Results 1 to 14 of 14

Thread: Etherium Exploit Nets Attacker $50 million Legitimately from DAO Fund

  1. #1

    Etherium Exploit Nets Attacker $50 million Legitimately from DAO Fund

    http://pastebin.com/CcGUBgDG


    #REKTH



    ===== BEGIN SIGNED MESSAGE =====
    To the DAO and the Ethereum community,

    I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of "child DAOs".

    I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:

    "The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."

    A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal.

    I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.

    I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.

    Yours truly,
    "The Attacker"

    ===== END SIGNED MESSAGE =====

    Message Hash (Keccak): 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26 faed97ebbd017d0e
    Signature: 0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b07 2c81637fe81006061603908f692dc15a1b6ead217785cf5e07 fb496708d129645f3370a28922136a32

    'We endorse the idea of voluntarism; self-responsibility: Family, friends, and churches to solve problems, rather than saying that some monolithic government is going to make you take care of yourself and be a better person. It's a preposterous notion: It never worked, it never will. The government can't make you a better person; it can't make you follow good habits.' - Ron Paul 1988

    Awareness is the Root of Liberation Revolution is Action upon Revelation

    'Resistance and Disobedience in Economic Activity is the Most Moral Human Action Possible' - SEK3

    Flectere si nequeo superos, Acheronta movebo.

    ...the familiar ritual of institutional self-absolution...
    ...for protecting them, by mock trial, from punishment...




  2. Remove this section of ads by registering.
  3. #2
    Ethereum Blog Vitalik Buterin


    LATEST POSTS CRITICAL UPDATE Re: DAO Vulnerability 17th June, 2016
    On Settlement Finality 09th May, 2016

    technical

    Thinking About Smart Contract Security

    Posted by Vitalik Buterin on June 19th, 2016. Over the last day with the community’s help we have crowdsourced a list of all of the major bugs with smart contracts on Ethereum so far, including both the DAO as well as various smaller 100-10000 ETH thefts and losses in games and token contracts.
    This list (original source here) is as follows:


    We can categorize the list by categories of bugs:

    • Variable/function naming mixups: FirePonzi, Rubixi
    • Public data that should not have been public: the public RNG seed casino, cheatable RPS
    • Re-entrancy (A calling B calling A): the DAO, Maker’s ETH-backed token
    • Sends failing due to 2300 gas limit: King of the Ether
    • Arrays/loops and gas limits: Governmental
    • Much more subtle game-theoretic weaknesses where at the limit people even debate whether or not they’re bugs: the DAO

    There have been many solutions proposed to smart contract safety, ranging from better development environments to better programming languages to formal verification and symbolic execution, and researchers have started developing such tools. My personal opinion regarding the topic is that an important primary conclusion is the following: progress in smart contract safety is necessarily going to be layered, incremental, and necessarily dependent on defense-in-depth. There will be further bugs, and we will learn further lessons; there will not be a single magic technology that solves everything.
    The reason for this fundamental conclusion is as follows. All instances of smart contract theft or loss – in fact, the very definition of smart contract theft or loss, is fundamentally about differences between implementation and intent. If, in a given case, implementation and intent are the same thing, then any instance of “theft” is in fact a donation, and any instance of “loss” is voluntary money-burning, economically equivalent to a proportional donation to the ETH token holder community by means of deflation. This leads to the next challenge: intent is fundamentally complex.
    The philosophy behind this fact has been best formalized by the friendly AI research community, where is bears the names of “complexity of value” and “fragility of value“. The thesis is simple: we as human beings have very many values, and very complex values – so complex that we ourselves are not capable of fully expressing them, and any attempt to will inevitably contain some uncovered corner case. The utility of the concept to AI research is important because a super-intelligent AI would in fact search through every corner, including corners that we find so unintuitive that we do not even think of them, to maximize its objective. Tell a superintelligent AI to cure cancer, and it will get 99.99% of the way there through some moderately complex tweaks in molecular biology, but it will soon realize that it can bump that up to 100% by triggering human extinction through a nuclear war and/or biological pandemic. Tell it to cure cancer without killing humans, and it will simply force all humans to freeze themselves, reasoning that it’s not technically killing because it could wake the humans up if it wanted to – it just won’t. And so forth.
    In smart contract land, the situation is similar. We believe that we value things like “fairness”, but it’s hard to define what fairness even means. You may want to say things like “it should not be possible for someone to just steal 10000 ETH from a DAO”, but what if, for a given withdrawal transaction, the DAO actually approved of the transfer because the recipient provided a valuable service? But then, if the transfer was approved, how do we know that the mechanism for deciding this wasn’t fooled through a game-theoretic vulnerability? What is a game-theoretic vulnerability? What about “splitting”? In the case of a blockchain-based market, what about front-running? If a given contract specifies an “owner” who can collect fees, what if the ability for anyone to become the owner was actually part of the rules, to add to the fun?
    All of this is not a strike against experts in formal verification, type theory, weird programming languages and the like; the smart ones already know and appreciate these issues. However, it does show that there is a fundamental barrier to what can be accomplished, and “fairness” is not something that can be mathematically proven in a theorem – in some cases, the set of fairness claims is so long and complex that you have to wonder if the set of claims itself might have a bug.
    Toward a Mitigation Path

