The Huge Ethereum Hack May Kill the Potential Next Bitcoin
It wasn’t so long ago we were looking at Ethereum as a potential new alternative to bitcoin, and one that may have represented such a significant value to users that it could have ultimately become “the next bitcoin.”
A recent large-scale hack delivered to the system, however, may ultimately scuttle this tool before it could ever really start.
The current problem, reports suggest, is focused on the DAO, an investment fund that uses computer code and Ethereum to pursue various investment strategies.
That means quite a bit of currency at stake, and a pair of bugs in the system struck the DAO, plundering the DAO’s coffers and allowing thieves to abscond with 3.6 million Ether, valued at between $45 million and $77 million, about a third of the DAO’s effective reserves.
The bug was traced back to a software function that the DAO’s users would turn to when cashing out of the fund.
A function called splitDAO allowed hackers to trick the system, backed up by an internal timing error, into basically giving them three times the shares in the DAO that the users actually had.
That alone would be bad enough, but a second glitch in the system allowed that first glitch to happen repeatedly, until the transactions got sufficiently large to reach the block limit on the system.
The attack had been duplicated around 250 times from two IP addresses, and further copycats emerged to take their stab at the system.
Reports suggest that the attacks haven’t really been stopped; the last reports noted that no solution had been as yet found, and Ethereum officials are recommending that the blockchain governing the system be rolled back in a fashion that would render the stolen Ether invalid.
Called a “soft fork,” it requires simple majority approval of all Etherium miners.
This doesn’t help any newcomers interested in putting cash into Ether, but it may help those who are mining or considering mining Ether step in.
If a large quantity of Ether is suddenly invalid, all those bits may well go back into the system and allow for simpler mining.
While this is bad news for the overall project, it’s good to see that the organization is working to protect its users. That might bring some confidence back to the system and give us all a reason to invest after all.