1. This Week in The DAO: Money on the Hard Fork
For those (like me) who have taken a break from The DAO story during the summer months, this Motherboard piece is a great review of the attack, the aftermath and the soft/hard fork debates. One just has to ignore the soundtrack of Stephan Tual playing the world's smallest violin for himself and all his self-inflicted troubles:
Since the $53 million were hacked in mid-June, basically everyone on the team at Stephan Tual’s startup, Slock.it, has been busy limiting the extent of the damage and trying to get back the money. “Slock.it put a huge amount of work in building the framework for the DAO. At least six months of work—that's a net loss, we are financially and mentally exhausted,” Tual said.
To paraphrase what has been said on the Internets, this is like someone complaining about having to save horses from a burning barn after they were the ones who soaked the stables in gasoline!
The market looks set for the hard fork option, and sports fan can follow the hard fork progress here (gotta love this site's tagline for honesty: "Blockchain, make me rich and I care not what you can be used for.") Benjamin Dean of Columbia University does a nice job of summarizing the governance questions and challenges that The DAO episode has raised for Ethereum and decentralized systems in general in this article:
This episode introduces nuance to Ethereum’s pitch on enabling applications to run “without any possibility of downtime, censorship, fraud or third party interference”. Similar claims are made by the promoters of crypto-currencies and blockchains more generally.
Smart contracts may run exactly as programmed but this does not mean that they will run as the creators intended. The DAO incident demonstrates how the complexity of these contracts is outstripping the comprehension of the people who wish to write them. This in turn introduces bugs and vulnerabilities, some of which are known, but others will only become known when something goes wrong.
While the Ethereum network’s users might be decentralised, certain features of the network are not. [SNIP] A skewed distribution of mining power and crypto-currency holdings is combined with pseudonymity of account holders and a strong incentive to game the system. This has all the makings for deceptive, unaccountable, fraudulent, and self interested decision making.
Until hard questions around governance of blockchains are asked, and solutions implemented, we should brace ourselves for more incidents like that which has befallen The DAO. At stake is not just the fate of projects like Ethereum but the future potential of blockchain technology more generally.
2. The Steem Hack
Ether isn't the only cryptocurrency in play this week. I asked our in-house altcoin/stonewashed-jeans expert Chris Khan to file a report on the latest on Steem:
A quick look at CoinMarketCap (a daily occurrence for some) shows an unfamiliar face right above Ripple in terms of market cap: Steem. As of Sunday morning, Steem’s $3.58 cryptocurrency tokens place the total value of coins in circulation at just above $300 million. And what happens when a novel crypto takes off ? The hackers come out to play.
Steem is a native cryptocurrency used by a new social media website named Steemit. Think of Steemit a bit like Reddit (the name is obviously a total coincidence), except upvotes are worth real money. I’m not talking about Reddit gold here. I’m talking about ~$30k for a makeup tutorial. (Note, a parody of that video currently has a payout pending for ~$12k.)
At the end of last week, 260 accounts were compromised to the tune of ~$85k. Neither the Steem blockchain nor Steemit’s servers were hacked; the hackers simply took advantage of browser-side vulnerabilities (Ed. Note: another reminder that most attacks happen at the edge of the network, not the network itself). Within just 24 hours, the site was up and running, with a plan to secure compromised accounts with a balance over $100. Users have since been asked to change their passwords, with the promise of two-factor authentication in the near future. (Interestingly enough, Steemit users have multiple separate passwords for different activities such as posting and voting.) In addition, Steemit will be refunding any stolen funds (probably not too difficult given the funds amount to a mere .028% of Steem’s market cap, which Steemit can certainly spare given their assumed coin stash).
Just as things were settling down, hackers (unclear whether they were the same as those from the first attack) attempted to DDoS Steemit, so the Steemit dev team took the site down to protect against further damage and quickly learn from their mistakes to build a superior product. Steemit CEO Ned Scott seems optimistic about the site’s security enhancements, as Steem’s early investors line their pockets with what could be just another fad altcoin, or something else altogether. In any case, it might be worth taking a trip to your local Sephora and dusting off that old DSLR.
3. New Entrants
Two new entrants in the banking-blockchain ecosystem were announced this week. Two developers from the JP Morgan blockchain team have announced their effort to build an enterprise version of the open source Juno blockchain that JP Morgan released earlier this year. A company dubbed Thought Machine have emerged from stealth with few details outside of discussing their VaultOS blockchain tech will be targeted at core banking services.
4. R3 in the News
I try not to reserve too much space in these posts for R3 news, but there are two interesting things to share this week (and I am sure that the editor in chief of Pravda used to say the same thing...)
As we have mentioned previously, R3 co-hosted a Smart Contract Templates Summit with Barclays earlier this month. We have shared all the day's presentations here. IB Times (and others) followed up with articles that provide quotes and context from our CTO Richard Brown, Dr. Lee Braine of Barclays Investment Bank CTO Office and Clive Ansell, Head of Market Infrastructure and Technology at ISDA. The following pull quote is best contrasted with The DAO entry at the beginning of this post:
Braine said that one of the motivations for creating smart contracts, together with shared ledgers underneath them, is the opportunity to reduce the number and duration of disputes. Some of the potential improvements could result from simply making the relevant information, such as agreements governing specific trades, more easily accessible.
Brown agreed, adding: "If you look at the experience with The DAO recently, one of the key takeaways from that incident was that, in a system that perhaps had an express design goal of having the code be dominant, there is a need to have a broader contract that explains what happens in the event that things do go wrong."
And finally, we are very happy to announce that Absa has joined the R3 effort as our first African member. Welcome aboard!