Blockchain hack article from MIT

Good case for POS, Plutus, and peer review.


Exactly! This kills me.

“We shouldn’t be surprised. Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. Marketing slogans and headlines that called the technology “unhackable” were dead wrong.”

This isn’t Crypt Chico that is reporting this. This is MIT and likely a group of smart ass mofos. Probably some of the smartest on the planet, I’d bet.

Cannot be reversed. Who wants to bank there? I’d only put an amount of money I’m willing to lose into such a financial system and it is only for speculation. It’s not even for use. Why do you ask? The current system in place handles that relatively well and it has reversibility. Code is law…yea right. Code has mistakes or can be overcome as technology progresses.

Like everything else for some the benefits outweigh the drawbacks.

If I lived in Venezuela and my choice was to keep my money in fiat or get crypto, I’d chose crypto.

Regarding security against theft, it is Darwinism at work as nature intended.

Darwinism - absolutely true in the world of crypto.

In Venezuela, the best bet is USD hands down. No comparison. It’s not even close. You’d make more money, have more power, and greater acceptance of USD than crypto by well over 90%. Thats a bad choice. However, if it was between cryptos only, I’d select BTC and Dash in that order.

Benefits outweigh the drawbacks. Hmmm there is no compelling reason to switch to crypto from Fiat banking. None. Not a single compelling reason for first and second world developed economies. Maybe third world unbanked, maybe but even that is a stretch. I’ve had several conversations with people from Africa and even they indicate that they prefer cash (USD) over BTC and other cryptos. Theft of computers is big as well as phones. So if your money is on either, you lose until you can buy another but you cannot because it was on the device stolen.

Good points, I think it’s the portability of crypto that has a great appeal as well if you are trying to get across a border.

Also I think blockchain tech associated with crypto is going to offer more and more features (identity management etc) that people will want going forward, especially in the third world. This will be the gateway drug into crypto. These are future features obviously but they will develop over the next couple of years. Now we buy on speculation of the future (at least I do).

Now that is a 100% absolutely unbeatable argument. I hate the fact that you have to declare taking more than 10k out of the country. For one, its my money, I dont need to tell anyone how much money I’m carrying. Why? So some crooked airport worker can call a friend and tell them to rob me? yea no thanks. Money is not illegal therefore should not have to be reported. If I’m carrying a million dollars in a brown paper bag, that should be my right to do so. This law is about one of the most gestapo type of laws Ive read. Total BS and an absolute reason that crypto should be developed.


This is were Cardano excels Etherium.

Two people traveling to different places. One place the dollars is strong, The other the dollar is weak. The guy who travels to a location where the dollar is weak has to report taking more money because its more expensive where he is traveling. The guy traveling to the location where the dollar is weak can spend on illegal things because the dollar is so strong. What a dumb law reporting amounts more than 10k is.

Totally agree. Even worse somebody trying to flee their country with their life savings taped to their stomach.

Right! They find out you’re leaving with everything and they confiscate it. Basically, you can’t leave unless you leave what you’re worth behind or make multiple trips which we can then question. Lmao.

The website is “MIT technologyreview”. It is very unlikely to be written by the actual “smart ass mofos” doing research at MIT. The author of that article has a B.A. in Biology and a M.A. in Journalism. I am not judging about his qualification, just stating he is not a (crypto) researcher.

Technologyreview state their mission as “Every day, we provide an intelligent, lucid, and authoritative filter for the overwhelming flood of information about technology.” They don’t even claim to be objective but state their supposed authority to influence people.

Anyway… about your quote:
“Blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system.”
This is a fundamental and deliberate design decision and part of what makes Bitcoin Bitcoin and not a problem.
Bugs in the code are a problem. This should be avoided by good practices, e.g. as IOHK demonstrates. Bugs are not a problem of the blockchain or cryptocurrency idea but implementation so we don’t need to discuss this on a conceptual level.

A straight forward idea to mitigate losses of exchanges during a 51% attack is the following:

  • deploy a system monitor blockchain activity and detect 51% double spending attacks
  • when detected the exchange can rent hash power to keep extending the longest chain from the block before the double spending
  • this way it will be a race between the attacker and the exchange, with the exchange probably having more funds
  • What does the exchange have to lose following this idea? Nothing, they spend money for renting hash power but save money from double spending losses. Plus they prove resilience against attackers and improve reputation.
  • What does the exchange have to lose not this idea: They lose money of the double spending attack plus reputation.
  • What does it mean for the attacker? The attacker most likely estimated the hourly money to spend for the rented hash rate and the potential gain on double spending certain funds. The time window until exchanges freeze transfers and withdrawals is limited and the attacker funds as well. When the exchange joins the competition for the longest chain, the attackers are forced to rent hash power for longer to try to provide the longest chain and will at least reduce their profits.
  • outcomes are most likely subject to game theory and should make attacks a lot less profitable for every exchange with such an mitigation scheme.

