Weekly E-mails:  Crypto Trading Strategy 5 Weeks of Onboarding Reads. Latest Airdrops (Thu 7 AM EST). Or all of it.

Dismiss   Pick Your Preference
This site uses cookies (More).

 

All about the DAO hack - #CryptoTrading

A summary of what is going on with DAO's and ETH
  .  Published  · By KarlVonBahnhof

Image: DAOs have a critical vulnerability that can probably be removed only by a hard fork.


The DAO hack simplified

Great summary can be found on erratasec blog.

It starts with an explanation of what are smart contracts (the main purpose of the Ethereum platform) actually good for.

Let’s say that we want to organize a small conference. We need 100 people to sign up and pay/deposit money, so we can rent a hotel and such. But if not enough people sign up by a certain date, then the deposits need to be refunded. With Ethereum, we can write in a JavaScript-like language to code up this contract. It’ll guarantee that everyone will get a ticket to the conference, or everyone will get their money refunded, depending on how many sign up.

The main point is, this whole redistribution of payments that, depending on a condition, might or might not be returned to the people who paid them, is supposed to be made automatic. There is supposed to be no human overseeing it or interpreting the circumstances to help someone in power decide.

Then the DAOs are explained, specifically how you leave a DAO (not just TheDAO but any DAO). The issue here is to leave you need to create your own DAO if you have invested in a project that is still ongoing. Your child DAO will receive the payout of your investment once the project is over.

When you want to leave the fund, you split from it. This includes your share of unspent Ethereum coins, but also tokens representing returns on investments you were part of, but which haven’t yet paid out. That’s why you “split” rather than “cash out”, you need your own DAO shard to track those investments until they pay out.

This DAO splitting is exactly where the hack occured

When a member exits the investment scheme, they call the function name splitDAO(). (…) The member will supply some of their own code with the transaction. Among the things that code will do is tell the DAO code how to transfer Ethereum coin. (…) [Another] issue is that Ethereum code is recursive. That means when a function is running, it may call itself a second time. The bug is that when splitDAO() is called, it will then call the recipients code to transfer Ethereum coin, after which the recipients code will call splitDAO() again before finishing. This causes the process to repeat itself, transferring more Ethereum coin, then calling splitDAO() again, which calls the hacker’s code, which calls splitDAO(), which calls the hacker’s code, and so on. The process will continue endlessly, until it drains all of TheDAO’s coin.

You can see that the bug is inherent to DAO codebase and closely related to how Ethereum platform works. If this very basic code is not altered, all future DAOs are subject to this bug.

Stolen money recovery

The only way to undo this is to rewind the blockchain to the state before the attack occured which has been seriously considered and which spooked all the non-ETH fanbois. It would undo not only the hack but also all the other transactions that occured in the meantime which means screwing over the few for the sake of an organization that is too big to fail, as the ErrataSec article points out. We know that from centralized banking.

Currently the ongoing solution to this issue implemented by the developers was one that avoids the rewind: New child whitehat DAO attacks were created with the purpose to attack the malicious DAO. The whitehad DAOs rolled out on the 21st of June while developers kept reassuring everybody the attacker cannot access the stolen funds for 27 days which is enough time to come up with a solution.

This attempt to shake off the hacker failed. Since the whitehat DAOs needed capital to run, they started accepting donations. The person behind the initial hack also donated some ETH to the whitehat DAOs and is hence a shareholder, possibly planning to drain the whitehat DAOs as well.

Meanwhile, a Cornell professor found 10 other vulnerabilities in DAO and calls for a DAO 2.0 movement.

Current Ethereum Sentiment

People on ETH trading subreddits feel that the dev team looks after them and have more confidence in ETH now than in BTC (with notoriously indecisive governance) - in spite of the fact ETH is fundamentally flawed and DAOs are subject to future fund drainings.

This goes hand in hand with the sentiment that is being created by the community voices, and that is that the DAO hack is good for Ethereum since it is only pruning, similar to the shaking out of the weak hands during a run-up, where only the most faithful will prevail.

