Another day, another cryptocurrency clusterfuck
-
Yesterday, a hacker pulled off the second biggest heist in the history of digital currencies.
Around 12:00 PST, an unknown attacker exploited a critical flaw in the Parity multi-signature wallet on the Ethereum network, draining three massive wallets of over $31,000,000 worth of Ether in a matter of minutes. Given a couple more hours, the hacker could’ve made off with over $180,000,000 from vulnerable wallets.
But someone stopped them.
Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.
By exploiting the same vulnerability, the white-hats hacked all of the remaining at-risk wallets and drained their accounts, effectively preventing the attacker from reaching any of the remaining $150,000,000.
A key part of Ethereum is "smart contracts", small programs you write to process funds.
Looking at thelanguageabomination that is used to write these smart contracts shows some gifted designers at work:Everything is 256 bits wide, including the "byte" type. This means that whilst byte[] is valid syntax, it will take up 32x more space than you expect. Storage space is extremely limited in Solidity programs. You should use "bytes" instead which is an actual byte array. The native 256-bit wide primitive type is called "bytes32" but the actual 8-bit wide byte type is called "int8".
…
For loops are completely broken. Solidity is meant to look like JavaScript but the literal 0 type-infers to byte, not int. Therefore "for (var i = 0; i < a.length; i ++) { a[i] = i; }" will enter an infinite loop if a[] is longer than 255 elements, because it will wrap around back to zero. This is despite the underlying VM using 256 bits to store this byte. You are just supposed to know this and write "uint" instead of "var".
Source: https://news.ycombinator.com/item?id=14691212All state is mutable by default (this includes struct fields, array elements, and locals). Functions can mutate state by default. Both are overridable by explicit specifiers, much like C++ "const", but you have to remember to do so. Even then, the current implementation doesn't enforce this for functions.
…
Operators have different semantics depending on whether the operands are literals or not. For example, 1/2 is 0.5, but x/y for x==1 and y==2 is 0. Precision of the operation is also determined in this manner - literals are arbitrary-precision, other values are constrained by their types.
…
The language has suffixes for literals to denote various units (e.g. "10 seconds" or "1000 ether"). This is purely syntactic sugar, however, and is not reflected in the type system in any way, so "10 second + 1000 ether" is valid code.
Source: https://news.ycombinator.com/item?id=14810008Types shorter than 32 bytes are packed together into the same 32 byte storage slot, but storage writes always write 32 bytes. For some types, the higher order bytes were not cleaned properly, which made it sometimes possible to overwrite a variable in storage when writing to another one.
Source: https://kovan.etherscan.io/solcbuginfo
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
A key part of Ethereum is "smart contracts", small programs you write to process funds.
Random users are writing and sending around programs to handle money? Crikey! There's no way that could possibly go wrong…
-
@dkf and doing so in a literal contender for new worst language ever! Finally PHP is looking so much better
-
This is completely the wrong approach for smart contracts.
The idea behind a contract is that people agree on something and codify their agreement.
Both parties should understand the contract, otherwise the side that does not understand it can be exploited.
We already have this problem with excessively long and complex real-world contracts, with unclear language and fine prints.
Ethereum replaces that with a code, which is notoriously difficult for people to read and understand.
If an Ethereum contract does not even do what its creator wants it to do, how can a customer of the contract have trust in it?It maybe could work is it was build of a predefined set of high-level blocks, like
exchange tokens A for tokens B at rate R
orpeople holding tokens V vote on a choice from (these alternatives
.
-
@dcoder BTW "hack" is a bad word for this.
The whole point of the Etherium "smart contracts" is that the software defines what happens. The program is the sole commander of the wallet whose decisions can not be questioned or rolled-back.
They wrote software that let any random dude control those wallets. There was no hack. Now, they probably didn't intend to publish the program in that way, but by the ethics of their own community no hacking was involved, and the contract they wrote was followed to the letter. (By both the original stealer, and the other people who "fixed" it by pre-emptively stealing the rest.)
The funny thing is apparently this horrible JS-abomination language is actually written atop a pretty competent virtual machine. At least, no flaws have been found in the VM itself yet, only in the horrible moronic language they made to compile to it.
This also means less moronic languages can be made to target the same VM in the future. But I'd never put a cent of mine in a "smart contract" regardless, such a terrible idea.
-
@blakeyrat said in Another day, another cryptocurrency clusterfuck:
Now, they probably didn't intend to publish the program in that way, but by the ethics of their own community no hacking was involved, and the contract they wrote was followed to the letter.
They used to claim that, but then came the DAO hack and the amount of money stolen was big enough that the devs decided to fork the chain and undo the hacker's operation.