What are your thoughts?

  1. If it is very unlikely to be written by some smart ass mofos then you have implicitly judged their qualification have you not. You state that they are unlikely to be “smart…” despit having a BA and a MA in Journalism. Let me guess…every blogger out their has a MA in Journalism?

  2. I don’t think every news outlet out there consistent claims to be objective. How about references for all the major news outlets where they claim to be objective. Please site only actual websites to the outlets.

  3. You will not gain mass adoption if reversals of transactions cannot be executed. That’s a plain and simple fact. Live with it. If a bug makes it into BTC and the only reply anyone hears from the community is that the code was exploited, we cant reverse it, the coins have been moved to a privacy coin, we will not fork, you’ve lost all of your coins sorry,…I doubt mass adoption of your protocol will ever occur.

  4. I’m not limiting this to 51% attacks exclusively. Take losing your seed for example. A little old lady, man, woman, or student for example puts money in BTC. They have a house fire the like of which recently occurred in California. Maybe they are in an earthquake or some situation that requires them to run for the hills. They dont have time to grab their seed, they get their kids and family, the house is destroyed. Seed is lost. Money is gone. They are broke. With a conventional bank, they can get their money back. Ask anyone which they would adopt and you will find that most rational people would pick the solution where they can recover their funds.

ad 1. When you originally mentioned the “smart ass mofos” from MIT I assumed that you referred to the researchers at MIT that deliver top notch research. So what I was trying to say is, that the author of the linked article is unlikely to be a researcher at the cutting edge of cryptography or other related topics.

ad 2. I never mentioned other news outlets. I prefer research. If there is no source analytically proving or heuristically supporting claims, it is an authors duty to provide good reason for statements. This is connected to 1. as this is not a research article but more of an overview from a somewhat subjective standpoint. Cryptography is a highly technical topic, and in general there is too much opinion, beliefs, fanaticism and I think the only way to make actual progress is trying to stay as close as possible to best practices of research. Of course this is not really accessible for average people (like me) but we need to try to read articles critically and compare different points of view and not blindly hail a website because it is related to the MIT.

ad 3. This might be true. If someone robs a bank, breaks into an ATM, manipulates an ATM to copy card details or uses other ways to steal money, customers are likely to be reimbursed, that’s right. But customers pay for it by means of fees etc. The traditional banking system is far from secure, it just generates enough profit to be willing to compensate people (typically up to certain limits). The problem with cryptocurrencies is who is to decide what is a bug exploit that should be reversed, what is a fraud that should be compensated etc. Governance is difficult and brings the danger of creating forks because it is unlikely to get 100% agreement. Those things are part of ongoing research so I can’t claim to have a solution for this.

ad 4. This as well is a valid point and consumer friendly solutions are necessary. Trying to take away central control of your asset naturally leaves you with the responsibility of it and in the cases you described you cannot protect it. How does a bank grant access to accounts after a customer lost all means of identification? You could also consider to store a cold wallet in a bank’s safe (could provide protection from some threads but induces new problems like you are somewhat subject of bank and government control again). Maybe other ways like the crypto vault or planes’ blackbox might establish to secure seeds from disasters.

In general, no one says cryptos solve all problems or are the best choice for all use cases. But in general the ecosystem is evolving rapidly and keeps improving.


A: Agreed, but there are some serious issues that crypto needs to address.

After reading the article, I noticed that the material in the article provides no evidence of the mentioned blockchains being hacked. In fact, the author admits that it is not the blockchain that was hacked, the loss actually occurred in an exchange.

The article mentions Ethereum Classic and Zcash. Zcash has never been attacked, let alone being hacked. The developers of the network found a vulnerability themselves and fixed it before anyone exploited it.

In the case of Ethereum Classic, the 51% attack was able to temporarily fork the network by rewriting some blocks.

The defense against this attack according to ETC developers was simply to follow the protocol. The exchange that lost money simply should have waited for the required number of confirmations. The cost of maintaining 51% hashrate for a network like Ethereum Classic for the entire duration that is recommend for confirmation is simply too high. Benefit from the attack compared to cost reduces drastically as the timeframe increases.

Additionally, simply using the word blockchain around something does not make it a secure blockchain. The folks at IOHK have been trying to make people understand that for a few years now. Blockchain protocols need very high assuarances of correctness in design as well as in implementation.

Yet, we have folks all around who are not sure what part of Blockchains they understand make claims of the kind that scientists in the field need to prove mathematically to panels of scientists with lofty credentials in cryptography and information theory.

My answer to authors of such content: nice try.