Blockchain hack article from MIT

Donnybaseball · 20 February 2019 13:48

Good case for POS, Plutus, and peer review.

Michael94588 · 20 February 2019 18:29

Exactly! This kills me.

“We shouldn’t be surprised. Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. Marketing slogans and headlines that called the technology “unhackable” were dead wrong.”

This isn’t Crypt Chico that is reporting this. This is MIT and likely a group of smart ass mofos. Probably some of the smartest on the planet, I’d bet.

Cannot be reversed. Who wants to bank there? I’d only put an amount of money I’m willing to lose into such a financial system and it is only for speculation. It’s not even for use. Why do you ask? The current system in place handles that relatively well and it has reversibility. Code is law…yea right. Code has mistakes or can be overcome as technology progresses.

Donnybaseball · 20 February 2019 19:01

Like everything else for some the benefits outweigh the drawbacks.

If I lived in Venezuela and my choice was to keep my money in fiat or get crypto, I’d chose crypto.

Regarding security against theft, it is Darwinism at work as nature intended.

Michael94588 · 20 February 2019 19:15

Darwinism - absolutely true in the world of crypto.

In Venezuela, the best bet is USD hands down. No comparison. It’s not even close. You’d make more money, have more power, and greater acceptance of USD than crypto by well over 90%. Thats a bad choice. However, if it was between cryptos only, I’d select BTC and Dash in that order.

Benefits outweigh the drawbacks. Hmmm there is no compelling reason to switch to crypto from Fiat banking. None. Not a single compelling reason for first and second world developed economies. Maybe third world unbanked, maybe but even that is a stretch. I’ve had several conversations with people from Africa and even they indicate that they prefer cash (USD) over BTC and other cryptos. Theft of computers is big as well as phones. So if your money is on either, you lose until you can buy another but you cannot because it was on the device stolen.

Donnybaseball · 20 February 2019 19:51

Good points, I think it’s the portability of crypto that has a great appeal as well if you are trying to get across a border.

Also I think blockchain tech associated with crypto is going to offer more and more features (identity management etc) that people will want going forward, especially in the third world. This will be the gateway drug into crypto. These are future features obviously but they will develop over the next couple of years. Now we buy on speculation of the future (at least I do).

Michael94588 · 20 February 2019 19:57

Now that is a 100% absolutely unbeatable argument. I hate the fact that you have to declare taking more than 10k out of the country. For one, its my money, I dont need to tell anyone how much money I’m carrying. Why? So some crooked airport worker can call a friend and tell them to rob me? yea no thanks. Money is not illegal therefore should not have to be reported. If I’m carrying a million dollars in a brown paper bag, that should be my right to do so. This law is about one of the most gestapo type of laws Ive read. Total BS and an absolute reason that crypto should be developed.

Markada19 · 20 February 2019 20:37

This is were Cardano excels Etherium.

Michael94588 · 20 February 2019 20:43

Two people traveling to different places. One place the dollars is strong, The other the dollar is weak. The guy who travels to a location where the dollar is weak has to report taking more money because its more expensive where he is traveling. The guy traveling to the location where the dollar is weak can spend on illegal things because the dollar is so strong. What a dumb law reporting amounts more than 10k is.

Donnybaseball · 20 February 2019 21:17

Totally agree. Even worse somebody trying to flee their country with their life savings taped to their stomach.

Michael94588 · 22 February 2019 05:47

Right! They find out you’re leaving with everything and they confiscate it. Basically, you can’t leave unless you leave what you’re worth behind or make multiple trips which we can then question. Lmao.

SeltsamerHerr · 25 February 2019 13:12

The website is “MIT technologyreview”. It is very unlikely to be written by the actual “smart ass mofos” doing research at MIT. The author of that article has a B.A. in Biology and a M.A. in Journalism. I am not judging about his qualification, just stating he is not a (crypto) researcher.

