That’s right: your eyes are not playing tricks on you, I promise that you read that correctly.
I’ve seen my share of tinfoil-hatting on the subject of cryptocurrency and security, but Brandom’s conflation of these two completely different technologies takes the cake. The sheer ignorance required to put pen to paper and excrete a work like his recent article on the subject is astounding, but apparently achievable, as he so readily demonstrates.
For those of you that aren’t fond of supporting the spread of FUD through ad revenue, I’ve compiled a few highlights:
“To understand how this could have happened, it’s necessary to know a little bit about how Ethereum works. The system is built on the same blockchain that powers Bitcoin.”
Indeed. ETH uses SHA256 based proof-of-work, all ETH transactions are logged transparently on the Bitcoin blockchain, bitcoin miners are rewarded in ETH upon a successful payout, changes to Ethereum need Bitcoin node consensus, and Vitalik Buterin continues to be one of the primary contributors to the Bitcoin specification.
Here’s an example of an equally accurate statement: ammonia is healthy to drink, because it’s a liquid, just like water.
“In hindsight, it’s easy to blame the developers for not spotting the problem early enough, but the nature of the DAO project put them at a disadvantage. A coder building a web database has decades of code and security standards to draw on, but coding on the blockchain is a completely new field.”
Oh, of course! We all know that traditional stores of personal information, financial services and networks are immune to malicious actors, because the technology they rely upon is older!
How naive of me to assume that an open source, frequently audited technology based on cryptography could have ever been secure when it isn’t based on protocols and standards from the early 80’s.
Regardless of the fact that this assumption about blockchain technologies recklessly ignores the scale of theft and fraud in traditional fintech, it also directly contradicts his previous statement about the DAO developers’ awareness of the vulnerability.
He is in effect claiming that not only are blockchain technologies hopelessly insecure because they are new, (because apparently traditional best security practices cannot transfer to new technologies) but also that the DAO developers, who knew about the bug, and decided not to halt trading, unlike several other similar DAOs, were not negligent.
The attack on the DAO clearly wasn’t a failing of blockchain security. Plenty of other DAOs are fine. The attack was a failing of people. The same people that claimed that the titanic Ethereum-based organization was unsinkable. They failed to address a publicly-known vulnerability properly, and there were consequences to their actions.
“Theft is a long-standing problem for cryptocurrency, particularly for any institution large enough to make a tempting target. In 2014, the foundational Bitcoin exchange Mt Gox was revealed as massively insolvent in the wake of a $400 million theft, an event that resulted in permanent damage to the currency’s reputation.”
I honestly don’t have it in me to mock this one.
Theft is a long standing problem with people, and this issue we collectively have applies to anything worth stealing, not just cryptocurrency.
This line of reasoning also dictates that no one should use knives because “Stabbings have been a long standing problem for knives, particularly with any blade large enough to puncture the skin.” But polearms, bayonettes, hatchets, axes, and the like are safer, because they don’t look like knives.
The Verge Doesn’t Know Much About the DAO, or Digital Currency in General
Brandom Could’ve just as easily used the 145 million account PayPal breach that happened the same year as Mt. Gox, or the $21 billion USD of US credit card fraud that occurred in 2014 alone to make his point about security, but he equates two unrelated thefts, on two distinct cryptocurrencies, because they both show up in the buzzword tag-cloud when you search for the term “blockchain.”
Mt. Gox and the DAO attack did not stem from problems with the underlying technology of cryptocurrency, but failings with the people behind them.
In the case of Mt. Gox, it was trusting the people in charge of the exchange to secure the traditional, web-facing elements of their business properly. For the DAO, it was an issue of trusting the developers to respond promptly to security problems, just like every other competently put together DAO did.
Sure, Bitcoin is an easy target, but that doesn’t excuse the lazy and inaccurate comparisons drawn between Mt. Gox, the DAO attack, Ethereum, and Bitcoin, nor the intellectually bankrupt reasoning behind the comparisons.
Whether they stem from ignorance on the subject of cryptocurrency or sheer lack of due diligence, I’d take anything Russell writes related to the field with a grain of salt moving forward.
I genuinely don’t know which is worse: the ignorant and fallacious assertions made by Brandom in his article, or that the Verge saw fit to print his drivel.
What do you think about mainstream coverage of the DAO incident? Is it accurate? Let us know in the comments below!
Image courtesy of Ethereum.