Why Ethereum should fork
Posted: Wed Jun 22, 2016 5:34 pm
There have been many happenings in cryptocurrency lately, but because they came at a time when we were just finishing the implementation of significant upgrades to our services, I have not had enough time to write about them here. In the next few weeks, I plan to discuss the recent revelations about Craig Wright, how we detected and penalized "low luck" miners, and another review of my predictions of the impending bitcoin crash and Ethereum rise. For now, however, I think that the most important, and also the most interesting, issue at stake is the proposed Ethereum hard fork to revert the DAO theft. In this article, I will explain why I believe that it is critical for the Ethereum community to rally around the fork. While there are many reasons the fork should be supported, some of the most compelling include human decency, setting a precedent, avoiding the poisoning of the network, eliminating government interference, and not repeating bitcoin's mistakes.
To begin, human decency is an important concept that one finds largely absent in online discussion forums. In fact, one of the seminal causes of the bitcoin crisis that is going to lead to its impending crash is a simple inability for key figures like Michael Marquadt, Gregory Maxwell, and Peter Todd to treat their opponents with respect and dignity. When leaders act the way that Marquadt, Maxwell, and Todd do, it sets a tone that others follow. As a result, many bitcoin users have become accustomed to ignoring the effects on individual people that result from their decisions.
Yet, despite what these people say, the consequences to actual human beings and their lives from the DAO theft loom large. Some detractors argue the technicality that the DAO's "code" is canonical, and therefore anyone is welcome to do anything with the DAO's money as long as their actions conform to the code. The idea that what happened is not a theft is ludicrous. Someone stole money from 20,000 people and kept it from himself. Few people, if anybody, who invested in the DAO did so with the intention that the DAO should be a race to see who can empty it first. Everyone understood that the DAO was created with the purpose of investing money in Proposals that were anticipated to earn a return. That's what the website said, that's what the marketing portrayed, and that's what its Curators intended. A survey of reasonable people would show that almost everyone sees through the false argument that the attacker simply "used the code."
How much money was stolen? It was about $80m; by contrast, the Antwerp Diamond Heist, the largest in history, resulted in $100m in stolen diamonds and gold. It is important to keep in mind the scale of the disaster - the theft of the DAO funds ranks within the top thefts of all time. It is not an acceptable argument to blame the victims and suggest that it was their faults for investing in the DAO. The DAO did not fail because of the inherent risk of the crowd investing in the wrong projects and going bankrupt; it failed because someone stole its money.
If no action is taken, then up to 20,000 lives will be different, and some of them will still be recovering 30 years from now. In 2050, there may be someone who could have retired five years prior, but who will still be working because people failed to take action on the DAO attack decades before. Given the large sample size, there is almost certainly a child who will not get the opportunity to go to college and will therefore suffer a lifelong setback if miners do not act. This isn't some game with numbers on a whiteboard. There are real people with real lives at stake, and the decision of miners in the next few weeks will determine whether they get some of their value back or whether a worthless scumbag wastes their futures.
I don't believe that a hard fork will destroy Ethereum or cryptocurrency as many do. However, it is important to note that justice in this instance is more important than the future of smart contracts. Even if it were known that there would never be a smart contract again, we as human beings still have a moral imperative to not allow such behavior to stand.
The idea of not allowing the theft to stand brings me to a second reason that an Ethereum fork is required: to set a precedent. An argument provided by those opposed to the fork states that refunding DAO investors would set a negative precedent that any transaction can be reverted in a blockchain. But this argument again, goes overboard. Nobody is proposing, whether now or in the future, to revert non-theft transactions, which is indeed undesirable. Furthermore, while in principle it could be argued that one should revert very small thefts, no reasonable person believes that this fork will lead to the daily forks necessary to revert every theft that has ever occurred on any coin. Instead, the rational and reasonable conclusion is that a precedent would be set that when a large theft of a significant portion of a network's coins occurs, that theft should be forked away.
But while everyone is focusing on the "revert" precedent, nobody seems to be drawing attention to the other precedent that will be set here: whether scams of this magnitude are allowed to stand or not. It is equally true that if no action is taken, then a precedent will have been set that anyone may perform any attack, no matter how immoral, and miners are to stand by and take no action.