    That said, there are plenty of areas where divergence between intent and implementation can be greatly reduced. One category is to try to take common patterns and hardcode them: for example, the Rubixi bug could have been avoided by making owner a keyword that could only be initialized to equal msg.sender in the constructor and possibly transferred in a transferOwnership function. Another category is to try to create as many standardized mid-level components as possible; for example, we may want to discourage every casino from creating its own random number generator, and instead direct people to RANDAO (or something like my RANDAO++ proposal, once implemented).
    A more important category of solutions, however, involve mitigating the specific and unintuitive quirks of the EVM execution environment. These include: the gas limit (responsible for the Governmental loss, as well as the losses due to recipients consuming too much gas when accepting a send), re-entrancy (responsible for the DAO and the Maker ETH contract), and the call stack limit. The call stack limit, for example, can be mitigated through this EIP, which essentially removes it from consideration by substituting its purpose with a change to gas mechanics. Re-entrancy could be banned outright (ie. only one execution instance of each contract allowed at a time), but this would likely introduce new forms of unintuitiveness, so a better solution is likely required.
    The gas limit, however, is not going away; hence, the only solutions there are likely to be inside of the development environment itself. Compilers should throw a warning if a contract does not provably consume less than 2300 gas if called with no data; they should also throw a warning if a function does not provably terminate within a safe amount of gas. Variable names might be colored (eg. RGB based on the first three bytes of the hash of the name), or perhaps a heuristic warning might be given if two variable names are too close to each other.
    Additionally, there are coding patterns that are more dangerous than others, and while they should not be banned, they should be clearly highlighted, requiring developers to justify their use of them. A particularly involved example is as follows. There are two types of call operations that are clearly safe. The first is a send that contains 2300 gas (provided we accept the norm that it is the recipient’s responsibility not to consume more than 2300 gas in the case of empty data). The second is a call to a contract that you trust and that is itself already determined to be safe (note that this definition bans re-entrancy as you would then have to prove A is safe before proving A is safe).
    As it turns out, very many contracts can be covered by this definition. However, not all of them can; an exception is the idea of a “general purpose decentralized exchange” contract where anyone can place orders offering to trade a given amount of asset A for a given amount of asset B, where A and B are arbitrary ERC20-compatible tokens. One could make a special-purpose contract just for a few assets, and thereby fall under the “trusted callee” exemption, but having a generic one seems like a very valuable idea. But in that case, the exchange would need to call transfer and transferFrom of unknown contracts and, yes, give them enough gas to run and possibly make a re-entrant call to try to exploit the exchange. In this case, the compiler may want to throw a clear warning unless a “mutex lock” is used preventing the contract from being accessed again during those calls.
    A third category of solutions is defense in depth. One example, to prevent losses (but not thefts) is to encourage all contracts that are not intended to be permanent to have an expiry date, after which the owner can take arbitrary actions on behalf of the contract; this way, losses would be possible only if (i) the contract screws up, and simultaneously (ii) the owner is missing or dishonest. Trusted multisig “owners” may emerge to mitigate (ii). Thefts could be mitigated by adding waiting periods. The DAO issue was greatly mitigated in scope precisely because the child DAO was locked down for 28 days. A proposed feature in the MakerDAO is to create a delay before any governance change becomes active, allowing token holders unhappy with the change time to sell their tokens; this is also a good approach.
    Formal verification can be layered on top. One simple use case is as a way of proving termination, greatly mitigating gas-related issues. Another use case is proving specific properties – for example, “if all participants collude, they can get their money out in all cases”, or “if you send your tokens A to this contract, you are guaranteed to either get the amount of token B that you want or be able to fully refund yourself”. Or “this contract fits into a restricted subset of Solidity that makes re-entrancy, gas issues and call stack issues impossible”.
    A final note is that while all of the concerns so far have been about accidental bugs, malicious bugs are an additional concern. How confident can we really be that the MakerDAO decentralized exchange does not have a loophole that lets them take out all of the funds? Some of us in the community may know the MakerDAO team and consider them to be nice people, but the entire purpose of the smart contract security model is to provide guarantees that are strong enough to survive even if that is not the case, so that entities that are not well-connected and established enough for people to trust them automatically and do not have the resources to establish their trustworthiness via a multimillion-dollar licensing process are free to innovate, and have consumers use their services feeling confident about their safety. Hence, any checks or highlights should not just exist at the level of the development environment, they should also exist at the level of block explorers and other tools where independent observers can verify the source code.
    Particular action steps that can be taken by the community are:

    1. Taking on the project of making a superior development environment, as well as a superior block/source code explorer, that includes some of these features
    2. Standardization of as many components as possible
    3. Taking on the project of experimenting with different smart contract programming languages, as well as formal verification and symbolic execution tools
    4. Discussing coding standards, EIPs, changes to Solidity, etc that can mitigate the risk of accidental or deliberate errors
    5. If you are developing a multimillion-dollar smart contract application, consider reaching out to security researchers and work with them on using your project as a test case for various verification tools

    Note that, as stated in a previous blog post, DEVGrants and other grants are available for much of the above.
    Vitalik Buterin

    https://ethereum.org



    Recent Posts




    Recent Comments



    Ethereum Blog

    'We endorse the idea of voluntarism; self-responsibility: Family, friends, and churches to solve problems, rather than saying that some monolithic government is going to make you take care of yourself and be a better person. It's a preposterous notion: It never worked, it never will. The government can't make you a better person; it can't make you follow good habits.' - Ron Paul 1988

    Awareness is the Root of Liberation Revolution is Action upon Revelation

    'Resistance and Disobedience in Economic Activity is the Most Moral Human Action Possible' - SEK3

    Flectere si nequeo superos, Acheronta movebo.

    ...the familiar ritual of institutional self-absolution...
    ...for protecting them, by mock trial, from punishment...


  4. #3
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Ladies and gentleman;

    We come to you with great pleasure to now offer 2000% or 20x return contracts. You have to notify us before hand of the amount of tokens you wish to be multiplied and we will send you back a customized bytecode with a SIMPLE guide on how to successfully execute the contract and get your 2000% return from the DAO.

    We accept payment in bitcoins or DAO tokens or ether;

    Price Breakdown:
    1) DAO token balance to multiply = 1,000 or less = 1BTC or 5,000 DAO or 50ETH
    Potential Gain for Buyer - 200ETH

    2) DAO token balance to multiply = 5,000 or less = 4BTC or 20k DAO, or 200 ETH
    Potential Gain - 1000ETH

    3) DAO token balance to multiply = 10,000 or less = 6BTC or 30k DAO, or 300ETH
    Potential Gain for Buyer - 2000ETH

    4) Anything above 10,000 will be considered by our team, and likely contain a decent premium or we may just likely reject it outright, this is aimed moreso at spreading the wealth to the smaller users, although it allows whales to do it as well, but in smaller increments.

    **Send us an e-mail if you wish to complete this transaction; goldyloxx@sigaint.org**

    **SERIOUS OFFER:

    TL;DR

    WE ARE SELLING CUSTOMIZED RECURSIVE CALL CONTRACTS OF THE DAO
    THAT WILL ALLOW YOU TO MULTIPLY YOUR FUNDS BY 20X.


    DISCLOSURE: WE HAVE HUNDREDS OF OUR OWN CONTRACTS DEPLOYED WAITING TO COMPLETE A FULL HEIST OF THE DAO, WE NEED OTHER USERS TO PARTICIPATE SO IT WILL BE IMPOSSIBLE FOR THE HARD FORK TO REDISTRIBUTE FUNDS BACK
    **
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2

