A Quick Rememberance

Today marks the 1 year anniversary of the Ethereum hard fork and the creation of the two separate Ethereum blockchains that exist today: Ethereum (ETH) and Ethereum Classic (ETC). The split was the result of the hack of the DAO when the majority of Ethereum developers decided to hard fork Ethereum in such a way as to pay back those affected by the hack. The DAO hack and subsequent hard fork is just one of many hacks and Black Swan events in the cryptoworld over the last decade. To display the resilience of cryptocurrency to these events let’s review some of the more famous hacks, flubs, crashes, and Black Swan events in cryptocurrency history.

Before we begin let’s discuss what a Black Swan is. A Black Swan is an event that is random or unexpected, is highly disruptive, and can only be rationalized after its occurrence. Examples of Black Swans outside the Cryptoworld are the 2008 Housing Crash and the DotCom Bubble. Very few people predicted their coming and the events could only be “explained” in hindsight. Now a quick review:

MtGox Hacked, Recovers, Then Hacked Again...

In the early 2010’s MtGox was the largest Cryptocurrency trading site which allowed users to trade fiat for crypto. By 2013 they handled 70% of all Bitcoin transactions. MtGox would rapidly fall apart after a series of hacks and security exploits. In the weeks leading up to June 2011 Bitcoin had a tremendous price surge taking the cryptocurrency from $1/BTC to $30/BTC. Bitcoin’s price then dropped 50% as rumors of an MtGox hack circulated resulting in 25,000 Bitcoin lost, which at the time valued about $425,000. Tensions were eased when MtGox asserted the hacks were due to poor security on the users’ part with weak passwords and phishing scams.

However, a few weeks later an MtGox auditor’s account was compromised resulting in the theft of ~500,000 Bitcoins ($8.75million) from MtGox user accounts. The hacker then placed a massive market sell order of 100,000 Bitcoin resulting in a price drop from $17.50/BTC to $0.01/BTC in a matter of seconds, aka a Flash Crash. The hacker then tried to transfer the money out of his MtGox account but was only able to transfer $1000 as this was the daily withdrawal limit.

MtGox quickly halted all trading and took several days to sort out the events. They were able to recover nearly all of the stolen Bitcoins. Despite the relatively minor loss of currency, the theft caused a major loss of confidence in BTC. It would take 18 months for the price of Bitcoin to recover to its early June 2011 highs.

...MtGox Coup de Gras

In February 2014 MtGox died. The cryptocurrency exchange discovered in early February 2014 that the amount of Bitcoins it thought it held in reserves was inaccurate. They suspended all trading along with most other Bitcoin exchanges. However when trading resumed on other exchanges a few days late MtGox remained closed. In the days and months to come it would be revealed that MtGox had lost a total of 650,000 Bitcoins. (Initially this number was 850,000 however a large number of Bitcoins were found in a cold wallet not used since 2010). The theft started sometime around the initial 2011 hack and proceeded undetected for 3 years.

This hack resulted in Bitcoin price declining ~35% over the month of February 2014. MtGox never reopened accounts after initially closing February 7th. They filed for bankruptcy and were liquidated in April of 2014, ending its reign over cryptocurrency trading.

The dust has yet to settle for MtGox as the former CEO is currently under trial and it also appears highly likely that trade bots spiked the price of Bitcoin one of which (named WillyBot) the CEO admitted to its existence.

The Ethereum DAO Heist

Shortly after the launch of the Ethereum blockchain a new revolutionary Venture Capital funding organization was founded: The Decentralized Autonomous Organization, the DAO for short. It’s creation resulted in an, at that time unprecedented crowdfunding take of $150m. It continued to grow in size up to $250m until the heist occurred in June of 2016.

The DAO allowed for members to opt out and be repaid if they didn’t agree with a DAO vote, this was called splitting. The splitting function had a bug in its code where the attacker was able to withdraw Ether from the smart contract multiple times before the smart contract updated its own balance.

The DAO was slowly drained of 3.6m Ether ($50million at the time) while the Ethereum community watched in horror. This killed investors’ confidence in Ethereum and temporarily crashed the value of Ether. In the month after the crash numerous options for salvaging the heisted Ether were weighed. The higher-ups in the Ethereum community eventually decided to hard fork the Ethereum blockchain and effectively return all the Ether stolen in the DAO heist.

A smaller group of Ethereum enthusiasts felt this went against the philosophy of the blockchain and cryptocurrency. They argued that the blockchain should remain immutable to combat centralized control of wealth. This group rejected the hard fork and continued the classic Ethereum fork thus creating two separate blockchains and two separate coins: Ethereum and Ethereum Classic.

For a more recent take on the story you should certainly read Bloomberg’s feature on the hack and how a band of white hat hackers saved the day.