Consider, however, what will happen if the fork does occur. The precedent for thefts then becomes: "if you attack this network and steal people's money, you will have taken a large risk and won't earn anything for your trouble." This is a very advantageous promise for a network to make. First, it significantly reduces the motivation for hackers to attack in the first place. Suppose that an attacker has 1000 hours to devote to either cracking the next DAO, or trying to find a vulnerability that obtains Satoshi's private key. He knows that even if he cracks the new DAO, miners are likely to band together and make him come out with nothing. So he will instead attack the bitcoin network, where he can keep his gains (or not perform an attack at all).
Few seem to recognize that a network that takes stands against big attacks is more valuable to businesses. If I had a choice between two networks to use for launching a new wallet service, which would I choose? I could secure my millions of coins on the Ethereum network, knowing that if a hacker tries to steal it the hackers will likely earn nothing, or I can use the bitcoin network, where the prevailing view is "Oops! Your bad!" And even if I think nobody would care enough to do anything about my theft on Ethereum, I still know that the attacker is less likely to steal in the first place. This is why the network's taking a stand against huge attacks, in the limited manner that is actually being discussed (not in the portrayed "someone will revert my transaction of 5 ether" manner that nobody is actually seriously considering), is a significant benefit to the network.
A third reason to fork Ethereum is the consequences to the future of the platform of not doing so. Some are worried about the attacker attempting to sell all his Ethereum and crashing the market, but thousands of bots are watching that address and everyone will be notified immediately if the money moves to an exchange. The attacker would be identified immediately if he ever attempts to sell or make a purchase. Instead, the real worry is the damage that could be caused by the attacker attempting to "poison wallets."
The criminals behind this attack have shown that they obviously aren't acting rationally, as if the they were, they would have stolen the money, shorted the market, and disappeared. Instead, they continue to stick around and go after child DAOs. Given that they aren't acting rationally, and they can't actually spend the money themselves, they could decide to poison the entire Ethereum network by sending a few ether to every address and contract. Since there is no way for recipients to refuse incoming transactions in any known cryptocurrency, everyone who owns Ethereum could find themselves having to deal with these tainted coins. Someone claiming to be the attacker (who signed with the wrong key) said he would do this, so the idea is obviously out there. This could be a network-ending event that must be prevented.
If I were to receive such stolen coins in my wallet, I would have to decide what to do with them. As do most people, I want no association whatsoever with the criminals, and I can see three options. I could leave them in my wallet and never spend them, with the intent of plausible deniability, but the claim is undermined because almost all clients report balances and I couldn't argue I missed the balance when I next spend my other coins. I could send them back to the attacker, but that could bring my address to his attention, causing him to send more back; or police could think that I was associated with the attacker because I sent money back to him.
The problem with these two options is that they record an acknowledgement that you received the coins. For businesses, this is deadly - recall that New York, for example, defines a "money transmitter" who must obtain expensive licenses as one who "receives" and "transmits" money. We own a business (a mining pool) that receives no money but transmits it. Now, the business has received money and could be in huge legal trouble because it is now an unwanted "money transmitter" for someone who could be involved in the drug trade.
In the end, I think that the best solution in the absence of a hard or soft fork would be for the community to set up a "shared burn" contract, which everyone (including the police) knows is a place that has been agreed for people to record their intent to dispose of the unwanted coins. I would burn DAO coins sent to our business in this way. Note that since gas cost is not computed until after a transaction amount is provided, victims will have to waste their own money getting rid of these coins. The attacker could be especially malicious if he repeatedly sent more coins to addresses after the previous coins were burnt, wasting even more time and making it appear as if the victim is more culpable. He could inflict maximum pain by targeting businesses that must avoid an association with him at all costs, to the point where they must cease operations with Ethereum.
The attacker has something unique. Someone who owns a lot of coins and bought them legitimately is unlikely to waste them because they can be spent on other things. But the attacker's coins are worthless for any reason except for performing more attacks. He can't spend them, but he can write a contract that wastes so much CPU power that people uninstall their Ethereum nodes, bankrupts businesses with compliance costs, wastes people's gas with small change, or fills up blocks with spam for a year to come. There is exactly zero ability for the attacker to do anything other than cause catastrophe when his coins are available.