So: these are the rules, but if you are rich they don't apply to you.
-
@adynathos said in Another day, another cryptocurrency clusterfuck:
So: these are the rules, but if you are rich they don't apply to you.
Ah, just like real life </satire>
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
Everything is 256 bits wide, including the "byte" type. This means that whilst byte[] is valid syntax, it will take up 32x more space than you expect. Storage space is extremely limited in Solidity programs. You should use "bytes" instead which is an actual byte array. The native 256-bit wide primitive type is called "bytes32" but the actual 8-bit wide byte type is called "int8".
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
the hacker could’ve made off with over $180,000,000 from vulnerable wallets
TRWTF is it being valued at 180M
-
@wharrgarbl said in Another day, another cryptocurrency clusterfuck:
@dcoder said in Another day, another cryptocurrency clusterfuck:
the hacker could’ve made off with over $180,000,000 from vulnerable wallets
TRWTF is it being valued at 180M
I imagine it isn't anymore.......
-
@accalia Don't underestimate the willingness of some people to part with their money:
-
The FAQ at the end has some serious brass:
But Mitch, isn’t this wrong? No.
But Mitch, isn’t this unethical? I don’t know, maybe? Ethics isn’t a singleton that is applicable to all aspects of life. My work ethics are separate from my steal-from-rich-useless-ICOs ethics and those are separate from my family ethics.
But Mitch, you took it from actual real people. Look, here’s the thing. If you’re holding 30 million dollars in 250 lines of code that you haven’t audited, then it’s on you. Seriously.
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
Look, here’s the thing. If you’re holding 30 million dollars in 250 lines of code that you haven’t audited, then it’s on you
-
@dcoder Ugh, useless story upfront and then the rest of the article is bragging or more pointless drivel.
But then we have this commenter:
I see what you did there . The last line made me chuckle . It’s a Ropsten tip jar . You didn’t steal any actual ETH . It was all on the Ropsten test network so no actual ETH were stolen
So maybe it's not even real or such a hack might work differently on the "production" Ethereum network?
-
But Mitch, isn’t this wrong? No.
But Mitch, isn’t this unethical? I don’t know, maybe? Ethics isn’t a singleton that is applicable to all aspects of life. My work ethics are separate from my steal-from-rich-useless-ICOs ethics and those are separate from my family ethics.
But Mitch, you took it from actual real people. Look, here’s the thing. If you’re holding 30 million dollars in 250 lines of code that you haven’t audited, then it’s on you. Seriously.: You are charged with theft of $30 million. How do you plead?
: Not guilty, Your Honour.
: Did you not siphon $30 million from accounts you do not own without the owners' permission?
: I did, Your Honour.
: Yet you plead 'Not Guilty'.
: Correct.
: Why?
: They didn't audit their code for security issues.
: And that absolves you of any culpability?
: Correct.
: Yeah, that's not how the law works mate. Thanks to your confession, I find you guilty of theft of $30 million.
swings
: That's not fair! It wasn't my fault their code's insecure!
: And it's not their fault you stole $30 million. Take him away.
is taken away still protesting his innocence
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
But Mitch, isn’t this unethical? I don’t know, maybe? Ethics isn’t a singleton that is applicable to all aspects of life. My work ethics are separate from my steal-from-rich-useless-ICOs ethics and those are separate from my family ethics.
So "yes it is, but fuck you lol"
-
@jbert said in Another day, another cryptocurrency clusterfuck:
@dcoder Ugh, useless story upfront and then the rest of the article is bragging or more pointless drivel.
But then we have this commenter:
I see what you did there . The last line made me chuckle . It’s a Ropsten tip jar . You didn’t steal any actual ETH . It was all on the Ropsten test network so no actual ETH were stolen
So maybe it's not even real or such a hack might work differently on the "production" Ethereum network?
And he's updated it to say that it's all fiction. But honestly, so much of it was Etherium jargon that I had no idea what he was talking about.
level: 9/10
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
The FAQ at the end has some serious brass:
But Mitch, isn’t this wrong? No.
But Mitch, isn’t this unethical? I don’t know, maybe? Ethics isn’t a singleton that is applicable to all aspects of life. My work ethics are separate from my steal-from-rich-useless-ICOs ethics and those are separate from my family ethics.
But Mitch, you took it from actual real people. Look, here’s the thing. If you’re holding 30 million dollars in 250 lines of code that you haven’t audited, then it’s on you. Seriously.Kind of like when burglars are off the hook if the houses they robbed had an open window or unlocked door.
Oh, wait.
-
@the_quiet_one said in Another day, another cryptocurrency clusterfuck:
Kind of like when burglars are off the hook if the houses they robbed had an open window or unlocked door.
Oh, wait.Just an FYI... in most cases they did not "rob" the house in that no "robbery" was committed....
Robbery is a crime of theft and can be classified as Larceny by force or by threat of force. The elements of the crime of robbery include the use of force or intimidation and all the elements of the crime of larceny.
-
@thecpuwizard That's just a case of lawyers using words differently than humans in order to confuse us and make themselves necessary.
-
@thecpuwizard said in Another day, another cryptocurrency clusterfuck:
Robbery is a crime of theft and can be classified as Larceny by force or by threat of force.
That is, Robbery is a specific type of Aggravated Theft that has additional sanctions because of the threat to the person experiences.
-
@thecpuwizard Yeah, I know. I was using the word casually in a non- way.
-
@the_quiet_one #YMBNH
-
@the_quiet_one said in Another day, another cryptocurrency clusterfuck:
Kind of like when burglars are off the hook if the houses they robbed had an open window or unlocked door.
What if the house has a big sign saying "Come in and take everything you want. You're allowed." ?
What if instead it has a super-small sign that says the same thing?
-
@thecpuwizard said in Another day, another cryptocurrency clusterfuck:
@the_quiet_one said in Another day, another cryptocurrency clusterfuck:
Kind of like when burglars are off the hook if the houses they robbed had an open window or unlocked door.
Oh, wait.Just an FYI... in most cases they did not "rob" the house in that no "robbery" was committed....
Robbery is a crime of theft and can be classified as Larceny by force or by threat of force. The elements of the crime of robbery include the use of force or intimidation and all the elements of the crime of larceny.
Indeed. In pendantic law terms, the correct word would be "burgled" rather than "robbed". For Americans, think "burglarized" instead, although I've never been able to understand why you'd want to transform a house into a burglar.
-
@steve_the_cynic said in Another day, another cryptocurrency clusterfuck:
Indeed. In pendantic law terms, the correct word would be "burgled" rather than "robbed".
Remember true pedantry requires that the item be "unduly emphasizes minutiae". Even if something is minutiae, if there is due reason to mention it the term does not apply. I am sure some will consider this pedantry about being a pendant :)
Seriously the difference is key. If a person is invited in (and there are many ways for this to happen, including simple signage), then no "Breaking and Entering"...
IF there is nobody home (or home, but unaware of the action) then if things are damaged, there can be one set of charges, if things taken a different set.
When someone is aware, there is almost sure to be some type of threat (explicit or implied) this will result in a set of charges regardless of if anything is damaged or taken...
Hence the "off the hook" is not applicable in the OP.
-
@steve_the_cynic said in Another day, another cryptocurrency clusterfuck:
For Americans, think "burglarized"
Why would you want to turn Americans into burgers ???
-
@remi American burgers, to go with the American cheese they put on them.
-
-
@raceprouk said in Another day, another cryptocurrency clusterfuck:
@masonwheeler said in Another day, another cryptocurrency clusterfuck:
American "cheese"
FTFY
The proper term is American style cheese-like product.
-
@the_quiet_one said in Another day, another cryptocurrency clusterfuck:
The proper term is American style cheese-like product.
The coffee machine at work has a button for a "chocolate-flavoured drink". Not "chocolate drink", which would already allow them to use a minimal amount of chocolate powder and water, no. A chocolate-flavoured drink. Lovely.
-
@remi
Well, that's probably because the French Institute of Culinary Science and Naming requires that any "chocolate drink" have at least 57.792% cocoa by volume, and the coffee machine's button occasionally only outputs 56.99% CBV, so it has to use the "chocolate-flavoured" descriptor instead so they don't get fined
-
@izzion Oh no, not the "what is the definition of chocolate" discussion again!!!
-
@remi
:P Oh, come on, don't take all the fun out of my mock pendantry trolling like that
-
@remi said in Another day, another cryptocurrency clusterfuck:
@izzion Oh no, not the "what is the definition of chocolate" discussion again!!!
Is it "chocolate-flavoured beer" or "chocolate-flavoured ale"?
-
@remi said in Another day, another cryptocurrency clusterfuck:
@the_quiet_one said in Another day, another cryptocurrency clusterfuck:
The proper term is American style cheese-like product.
The coffee machine at work has a button for a "chocolate-flavoured drink". Not "chocolate drink", which would already allow them to use a minimal amount of chocolate powder and water, no. A chocolate-flavoured drink. Lovely.
See my post elsewhere about the legalities of calling something "chocolate" vs. "chocolate-flavored".
