3. How many people do you think have the ability to pull off the hack?

How many people do you think have the ability to pull off the hack?

By the way, I don't believe that the attacker shorted a lot of Ether.

In order to short sell an asset, you have to loan the asset from someone, immediately sell it, and then after the price crashes, buy it back and return to the creditor. If there is any difference, you pocket it. If the asset raises in price, you now have to pay more in order to buy the asset back, and you can run into a large loans.

However, the problem is that it is not trivial to get this much Ether loaned to you if you don't have a lot of capital to begin with. Ether is a new and unstable asset, there are a very few places that can loan you Ether in the first place. And those who do won't loan you a lot of it, unless you provide a good collateral, and even then, you can only get a limited amount, because there is simply not a lot of short-sell offers out there.

And if he did short it, he wouldn't have stopped at 31%, but would continue siphoning all the way so that the Ether price would crash even more.

In short, I don't believe attacker made a lot of money with this. Although I respect the discovery and execution of his attack, I don't feel bad about the fact that he didn't make any money with it, because it was still an attempted theft.

To those who are saying that this attack was trivial. Not exactly.

First of all, the attacker did not just use previously published recursive call vulnerability, he discovered a couple more exploits on top of that. It was a well done work that included multiple steps. Then, it took at least 4 days for all the researchers to understand how exactly the attack was made.

If you have seen the chat rooms, you'd know that well-respected Ethereum experts spent quite some time reproducing the attack. As additional proof to the difficulty of the attack, notice how at least a week has passed after the initial siphoning before somebody else tried to siphon more funds. If the attack was simply a manner of creating one line contract, we'd have had new attacks within a day. And what's interesting, the last black hat siphoning attempt was a failure - the attacker did not create a good enough exploit which allowed white hat attackers to drain most of the funds very quickly.

That said, 50 people is of course a wild underestimation. It can be anyone, can be someone who had nothing to do with the Ethereum before deciding to poke around in the contract.

/r/ethereum Thread
Previous
Next

Recently removed from /r/ethereum

Are traditional gaming studios really using web3, or is it just hype? Most Web 3 games, in my opinion, are simply not entertaining enough to attract non-crypto natives Tax implications of any possible Ethereum fork. Hard Fork of ETH to ETHW SUPPORT!! Why build anything on ethereum network??? Charles Hoskinson says ETH > BTC; nearly throws hands with Bitcoin Maxi (LMAO!!) Anyone interested in setting up a protest in NYC TONIGHT, to protest the crypto provision in the infrastructure bill? We need boots on the ground! Why the hate on Polygon? GameStop (GME) planning on selling NFTs on Ethereum Private key opens a different address than the one that it "should" Convince me: what are the advantages of dapps? What is proof-of-stake Just bought $20,000 of ETH. EY built a blockchain for wine snobs to track the origins of their plonk Frozen Armor-A Song of Ice and Fire, Best Metal Seeds Memorizer by BITHD.COM

More Random Comments

Thinking of Working at a Dealership Sharing my daily supps Prison inmates should not be last to receive COVID-19 vaccine, advocates say r/engineering's Weekly Career Discussion Thread [21 December 2020] OYS - Where Progress is Made (12/16/20) Do I need to wipe this grease/oil away? THE SHAFT When could it possibly be more obvious that a Medicare for All type healthcare system, guaranteeing healthcare to all and eliminating private insurance, is an essential and moral reform for the United States? ELI5 how the lyrics to a song can be changed after its recorded. Half of nursing at my hospital is refusing coronavirus vaccination: anyone else seeing this? If you are, have you found ways to improve the situation? How does the system of systematic racism work in the US? Which major stores, restaurant chains are open on Christmas Day? A top r/agedlikemilk post aged like milk. China haters mad 'Unconscionable' on Christmas Eve: GOP Blocks $2,000 Direct Payments for Struggling Americans Mark Hamill, James Gunn, William Shatner Skewer Space Force for Ripping Off Their Franchises