There are two, somewhat more minor, arguments for forking Ethereum. One of them is to avoid government investigations by bureaucratic agencies. Even if miners are willing to allow the theft to go unchallenged, the SEC and FBI certainly will not. They will devote significant resources to investigating the DAO and Ethereum, create unfavorable regulations, and tie up Buterin, other Curators, and Ethereum developers with interviews and legal problems. The government interference would set back development significantly as time and money is devoted to lawyers and lawsuits. The attacker, while certainly a target, will not receive most of the scrutiny. The way in which taxpayer dollars are spent on demonizing the technology, rather than pursuing the criminals, has been repeatedly proven in many previous cases like the Cryptsy theft, where Cryptsy was immediately reprimanded for a lack of licensing but there is no news at all of any action against the perpetrators.
A final reason for supporting a fork is that a new approach to cryptocurrency is needed. Bitcoin has failed (although the naïve investors in the current bubble may trick people who don't actually use the network into believing otherwise) because Gavin Andresen resigned and created a leadership vacuum that persists to this day. The lack of leadership has resulted in warring factions who do not trust each other and censorship that does not allow for even the most basic discussion to work out their differences. Events have shown that having nobody in charge does not work. Ethereum has taken a different path, with an honest man as a leader who miners can remove if necessary in the future.
People in places like /r/bitcoinmarkets express incredulity about why Ethereum is quickly recovering, given that smart contracts are supposedly "broken." But even if contracts were broken (which they are not), they fail to recognize that the reason Ethereum has skyrocketed in value is because the Ethereum community works together and solves problem, while bitcoin has been infiltrated with unreasonable people. As I said months ago, people aren't buying Ethereum for the contracts; they're buying it because it has solved the blocksize problem, and they are confident that someone will be able to make a decision to fix whatever problem shows up next. Ethereum should not be influenced in its decisionmaking by bitcoin precedents or what people in the bitcoin community believe, because what they are doing obviously isn't working and adhering to bitcoin principles is going to lead to the same problems that are killing bitcoin.
In conclusion, plans for an Ethereum fork should be supported by everyone interested in the future of cryptocurrency, whether they were directly affected by the DAO theft or not. Ethereum should not allow bitcoin principles to influence its decisionmaking, lest they make the same mistakes. Government agencies will have nothing to investigate if the theft is reverted and nobody lost any money. Supporting a fork avoids the dangerous possibility of the attacker poisoning the entire network with these stolen coins and forcing out businesses who must avoid the liability of becoming money transmitters. Supporting a fork sets a precedent that hackers will not be allowed to succeed in large-scale attacks, incentivizing criminals to go elsewhere.
But most importantly, the community has a moral imperative to take action in favor of the victims of this attack. The money must be returned to the victims to allow them to invest it in another DAO, pay their rent, or to raise their kids. Sometimes there are more important issues at stake than abstract principles of whether code is correct, and the consequences to real people by doing nothing are unacceptable. I will be upgrading all of our nodes to support the fork, and all of my miners will work towards it. I hope that everyone will join me in standing up for the victims, showing attackers that their actions will not be tolerated, and demonstrating that the community and leadership of Ethereum, unlike those of bitcoin, is able to respond effectively to any crisis that is thrown its way.
To begin, human decency is an important concept that one finds largely absent in online discussion forums. In fact, one of the seminal causes of the bitcoin crisis that is going to lead to its impending crash is a simple inability for key figures like Michael Marquadt, Gregory Maxwell, and Peter Todd to treat their opponents with respect and dignity. When leaders act the way that Marquadt, Maxwell, and Todd do, it sets a tone that others follow. As a result, many bitcoin users have become accustomed to ignoring the effects on individual people that result from their decisions.
Yet, despite what these people say, the consequences to actual human beings and their lives from the DAO theft loom large. Some detractors argue the technicality that the DAO's "code" is canonical, and therefore anyone is welcome to do anything with the DAO's money as long as their actions conform to the code. The idea that what happened is not a theft is ludicrous. Someone stole money from 20,000 people and kept it from himself. Few people, if anybody, who invested in the DAO did so with the intention that the DAO should be a race to see who can empty it first. Everyone understood that the DAO was created with the purpose of investing money in Proposals that were anticipated to earn a return. That's what the website said, that's what the marketing portrayed, and that's what its Curators intended. A survey of reasonable people would show that almost everyone sees through the false argument that the attacker simply "used the code."
