A $50m heist unleashes high-stakes showdown in blockchain

There’s a high-stakes showdown roiling the techno-utopian world of blockchains and cryptocurrencies.

And the outcome, to some, could ultimately have lasting consequences for the future of modern finance.

The story involves the Ethereum blockchain, an online ledger that records transactions and lets users trade ether, the second-most popular cryptocurrency, behind bitcoin. A key part of Ethereum also allows people to put smart contracts — those written in computer code — on its network. Last week, the Decentralized Autonomous Organization, a leaderless venture-capital fund and the highest-profile project using Ethereum, was hacked. The hackers exploited a feature of DAO’s smart contracts to siphon off roughly $50 million of its members’ contributions to the fund.

The debate now is how, or whether, to get the money back. Some, including Ethereum co-creator Vitalik Buterin, propose tweaking the blockchain to neutralize the hack and avert the DAO’s collapse. But a small and vocal group of purists say that would be akin to rewriting history and undermine a fundamental tenet of blockchain technology: its immutability. That once a transaction is recorded in the ledger, it can’t be changed.

“The governing individuals that created Ethereum are in a tough situation — either they change the Ethereum blockchain to reverse the theft from the DAO and deal with questions of immutability, or allow thieves to get away with their crime for the sanctity of the young blockchain,” said Gil Luria, an analyst at Wedbush Securities Inc.

Immutable Promises

The ramifications go far beyond the universe of cryptocurrency enthusiasts. Blockchain ledgers have already drawn plenty of attention from the wider business and financial community, largely because of the high degree of security that immutability promises.

QuickTake: Bitcoin and the Blockchain

Blockchain and cryptocurrency ventures have attracted more than $1 billion in VC investments, and proponents like Blythe Masters, who ran JPMorgan Chase & Co.’s commodities business and helped invent credit-default swaps, envision the technology revolutionizing how Wall Street does business. In recent months, some of the world’s most influential institutions, like JPMorgan, Microsoft Corp. and IBM also have begun experimenting with or using blockchain.

While blockchain code has been tweaked to fix bugs before, it’s never been changed to effectively reverse or block actual transactions. Any distrust in the technology could hamper its wider adoption. In the DAO hack, the source of the problem was in the code governing the organization’s smart contracts — not in Ethereum itself.

Rewriting History

But once one blockchain is changed, others could follow, and for less legitimate reasons. And without looking into the nitty-gritty of the source code, companies big and small may not know whether any transactions were changed.

“It gets dangerous when people try to rewrite history,” said Fred Ehrsam, co-founder of Coinbase, a cryptocurrency wallet and trading platform. “If we do this one, what about one where it feels less clearly like a theft? We should all get accustomed to live in a blockchain world, where you need to live with your mistakes.”

The DAO has little time to decide. Based on the terms of the DAO’s smart contracts, the millions of ether transferred by the hackers will be available for withdrawal after 27 days. That leaves less than three weeks for the organization to come up with a solution.

Members are debating whether to create something called a “fork” in the blockchain. A soft version of the fork would make it impossible for the hackers to take any money out. The more drastic option is a hard fork that takes the Ethereum blockchain back in time to the moment before the attack. It would erase the hack and restore the money to its owners.

Libertarian Leanings

More than 51 percent of Ethereum’s “miners,” or those who use computers to verify transactions on the blockchain, must approve any such fix for it to be implemented. Most voters have so far been in favor of the soft fork.

Buterin himself favors a soft fork of the blockchain and says that changing Ethereum now, while it’s still relatively new, won’t cause any harm.

“The project is moving towards stronger degrees of immutability but it is not yet there and ultimately there will always be a tipping point,” Buterin said in an e-mail. “It is a matter of pragmatism to determine where that point is.”

Brock Pierce, chairman of the Bitcoin Foundation, says creating a fork in the Ethereum blockchain is a no-brainer. Proposals to do nothing and let the hackers keep the DAO’s millions reflect the libertarian leanings of many early adopters — who favored complete decentralization. Those views need to evolve for blockchain to grow and mature, he said.

Blockchain Dogma

“We don’t need to be so dogmatic,” he said. Doing nothing “is going to be more damaging to the ecosystem.”

Some blockchains already tout the benefits of greater flexibility as a way to enhance security. A company called Chain, whose clients include Nasdaq Inc., lets a small number of people make upgrades and changes to its blockchain.

“Institutions do not want to be in a situation where they lose their clients’ money and then there’s nothing they can do about it,” said Adam Ludwin, the chief executive officer of Chain. “We need immutability because without it we are nowhere. But at the same time we need the ability to move more quickly to address security challenges than you can in a completely decentralized model.”

Some in the Ethereum community aren’t waiting around. As of June 22, hackers friendly to the DAO had emptied all the remaining money from the organization’s virtual wallet, according to the official blog of the DAO. Securing the funds would still require a fork.

Whatever happens, Union Square Ventures’ Albert Wenger says there’s another, perhaps even more fundamental, lesson to be learned from the current DAO crisis: that’s the danger of putting too much trust and confidence in the ability of coldly logical code to replace laws and regulation.

“Things will go wrong,” Wenger wrote in a blog post. “And then we need a way to deal with it that lives outside the technology.”

–  Bloomberg