where possible. Avoiding taxes is breaking the law, circumventing fiat currency isn't exactly a democratic institution, did you vote for the monetary policy of the US government?, I'm all better financial regulation. I think you talk to kooks.
Of course every generalization is wrong but a not so little part of the crypto community seems very interested in avoiding taxation, money laundering and buying illegal stuff without detection.
You are using the wrong denominator. You need to compare the percentage of cash transactions (or cash exchanged) for illegal activities compared to crypto.
If you start moving more than $10,000, you will have IRS attention. (I think they like to pick on little guys because it's easier than the guys whom have lawyers, and CPAs?)
Actually, I was flagged over $6000 deposit over the sale of a car.
The IRS gives rewards to bank employees if they report (successful conviction) any suspicious behavior.
I still don't know why I was flaggged. Probally because I had long hair at the time?
I had a bunch of sleepless nights over that incident, and a bunch of emails back and forth.
I hope we wouldn't have to go through a bunch of sleepless nights for doing nothing bad. There are semi random checks of "suspicious behaviour" being done in masses. These things can get out of hand sometimes (redefining what suspicious is...), when those elected get a bit crazy
Internet file sharing was/is illegal when it first started. Now its the main form of distribution for music and movie industry. Are you only seeing criminal part of crypto and ignoring the rest to confirm your bias?
> Internet file sharing was/is illegal when it first started.
Internet file sharing is older than you think. Together with remote terminal access (TELNET), file transfer (FTP) is one of the oldest Internet protocols. When file transfer over the Internet first started, that is, when the Internet itself started, it was not "illegal".
So many times across reddit and discord servers have I saw cryptocurrency enthusiasts trading ways to dodge taxes, for example.
I don't think what the government calls "drugs" should be illegal, but, selling and buying drugs with cryptocurrency is an oft advocated for activity that I've seen in these communities.
That is not an accurate generalization. Many in the crypto community do not advocate breaking laws. Instead they look for ways to interact that do not legally require complying with onerous regulatory burdens, like peer-to-peer monetary transfers, that do not as of yet have the same amount of totalitarian restriction placed upon them as monetary transfers that are intermediated by a trusted third party middle-man.
As for the legitimacy of the law itself, and the opinion of the 'crypto community' on it: the distinction you're missing is that some laws prohibit victimless crimes, by infringing upon the freedom of contract, and always in the name of some supposed greater good, whether that's 'limiting systemic risk', 'protecting retail investors' or 'preventing money laundering', while others prohibit genuinely victimful crimes, where one party violates the rights of another. It can be entirely morally consistent to oppose the former while supporting the latter.
When such laws are used to prohibit mutually voluntary interactions between consenting adults, I think it's a human rights violation, and it is an accurate adjective to use, whether it's the CCP doing it to "maintain social harmony and political stability", or the USG doing it to "limit systemic risks to the financial system".
>>In fact, we have already seen what happens when the financial industry is entirely deregulated multiple times worldwide.
That is a revisionist account put out by some of the most powerful special interests in the world, who benefit from rampant gatekeeping/centralization of private financial interaction.
I'm in the financial industry and believe we need way more regulations than we currently have. And we need tougher and more rigorous enforcement of the existing regulations as well.
> He seems to know enough that I don’t believe he’s scared of them finding his identity
I don't know about this but I agree that he doesn't seem to set out wanting to steal $600mio. Sounds like the typical "hacker" mentality where he's prodding around for security holes and just happened to find one.
Well, the hack didn't involve an inter-blockchain transfer. It was internal transfers carried out at the same time on ETH, Polygon and BSC networks, so each of them would require a separate hardfork to repair this.
Well the Bangladesh Bank heist managed to transfer close to US$1B over SWIFT. Of course since this is the traditional banking system we’re talking about, most of the transactions were either quickly blocked or since recovered. According to Wikipedia about $63M remained unrecovered as of 2018.
In that hack, they attempted to transfer out $1B, but only managed about $100m, because the other transfers were blocked. And a portion of that 100m was eventually recovered.
Does returning the funds across a bunch of transactions also make blocking transactions harder? Assuming you don't want to block any "give back"? Maybe they are hoping for enough confusion there results in some of the stolen funds being spendable?
