fbpx
ForexFraud Header

Cryptocurrency Alert: Ethereum client hacked to the tune of $79 million

Published:
Updated:

Have you not heard of BitCoin or Ethereum, both revolutionary virtual forms of usable global currency? These two cryptocurrencies, along with many other competitors, have recently been the rage in technology circles, as the wave of the future, but, unless you are a member of Mensa or have a sky-high IQ, anything past the name of the new coins of the realm sounds way beyond the limits of human comprehension. The special sauce for these innovative systems is called “Blockchain” technology, which, according to the experts, is supposed to be impenetrable. Two weeks ago, a major client on the Ethereum network was hit by a massive fraud, some $79 million and counting.

Accounts have been frozen, while programmers feverishly try to design software patches that will reverse the fraudulent transactions before they can be cashed out, so to speak. The beauty of these systems is that there is complete anonymity, a benefit that organized crime and drug runners discovered at the get go. Believe it or not, system operators cannot determine the identity of the hackers, but, in order for them to correct the situation, they risk undermining the credibility of both the network and the associated technology. While programmers scramble, industry pundits are having a field day, trying to explain what has happened and why it is important to the average consumer.

Why is this news important in foreign exchange traders? To begin with, fraud is fraud, and this one involved complex innovative software that was supposed to be immune. The lesson is to be wary of any software that opens a door to your wealth. Secondly, many brokers in a vain attempt to appear as an “innovator” have begun to accept BitCoins as a deposit medium or have begun to offer binary options that trade the cryptocurrency as half of a currency pairing. When the fraud was made public, the values for both BitCoins and Ether plummeted. To be aware is to be prepared!

What happened in the Ethereum network to cause the heist of $79 million?

In order to explain the nature of this theft, a primer of blockchain technology is in order. A brief definition is as follows:

“A blockchain is a distributed database that maintains a continuously-growing list of data records hardened against tampering and revision. It consists of data structure blocks, with each block holding batches of individual transactions and the results of any blockchain executables. The blockchain consists of blocks that hold time-stamped batches of valid transactions. Each block includes the hash of the prior block, linking the blocks together. The linked blocks form a chain, with each additional block reinforcing those before it.”

Now that you completely understand the technology end of this system (a test will be given later), you may join the rest of us that are totally confused. Suffice it to say that the geniuses that felt comfortable around 256-bit encryption are now running the planet, and, therein lay the problem. IT gurus became intoxicated with making something work, the more complex, the better, but they had no experience with actual fraudsters, until after the fact. Anything financial, especially if it is also complex, will attract the criminal element of our society like bees to honey. Complexity is a catalyst for fraud.

A more simplistic description is that the Blockchain is “a secure transaction ledger database that is shared by all parties participating in an established, distributed network of computers. It records and stores every transaction that occurs in the network, essentially eliminating the need for “trusted” third parties such as payment processors.” It is also a decentralized system. You will not find a Bank of England or the Fed in control of all monetary proceedings.

Decentralized software, generated by “miners”, is in control. Full transparency is another benefit. All transactions are there to be seen by anyone on the network. The systems are also “closed end”, in that there are limits to the issuance of new currency. The miners actually donate their computer time to generate new blockchains. Exchanges can then sell the coins, either BitCoins or Ether, to customers, and coin values appreciate or depreciate, based on fundamental supply and demand forces. BitCoin has amassed nearly $12 billion in value, while Ethereum is a bit over 10% of that amount.

As for the fraud, it involved the Decentralized Autonomous Organization (DAO), a radical experiment in crowd-sourced investing. Think of it as a virtual venture capital company. Investors put up $150 million and would then vote communally to invest in whatever proposed project gained a sufficient level of support from the community. All was set to go, but then in early June, some $79 million in the DAO’s Ether wallet disappeared. Ether folks use the word “drained”, if that makes a difference. Values for Ether fell more than 25%, BitCoin, 6%. The only redeeming factor was that the crook’s ill-gotten loot fell in value to $53 million.

No one has disclosed exactly what happened, but insiders claim that the heist had nothing to do with the Ethereum protocols. The problem was a fault in the DAO internal messaging system, leading one analyst to quip, “You can’t rollback and drag the whole of Ethereum into this mess. The fault is entirely with The DAO and not Ethereum, let the DAO sink and have done with it. Ethereum will recover, there’s nothing wrong with Ethereum.”

