Cybersecurity

6418 readers

63 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

[email protected]

130

Hackers steal $1.5bn from crypto exchange in ‘biggest digital heist ever’ (www.theguardian.com)

submitted 5 days ago by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 20 points 5 days ago* (last edited 5 days ago) (2 children)

I worked for an NFT company for awhile, and we talked about how people stealing like this would just have the funds reversed because the blockchain can fork to solve it

This is a pretty naive perspective when it goes directly against the whole ethos of the network. You can't have credible neutrality and also have hardfork bailouts every time a centralized exchange with poor security practices gets hacked or "hacked", these are mutually incompatible things. For a financial infrastructure that does reversals and central authority judgment calls, there is always fiat and banks.

[–] Fandangalo 2 points 5 days ago (2 children)

I agree that there’s some line, but if we’re really talking about $1.5bn & it really is a theft, it seems reasonable to me. /shrug

It’s probably money laundering anyway, but I dunno. If the blockchain is protected through a decentralized ledger, couldn’t they vote via governance?

Keep in mind, I read the headline & not the article. I got no clue what chain or crypto involves the story. The web3 world gave me a salary boost, and that was enough for me. It was stressful working in a grey area at times.

[–] [email protected] 2 points 4 days ago

It's Ethereum, and it happen because they have no way to verify what they sign in multi-sig setup. There is not a single hardware wallet (signing device) that can do that. The whole Ethereum and EVM ecosystem has been used to blindly signed for years. Today, some realized that developing an app for Ledger devices or other hww would not necessarly be throughing money out of the window :D

[–] [email protected] 2 points 5 days ago* (last edited 5 days ago)

It's Ethereum, so close relevance to anything web3.

it seems reasonable to me.

It won't seem reasonable to the people developing the software or running the staking nodes whose consensus would be needed, see https://nakamoto.com/credible-neutrality/ for an idea of why. Basically the idea is that the more a network acts to impartially execute algorithms than as a subjective governance body, the more it can be relied on without worrying about the potential bias of that governance, and that impartiality is at the core of its actual value. The whole "code is law" thing might not be literal reality, there is a line, but that line is located at an existential threat to the network itself (ie. the DAO hack hardfork which was the only time this was really done, or the plans for a hard fork to recover after a hypothetical quantum computing attack breaks encryption on all wallets).

If there was an office somewhere practically able to wield a ctrl-z button for Ethereum accepting support tickets for its use, that would be a very different sort of cryptocurrency and imo not one that would be likely to work out.

Anyway this kind of hack does suck, but I think ultimately the lesson just has to be for people to either self custody or avoid crypto entirely. Centralized crypto exchanges rarely deserve the trust placed in them.

[–] [email protected] 1 points 5 days ago (1 children)

I think it's worth mentioning that this isn't the first time eth suffered a big attack and it also wouldn't be the first time they'd hard fork to roll back on the transactions. An attack in 2016 was rolled back in 2017, creating the eth classic, which ignored the changes.

[–] [email protected] 2 points 4 days ago* (last edited 4 days ago)

Basically accurate except I wouldn't classify a theft of Eth from a centralized crypto exchange as an attack on Ethereum, both because it doesn't threaten Ethereum itself and because it wasn't done using an exploit in Ethereum, this was a phishing attack afaik.