"hacker": My transaction was valid and executed per the organization contract. Others then conspired to invalidate the transaction. Now, my transaction is dead.
I got a panic phone call from one of of the companies I used to do contract work for, "Do you know how to buy bitcoin? We got hacked and the website isn't working and we're trying to pay so we can use our computers again."
I stopped what I was doing and drove over there. Luckily someone DDoS'd the pay site so they couldn't pay. I asked them what they were thinking. They told me that they were going to pay with their super prestigious credit card and refute the charge as fraud because in their words, "Technically, this is fraud."
I shook my head and cleaned it up and restored the backups. I asked them a week later how much data was lost. They asked me what I was talking about. Apparently they didn't have anything important they did since the backup ran the night before. They switched to a SaaS shortly afterwards. Then raided by the government & shut down a couple years later. Good times.
This is not what happened with the DAO. This is well documented and I suggest you read up on. TLDR, the hacker tried to withdraw the funds and there was a 30 day lockup period so the contract was updated to stop this.
Tldr, distributed ledger provided by a third party with unauditable access went out of sync and branch managers were thrown under the bus for imaginary fraud because computer says so.
The way I recall it, they didn’t void past transactions; they added “irregular state changes” that would “return” the “stolen” funds to their “legitimate“ owners. Nor were they forced to fork; it was a voluntary decision of a group of people with enough social power over the platform.
Now this is more a matter of dispute, but I wouldn’t say the hacker stole the funds. They simply followed the DAO contract (not the “smart-contract”, mind you, but the one put forward by the Slock.it team on their page), according to which everything that went on the blockchain according to the DAO code was legitimate.
Exchange was rolled back to before the hack, so all transactions after that point were voided. In the end nothing happened except that people had their trades reverted during that time.
> The attacker used hacked private keys in order to forge fake withdrawals.
> The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.
Easiest explanation: at least one Sky Mavis employee and one Axie Infinity employee who have access to those private keys got together and took all the funds. Perhaps it was only one employee; it's not clear to me what the difference between Axie Infinity and Sky Mavis is (there isn't actually an Axie DAO, there's just a web page where they say they plan to be a DAO in 2023).
The article mentions that unauthorized transactions were indistinguishable from legit ones:
>Also their engineers made it clear that unauthorized transactions like this and later shown below would not be distinguishable from other legitemate transactions.
That's issue here with this specific software's UX.
They all thought they were making the right transaction. There was no warning that they were not.
It would be like if I hit the reply button here on Hacker News and instead of the comment I typed out it my reply contained my bank account information. And I was not told something I do not want to happen would happen by doing so.
The hardfork was on a clock to prevent the "hacker" (a.k.a. the person who just executed the code as it was coded and therefore inteded) from cashing out.
No doubt developers went through a few extremely stressful weeks.
> Reports on crypto Twitter are that this is a hack
It's really unfortunate to get "hacked" with such bad timing. You steal customer money and file for bankruptcy but now the bad hackers, probably from the Bahamas as well, take whatever is left and cash out. Oh no! /s
And then someone hacks the exchange and they lose their money and they ask "how could this happen?" But they mean that literally because they didn't know it was even a possibility.
Thank you... I have Ethereum at Coinbase. Disturbing. Hopefully accounts were not hacked. This is the downside of digital currency: all transactions are final whether you instigated them or not. Would be nice if you could yank your money back if can prove you got ripped off.
reply