Technologyreview state their mission as “Every day, we provide an intelligent, lucid, and authoritative filter for the overwhelming flood of information about technology.” They don’t even claim to be objective but state their supposed authority to influence people.

Anyway… about your quote:
“Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system.”
This is a fundamental and deliberate design decision and part of what makes Bitcoin Bitcoin and not a problem.
Bugs in the code are a problem. This should be avoided by good practices, e.g. as IOHK demonstrates. Bugs are not a problem of the blockchain or cryptocurrency idea but implementation so we don’t need to discuss this on a conceptual level.

A straight forward idea to mitigate losses of exchanges during a 51% attack is the following:

deploy a system monitor blockchain activity and detect 51% double spending attacks
when detected the exchange can rent hash power to keep extending the longest chain from the block before the double spending
this way it will be a race between the attacker and the exchange, with the exchange probably having more funds
What does the exchange have to lose following this idea? Nothing, they spend money for renting hash power but save money from double spending losses. Plus they prove resilience against attackers and improve reputation.
What does the exchange have to lose not this idea: They lose money of the double spending attack plus reputation.
What does it mean for the attacker? The attacker most likely estimated the hourly money to spend for the rented hash rate and the potential gain on double spending certain funds. The time window until exchanges freeze transfers and withdrawals is limited and the attacker funds as well. When the exchange joins the competition for the longest chain, the attackers are forced to rent hash power for longer to try to provide the longest chain and will at least reduce their profits.
outcomes are most likely subject to game theory and should make attacks a lot less profitable for every exchange with such an mitigation scheme.

What are your thoughts?

Michael94588 · 26 February 2019 00:19

If it is very unlikely to be written by some smart ass mofos then you have implicitly judged their qualification have you not. You state that they are unlikely to be “smart…” despit having a BA and a MA in Journalism. Let me guess…every blogger out their has a MA in Journalism?
I don’t think every news outlet out there consistent claims to be objective. How about references for all the major news outlets where they claim to be objective. Please site only actual websites to the outlets.
You will not gain mass adoption if reversals of transactions cannot be executed. That’s a plain and simple fact. Live with it. If a bug makes it into BTC and the only reply anyone hears from the community is that the code was exploited, we cant reverse it, the coins have been moved to a privacy coin, we will not fork, you’ve lost all of your coins sorry,…I doubt mass adoption of your protocol will ever occur.
I’m not limiting this to 51% attacks exclusively. Take losing your seed for example. A little old lady, man, woman, or student for example puts money in BTC. They have a house fire the like of which recently occurred in California. Maybe they are in an earthquake or some situation that requires them to run for the hills. They dont have time to grab their seed, they get their kids and family, the house is destroyed. Seed is lost. Money is gone. They are broke. With a conventional bank, they can get their money back. Ask anyone which they would adopt and you will find that most rational people would pick the solution where they can recover their funds.

SeltsamerHerr · 26 February 2019 11:58

ad 1. When you originally mentioned the “smart ass mofos” from MIT I assumed that you referred to the researchers at MIT that deliver top notch research. So what I was trying to say is, that the author of the linked article is unlikely to be a researcher at the cutting edge of cryptography or other related topics.

ad 2. I never mentioned other news outlets. I prefer research. If there is no source analytically proving or heuristically supporting claims, it is an authors duty to provide good reason for statements. This is connected to 1. as this is not a research article but more of an overview from a somewhat subjective standpoint. Cryptography is a highly technical topic, and in general there is too much opinion, beliefs, fanaticism and I think the only way to make actual progress is trying to stay as close as possible to best practices of research. Of course this is not really accessible for average people (like me) but we need to try to read articles critically and compare different points of view and not blindly hail a website because it is related to the MIT.

ad 3. This might be true. If someone robs a bank, breaks into an ATM, manipulates an ATM to copy card details or uses other ways to steal money, customers are likely to be reimbursed, that’s right. But customers pay for it by means of fees etc. The traditional banking system is far from secure, it just generates enough profit to be willing to compensate people (typically up to certain limits). The problem with cryptocurrencies is who is to decide what is a bug exploit that should be reversed, what is a fraud that should be compensated etc. Governance is difficult and brings the danger of creating forks because it is unlikely to get 100% agreement. Those things are part of ongoing research so I can’t claim to have a solution for this.

