The next big hack

There it is. The second big hack after the DAO disaster (fun fact: the last hardfork was exactly 1 year ago today).

What happened?

Yesterday evening several twitter account tweeted about a security alert. The code of the multisig wallet contract provided by Parity contained a simple but fundamental flaw. An update in March introduced the possibility to easily take over ownership of this of contract and hence be able to transfer all of its funds. Unfortunately the contract had been deployed several times. Obviously without a proper review. Even by companies that are involved in Ethereum Blockchain development. Swarm City for example lost more than 153,000 Ether.

White hats to the rescue.

What happened next is typical for the ethereum community. The white hat group entered the stage again. They immediately started using the same exploit, the real hacker was using. They were able to “secure” the remaining Ether from vulnerable contracts in order to give it back to the rightful owner. But everything that was lost to the real hacker is gone.

So will there be another fork?

No not this time. The reason is simple: There is not chance for a clean fork as there was back in the DAO days. The hacker was able to move the funds right away. During the DAO hack there was a window of 27 days to prepare for the hardfork. This time the damage was imminent.

Isn´t that bad for Ethereum?

Yes and no. It shows its weakness. I was expecting a bad crash after I first saw the security alerts and the messages saying that a lof of funds were lost already. But I guess the dimensions have changed since last year. 30.000.000 USD don´t seem to be to big of a deal anymore. Of course people started blaming developers and soliditiy, the programming language. And they are right. It is unspeakable that such a bug is actually commited to such a mission critical functionality of the partiy wallet without proper review. Even worse is the fact that the contract had been deployed so many times without taking a look at the source code. Trustless world? Not so much eh? People are now pointing out the problems of solidity . Those problems will be fixed. There will be tools to avoid such mistakes. It will take time. And we will see more of those incidents. What doesn´t kill us makes us stronger.

ICO – Crypto Goldrush

ICO stands for Initial Coin Offering. Investopia describes it as: “An Initial Coin Offering (ICO) is an unregulated means by which funds are raised for a new cryptocurrency venture.” It´s a bit like an IPO but way more unregulated. And currently even more profitable than any other way of getting crowd funded. It seems that all you need is a good marketing campaign and a couple of pages for a white paper. People will buy every coin they can find. Usually implemented as ERC20 Tokens of the Ethereum platform, ICOs are spreading like mushrooms. Tokens act as some kind of value on the platform the offering company is planning to build. Often times it feels as if the only reason to choose blockchain technology was to make use of ICOs and the outlook for quick free money. But to be fair, there are also really cool projects that make a lot of sense. But it´s hard to keep an overview.

How to keep track

There are various sites trying to keep track of every new sale. Some like ICOalert even try to make money by providing due diligence for the upcoming sales events. ICOIndex offers free info and links.

I want in!

A lot of the times ICOs are also a lucrative investment option. Short term at least. After the ICO is over prices often double or triple before they bounce back to somewhere around the initial price. Making a quick buck seems to be too easy to be true. But it´s all about timing. The “good” ICOs sell out in less than an hour. You have to be there and be a bit lucky to get your share of the cake. Afterwards the question arises: “HOLD or sell?”. You decide. It´s a lot of fun at least.