Yet Another Digital Currency Heist
There is a lot of attention focused on digital currency and the potential it represents – maybe too much attention.
In May I wrote about the Bitcoin exchange Gatecoin, that was hacked to the tune of $2 million.
This week hackers made off with with $50 million in another virtual currency, Ether, but this time it is a little different.
The victim this time is an organization called The DAO for Decentralized Autonomous Organization which spent $150 million building a bitcoin look alike called Ether. But this is not a currency exchange like Gatecoin. Instead, people invest money in The DAO and The DAO invests in companies. The DAO investors get a vote, based on how much money they put in, regarding which projects to fund. More money, more votes. No fund manager to may messy investment decisions.
In theory, the distributed nature of it means that no one could run off with the money. Except they did. Sort of.
What they did is move $50 million in Ether into a clone of The DAO that MAY delay payouts for four weeks like The DAO does. If so, then The DAO has a couple of weeks to figure out an answer.
Like Bitcoin, Ether is not anonymous, so it would be difficult for the attacker to actually spend the money. Maybe.
Ether transfers are a form of “smart contract” where the “terms” of the contract are cryptographically encoded into the Ether. That, supposedly, makes it impossible for any to modify the contract in a way that is not detectable.
While they have not figured out exactly how the hack worked, the assumption is that the hacker exploited a bug in the code.
In this case, IF they do not recover the money, it is the investors who lose. Just like any investment, there is no guarantee of success.
Some people want The DAO to hack their own code and create a new version of the code that makes it look like that transaction never took place. Talk about a kludge with a capital K.
In any case, they have a little time still, they think, to figure this out.
No matter what they do, it is a black eye for virtual currencies.
If they change the rules by releasing a new version of the code that destroys that hacker’s transactions, what does that say for the integrity of digital currency and any money that you store in digital currency.
If they don’t hack the software but instead let the investors lose $50 million, what does that do?
In the long term, digital currencies and smart contracts are not going away. In the short term, one might be advised to treat this like gambling – don’t put more money into digital currencies than you are OK with completely losing. Not necessarily the message that the creators of digital currency want to deliver.
However, unlike your local bank, there is no government agency to bail you out.
And, likely, no cyber insurance either. This may be too risky for the insurance companies to swallow. They have not said whether they have insurance, but I assume that if they did have insurance, they would have said so.
Stay tuned as they decide what to do.
Information for this post came from Wired.