ad 4. This as well is a valid point and consumer friendly solutions are necessary. Trying to take away central control of your asset naturally leaves you with the responsibility of it and in the cases you described you cannot protect it. How does a bank grant access to accounts after a customer lost all means of identification? You could also consider to store a cold wallet in a bank’s safe (could provide protection from some threads but induces new problems like you are somewhat subject of bank and government control again). Maybe other ways like the crypto vault or planes’ blackbox might establish to secure seeds from disasters.

In general, no one says cryptos solve all problems or are the best choice for all use cases. But in general the ecosystem is evolving rapidly and keeps improving.

Michael94588 · 26 February 2019 17:53

SeltsamerHerr:

ad 1. When you originally mentioned the “smart ass mofos” from MIT I assumed that you referred to the researchers at MIT that deliver top notch research. So what I was trying to say is, that the author of the linked article is unlikely to be a researcher at the cutting edge of cryptography or other related topics.

A: Information regarding the MIT Review can be found here: About | MIT Technology Review

462 Articles published by the Author: Articles by Mike Orcutt | MIT Technology Review

I think he has likely been published more than you. I could be wrong and if you’d like to present your qualifications on determining what is a relevant news source, my ears are open.

Reviewing their Bios and LInkedIn profiles, presuming that they are true, which they likely are, I’m confident in the level of reporting and “research” done prior to publishing of their article. You might find cutting edge researchers publishing papers, but honestly how many times have you seen a cutting edge researcher publish a piece in a newspaper, and I dont mean Op-ed. Journalism is for journalists for the most part. After all, journalists dont present research papers even though they may be knowledgeable of a given topic.

ad 2. I never mentioned other news outlets. I prefer research. If there is no source analytically proving or heuristically supporting claims, it is an authors duty to provide good reason for statements. This is connected to 1. as this is not a research article but more of an overview from a somewhat subjective standpoint. Cryptography is a highly technical topic, and in general there is too much opinion, beliefs, fanaticism and I think the only way to make actual progress is trying to stay as close as possible to best practices of research. Of course this is not really accessible for average people (like me) but we need to try to read articles critically and compare different points of view and not blindly hail a website because it is related to the MIT.

I tend to think that a Board of Directors reflects a degree of credibility of a given entity. https://www.technologyreview.com/about/board-of-directors/

I do not think people of this caliber associate themselves with non-credible entities. Reviewing their credentials LinkedIn profiles, etc., adds a bit of credibility that I’m sure will meet your requirements. I think that at this level, careful consideration would be executed before publishing and that these members do have the relationships, viewers, consultants, etc., that can or actively participate in vetting an article prior to publishing, may be a source of information prior to publishing, or serve as a reference for a topic that may not be fully understood. After all, Journalists do have sources. I’m not blindly hailing it for its relation to MIT - I think the people and leadership there speak for themselves. Correct me if I’m wrong on this. In fact, I’m certain that Charles is familiar/aware of a couple of people and who they are.

if you prefer research, then maybe this just doesnt suit your interest, after all, it isn’t research and you would have an obvious preference and likely bias towards that. I’m guessing that since many coins and tokens only publish a whitepaper, “research” on a given coin or token is limited by that. So the amount of references to direct “research” would be limited and as a result, these topics shouldn’t be preferable to you, I imagine.

ad 3. This might be true. If someone robs a bank, breaks into an ATM, manipulates an ATM to copy card details or uses other ways to steal money, customers are likely to be reimbursed, that’s right. But customers pay for it by means of fees etc. The traditional banking system is far from secure, it just generates enough profit to be willing to compensate people (typically up to certain limits). The problem with cryptocurrencies is who is to decide what is a bug exploit that should be reversed, what is a fraud that should be compensated etc. Governance is difficult and brings the danger of creating forks because it is unlikely to get 100% agreement. Those things are part of ongoing research so I can’t claim to have a solution for this.

