Hacker Read top | best | new | newcomments | leaders | about | bookmarklet login

"hacker": My transaction was valid and executed per the organization contract. Others then conspired to invalidate the transaction. Now, my transaction is dead.


sort by: page size:

I got a panic phone call from one of of the companies I used to do contract work for, "Do you know how to buy bitcoin? We got hacked and the website isn't working and we're trying to pay so we can use our computers again."

I stopped what I was doing and drove over there. Luckily someone DDoS'd the pay site so they couldn't pay. I asked them what they were thinking. They told me that they were going to pay with their super prestigious credit card and refute the charge as fraud because in their words, "Technically, this is fraud."

I shook my head and cleaned it up and restored the backups. I asked them a week later how much data was lost. They asked me what I was talking about. Apparently they didn't have anything important they did since the backup ran the night before. They switched to a SaaS shortly afterwards. Then raided by the government & shut down a couple years later. Good times.


This is not what happened with the DAO. This is well documented and I suggest you read up on. TLDR, the hacker tried to withdraw the funds and there was a 30 day lockup period so the contract was updated to stop this.

Tldr, distributed ledger provided by a third party with unauditable access went out of sync and branch managers were thrown under the bus for imaginary fraud because computer says so.

Context? How long were they with .eth? Did they get hacked, did they get paid?

The way I recall it, they didn’t void past transactions; they added “irregular state changes” that would “return” the “stolen” funds to their “legitimate“ owners. Nor were they forced to fork; it was a voluntary decision of a group of people with enough social power over the platform.

Now this is more a matter of dispute, but I wouldn’t say the hacker stole the funds. They simply followed the DAO contract (not the “smart-contract”, mind you, but the one put forward by the Slock.it team on their page), according to which everything that went on the blockchain according to the DAO code was legitimate.


Reminds me of the 2nd "Parity wallet hack", where they forgotten to initialize the contract, despite extensive audits after a previews hack.

That one lost around $154 million USD at the time. The hacker didn't get anything though, the funds became permanently trapped.

Imagine having a bad day at work? https://hackernoon.com/parity-wallet-hack-2-electric-boogalo...


Exchange was rolled back to before the hack, so all transactions after that point were voided. In the end nothing happened except that people had their trades reverted during that time.

> The attacker used hacked private keys in order to forge fake withdrawals.

> The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.

Easiest explanation: at least one Sky Mavis employee and one Axie Infinity employee who have access to those private keys got together and took all the funds. Perhaps it was only one employee; it's not clear to me what the difference between Axie Infinity and Sky Mavis is (there isn't actually an Axie DAO, there's just a web page where they say they plan to be a DAO in 2023).


The developer shouldn't have executed arbitrary text. Hopefully we can just fork, blacklist the stolen transactions and pretend this didn't happen.

I lost money to the "hacker", but I fully support the original, untainted, "the code is the contract" blockchain.

What went wrong? "They trusted me with their bitcoins."

The article mentions that unauthorized transactions were indistinguishable from legit ones:

>Also their engineers made it clear that unauthorized transactions like this and later shown below would not be distinguishable from other legitemate transactions.


That's issue here with this specific software's UX.

They all thought they were making the right transaction. There was no warning that they were not.

It would be like if I hit the reply button here on Hacker News and instead of the comment I typed out it my reply contained my bank account information. And I was not told something I do not want to happen would happen by doing so.


Welp, at least, the wire transfer process itself delivered the money to the correct recipient.

Now, imagine this: an error in a transfer contract locks away funds, not only from victims, but also from phishers. What a beautiful world to live in.


And:

4. My crypto exchange disappeared/went bankrupt/was a scam and now my crypto is all gone.

I swear, some people never learn.


The hardfork was on a clock to prevent the "hacker" (a.k.a. the person who just executed the code as it was coded and therefore inteded) from cashing out.

No doubt developers went through a few extremely stressful weeks.


> Reports on crypto Twitter are that this is a hack

It's really unfortunate to get "hacked" with such bad timing. You steal customer money and file for bankruptcy but now the bad hackers, probably from the Bahamas as well, take whatever is left and cash out. Oh no! /s

But it's alright, SBF said he's sorry.


And then someone hacks the exchange and they lose their money and they ask "how could this happen?" But they mean that literally because they didn't know it was even a possibility.

Thank you... I have Ethereum at Coinbase. Disturbing. Hopefully accounts were not hacked. This is the downside of digital currency: all transactions are final whether you instigated them or not. Would be nice if you could yank your money back if can prove you got ripped off.
next

Legal | privacy