Main navigation

Co-Author of Controversial Ethereum Fund Recovery Proposal Story of $35 Mln Hack

Wed, 02/28/2018 - 22:08
article image
David Dinkins
James Levy had 40,000 Ether stolen from him in 2015, and he wants his money back.
Co-Author of Controversial Ethereum Fund Recovery Proposal Story of $35 Mln Hack
Cover image via U.Today
Read U.TODAY on
Google News

As the debate over fund recovery options continues within the Ethereum community, the co-author of the controversial EIP 867 is sharing more of his story in hopes of swaying the community. EIP 867 is an “Ethereum Improvement Proposal” that attempts to create guidelines for the recovery of funds lost due to hacks and theft. The proposal has attracted an enormous amount of controversy, with one of Ethereum’s EIP editors resigning because of his belief that the proposal violated Japanese law.


The story of EIP 867 begins with its co-author, James Levy, who received 40,000 Ether from the Ethereum Foundation for his work on smart contracts in late 2015. At the time, the price of Ether was less than a dollar, and Levy secured the funds in a wallet that used a weak passphrase. Nonetheless, Levy apparently believed his funds were safe, thinking any hacker would need his private key in order to move the money.

Unfortunately, the tool Levy used to generate his wallet - created by none other than Ethereum co-founder Vitalik Buterin contained a critical flaw that allowed funds to be transferred using only a wallet’s passphrase. That’s exactly what happened, as a hacker ended up stealing Levy’s money worth an incredible $35 mln today - by cracking his weak passphrase.

For some unknown reason, the thief never moved, sold or spent the stolen funds. They are simply sitting there in the hacker’s wallet, untouched. This has given Levy hope that, provided the community agrees, he might one day get his money back. Recovering his funds would require the network to hard fork, essentially requiring that Ethereum’s miners agree to pretend the hack never happened and returning the funds to Levy’s original wallet.


If this were any other digital currency, there would probably be no hope of that ever happening. But Ethereum set a precedent following the notorious hack of TheDAO, hard forking the network to return the stolen funds. At that time, 3.6 mln Ether 15% of all the Ether in existence was drained from TheDAO’s contract by utilizing a bug in the contract’s code. Technically speaking, the attacker didn’t “hack” anything; he actually simply executed a feature that had been (unintentionally) programmed into the contract.

Because of the monumental size of the loss, the community ultimately decided to hard fork the network and essentially change the past - to make it as if the attack had never happened. Funds were restored to their original owners, and a precedent was set.

Following last year’s $160 mln Parity wallet hack, it became obvious that the problem of lost funds wasn’t going to go away any time soon. Unfortunately, because of its numerous features, Ethereum has an unusually large attack surface. Since Ethereum uses a Turing-complete contract system, developers can (and do) make mistakes in their code, accidentally creating vulnerabilities that can be exploited by attackers.

Levy and others like him think the network needs a formal procedure to handle fund recovery in the event of such losses. Supporters of EIP 867 point out that the network has already hard forked to recover stolen funds once in the case of TheDAO hack so it’s hardly fair to say that was a one time thing. Opponents of EIP 867 say that you can’t go forking the network any time somebody loses money, or else the “finality” of a transaction ends up being meaningless.

article image
About the author

David Dinkins is a freelance writer who holds a Master of Arts in history from Louisiana Tech University and has extensive teaching experience both at LSU – Shreveport and University of Phoenix. He got involved with cryptocurrency in early 2014 working as part of the Dash Core Team and have served in the role of writer/editor (mostly editor) during that time. He has edited a huge number of documents for the Core Team, including the Evolution whitepaper, the PrivateSend whitepaper, and many of Evan Duffield’s communications with the Dash Community.