For clarification, traders say that the weak hands are being shaken off when there is a bullish market that retraces significantly after a profit taking on a local top, forcing highly leveraged longs to market sell at a loss. That results in some more price drop where winners take it all, i.e. people with enough capital will take the advantage of - pardon my French - cheap coins and drive the price up.

It has nothing to do with pseudo-Christian faith in a leader/savior and putting money into a platform where they might be irreversibly lost while there are plenty of alternatives without this downside.

Consequently careful speculations occurred on /r/bitcoinmarkets considering manipulations from the side of wealthy ETH holders that need the ETH price to hike up to $30 once again before they cash out for good.

It is probably worth mentioning that some people are just in for the penny stock chance.

Meanwhile, officials are concerned.

####Some more reading

About the author

Written by KarlVonBahnhof

KarlVonBahnhof also on Reddit, Chris belongs to the crypto trader class of 2013. Located in the Americas most of the time, you're most likely to meet at r/BitcoinMarkets though.

 

Last added to Crypto Airdrops, Bounties & Opportunities
Name Date How to access Official URL Additional Info
Cloudbet Turbo Thursday Reload Bonus Every Thursday between 05:00-23:59 UTC Make a deposit of 0.1 mBTC or more today, Cloudbet gives you a 100% Reload Bonus of up to 50 mBTC/1 BCH. Remember you must activate the bonus in your player dashboard before making a deposit for the bonus to be credited! The bonus is only available for the Casino, not the Sportsbook. details make acct
POOL-X exchange listing promo Daily until listing POL has a random twitter draw of users who post a POOL-X graphic design every day until their token listing on the KuCoin exchange. You need to sign up via Google form and have a KuCoin account. form make acct
Verasity New Triviata Competition November 5 at 00:00 UTC - November 20th 00:00 UTC Verasity is a token-based platform for the attention economy. They always engaged a lot with the community and organized several airdrop and competition campaigns so far. The current two-week campaign relates to the Triviata app (iOS/Android). Sign up and enable your game participation in the app profile, and you get the chance of winning prizes with 4000 USD in total. Even if you don't win though, participating will earn you tokens that can be staked in the official wallet for over 30% yearly earnings. join about
Bethereum Price Pool on VK November 2019 There are regular competitions with the total pool of prizes worth 40K Bether if you join the gaming platform's VK channel. details make acct
Brave New Coin Challenge Until the end of the year The crypto market data provider is giving away small amount of their tokens if you add people to their telegram group. register telegram
FanEspo Big Competition (ERC20) All the time Fanespo is launching a new promotion contest worth $500 in FAN tokens. Details will pop up on you when you sign up on site. Overall, the eSports platform FanEspo is giving away the total of $1.6 million of tokens in contests. You need to have a FanEspo account. details make acct
Atomars Opportunity Launch promo There is a new altcoin axchange launched that now offers zero-fee trading, and possibly thinner markets for the market makers around. details make acct
Keybase Stellar Lumens Drop 11 September 2019 & Onwards The Keybase team announced a surprise airdrop worth 21 USD in XLM to all account holders who ever installed the Keybase app. To get the Lumens, you need to sign in again and claim them - you should have received a bot message with instructions. Keybase has been funded by the Stellar Developer Foundation for years and so this collab is not a one-off. You can choose to keep participating in the Lumens airdrop by using Keybase, the total dollar worth each user can get is 500 USD. New accounts can still participate as long as they have a Github or HackerNews account created before 9 September 2019. more join
BlockWage Airdrops + Bounties Recurring Platform for freelancers marketplace. Airdrops randomly announced via Discord, there's also the possibility of Masternodes. join web
Vaultoro Token Launch Promo September 2019 The crypto-gold exchange Vaultoro has been around for years, getting attention in the 2015 bear market and tagging along through the subsequent bull run. They are now launching their own exchange token which you can get for free if you don't have an account yet. Every new sign up with basic ID verification gets 200 VAULT tokens. homepage make acct