They gave back less than half, they still have > $300M, they are equally "criminal" as before, however much that was. I don't see the benefit they get for returning a portion.
Since the beginning I've always looked at cryptocurrencies as a free for all. If you're dumb enough to leak your key, then the value is gone. If you send your currency away to something without looking into it first, then it's your own stupidity. Lost your key? Great job, dumbass. Crypto currency is and has always been a "do what you want, but if you mess up, it's on you" in my eyes.
It seems most people using crypto currencies now have basically no knowledge about it, so I guess this will happen more often in the future. Now, "everyone" is into cryptocurrencies, and most of them could probably not name a single algorithm used for cryptography.
It's so simple to stay anonymous online. If someone took your currency then it's unlikely you'll ever figure out who it was.
Speaking as a dumbass who noticed the news in 2013 about bitcoin reaching $ 1k or something, then realizing the key for a wallet with 52 BTC was on a drive I wiped some years prior to that.
Well played to whoever found a flaw, if that's what happened.
Most people will not hold their own wallet. They just buy cryptocurrency through an exchange and let it sit as an "investment". They don't manage the wallet themselves and don't use the cryptocurrency for transactions. They simply think this is a quick way to make money and see it more as a more volatile alternative to the stock market.
And then someone hacks the exchange and they lose their money and they ask "how could this happen?" But they mean that literally because they didn't know it was even a possibility.
True. But to add to it, even if they did know more about it, they want the possibility to "exit" or "sell" quickly because they see it solely as an investment. So it wouldn't change anything.
A fun way to spend $600 million that you cannot launder anyway would be to put it in a smart contract and release it in portions to anyone who could solve a proof of work problem. Incidentally, the PoW problem would result in empty blocks being mined on Bitcoin, effectively executing a denial of service attack. The incentives should be adjusted so it becomes at least twice as profitable for a miner to mine empty blocks for the smart contract than to mine real blocks on the Bitcoin main network.
Edit: It should probably be designed as a contract which pays out only once a predetermined number of fake blocks have been mined, and the payout to the solvers will be proportional to the number of blocks they have in the final solution chain (wallet addresses of solvers should be encoded in the empty blocks they mine to prevent front-running, which will destroy the incentives). It should be possible to submit any solution to the contract so that everyone competes. This includes solutions that are mined by actual bitcoin miners, effectively pitting the miners mining real blocks against the miners mining empty blocks. Someone who is more skilled than me should design such a contract and put it on Ethereum, ready to receive Ether that someone "finds".
Bitcoin fees would simply double if that? Also one of the benefits to a mature proof of work system is that miners incentives align with the success of that currency. Imagine spending thousands of dollars on special purpose hardware only to attack the only system where they are useful. Bitcoin miners are bitcoiners, people seem to forget that.
Aren't most of the rewards due to the generation of new coins? Currently 6.5 per block as far as I know. I haven't done the math to know if the fees are substantial compared to that.
This would not be a double spend attack, but a denial of service attack. If you spend $600 million worth of mining work, you can prevent any transactions from executing for two weeks (although in this scheme where you pay twice the block reward to defectors, only one week).
Okay, sorry, I mean to find ANY flaw in bitcoin's protocol there is the weight of the entire market's worth hanging in the jeopardy. The incentive is to always be trying to crack it. So far, unsuccessfully.
From what I recall, the hacker basically doxxed himself by accident by signing a message from his real wallet, linked to exchange wallets which presumably has his KYC info. From there, it was all over. Even if he could launder all that money, international authorities would find him. In fact, the writing style of his messages provide a pretty big clue where he is - Ukraine or Russia.
All caps, short sentences, little punctuation is exactly how you are supposed to write when you are trying to stay anonymous. A good forensics analyst could probably track me down by my consistent, yet false use of commas alone.
> In fact, the writing style of his messages provide a pretty big clue where he is - Ukraine or Russia.
I think we're past trying to assume peoples identities based on writing styles, it's too easy to fake for the hackers, simply drop 1% of the words you're using and now suddenly people think you're no longer a native English speaker.
