* $80 Million Hack Shows the Dangers of Programmable Money *

Hoʍlett PUBLIC DOMAIN 18/06/2016

$80 Million Hack Shows the Dangers of Programmable Money
▻https://www.technologyreview.com/s/601724/80-million-hack-shows-the-dangers-of-programmable-money

A huge digital heist is a reminder that when your code has direct control of millions of dollars of assets, it had better be free of errors.
[...]
All software comes with bugs. And money is sometimes stolen via digital means from conventional financial institutions, for example in the recent attacks on the SWIFT system used for cross-border transfers.
But when software is empowered to directly control funds, as Ethereum was designed to allow, security becomes more critical.
Unfortunately, the designers of Ethereum and the DAO don’t appear to have drawn much on standard techniques that programmers and computer scientists have developed to contain the risk of security flaws. The DAO’s code wasn’t accompanied with documentation explaining the design of its various pieces, for example. That could have helped someone spot and fix the flaw used in the DAO heist sooner, perhaps before it was released.
[...]
There were many warnings that Ethereum’s design had security problems before today’s hack. The flaw used against the DAO was flagged earlier this month by Peter Vessenes, a Bitcoin entrepreneur who had previously cautioned that software built on Ethereum would be “candy for hackers.”
In a 2014 paper, researchers at University of Maryland who had asked students to build things with Ethereum concluded that “several subtle details about Ethereum’s implementation make smart contract programming prone to error.”
And in May, Sirer and two people active in the cryptocurrency community, including a researcher with the Ethereum project, called for the DAO to be effectively frozen until security flaws in its voting mechanisms were fixed.
[...]
A real fix for Ethereum’s problems will take a long time, and perhaps a complete redesign of much of its technology.

Cinglant article de la MIT Technology Review.

#Bug_(informatique) #Decentralized_autonomous_organization #Ethereum #Faille_informatique #Piratage_informatique #The_DAO_(organization)

Hoʍlett PUBLIC DOMAIN

Fil @fil 18/06/2016

There is no indication as to who is behind the attack.

Fil @fil
Fil @fil 18/06/2016

To the DAO and the Ethereum community,

I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of “child DAOs”.

I am disappointed by those who are characterizing the use of this intentional feature as “theft”. I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. (...)

A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. (...)

I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.

Yours truly,
“The Attacker”

►http://pastebin.com/CcGUBgDG

Fil @fil
Hoʍlett @homlett PUBLIC DOMAIN 19/06/2016

Ah ah, très bon, merci @fil ! :-)

Hoʍlett @homlett PUBLIC DOMAIN
Stéphane Bortzmeyer @stephane CC BY-SA 19/06/2016

Voir aussi ►http://seenthis.net/messages/500970

Stéphane Bortzmeyer @stephane CC BY-SA

Écrire un commentaire