How much money was stolen? It was about $80m; by contrast, the Antwerp Diamond Heist, the largest in history, resulted in $100m in stolen diamonds and gold. It is important to keep in mind the scale of the disaster - the theft of the DAO funds ranks within the top thefts of all time. It is not an acceptable argument to blame the victims and suggest that it was their faults for investing in the DAO. The DAO did not fail because of the inherent risk of the crowd investing in the wrong projects and going bankrupt; it failed because someone stole its money.
If no action is taken, then up to 20,000 lives will be different, and some of them will still be recovering 30 years from now. In 2050, there may be someone who could have retired five years prior, but who will still be working because people failed to take action on the DAO attack decades before. Given the large sample size, there is almost certainly a child who will not get the opportunity to go to college and will therefore suffer a lifelong setback if miners do not act. This isn't some game with numbers on a whiteboard. There are real people with real lives at stake, and the decision of miners in the next few weeks will determine whether they get some of their value back or whether a worthless scumbag wastes their futures.
I don't believe that a hard fork will destroy Ethereum or cryptocurrency as many do. However, it is important to note that justice in this instance is more important than the future of smart contracts. Even if it were known that there would never be a smart contract again, we as human beings still have a moral imperative to not allow such behavior to stand.
The idea of not allowing the theft to stand brings me to a second reason that an Ethereum fork is required: to set a precedent. An argument provided by those opposed to the fork states that refunding DAO investors would set a negative precedent that any transaction can be reverted in a blockchain. But this argument again, goes overboard. Nobody is proposing, whether now or in the future, to revert non-theft transactions, which is indeed undesirable. Furthermore, while in principle it could be argued that one should revert very small thefts, no reasonable person believes that this fork will lead to the daily forks necessary to revert every theft that has ever occurred on any coin. Instead, the rational and reasonable conclusion is that a precedent would be set that when a large theft of a significant portion of a network's coins occurs, that theft should be forked away.
But while everyone is focusing on the "revert" precedent, nobody seems to be drawing attention to the other precedent that will be set here: whether scams of this magnitude are allowed to stand or not. It is equally true that if no action is taken, then a precedent will have been set that anyone may perform any attack, no matter how immoral, and miners are to stand by and take no action.
Consider, however, what will happen if the fork does occur. The precedent for thefts then becomes: "if you attack this network and steal people's money, you will have taken a large risk and won't earn anything for your trouble." This is a very advantageous promise for a network to make. First, it significantly reduces the motivation for hackers to attack in the first place. Suppose that an attacker has 1000 hours to devote to either cracking the next DAO, or trying to find a vulnerability that obtains Satoshi's private key. He knows that even if he cracks the new DAO, miners are likely to band together and make him come out with nothing. So he will instead attack the bitcoin network, where he can keep his gains (or not perform an attack at all).
Few seem to recognize that a network that takes stands against big attacks is more valuable to businesses. If I had a choice between two networks to use for launching a new wallet service, which would I choose? I could secure my millions of coins on the Ethereum network, knowing that if a hacker tries to steal it the hackers will likely earn nothing, or I can use the bitcoin network, where the prevailing view is "Oops! Your bad!" And even if I think nobody would care enough to do anything about my theft on Ethereum, I still know that the attacker is less likely to steal in the first place. This is why the network's taking a stand against huge attacks, in the limited manner that is actually being discussed (not in the portrayed "someone will revert my transaction of 5 ether" manner that nobody is actually seriously considering), is a significant benefit to the network.
A third reason to fork Ethereum is the consequences to the future of the platform of not doing so. Some are worried about the attacker attempting to sell all his Ethereum and crashing the market, but thousands of bots are watching that address and everyone will be notified immediately if the money moves to an exchange. The attacker would be identified immediately if he ever attempts to sell or make a purchase. Instead, the real worry is the damage that could be caused by the attacker attempting to "poison wallets."
