A hacker drained three Etheeum wallets of more than $30 millions, in the second largest attack in the (short, but agitated) history of the Ethereum blockchain. I'm sure many of you already know that.
But what you may not know is what happened after the attack was discovered.
Well, once it was obvious that the owners lost controls of their wallets and funds, a team of white hat coders got together and continued the work of the attacker by draining the rest of the vulnerable wallets by a staggering $179 millions amount.
Yes, you read that right. A group of people decided it's better to exploit the hack until it drains completely (until there's no wallet left with that vulnerability), safeguard the funds and then redistribute them to the owners, in different, not vulnerable wallets.
So, the attack was "stopped" not because the vulnerability was fixed (there's no time to fix vulnerabilities like this when 1) you don't own the servers and 2) when the network of servers spreads across the entire world) but because a group of guardians robbed the bank faster than the attacker, secured the money and then redistributed the funds back to the owners.
Please stop for a second and contemplate this. Please. It's important.
The Digital Cowboys
I'm not going into details about the technical part, there's an excellent article on Medium by on this topic, but I will talk a little about the social implications of this situation.
We live exciting times here, in the blockchain universe. In a way, we're in full gold rush. Opportunities are popping at every step, there's a new blockchain, or ICO, or project being launched every week and, most important, there's money to be made. And when there's money, there will obviously be people who want that money to such a degree, they will be willing to break the law in order to get it.
We're in the Wild Wild West era of the blockchain. We are pioneering new territories, building the foundation of the future world. But while we're busy doing this, other are sitting on the side, waiting to reap the benefits and run.
Introducing the digital cowboys. The so called "white hat hackers" who diligently stopped all the trains, asked people to step down because they knew there will be some robbery going on down the line, and then put all the people back in other trains (if we were to re-write this event as a western movie, that's probably how it should go).
The digital cowboys silently, but very effectively, stopped a potential carnage by doing exactly what the attacker did, but with good intentions.
And that gets me to the core point of this article.
There's no difference between what the attacker did, and what the white hat group did. They both hacked wallets. The fundamental difference, though, was the intention.
The attacker's intention was greed, the white hat group's intention was compassion. They truly did it out of compassion, which, by the way, doesn't mean just caressing people on the cheeks, feeling emotional when you see poverty or donating to charity every two years. No, that's real, down to earth compassion: saving other people from harm, when you know the harm will come.
From a philosophical point of view, there's some serious food for thought here. What is actually "bad"? It's hacking people's wallets? Well, the white hat coders did just that? But then they give it back...
In every situation there's more than the eye can see. We're limited beings and, most of the time, we can correctly assess a situation only in hindsight.
And in this situation, the eye just saw a vulnerability in the Parity wallet, but the subsequent unfolding of actions created an extraordinary event, one that will for sure remain in the history of the world like the first robbery out of compassion.
Please, stop for a while and contemplate this. Please. It's important.
image source: Pixabay.
I'm a serial entrepreneur, blogger and ultrarunner. You can find me mainly on my blog at Dragos Roua where I write about productivity, business, relationships and running. Here on Steemit you may stay updated by following me @dragosroua.
https://steemit.com/~witnesses
If you're new to Steemit, you may find these articles relevant (that's also part of my witness activity to support new members of the platform):
Great post and we truly live in an exciting time for cryptos! Or society has to adapt and there are several similarities with the gold rush era!
Great post! Didn't know about the whitehackers protecting the vulnerable wallet!
Ethereum is a scam anyway. Buying ETH is basically handing over your money to Bill Gates and Goldman Sachs.
your life is a scam.
Just checked my wallets and thankfully it wasn't mine that was hacked... fewwww
Me too. I still have my remaining $179 million, blockchain be praised!
Thank you for the post.
Every profession also has to face these kinds of ethical dilemmas.
In the end we die.
This can, justifiably, motivate people to be selfish or selfless.
It is comforting to know that there is a community of strong, caring & sincere people who are very skilled, very aware and very motivated to uphold a high standard of ethical behaviour.
It humbles me, and motivates me, to stand with purpose and to be a better person!
hmm, while the notion is just, i'm just not sure if we can apply compassion when money is involved. sure they helped them not get STUNG by replacing the funds in a kinda robin hood rob back from the rich to the poor, but the poor were rich to the sum of $30 million! :) - also, 3 wallets, with $30 million in? someone needs to not be so trusting of cutting edge tech, that's just ASKING to be hacked just to see if it can be.
BUT.. . i am incredibly thankful for the new breed of compassionate white hat hackers, because without them balance and innovation would suffer at the hands of greed, when money becomes 1's and 0's like this the intention as you put it matters so much more. nice post dude, got me thinking! :)
I'm rambling here, but my wild guess is that those wallets were not belonging to individuals, but probably to some groups / businesses. With the abundance of ICOs these days, and with the need to make the contract address public in these ICOs (where else should people send their investments?) it's pretty easy to track these types of accounts. It would probably be more time consuming to track individuals accounts, although relatively easy, from a computing point of view.
So I suppose we're talking about ICO money. Again, it's just a supposition, I might be wrong.
"White hat hackers" isn't a "new breed". Hacker was originally a positive word for a computer literate person finding flaws in software, and usually exposing those flaws so that they could and would be fixed. "Cracker" is a word that has been used for malicious hackers, "black hat hacker" might be a better contemporary take on it.