    iQEcBAEBCAAGBQJXZyLlAAoJEOr7aOGjIMncDsMH/ArUnU6GcAsVLkGBAduE08G+
    AcKci986ehyzmC4XOPbhxtE2axxcOOQPjgeLgz6kfEHL1fiwfC 5vQJZu3NQw2v/m
    QZpd57KKAxZ245oz4pzJdkhM+3rqnG+JV9zow0vzp8vGGLOCpP LPL09JdsFWeL/H
    qODyvPgj3TiKVpDZ9JhygrIBpOZbn3xi9j1yqEv/GDrB9wpDglz/L8egDOoQjLXB
    zFabHIaha/4POEz6EdUGjeU3cA3eJpUYkU51mIRBkLDtwWo0JPxfdcsL4zEL C6Ix
    w4Bo3SjMJSqBDMZjC2HxXRm2VyC/iIfC4gSvmhDPq8sHm/Z8uQOt0sC01QMUXO4=
    =vFi+
    -----END PGP SIGNATURE-----
    http://pastebin.com/9MRVDC9h
    https://etherscan.io/address/0xbb9bc...72d3bb8c189413

    lol
    Last edited by presence; 06-19-2016 at 10:21 PM.

    'We endorse the idea of voluntarism; self-responsibility: Family, friends, and churches to solve problems, rather than saying that some monolithic government is going to make you take care of yourself and be a better person. It's a preposterous notion: It never worked, it never will. The government can't make you a better person; it can't make you follow good habits.' - Ron Paul 1988

    Awareness is the Root of Liberation Revolution is Action upon Revelation

    'Resistance and Disobedience in Economic Activity is the Most Moral Human Action Possible' - SEK3

    Flectere si nequeo superos, Acheronta movebo.

    ...the familiar ritual of institutional self-absolution...
    ...for protecting them, by mock trial, from punishment...


  5. #4
    So it looks like it's time to sell my Ether and call it a day on that adventure lol
    "Your mother's dead, before long I'll be dead, and you...and your brother and your sister and all of her children, all of us dead, all of us..rotting in the ground. It's the family name that lives on. It's all that lives on. Not your personal glory, not your honor, but family." - Tywin Lannister


  6. #5
    This is actually rather interesting to see how a community achieves consensus on fixing errors. There may be a soft fork or a hard fork that stops the contract theft.

    The deadline before any ETH can be withdrawn from DAO is still a few weeks away. I have no idea what will happen.

    ETH did a dive right away yet is climbing back. Depending how this shakes out it could solidify ETH. I'm hanging on to the DAO and ETH I have, not sure of things enough to buy more. It could possibly be a great opportunity.
    “…let us teach them that all who draw breath are of equal worth, and that those who seek to press heel upon the throat of liberty, will fall to the cry of FREEDOM!!!” – Spartacus, War of the Damned

    BTC: 1AFbCLYU3G1dkbsSJnk3spWeEwpqYVC2Pq

  7. #6
    The ETH community did a hard fork and the DAO funds are able to be refunded. No hacker got away with anything.

    The price of ETH has since gotten back to normal, about where it was in May when the DAO was being funded.
    “…let us teach them that all who draw breath are of equal worth, and that those who seek to press heel upon the throat of liberty, will fall to the cry of FREEDOM!!!” – Spartacus, War of the Damned

    BTC: 1AFbCLYU3G1dkbsSJnk3spWeEwpqYVC2Pq

  8. #7
    Wtf is going on? As in for the illiterate.

  9. #8
    Ethereum Creator Vitalik Buterin Addresses 'Classic' Blockchain

    CoinDesk-Jul 26, 2016
    Ethereum creator Vitalik Buterin issued new statements today reiterating that the Ethereum Foundation, the non-profit founded to support ...

    Ethereum Exchange's Attempts to List ETC Leads to Losses
    CryptoCoinsNews-5 hours ago
    Major Exchanges Add Support for Ethereum Classic
    newsBTC-8 hours ago
    The Ethereum Hard Fork Spawned a Shaky Rebellion
    Motherboard-40 minutes ago
    Ethereum Classic Now 3rd Most Traded Cryptocurrency After Bitcoin ...
    Highly Cited-CoinTelegraph-Jul 24, 2016
    Bitcoin's Killer Legal Win No One Noticed
    In-Depth-Huffington Post-Jul 26, 2016

    'We endorse the idea of voluntarism; self-responsibility: Family, friends, and churches to solve problems, rather than saying that some monolithic government is going to make you take care of yourself and be a better person. It's a preposterous notion: It never worked, it never will. The government can't make you a better person; it can't make you follow good habits.' - Ron Paul 1988

    Awareness is the Root of Liberation Revolution is Action upon Revelation

    'Resistance and Disobedience in Economic Activity is the Most Moral Human Action Possible' - SEK3

    Flectere si nequeo superos, Acheronta movebo.

    ...the familiar ritual of institutional self-absolution...
    ...for protecting them, by mock trial, from punishment...




