North Korea is experiencing hardship after the crypto crash wiped off millions from its stash of stolen digital assets. Reuters reported on June 29, citing four digital investigators. According to the investigators, the bear market threatens a key funding source for Pyongyang and its weapons programs. Allegedly, North Korea has invested heavily in sophisticated crypto hacking groups over the years. As a result, the country has become a significant threat, successfully orchestrating multiple high-profile attacks on the crypto space. An…
Decentralization is the primary selling point of the three worlds of Bitcoin, crypto, and the web. There are several reasons for this. Some are related to the increased transactional efficiency that decentralization can provide. Others are related to creating permissionless, censorship-resistant digital networks.
The most important is that decentralization weakens any single-point-of-failure, hence bolstering network security. This not only keeps a network as close to unbiased and ‘neutral’ as possible but almost guarantees its immutability.
Yet the crypto world hasn’t always lived up to that lofty expectation. For example, the two most popular blockchain networks in existence right now have reversed their supposedly ‘immutable’ blockchain ledgers. Yes, that includes Bitcoin!
This article will review some early and ‘dirty’ history from Bitcoin and Ethereum’s developing years. How –and why – could these blockchain communities allow their sacred history to be altered? Better yet, why should I be so sure it won’t happen again?
Bitcoin: The Overflow Bug
As most Bitcoiners know, Bitcoin’s supply is programmatically capped at 21 million coins. This design is fundamental to the cryptocurrency successfully operating as sound money or digital gold. Therefore, anything that threatens this feature is an actual threat to Bitcoin’s value.
On August 15th of 2010, Bitcoin’s overflow bug did precisely that. On an earlier blockchain version, an anonymous hacker managed to produce 184 billion Bitcoin without any mining. That’s 8784 times more Bitcoin than is supposed to exist.
At block 74,638, two Bitcoin addresses received exactly 92,233,720,368 coins, as discovered by Bitcoin developer Jeff Garzik. This occurred due to an exploit that caused Bitcoin transactions not to be appropriately validated if outputs were large enough to overflow when summed.
Thankfully, it fixed the bug quite quickly. First, Satoshi Nakamoto – Bitcoin’s anonymous creator – released code to fix the bug within 3 hours of being spotted. Then, in quick collaboration with Gavin Andresen, he released v.0.3.1 of Bitcoin before the day was over.
Like all Bitcoin upgrades, this upgrade was a backwards-compatible soft-fork implemented before block 74,638. Therefore, while it fixed the bug, the promotion reversed all transactions after the 184 billion Bitcoin were produced.
In retrospect, the decision was only necessary. Had the exploit gone unaddressed and unreversed, the overwhelming wealth concentration it caused would have destroyed Bitcoin’s functionality as money. Furthermore, the mere record of the transaction on the blockchain would have crushed all confidence in both the asset and the network.
The fix was implemented quickly thanks to the relatively more minor community at the time, a soft fork, and the nature of the threat. It also helped that Bitcoin’s founder was still active at the time. As a result, he could use his influence to mobilize a quick solution to the exploit.
Since Bitcoin’s security is now assured by a far greater number of people, and Satoshi is gone, such an incident is improbable to reoccur. Moreover, having happened so long ago, far fewer people have heard of this rollback than of Ethereum’s, which occurred five years later.
Ethereum: The DAO Hack
A DAO is short for “Decentralized Autonomous Organization”. It’s governed by decentralized blockchain infrastructure with rules encoded as smart contracts.
In April of 2016, Slock. It launched a project by the same name to fund dApps within the Ethereum ecosystem. Investors could purchase DAO utility tokens in exchange for Ether, as many ICO startups today.
The DAO grew enormously in popularity within a month, accruing $150 million worth of Ether in crowdfunding. In addition, many investors were wealthy members of the Ethereum foundation that benefitted from Ethereum’s initial offering.
However, on June 17th 2016, the DAO was exploited such that over $50 million in funds were stolen from investors. The attacker had recursively called a split function, retrieving funds to a child DAO multiple times for 3.6 million Ether. Furthermore, these funds were programmed to be immovable for 28 days after withdrawal to the child DAO.
This left Ethereans with a choice to deliberate. Would they respect the chain’s “code is law” ethos and do nothing, or would they reverse the blockchain to return users’ funds? The community chose the latter in a vote, ultimately hard-forking the chain at a point before the hack occurred. Though the original voice was for a soft-fork, the community eventually abandoned that option over security concerns.
The original chain would live on to be known as “Ethereum Classic”, which the strongest adherents to the “code is law” philosophy clung to. Unfortunately, though it remains a top 50 cryptocurrency, most miners securing the network still migrated to the new Ethereum chain. As such, Ethereum Classic has already been 51% attacked multiple times.
Vitalik Buterin – founder of Ethereum – argues that the hard fork to rewind the chain only occurred due to a peculiar set of circumstances. First, a hack happened within a much smaller community that most everyone had agreed was malicious. Furthermore, with the hacker’s stolen funds locked for 28 days, they were given a vast opportunity to stop it.
This would likely not happen again. Just a year later, the community voted against rolling back the chain to reverse the effects of the Parity wallet hack.
New technologies experience growing pains, and both the Overflow Bug and DAO Hack occurred during Bitcoin and Ethereum’s infancy. However, these should not taint the reliably immutable reputation of either chain, given that circumstances around each rollback have changed so drastically.
Nevertheless, keep in mind that neither chain has a spotless history. Security is hard work. When breached significantly, it must make unfortunate compromises to maintain it.