If you want to read about early hacking you might want to look into phreaking and books by Cory Doctorow. There is another book I have read, but I can't remember the author...
i never said it was. read what i put. and yes i know cory, i've filmed him many times on a live stream as for background i was phone phreaking on a motorola 6800x serial port way way back. .. in analog times - the new breed was white hat hackers that had compassion.
Thanks for clearing that up, I misunderstood :-) Nice to see phone phreakers here!
My question is, what happens to those people's investments? Do they get refunded or what?
No idea.
It's actually a scary thought. Then again, that's the risk you hold when you make an investment. That's apart of the reason why you should diversify I suppose..
Has there been any comment or praise from the affected wallet owners ?
Not that I'm aware of.
Fantastic post. I didn't know about the story about the white hat hackers. This era actually reminds me of the gold rush with internet companies in the 1990s.
Security of online wallets is a major area for concern. There are so many altcoins which do not have hardware wallets, and so the only option is an online wallet.
When it comes to Steem Power, it has to be online because your voting strength depends on your online balance. If the SP power down is ever hacked, I hope these cowboys spring into action quickly.
Some way of having SP offline in a hardware wallet with an encrypted key which is used to verify your offline balance for your voting strength would be an ideal preventative measure to decentralize SP.
Well, I don't think you have to keep it online all the time. I'm sure you can use a hardware wallet for that, @furion wrote an article about that: https://steemit.com/trezor/@furion/build-yourself-a-trezor
Also @jesta has a local wallet (an app you download) called Vessel: https://github.com/aaroncox/vessel/releases
Thanks for pointing that out to me. I'll have to read those posts a few dozen times to understand them. I have access to a couple of T61 laptops, so may give it a try.
STEEM converted to STEEM POWER obviously has to be on the platform to count toward your voting strength. Being able to keep 100k SP offline and still count would be good, not that I'm anywjete near that, yet...
I'm glad that we have people like white hat hackers who have the great intention to help others instead of being greedy and taking the money for themselves despite the fact they have the knowledge to hack into these systems and extort loads of money.
Without them, even more money would've been lost and more people being left without nothing. They had so much money in their hands but chose to do the moral and ethical thing and return it after the vulnerability was patched.
We have some white knights watching over all of us and protecting us @dragosroua haha
@wannerbet had a Post about this yesterday. And that to, deserves a bigger audience.
Check it out .
As he Posted in more detail just exactly what happened.
https://steemit.com/cryptocurrency/@wannerbet/a-hacker-stole-usd31m-of-ether-how-it-happened-and-what-it-means-for-ethereum
Scary stuff indeed. If we now depend on Good Hackers to save us from the Black Smoke & Mirrors of the Crypto Maze.
"Yes I know you caught me with my hand deep in your Crypto Pocket.
Yes my hand was around your Crypto Wallet.
Yes it was my intention to steal your wallet.
But you see there is another Real Crypto Bad guy that also wanted to steal it and I'm just getting in first.
I was going to return it. Honest Guv.
Cross my Bitcoin and hope to get Hacked.
Guilty!
What do you mean Guilty!
I'm the Frigging good Guy."
Food for thought indeed.
https://steemit.com/cryptocurrency/@wannerbet/a-hacker-stole-usd31m-of-ether-how-it-happened-and-what-it-means-for-ethereum
Thanks for the link, that's the exact article that was published on Medium too, good to know that guy is on Steemit as well!
Later edit: I just saw the author of the Steemit article just copy pasted the initial author on Medium. He gave credit at the end of the article, but still... And he's on @cheetah's black list, probably... Quite sad to try to make a few cents off of the back of somebody who took hours to write that article and years to learn all the intricacies of blockchain programming to actually understand what's going on.
Thanks for the update. I would assume it was the Author of the article if it was not made quite clear it was a Copy N Paste job. A Very Naughty Boy!
Upvoting your edit. I was a professional freelance writer for over 15 years. Not a fan of plagiarism, and respect the people who do, as you say, take many hours to put together their published works.
whh may have compassion but I feel like they did it to save what they believe in, crypto. I don't know what would have happened if hundreds of million of Eth had gone ... surely a crash i think but mainly mass exodus from crypto and a reputation damaged for years...1 thing 4 sure is that the system is allegedly stronger
well i am fearing about what will happen at those exchanges if hackers keep on hacking like these how they can recover it back.
If the creator of Solidity, Gavin Wood, cannot write a secure multisig wallet in Solidity, pretty much confirms Ethereum is hacker paradise.
~ Charlie Lee, creator of Litecoin.
Please read the article on Medium first, before making such claims or posting FUD quotes. Gavin Wood had nothing to do with the hack, he didn't wrote that part of the code, but he was the one posting a fix, very shortly.
As a programmer myself, I'm sympathetic with those guys. Mistakes happen, we're human.
This post has been ranked within the top 50 most undervalued posts in the first half of Jul 23. We estimate that this post is undervalued by $12.81 as compared to a scenario in which every voter had an equal say.
See the full rankings and details in The Daily Tribune: Jul 23 - Part I. You can also read about some of our methodology, data analysis and technical details in our initial post.
If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.