And not only is it easy to guess wrong or easy for the hacker to fake, it also adds absolutely nothing to the story/evidence/history by trying to guess the country they are from. If you're right, nothing has been gained. If you're wrong, you've just blamed the wrong nationality, again with no gain if you're right.
There are consistent words that get dropped for different languages. For a very simple example, iirc, most Slavic language don't have a word for "is," or articles, so if the author says "dog brown" instead of "the dog is brown," they probably originally speak some Slavic language (or something with similar features). You're correct it's not conclusive, but it's also not about dropping random words.
> There are consistent words that get dropped for different languages
This is a bit of my point. If I'm from Uruguay (and not native English speaker) and I want to to be a anonymous user that wants to pretend to actually be Slavic, I can easily look up common mistakes (like missing `is`) in order to foster the image of me being from somewhere I'm not.
Typing in a way you don't usually type is a common way to mask more of your identity.
There are weird tics different non-native English speakers have. For instance, every Greek I've ever met thinks the word "bored" means to be tired, not to be wanting something to interest you. They all got the same mistranslation and someone spoofing such a thing would be a very convincing non-native speaker.
Yeah, I don't get it either. If I somehow had illegally obtained 600M (or even tens of thousands), I would go complete operational segregation, and probably use a clean computer for everything to do with it. Hard to link to or release info identifying real info from a system that has no access to it and the bits for it or passwords to it have never touched its RAM, much less its disk.
Probably a hacked account that would send law enforcement on a wrong lead. Having some one else sitting in jail for you is the best way to get away with a crime.
Someone recently pointed out that we have a "free market" in cryptocurrency, and are now spending years discovering why we have regulations, laws, contracts, courts etc.
I love the idea of a digital native currency. But I also love financial protections that have grown up over thousands of years.
The mints of each country could solve that tomorrow (is there a FOSS blockchain already that does a "we know there are 1 trillion Euros in existence, here are the tokens, no need for mining"?)
> I love the idea of a digital native currency. But I also love financial protections that have grown up over thousands of years.
Yeah, this is a contrast/friction that exists in the ecosystem. Some people just want something that is like a "digital native currency" that works kind of like banks today (with the same protections at least) but works across banks/applications and somehow also is at a fixed value.
Others want "decentralized cryptocurrencies" that works the same as described before, but without any centralized control or issuance and without the "protections" as the protections can also be used against people, not just for.
Neither is "right" or "correct", just two different views inhabiting the same ecosystem.
The second group doesn't touch the first group (e.g. just use coinbase custody and forget about that "unlawful anarchists"), but the first group always want to regulate the second. Like they doing something wrong voluntarily rejecting financial protection for their own property and asking for more privacy, independence and less taxes.
Why not drop both protection and regulations for that protection from the second group and not bothering anyone?
Because the sound unregulated one looks like, walks like and talks like the first regulated one. Just imagine there were realtors split into two similar camps, and you bought your house only to find it was a hollywood facade and people just laughed when you complained.
Nah - we have this nanny like state because there are millions and millions of people and despite what Libertarians say, they cant all pay that much attention all the time.
Honestly the only way most of us make it through a year is because all the shit we rely on just does as it is expected.
In short, if you can't trust one politician/bank/sewage plant it breaks faith in all politicians/banks/sewage plants - That's no good for anyone
> now spending years discovering why we have regulations, laws, contracts, courts etc.
Which is funny as for the longest time crypto's argument was that FIAT regulations/manipulation only protects the rich, not individuals. Well here we are talking about network that rolled back because some rich people lost money and another example of organizing one of the biggest manhunts in crypto history because of a code bug abuse. Yet average people who lose money are being told "code is law", should have watched your keys or made smarter investments fool!
Re your last paragraph, isn't this what pegged cryptocurrencies are? You couldn't have the same amount circulating in both fiat and crypto at the same time so they make reserves of cash while issuing tokens, but it's pretty fragile because you have to trust the issuer they actually have the reserves.