  10. Remove this section of ads by registering.
  11. #9
    Quote Originally Posted by silverhandorder View Post
    Wtf is going on? As in for the illiterate.
    A user of the DAO fund realized the thing was set up so that any user could claim the fund for himself and put it in a private account.

    So he did; at the time it was worth over $50 million.

    Then most of the rest of the community said... ok... but we're going to stop mining that coin and supporting that currency...

    So they did; and forked his transaction out of the blockchain effectively erasing it.

    And ETH lives on...

    ...but some people never stopped mining the old blockchain... that the "attacker" owns a fat share of DAO in.

    and that coin lives on as ETC; ether classic... currently very volatile; even for crypto standards

    at current prices "the attacker's" shares are probably still worth a few million dollars.

    'We endorse the idea of voluntarism; self-responsibility: Family, friends, and churches to solve problems, rather than saying that some monolithic government is going to make you take care of yourself and be a better person. It's a preposterous notion: It never worked, it never will. The government can't make you a better person; it can't make you follow good habits.' - Ron Paul 1988

    Awareness is the Root of Liberation Revolution is Action upon Revelation

    'Resistance and Disobedience in Economic Activity is the Most Moral Human Action Possible' - SEK3

    Flectere si nequeo superos, Acheronta movebo.

    ...the familiar ritual of institutional self-absolution...
    ...for protecting them, by mock trial, from punishment...


  12. #10
    Oh that sounds cool.

    It sounded from earlier claim that he made none. I was kinda hoping he got owned.
    Quote Originally Posted by Cowlesy View Post
    Americans in general are jedi masters of blaming every other person.

  13. #11
    Quote Originally Posted by presence View Post
    Then most of the rest of the community said... ok... but we're going to stop mining that coin and supporting that currency...

    So they did; and forked his transaction out of the blockchain effectively erasing it.
    Reason #101 why to not put your money in virtual currency pyramid schemes.

    Guy loses 50million because the pyramid scheme refused to honor their contract and said $#@! it and took their ball and went home and made a new coin..

    Seriously, I hope that someday everyone of you people that are investing in these bull$#@! crypo pyramid schemes lose everything.
    The $#@! is backed by nothing, good luck getting someone to take your $#@!ing non existent block chains when they are looting grocery stores.
    Last edited by LibertyRevolution; 07-28-2016 at 03:09 AM.

  14. #12
    Quote Originally Posted by LibertyRevolution View Post
    Reason #101 why to not put your money in virtual currency pyramid schemes.

    Guy loses 50million because the pyramid scheme refused to honor their contract and said $#@! it and took their ball and went home and made a new coin..

    Seriously, I hope that someday everyone of you people that are investing in these bull$#@! crypo pyramid schemes lose everything.
    The $#@! is backed by nothing, good luck getting someone to take your $#@!ing non existent block chains when they are looting grocery stores.
    Yes, all those cryoto currencies are pyramid schemes, unlike the USD which obviously is not
    It's all about taking action and not being lazy. So you do the work, whether it's fitness or whatever. It's about getting up, motivating yourself and just doing it.
    - Kim Kardashian

    Donald Trump / Crenshaw 2024!!!!

    My pronouns are he/him/his

  15. #13
    Quote Originally Posted by LibertyRevolution View Post
    Reason #101 why to not put your money in virtual currency pyramid schemes.

    Guy loses 50million because the pyramid scheme refused to honor their contract and said $#@! it and took their ball and went home and made a new coin..
    Pyramid scheme aside, the original intent of the contract was very clear. Some guy figured out the implementation had some flaws. ETH uses new tech, growing pains.
    It wasn't one user who would lose 50 million, it would have been thousands of users. So the community talked about it, planned on options, the community voted on the results by either accepting the 'fix' or not. By a large majority all the major miners, software developers, and users decided to go with the new blockchain.

    It's community driven contracts and in this case, arbitration.
    “…let us teach them that all who draw breath are of equal worth, and that those who seek to press heel upon the throat of liberty, will fall to the cry of FREEDOM!!!” – Spartacus, War of the Damned

    BTC: 1AFbCLYU3G1dkbsSJnk3spWeEwpqYVC2Pq

  16. #14
    Quote Originally Posted by LibertyRevolution View Post
    Reason #101 why to not put your money in virtual currency pyramid schemes.

    Guy loses 50million because the pyramid scheme refused to honor their contract and said $#@! it and took their ball and went home and made a new coin..
    That is how it works. There has to be majority benefit to change the rules. Fiat currency, is guys with guns robbing you blind.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •