Don’t worry, this is a feature of the blockchain!
Lack of oversight is something all the users want, so obviously, everyone is fine with this.
Your comment is quite misleading. Blockchain is all about verification and transparency and that is the reason why people knew about the hack that quickly. Authorities, private companies and individuals are following the funds block after block. The hack concern an exchange, a central entity with lots of ether tokens, not a blockchain.
From my understanding and this is still under investigation, the main issue is that the compromised exchange didn’t suffer from any breach. Their multi-sig setup signed a transaction liked if the company was agreeing. Could have been all the required key stolen ? Maybe. All the employee having keys getting corrupted ? Unlikely. From what I’ve read about the Ethereum Virtual Machine (EVM), in multi-sig (Safe or Gnosis safe as exemples) setups, users have no way to verify what they are signing on their harware wallets (signing devices).The whole Ethereum ecosystem have been used to blindly signed for years and today they might realize that’s a bad design choice. Lazarus could have hacked the centralized coordinator entity such as app.safe.global, but as I said this is still under investigation and I’m not a professionnal just a free software enthousiast.
This is an Ethereum, actually more of a EVM Turing Complete, design issue if I understood it correctly. You don’t have this problem that much the on Bitcoin multi-sig UTXOs ecosystem were it’s simpler and many great hardware wallet let you verify on their screen what you are signing (hww without a trusted screen are not designed to be signing devices) but none, 0% let you verify what you sign with an Ethereum smarcontract. It is possible you can do that on Ledger with 1Inch from what I’ve understand.
A feature of blockchains, actually it’s not blockchain in itself but rather the competitive PoW consensus mechanism (Ethereum forked to PoS) enforced by game theory is immuability and finality of the transactions. With Bitcoin you cannot rollback. Ethereum did a rollback in the early days creating a fork named Ethereum Classic which is the ledger that did not rollback. I don’t think Ethereum will rollback again, especially for such a small amount of ether and I think if they wanted and had the opportunity, it would have been already done. People screaming they will are delusional but maybe I’m wrong :)
Finality might seem a scary feature at first, in reality it enable you to create reversible transactions through escrow multi-sig setup. Actually you don’t even need to, the mempool is not immuable on Bitcoin you can do a RBF. You don’t create trust by simply having a shiny blockchain, people thinking it removes trust don’t understand money. Whatever, with this hard finality system you can create softness emulating what the banking system usually offers. So you get the soft system built on top of a hard system, unlike internationnal banking on which you can’t put a hard system on top of.
Edits : Add nuance, clarifications, improved readability, etc…
and nothing of value was lost
These incidents sincerely undermine some of the “big advantages” of blockchain. I worked for an NFT company for awhile, and we talked about how people stealing like this would just have the funds reversed because the blockchain can fork to solve it. But that shit rarely happens, or if it does, it’s probably all international money laundering. I have 0 faith in the community now, and it was a whole cult back in 2021.
I worked for an NFT company for awhile, and we talked about how people stealing like this would just have the funds reversed because the blockchain can fork to solve it
This is a pretty naive perspective when it goes directly against the whole ethos of the network. You can’t have credible neutrality and also have hardfork bailouts every time a centralized exchange with poor security practices gets hacked or “hacked”, these are mutually incompatible things. For a financial infrastructure that does reversals and central authority judgment calls, there is always fiat and banks.
I think it’s worth mentioning that this isn’t the first time eth suffered a big attack and it also wouldn’t be the first time they’d hard fork to roll back on the transactions. An attack in 2016 was rolled back in 2017, creating the eth classic, which ignored the changes.
Basically accurate except I wouldn’t classify a theft of Eth from a centralized crypto exchange as an attack on Ethereum, both because it doesn’t threaten Ethereum itself and because it wasn’t done using an exploit in Ethereum, this was a phishing attack afaik.
I agree that there’s some line, but if we’re really talking about $1.5bn & it really is a theft, it seems reasonable to me. /shrug
It’s probably money laundering anyway, but I dunno. If the blockchain is protected through a decentralized ledger, couldn’t they vote via governance?
Keep in mind, I read the headline & not the article. I got no clue what chain or crypto involves the story. The web3 world gave me a salary boost, and that was enough for me. It was stressful working in a grey area at times.
It’s Ethereum, so close relevance to anything web3.
it seems reasonable to me.
It won’t seem reasonable to the people developing the software or running the staking nodes whose consensus would be needed, see https://nakamoto.com/credible-neutrality/ for an idea of why. Basically the idea is that the more a network acts to impartially execute algorithms than as a subjective governance body, the more it can be relied on without worrying about the potential bias of that governance, and that impartiality is at the core of its actual value. The whole “code is law” thing might not be literal reality, there is a line, but that line is located at an existential threat to the network itself (ie. the DAO hack hardfork which was the only time this was really done, or the plans for a hard fork to recover after a hypothetical quantum computing attack breaks encryption on all wallets).
If there was an office somewhere practically able to wield a ctrl-z button for Ethereum accepting support tickets for its use, that would be a very different sort of cryptocurrency and imo not one that would be likely to work out.
Anyway this kind of hack does suck, but I think ultimately the lesson just has to be for people to either self custody or avoid crypto entirely. Centralized crypto exchanges rarely deserve the trust placed in them.
Sorry that your Neopoints were stolen.
Ethereum and EVM multi-sig is basically blind-signing on every hardware wallet. EVM is simply a bad design.