Yes. But instead of trusting that (is it Binace?) has a million dollars in the bank (no really honestly !) you are trusting that say the US government has. Full faith etc. It sounds simple but even a moment makes for some hard problems. Amount of actual cash in circulation - yeah that's fine the US Mint probably has a spreadsheet. So we could just go with that. Let's say that's 10% of the "total". But who uses cash these days? You want all the currency in bank accounts denominated in US dollars - ok we just go ask CitiBank et al. Now that probably gets us to 70%. Now we hit the hard stuff. The dodgy bank accounts (That's going to be fun one - hiding money off shore. We are about to make any dollars not "registered" effectively unspendable)
Now what about things that are not really US dollars but convertible? There are a thousand weird instruments I barely have heard of. God knows if they should get a UUID?
And loans - look everyone loves to rag on fractional banking but we want the amount of currency in circulation to prety much match the value. Having banks create currency at the margin works pretty well as a distributed solution (we like those). Imagine the federal government assessing what your widget factory is worth every ten years.
Do we stop banks doing that? do they hand out UUIDs as well? Will there be two tier currencies (see Scottish banks).
Let S = smart contract writer's code intent - smart contract compiled code meaning. If S is legally meaningful it's all over for smart contracts. There's no way to prove the contract writer's intent, the compiler itself can have problems causing divergence, and it's not even possible to prove if the idea in the writer's mind can be captured by code. You could even come up with a sort of halting problem smart contract that's both fraudulent and not at the same time.
- function and variable naming
- social conventions around ownership
- stated intent by code writers
- common sense
By any reasonable standard, this was theft.
Is a door with a pickable lock always unlocked? No, that would be silly. What makes using a key on a lock different from using a lockpick. Social convention, intent of the creator, common sense, the fact that one thing is called a key, and the other a lockpick.
But if when there's a dispute you have to rely on a trusted third party to determine intent and arbitrate the contract, what's the benefit of having a smart contract over a regular dumb one and relying on a trusted third party to determine intent and arbitrate the contract if there's a dispute?
At the moment, there is no third party settling a dispute. All that really happened is that there was consensus that this was 'a hack / theft' in all sense except for the 'code is law' interpretation.
Now, it seems that the thief was afraid of legal reprecussions, but that is sort of outside the scope of ethereum. It happens purely 'off chain'.
The interesting exception to this story is the original DAO heist. Where an Eth hard-fork was made to reverse the heist. In this case there was an intervention. That intervention took broad consensus of miners and developers. So it takes a pretty big effort to get disputes "resolved" away from what the smart contract says. That is an interesting deviation from normal contracts before a court. Personally, I do think that Eth should not have forked the DAO heist away, but I understand why they did.
This is like saying, why have Uber use algorithms to match rider and driver, if you still need human customer support to deal with exceptions?
IMO, the answer is fundamentally that it expands the market (no more limitations like medallions, scales better than hiring dispatchers, etc.), and creates more demand overall (more people use these cars than would've used traditional taxis).
Of course, even the customer support gets automated away, until humans only need to deal with exceptions to the exceptions (that automated support was supposed to handle). So there can still be economies of scale and efficiency.
halting problem smart contract that's
both fraudulent and not at the same time
How would the halting problem help with that? With the halting problem, can't you just write code so that nobody knows if it will halt or not? I wouldn't say it halts and not halts at the same time. We just don't know if it will halt.
You define a smart contract where your intent is that it checks if other smart contracts are legal and runs them. Then you define a contract that runs the contract that checks if another contract is legal and then as the writer your intent is for the program to be illegal if the other program is legal and vice versa. Then you run this second contract through the first. If it is legal it is illegal and if it is illegal it is legal. Obviously there is no way to write a smart contract that checks if others are legal, but a writer can intend to write it which is where the problem of considering smart contract writer intent originates.
Matt Levine covered this in yesterday’s Money Stuff, it’s pretty interesting how parts of the ecosystem froze things and seemingly managed to stop them laundering their money.
Also it does look like they really did try to launder it:
> Tether froze more than $30 million in response to the hack, Tether Chief Technology Officer Paul Adroino tweeted.
> About an hour following Poly Network’s announcement of the hack, the perpetrator attempted to move stolen assets through the Ethereum address into Curve.fi, but the transaction was blocked. The hackers continued trying for about 20-30 minutes before an anonymous user sent the hackers a message on the blockchain that USD Tether had been blocked.
