A hacker on Friday siphoned more than US$50 million of digital money away from an experimental virtual currency project that had been billed as the most successful crowdfunding venture ever — taking with them not just one-third of the venture’s money, but also the hopes and dreams of thousands of participants who wanted to prove the safety and security of digital currency.
The attack most likely puts an end to the project, known as the Decentralized Autonomous Organization (DAO), which had raised US$160 million in the form of ether, an alternative to the digital currency bitcoin. While the computer scientists involved in the project are aiming to tweak the code that underpins ether in a way that would recover the money, the theft is nevertheless prompting a bigger debate about the viability and principles of virtual currencies like bitcoin and ether.
“This is one of the nightmare scenarios everyone was worried about: Someone exploited a weakness in the code of the DAO to empty out a large sum,” said Emin Gun Sirer, a computer science professor at Cornell University, who co-wrote a paper pointing out problems with the project.
Central banks and financial firms have been exploring how to use the technology underlying virtual currencies — known as blockchain — to improve their own internal systems. The technology is considered to have advantages in terms of transparency and security. Earlier this month, US Federal Reserve Chair Janet Yellen told central bankers at a trade industry conference that they should accelerate their efforts to explore blockchain.
However, the incident on Friday provided another reminder of how the code can be just as vulnerable to human greed and mistakes as paper bills.
The DAO was meant to be a standard-bearer for online currency ventures. It was funded by investors from around the world using ether, which has become popular over the past year. However, just before the project stopped raising money late last month, computer scientists pointed out several vulnerabilities in its underlying code — effectively warning that what happened to the experimental consortium would be possible or even likely.
“The DAO is being attacked,” Griff Green, a community organizer with the company that wrote the project’s software, Slock.it, wrote on a chat channel for the project on Friday morning. “This is not a drill.”
The money the hacker moved appeared to be frozen on Friday as a result of a safeguard previously built into the code. Programmers working on the Ethereum network, which hosts ether, were debating whether to make a one-time change to the code to recover the frozen money. That faced immediate opposition from many virtual currency purists, who were attracted to the technology because of its ostensible freedom from human meddling.
“The strength of blockchain tech is that it is a ledger, a statement of truth,” Bitcoin Foundation board member Bruce Fenton said. “That ledger is only as good as its resistance to censorship, change, demands or attack.”
The hacking underscored the complicated governance structure employed by cryptocurrencies. These currencies are not run by any company or individual, but by the computers of anyone who chooses to support the network.
The DAO was supposed to be a further extension of this concept of group decisionmaking. Thousands of people around the world financed the project by sending in ether. The DAO was supposed to act as a sort of venture capital fund, investing in projects that were voted upon by people who contributed money. The attack took place before any projects had been funded.
It led to chaos on the online message boards where DAO investors and ether users gather.
“How can we help and protect our funds?” one user wrote on the Slack chat channel for DAO investors.
The programmers who wrote the DAO code immediately suggested that investors vote to move their money to another, unrelated project known as Congo Split, primarily to protect their investments.
“The community needs to spam the network so that it can mount a counterattack,” Slock.it employee Stephan Tual wrote on that company’s Web site.
By the time it was over, the hacker had managed to gain control of 3.6 million ether — more than one-third of the 11.5 million that were there at the beginning of the day.
“The DAO’s journey is over,” Tual said in an e-mail.
The founder and lead programmer on the Ethereum project, Vitalik Buterin, said he supported a change to the code that would reclaim the money from the hacker, but he said he recognized that he might not win the argument.
“I recognize that there are very heavy arguments on both sides and that either direction would have seen very heavy opposition,” Buterin wrote on Reddit.
Sirer wrote: “There is no good solution here.”
Polytronics Technology Corp (聚鼎科技) yesterday announced that it is buying Henkel AG’s thermal clad dielectric material (TCLAD) business division for US$26 million as the Taiwanese firm aims to improve its technology, product portfolio and revenue performance. Polytronics, headquartered in the Hsinchu Science Park (新竹科學園區), is a supplier of protection components and heat dissipation materials. The firm entered the metallic heat-dissipation substrate market in 2007 and developed a unique solventless production process. Its board of directors approved signing an agreement with Henkel to acquire the German chemical firm’s TCLAD division in the US. The purchase includes all assets and business interests, including equipment,
ELECTRIC FARMLAND: TSMC’s proposal to clear 230 hectares of reforested land for what would become Taiwan’s largest photovoltaic solar farm has generated concerns New rules curbing solar farms built on agricultural land sparked fierce debate at a packed public hearing at the Legislative Yuan yesterday, with industry representatives saying that the new restrictions would endanger President Tsai Ing-wen’s (蔡英文) green energy goals, while agricultural officials emphasized the importance of protecting farmers and the environment. The Tsai administration has set a target to generate 20 percent of the nation’s power from renewable sources by 2025, by which time it also aims to install 20 gigawatts (GW) of solar power, including 6GW from rooftop solar systems and 14GW from ground-mounted solar farms. Although rooftop solar systems are
Taiwan Semiconductor Manufacturing Co (TSMC, 台積電) yesterday posted monthly revenue that suggested second-quarter sales surpassed analysts’ estimates, underscoring how its technological lead is helping the chipmaker weather the COVID-19 pandemic and US sanctions on its second-biggest customer Huawei Technologies Co (華為). Apple Inc’s main iPhone chipmaker posted sales of NT$120.88 billion (US$4.08 billion) for last month, up 40.8 percent year-on-year and bringing its revenue for the second quarter to NT$310.7 billion, beating the NT$308.8 billion analysts expected on average. TSMC, a barometer for the industry thanks to its heft in the global supply chain, had previously lowered its revenue outlook for this
‘SENSITIVE MARKETS’: The previously unannounced project would involve the company handing over control of data to a third party to sidestep privacy concerns Google has abandoned plans to offer a major new cloud service in China and other politically sensitive countries due in part to concerns over geopolitical tensions and the COVID-19 pandemic, two employees familiar with the matter said, revealing the challenges for US tech giants to secure business in those markets. In May, the search giant shut down the initiative, known as “Isolated Region” and which sought to address nations’ desires to control data within their borders, the employees said. The action was considered a “massive strategy shift,” said one of the employees, who added that Isolated Region had involved hundreds of employees