A: Exactly. When was the last time Wells Fargo, Bank of America, or any other bank underwent a fork? When is the last time you had to update your bank account or it would not work?

Quadriga: The cryptocurrency exchange that lost $135m
Cryptopia Crypto Exchange Users Can’t Access Funds

I could go into Mt. God, The ETH DAO, South Korean exchanges, on and on. Single crypt wallets may be secure but take a look at these exchanges. If a fiat bank lost 180 million, this would be devastating. If it occurred at the regular frequency at which this type of thing occurs with crypto and the fact that people cannot get their money back, except in some limited cases, then the case for user adoption goes right out the window. Decentralization throws accountability right out the window. No consumer wants that.

Twitter Poll: People Prefer Banks Rather Than Crypto Exchanges

And the thing about this poll is that it was heavily skewed to crypto users. The respondents were not your everyday people who bank. The article states it best. “The primary advantage of the cryptocurrency should be the safety of users’ funds and if that cannot be guaranteed then people would instead stick to the system about which they are more familiar with, at least no traditional bank has been hacked and funds are lost.”

ad 4. This as well is a valid point and consumer friendly solutions are necessary. Trying to take away central control of your asset naturally leaves you with the responsibility of it and in the cases you described you cannot protect it. How does a bank grant access to accounts after a customer lost all means of identification? You could also consider to store a cold wallet in a bank’s safe (could provide protection from some threads but induces new problems like you are somewhat subject of bank and government control again). Maybe other ways like the crypto vault or planes’ blackbox might establish to secure seeds from disasters.

A: When a user loses all documents, a user can get a new birth certificate or replacement form of identification. Your picture is now stored with government agencies. Some agencies store fingerprint information. There is a process available but with crypto, there is NONE except your seed.

In general, no one says cryptos solve all problems or are the best choice for all use cases. But in general the ecosystem is evolving rapidly and keeps improving.

A: Agreed, but there are some serious issues that crypto needs to address.

canopus · 3 March 2019 02:47

After reading the article, I noticed that the material in the article provides no evidence of the mentioned blockchains being hacked. In fact, the author admits that it is not the blockchain that was hacked, the loss actually occurred in an exchange.

The article mentions Ethereum Classic and Zcash. Zcash has never been attacked, let alone being hacked. The developers of the network found a vulnerability themselves and fixed it before anyone exploited it.

In the case of Ethereum Classic, the 51% attack was able to temporarily fork the network by rewriting some blocks.

The defense against this attack according to ETC developers was simply to follow the protocol. The exchange that lost money simply should have waited for the required number of confirmations. The cost of maintaining 51% hashrate for a network like Ethereum Classic for the entire duration that is recommend for confirmation is simply too high. Benefit from the attack compared to cost reduces drastically as the timeframe increases.

Additionally, simply using the word blockchain around something does not make it a secure blockchain. The folks at IOHK have been trying to make people understand that for a few years now. Blockchain protocols need very high assuarances of correctness in design as well as in implementation.

Yet, we have folks all around who are not sure what part of Blockchains they understand make claims of the kind that scientists in the field need to prove mathematically to panels of scientists with lofty credentials in cryptography and information theory.

My answer to authors of such content: nice try.

Topic		Replies	Views
Cryptocurrencies, cardano and crimes General Discussions	20	1005	1 March 2022
Quantum computers and security of blockchain General Discussions	13	821	13 December 2021
Discussion about Cardano being open-source and copycats General Discussions open-source , hardfork , discussion	3	970	11 March 2018
THE CRYPTO DEBATE General Discussions	0	382	21 May 2020
Hi Guys, soaking up all I can about crypto Introductions bitcoin	2	785	18 December 2017

Blockchain hack article from MIT

Related Topics