The Ethereum community debate is presently all over the map, some demanding a rollback, others, a soft or hard “fork” in a new piece of software that will allow clients to recover their funds from a frozen account in the system. Whatever the solution, if one exists, it must find consensus support, since there is no central switch that can act autonomously on behalf of the group. It seems the Ethereum network is being hoisted upon the very petard that is supposed to be its winning formula.

Ethereum is relatively new and the closest competitor of the BitCoin network, but industry insiders and Wall Street are touting it as more innovative – “Ethereum differs from BitCoin in that it can run smart contracts — contracts that execute themselves entirely autonomously when certain conditions are met. An auction might automatically transfer deeds of ownership to the highest bidder after a certain time has elapsed, or father’s contract might automatically send his son a set amount of money every year on his birthday.” The apparent DAO “breach” allowed specific smart-contract wallets to release funds at will.

What can be done to stop this theft in its tracks?

As one community insider revealed, “Unlike some previous attacks on digital currency organisations, the attacker has been unable to make a swift getaway and launder their ill-gotten goods to evade being tracked. This is because the exploit moved the funds into a “child” DAO, where they can’t be moved for 27 days, according to Ethereum founder Vitalik Buterin.” It is now up to Buterin to restore the credibility of his network by persuading his miners to accept software fixes, not an easy task at the moment, and the clock is ticking.

This is not the first time there has been a sense of urgency with cryptocurrencies. BitCoin has had a number of hacker interventions that almost crippled the experiment in its early days. Hackers are continually mounting attacks against its security integrity. These youthful ecosystems, regardless of the hype, are definitely in test mode. It was not that long ago that Mt. Gox, the largest exchange in BitCoin at the time, went bankrupt. Internally leaked documents revealed that, “Hackers have for years been exploiting a critical security flaw in the exchange’s software, stealing vast sums equivalent to 6% of all BitCoins in circulation.”

Software fixes not withstanding, faith in BitCoin has been reestablished. Many investors now regard it as a new “safe haven”, but liquidity is still a major issue. As for Ethereum, the jury is still out, at least according to one analyst: “The hacking successfully put an end to the DAO. And what’s more, it casted doubt on the security and durability of the entire Ethereum system. The beliefs of cryptocurrency investors took a beating. And that beating transferred to virtual currency prices. The price of Bitcoin started to fall, but Bitcoin’s drop was minor compared to the drop in Ether prices. The price of Ether was nearly cut in half from the incident.”

One more hacking incident could drive prices for all cryptocurrencies into a death spiral. As creative and complex as these new software programs purport to be, they are still vulnerable. It still pays to be objective and rational and to be one level above the euphoria surrounding new product offerings.

Concluding Remarks

Since time immemorial, walls have never worked. The Wall of China did not keep out the invading hoards from the north, nor did the DAO’s firewall keep out these modern day data invaders. In times of old, the simplest trick was to attack the wall at its weakest point – the “gate”. Bribe the gatekeeper, and access was assured. Fast forward to today, and the same is true. As beautifully crafted as Blockchain technology has been touted to be by experts and bankers alike, hackers have been able to find the “gate” and wreak havoc, as a result.

At least with Ethereum, we are told that the crooks could only manage to move the funds into a subsidiary account at the DAO, to be “frozen” there, as the clock ticks down for their eventual release. Situations like these, however, suggest that another illicit tactic is at play. What if the crooks had sold Ether short in the market, at either proscribed Ether exchanges or at forex brokers? The public was notified first that DAO wallets had been drained of $79 million. Fear and hysteria raged. It took a while before the whereabouts of the funds were determined, in the so-called “child” DAO wallet.  A sudden rush for the exits drove down the price of both Ether and BitCoin. The fraudsters would then cash in big time. They may already be laughing their way to the bank, as we speak.

What is the lesson to be learned? Cryptocurrencies may be the greatest things since sliced bread to IT aficionados, but they are obviously still in “beta-test” mode, under regulated and in dire need of it. The value of these new currencies, due to limited liquidity and closed end mentalities, can easily be manipulated by natural, as well as unnatural events at will. They may be the latest fad in asset items to choose from, but, as always, let the buyer beware! Stay cautious!