Your comment is quite misleading. Blockchain is all about verification and transparency and that is the reason why people knew about the hack that quickly. Authorities, private companies and individuals are following the funds block after block. The hack concern an exchange, a central entity with lots of ether tokens, not a blockchain.
From my understanding and this is still under investigation, the main issue is that the compromised exchange didn’t suffer from any breach. Their multi-sig setup signed a transaction liked if the company was agreeing. Could have been all the required key stolen ? Maybe. All the employee having keys getting corrupted ? Unlikely.
From what I’ve read about the Ethereum Virtual Machine (EVM), in multi-sig (Safe or Gnosis safe as exemples) setups, users have no way to verify what they are signing on their harware wallets (signing devices).The whole Ethereum ecosystem have been used to blindly signed for years and today they might realize that’s a bad design choice. Lazarus could have hacked the centralized coordinator entity such as app.safe.global, but as I said this is still under investigation and I’m not a professionnal just a free software enthousiast.
This is an Ethereum, actually more of a EVM Turing Complete, design issue if I understood it correctly. You don’t have this problem that much the on Bitcoin multi-sig UTXOs ecosystem were it’s simpler and many great hardware wallet let you verify on their screen what you are signing (hww without a trusted screen are not designed to be signing devices) but none, 0% let you verify what you sign with an Ethereum smarcontract. It is possible you can do that on Ledger with 1Inch from what I’ve understand.
A feature of blockchains, actually it’s not blockchain in itself but rather the competitive PoW consensus mechanism (Ethereum forked to PoS) enforced by game theory is immuability and finality of the transactions. With Bitcoin you cannot rollback. Ethereum did a rollback in the early days creating a fork named Ethereum Classic which is the ledger that did not rollback. I don’t think Ethereum will rollback again, especially for such a small amount of ether and I think if they wanted and had the opportunity, it would have been already done. People screaming they will are delusional but maybe I’m wrong :)
Finality might seem a scary feature at first, in reality it enable you to create reversible transactions through escrow multi-sig setup. Actually you don’t even need to, the mempool is not immuable on Bitcoin you can do a RBF. You don’t create trust by simply having a shiny blockchain, people thinking it removes trust don’t understand money. Whatever, with this hard finality system you can create softness emulating what the banking system usually offers. So you get the soft system built on top of a hard system, unlike internationnal banking on which you can’t put a hard system on top of.
Your comment is quite misleading. Blockchain is all about verification and transparency and that is the reason why people knew about the hack that quickly. Authorities, private companies and individuals are following the funds block after block. The hack concern an exchange, a central entity with lots of ether tokens, not a blockchain.
From my understanding and this is still under investigation, the main issue is that the compromised exchange didn’t suffer from any breach. Their multi-sig setup signed a transaction liked if the company was agreeing. Could have been all the required key stolen ? Maybe. All the employee having keys getting corrupted ? Unlikely. From what I’ve read about the Ethereum Virtual Machine (EVM), in multi-sig (Safe or Gnosis safe as exemples) setups, users have no way to verify what they are signing on their harware wallets (signing devices).The whole Ethereum ecosystem have been used to blindly signed for years and today they might realize that’s a bad design choice. Lazarus could have hacked the centralized coordinator entity such as app.safe.global, but as I said this is still under investigation and I’m not a professionnal just a free software enthousiast.
This is an Ethereum, actually more of a EVM Turing Complete, design issue if I understood it correctly. You don’t have this problem that much the on Bitcoin multi-sig UTXOs ecosystem were it’s simpler and many great hardware wallet let you verify on their screen what you are signing (hww without a trusted screen are not designed to be signing devices) but none, 0% let you verify what you sign with an Ethereum smarcontract. It is possible you can do that on Ledger with 1Inch from what I’ve understand.
A feature of blockchains, actually it’s not blockchain in itself but rather the competitive PoW consensus mechanism (Ethereum forked to PoS) enforced by game theory is immuability and finality of the transactions. With Bitcoin you cannot rollback. Ethereum did a rollback in the early days creating a fork named Ethereum Classic which is the ledger that did not rollback. I don’t think Ethereum will rollback again, especially for such a small amount of ether and I think if they wanted and had the opportunity, it would have been already done. People screaming they will are delusional but maybe I’m wrong :)
Finality might seem a scary feature at first, in reality it enable you to create reversible transactions through escrow multi-sig setup. Actually you don’t even need to, the mempool is not immuable on Bitcoin you can do a RBF. You don’t create trust by simply having a shiny blockchain, people thinking it removes trust don’t understand money. Whatever, with this hard finality system you can create softness emulating what the banking system usually offers. So you get the soft system built on top of a hard system, unlike internationnal banking on which you can’t put a hard system on top of.
Edits : Add nuance, clarifications, improved readability, etc…