> The user told the hackers to try depositing the stolen tokens without Tether, which the hackers did successfully and they deposited all the addresses into Curve. The hackers then sent the anonymous user about $45,000 worth of ethereum for their help.
Given that the overall crypto market fell 7-10% since then, now a $550 million hack.
He bit off way more than he could chew it seems.
Unless he gives it all back, he is probably fucked if he is caught by American authorities, and even then it would not matter probably. Unlike France, no 5 years sentences in the good ol us of a for major fraud.
"Your honor, I returned half of it, so half the sentence"
"...demonstrates that even if you can steal cryptoassets, laundering them and cashing out is extremely difficult due to the transparency of the blockchain."
These are the type of arguments that reinforce my belief that crypto assets do not make any sense. Yet.
I can’t believe anyone can be into crypto and keep a straight face.
For all the libertarian bullshit about decentralising and no control and “you can’t shut it down” when someone actually makes off with a whole bunch of coin what does everyone do?
Relies on centralised control to shut the hacker down and cut them off.
> "Just dumped all assets on [blockchains] BSC & Polygon. Hacking for Good, I did save the project."
It's a hot take, and a lot of people will write this off as pretentious and egocentric, but I believe him.
Big crypto as a whole has to stop.
The original intention of cryptocurrency was to be an experiment (!!!) with providing alternative peer-to-peer transactions that didn't rely on the value of a centralized economy. It didn't account for what would happen when a part of that load shifted to the network.
A lot of people have a hard time understanding the scale of the world's economy, but it's really something to behold. Each one of the world's 8-billion-some people need a handful of resources to survive, and to be conservative I'll estimate that the average human makes 2 transactions a day. That's 2 documented transfers, per person, per day. Those numbers add up very quickly, and if even a fraction of them start to pile onto a collapsing concept, there's no way it can sustain it. Hacks like this are an important step towards reminding people that "money" on the blockchain isn't actually money. You're purchasing a digital asset that now suffers the same issues that the stock market does, except the FCC can't do anything about it. And they shouldn't do anything about it, either. This smoking garbage pile is a great example of how such large, experimental networks can break down at every level.
I'll file it between "Exit Scamming" and "Hash Collision"
1) FCC regulates mostly broadcast technologies, not the stock market (SEC?).
2) The amount of morale hazard we have allowed to build up since the great financial crisis is astronomical. No one has been held to account for that mess and the Too Big To Fail mindset has become deeply entrenched. The fact that no one backstops crypto is one of it's biggest features, we cannot continue to play the world's biggest janitor when the system breaks down, and regulation is not preventing these things.
3) Visa, Mastercard and other operators of the worlds biggest payment networks are expanding to crypto. They definitely have a perspective on scale and are embracing this 'experiment'.
> No one has been held to account for that mess and the Too Big To Fail mindset has become deeply entrenched
People don’t actually want this. The problem in 2008 wasn’t bankers or any other boogieman. The problem is that people want housing to be affordable/accessible, but they also want it to be an investment/retirement plan.
If you subsidise housing to make it affordable (a market distortion in itself), and you encourage appreciation in said market (another distortion) you get bubbles. We stopped this bubble from popping so that boomers didn’t have to take a retirement hit. But Wall St’s role in all of this is insanely small. They played the role of the dealer at a card table. The players are the average Joes and the casino is the Fed.
> If you subsidise housing to make it affordable (a market distortion in itself)
This didn't happen. What happened was an extreme lowering of the barriers to entering into a mortgage contract, such as minuscule down payments (which are back), NINJAs, and floating the extremely high-interest rates on those mortgages to volatile and completely gamed numbers like LIBOR. After collecting these mortgages into a bundle, they paid someone to declare them as safe as US treasuries, and immediately sold them on/started borrowing against them.
You can absolutely do this with crypto, except it would be even easier.
If someone had physically or electronically broken into systems and illicitly copied private keys that would be a different story. Here someone executed permissible actions on chain that people didn't like, wah wah.
You have to be an absolute tool to use the poly network for anything serious ever again.