[2016-06-18] BS: A hacking of over $50 mn in the world of virtual currency

dashingriddler

legendary

Activity: 1258

Merit: 1001

Quote from: skang on June 20, 2016, 12:01:02 AM

Quote from: dashingriddler on June 19, 2016, 02:52:29 PM

Quote from: skang on June 19, 2016, 07:51:22 AM

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

A $3M Ethereum short occurred on Bitfinex just moments before the attack; some claim this short closed with almost $1M USD of profit.

She did not have to do it over few hours. This exploit takes a long time in making.. you have to propose a split and wait for the voting period to expire..then you recursively call the split function after theDAO sends you money but before it updates your balance.. (I was able to code the exploit yesterday, pretty basic..let me know if anyone wants).. Hence this attack could have been more than a month in making..and atleast a week..

The volume is of $60M but that is still a lot of money considering knowing that the attack may not be successful.

Sure you can put on pastebin and share the link. Would like to look at the code.

skang

sr. member

Activity: 452

Merit: 252

from democracy to self-rule.

Quote from: dashingriddler on June 19, 2016, 02:52:29 PM

Quote from: skang on June 19, 2016, 07:51:22 AM

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

A $3M Ethereum short occurred on Bitfinex just moments before the attack; some claim this short closed with almost $1M USD of profit.

She did not have to do it over few hours. This exploit takes a long time in making.. you have to propose a split and wait for the voting period to expire..then you recursively call the split function after theDAO sends you money but before it updates your balance.. (I was able to code the exploit yesterday, pretty basic..let me know if anyone wants).. Hence this attack could have been more than a month in making..and atleast a week..

polynesia

legendary

Activity: 1358

Merit: 1000

Quote from: dashingriddler on June 19, 2016, 02:52:29 PM

Quote from: skang on June 19, 2016, 07:51:22 AM

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

If he/she does short, then he may be guilty of another crime - insider trading. Grin

It reminds me of drug mafia getting indicted for tax evasion. Tongue

CounterEntropy

full member

Activity: 214

Merit: 278

Quote from: dashingriddler on June 19, 2016, 06:08:10 AM

None of the articles talk about why the attacker stopped at 1/3rd of the pool. There was still a lot of unlocked ether in that DAO address which did not get touched. Does anyone know the reason?

Source: https://twitter.com/TuurDemeester/status/744269347535749120

dashingriddler

legendary

Activity: 1258

Merit: 1001

Quote from: skang on June 19, 2016, 07:51:22 AM

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

Shorting millions of ether is not that easy to do over few hours and would mean he is the attacker. Unlikely as this could also expose him.

skang

sr. member

Activity: 452

Merit: 252

from democracy to self-rule.

Because the attacker would make money by shorting eth prior to the attack...not by actually selling the obtained eth since all eyes would be on it..

Anyways, most of the hackers do it just because they can... to prove that the system can be penetrated... curiosity...

manav1112

sr. member

Activity: 298

Merit: 250

Quote from: dashingriddler on June 19, 2016, 06:08:10 AM

Quote from: skang on June 19, 2016, 02:15:05 AM

FUD

1. Its not a hack,
- she played by the written rules.

2. Participats didn't want to prove safety & security of digital currency by participating in theDAO
- lol, DAO is not even a currency, leave alone a blockchain

3. the theft is prompting no debate in bitcoin space
- bitcoin devs may not the most intelligent people on earth but certainly aren't stupid either.. who ignores known vulnerabilities!? lol

[I did not read the article]

These are too much for the media person to understand.

None of the articles talk about why the attacker stopped at 1/3rd of the pool. There was still a lot of unlocked ether in that DAO address which did not get touched. Does anyone know the reason?

That is a great point to question actually

dashingriddler

legendary

Activity: 1258

Merit: 1001

Quote from: skang on June 19, 2016, 02:15:05 AM

FUD

1. Its not a hack,
- she played by the written rules.

2. Participats didn't want to prove safety & security of digital currency by participating in theDAO
- lol, DAO is not even a currency, leave alone a blockchain

3. the theft is prompting no debate in bitcoin space
- bitcoin devs may not the most intelligent people on earth but certainly aren't stupid either.. who ignores known vulnerabilities!? lol

[I did not read the article]

These are too much for the media person to understand.

None of the articles talk about why the attacker stopped at 1/3rd of the pool. There was still a lot of unlocked ether in that DAO address which did not get touched. Does anyone know the reason?

skang

sr. member

Activity: 452

Merit: 252

from democracy to self-rule.

FUD

1. Its not a hack,
- she played by the written rules.

2. Participats didn't want to prove safety & security of digital currency by participating in theDAO
- lol, DAO is not even a currency, leave alone a blockchain

3. the theft is prompting no debate in bitcoin space
- bitcoin devs may not the most intelligent people on earth but certainly aren't stupid either.. who ignores known vulnerabilities!? lol

[I did not read the article]

polynesia

legendary

Activity: 1358

Merit: 1000

A hacking of over $50 mn in the world of virtual currency

http://www.business-standard.com/article/international/a-hacking-of-over-50-mn-in-the-world-of-virtual-currency-116061800707_1.html

A hacker on Friday siphoned more than $50 million of digital money away from an experimental virtual currency project that had been billed as the most successful crowdfunding venture ever - taking with him not just a third of the venture's money but also the hopes and dreams of thousands of participants who wanted to prove the safety and security of digital currency.

The attack most likely puts an end to the project, known as the Decentralized Autonomous Organization, which had raised $160 million in the form of Ether, an alternative to the digital currency Bitcoin. While the computer scientists involved in the project are aiming to tweak the code that underpins Ether in a way that will recover the money, the theft is nevertheless prompting a bigger debate about the viability and principles of virtual currencies like Bitcoin and Ether.

Topic: [2016-06-18] BS: A hacking of over $50 mn in the world of virtual currency (Read 1162 times)