CoinDash ICO Heist

Just recently (July 2017) CoinDash had its Initial Coin Offering (ICO). The startup didn’t publish its address for the sale until the day of the ICO. This allowed hackers to insert their own Ethereum wallet address in place of the ICO wallet address and intercept much of the Ether destined for the CoinDash ICO. At the time of writing this heist had garnered $10million or 37,000 Ether. While this recent theft had little effect on the price of Ether it was another powerful reminder of the mischief running rampant in the Cryptocurrency world.

That Time Someone Forged 92 billion Bitcoin

In 2011 Bitcoin was still in its infancy but beginning to gain traction. It’s also when it had its first big hack. Suddenly a block appeared on the BTC blockchain showing 92b BTC in circulation. This was quite strange as there are only supposed to ever exist 21 million bitcoin. Someone was able to exploit a vulnerability in the Bitcoin code that allowed them to create their own supply of Bitcoin.

The problem posed an existential threat to the young cryptocurrency. However, the forgery was fixed 5 hours after it occurred by installing a patch, hard forking to the block just prior to the hack, and restarting all of the Bitcoin nodes. There does not appear to have been any lasting effects from this event but is a lesson that disastrous consequences are caused by minor parts of code.

AuroraCoin, the Cryptocurrency of Iceland

Wouldn’t it be great if your country switched from fiat to cryptocurrency thus saving millions in fees and labour? That was the idea some blockchain makers had for Iceland with AuroraCoin. In March of 2014 they airdropped 50% of the coins to all Icelanders who registered. However, due to poor adoption by Icelanders and the Icelandic government, combined with poor incentives for miners to mine the coin, it lost most of its value within 1 month. This is the nearest to a dead coin as there is. Coinmarketcap currently shows it with a market cap of only $4.2m.

Poloniex Programming Bug Exploited

This is another example of an event that, while it undermined trust in the system, did not significantly crash the market. In July of 2013 Poloniex revealed that a user drained 12.3% of Poloniex’s reserve coins by exploiting a bug in their code. Typically exchanges, like banks, hold a pool of tokens to maintain liquidity for traders and backup member account balances.

An attacker discovered if they put in multiple withdrawal requests at the same time they could overdraw their account into the negative and still get the funds requested. Poloniex’s withdrawal daemon was not programmed to look for negative balances in the timeframe used by the hacker. In all only 97 Bitcoin were stolen and all customers were paid back within a matter of months.

Bitstamp Hack

A much larger heist occurred in January of 2015 when hackers stole 18,866 Bitcoin from the reserves of Bitstamp. At that time the hack was worth ~$5 million. Bitstamp claimed this was a small fraction of their reserve. What was stolen was taken from their “hot wallets” while their “cold wallet” storage was safe. This hack resulted in a $175 crash down to $198, however Bitcoin quickly rebounded.

Bitcoin Savings and Trust Ponzi Scheme

A classic example where if something sounds too good to be true it probably is. Bitcoin Savings and Trust (initially First Pirate Saving and Trust, which honestly should’ve been a dead giveaway) promised 7% WEEKLY return on Bitcoin investments. Trendon Shavers, aka Pirate (another omen) claimed to have rich (and apparently stupid) investors he was selling Bitcoin at a profit to. He created BST stating he needed more capital and liquidity to feed his greedy, wealthy investors. In return he promised 7% WEEKLY interest, an astronomical return.

The venture started in November of 2011. Over the next few months 700,000+ Bitcoin were deposited to BST. However there were no wealthy, dumb investors bankrolling this BST. It was all a Ponzi Scheme set up by Shavers. The Ponzi scheme came crashing down in August 2012 when BST announced its default. 150,000 of the Bitcoin were used by Shavers for himself and few investors got their Bitcoin back however the majority lost theirs. The SEC eventually declared the BST a Ponzi Scheme.

A good infographic of crashes

Other important disasters were left out of this article but you can find a list of them that The Guardian made.

Ethereum Parity Exploit

Just hours ago, after we had written this article, on the eve of a year since the fork, it was announced that another hack of Ethereum based wallets created from Parity’s multisig feature, had been carried out to the tune of $32million (150,000 Ether). In an effort to protect as much funds as possible a group of white hat hackers have funneled the remaining vulnerable wallets into a centralized address and will be reissuing the funds once the wallet exploit is resolved. The issue has been patched on Parity’s GitHub and was caused by how the variable was defined in the specific block of code where Multisig wallets are generated.

The good news is that this is not a flaw in the Ethereum protocol or network, but again due to a coding but via a third party for use on the blockchain. This is a developing story and it is unclear as to how this will affect market conditions, if at all.

Tip Jar