-
@izzion said in Another day, another cryptocurrency clusterfuck:
@remi
Well, that's probably because the French Institute of Culinary Science and Naming requires that any "chocolate drink" have at least 57.792% cocoa by volume, and the coffee machine's button occasionally only outputs 56.99% CBV, so it has to use the "chocolate-flavoured" descriptor instead so they don't get finedYeah, this.
-
@planar said in Another day, another cryptocurrency clusterfuck:
@the_quiet_one said in Another day, another cryptocurrency clusterfuck:
Kind of like when burglars are off the hook if the houses they robbed had an open window or unlocked door.
What if the house has a big sign saying "Come in and take everything you want. You're allowed." ?
What if instead it has a super-small sign that says the same thing?
What if you walked up to the homeowner, handed them a piece of paper that said "I, the homeowner, agree that @planar may enter my house and take any possession he desires, without limit. Sign here:______", and they signed it.
But what if you hypnotised them into signing...
But what if they agreed to be hypnotized and pre-agreed to be bound by any agreement they made under hypnoisis...
-
@nedfodder said in Another day, another cryptocurrency clusterfuck:
Is it "chocolate-flavoured beer" or "chocolate-flavoured ale"?
Ginger-flavoured chocolate-flavoured beer?
-
-
@el_heffe
Did you see that study that showed 84.72% of all numbers on the Internet are made up on the spot?And that the likelihood of a number being made up increases by 17.227657% for each additional digit of significance in the number?
-
@izzion said in Another day, another cryptocurrency clusterfuck:
@el_heffe
Did you see that study that showed 84.72% of all numbers on the Internet are made up on the spot?And that the likelihood of a number being made up increases by 17.227657% for each additional digit of significance in the number?
That is 101.7% bullshit.
-
@izzion said in Another day, another cryptocurrency clusterfuck:
@el_heffe
Did you see that study that showed 84.72% of all numbers on the Internet are made up on the spot?And that the likelihood of a number being made up increases by 107.227657% for each additional digit of significance in the number?
You missed a digit.
-
@dcon
If a man drops a digit in the woods, but that digit was a zero, does it even have a value?
-
@izzion said in Another day, another cryptocurrency clusterfuck:
@dcon
If a man drops a digit in the woods, but that digit was a zero, does it even have a value?If the "0" was tattooed on his finger, that man will need a bandaid.
-
It's a brand new
dayfuckup! But this time, the cryptocurrency itself is not at fault — 2-factor auth via SMS and Verizon's atrocious customer support is to blame.TL;DR:
Of all the things that went down in the factors that lead to this hack, Verizon Wireless is what I was massively unprepared for. After talking at length with customer service reps, I learned that the hacker did not need to give them my pin number or my social security number and was able to get approval to takeover my cell phone number with simple billing information. This blew my mind and seemed negligent beyond all possible reason but it’s what they do. The main thing that struck me by the hack was the extraction speed possible in the current cryptocurrency ecosystem. $8,000 in 15 minutes is faster and more lucrative than robbing a suburban bank.
Pro tip: if you haven't done so yet, set up 2FA wherever you can, and use a better method than SMS. For example, there's Google Authenticator (and Microsoft Authenticator for those of us still clutching Windows Phone). Gadgets like Yubikey are also a good option – I use Yubi to protect my Gmail and KeePass, for example.
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
2FA
If your 2FA mechanism can be defeated by socially engineering ONE of the factors, it's not 2FA.
-
@dcoder said in Another day, another cryptocurrency clusterfuck:
Pro tip: if you haven't done so yet, set up 2FA wherever you can
Pro tip: And then lose or break the phone.
-
@steve_the_cynic said in Another day, another cryptocurrency clusterfuck:
burgle
"You're the burglar. Go and burgle something!"
-
Atlas, rise!
Hundreds of millions $ worth of Ethereum is now stuck in broken wallets and cannot be withdrawn without a hard fork.
Different sources report different amounts of funds affected, between $150M and $280M:All Parity multi-sig wallets have been frozen. That includes the Polkadot ICO and may include many others totaling around 500,000 eth, worth $150 million, according to some number crunching.
...
The code library, a sort of collection of code templates, was kind of a smart contract itself. That has now been wiped out, and with it the code functions too. Meaning multi-sig wallets (addresses that require two or three private key signatures to move) are blacked out. So the funds can’t move because you can’t “talk” to the wallets.As you may have read, Parity issued a security advisory today to inform its user about a bug that got “accidentally” triggered which resulted in freezing more than $280M worth of ETH, including $90M belonging to Parity’s Founder & Ethereum former core developer: Gavin Woods.
https://blog.comae.io/the-280m-ethereums-bug-f28e5de43513?gi=920931f0050e