The criminals behind this attack have shown that they obviously aren't acting rationally, as if the they were, they would have stolen the money, shorted the market, and disappeared. Instead, they continue to stick around and go after child DAOs. Given that they aren't acting rationally, and they can't actually spend the money themselves, they could decide to poison the entire Ethereum network by sending a few ether to every address and contract. Since there is no way for recipients to refuse incoming transactions in any known cryptocurrency, everyone who owns Ethereum could find themselves having to deal with these tainted coins. Someone claiming to be the attacker (who signed with the wrong key) said he would do this, so the idea is obviously out there. This could be a network-ending event that must be prevented.
If I were to receive such stolen coins in my wallet, I would have to decide what to do with them. As do most people, I want no association whatsoever with the criminals, and I can see three options. I could leave them in my wallet and never spend them, with the intent of plausible deniability, but the claim is undermined because almost all clients report balances and I couldn't argue I missed the balance when I next spend my other coins. I could send them back to the attacker, but that could bring my address to his attention, causing him to send more back; or police could think that I was associated with the attacker because I sent money back to him.
The problem with these two options is that they record an acknowledgement that you received the coins. For businesses, this is deadly - recall that New York, for example, defines a "money transmitter" who must obtain expensive licenses as one who "receives" and "transmits" money. We own a business (a mining pool) that receives no money but transmits it. Now, the business has received money and could be in huge legal trouble because it is now an unwanted "money transmitter" for someone who could be involved in the drug trade.
In the end, I think that the best solution in the absence of a hard or soft fork would be for the community to set up a "shared burn" contract, which everyone (including the police) knows is a place that has been agreed for people to record their intent to dispose of the unwanted coins. I would burn DAO coins sent to our business in this way. Note that since gas cost is not computed until after a transaction amount is provided, victims will have to waste their own money getting rid of these coins. The attacker could be especially malicious if he repeatedly sent more coins to addresses after the previous coins were burnt, wasting even more time and making it appear as if the victim is more culpable. He could inflict maximum pain by targeting businesses that must avoid an association with him at all costs, to the point where they must cease operations with Ethereum.
The attacker has something unique. Someone who owns a lot of coins and bought them legitimately is unlikely to waste them because they can be spent on other things. But the attacker's coins are worthless for any reason except for performing more attacks. He can't spend them, but he can write a contract that wastes so much CPU power that people uninstall their Ethereum nodes, bankrupts businesses with compliance costs, wastes people's gas with small change, or fills up blocks with spam for a year to come. There is exactly zero ability for the attacker to do anything other than cause catastrophe when his coins are available.
There are two, somewhat more minor, arguments for forking Ethereum. One of them is to avoid government investigations by bureaucratic agencies. Even if miners are willing to allow the theft to go unchallenged, the SEC and FBI certainly will not. They will devote significant resources to investigating the DAO and Ethereum, create unfavorable regulations, and tie up Buterin, other Curators, and Ethereum developers with interviews and legal problems. The government interference would set back development significantly as time and money is devoted to lawyers and lawsuits. The attacker, while certainly a target, will not receive most of the scrutiny. The way in which taxpayer dollars are spent on demonizing the technology, rather than pursuing the criminals, has been repeatedly proven in many previous cases like the Cryptsy theft, where Cryptsy was immediately reprimanded for a lack of licensing but there is no news at all of any action against the perpetrators.
A final reason for supporting a fork is that a new approach to cryptocurrency is needed. Bitcoin has failed (although the naïve investors in the current bubble may trick people who don't actually use the network into believing otherwise) because Gavin Andresen resigned and created a leadership vacuum that persists to this day. The lack of leadership has resulted in warring factions who do not trust each other and censorship that does not allow for even the most basic discussion to work out their differences. Events have shown that having nobody in charge does not work. Ethereum has taken a different path, with an honest man as a leader who miners can remove if necessary in the future.
People in places like /r/bitcoinmarkets express incredulity about why Ethereum is quickly recovering, given that smart contracts are supposedly "broken." But even if contracts were broken (which they are not), they fail to recognize that the reason Ethereum has skyrocketed in value is because the Ethereum community works together and solves problem, while bitcoin has been infiltrated with unreasonable people. As I said months ago, people aren't buying Ethereum for the contracts; they're buying it because it has solved the blocksize problem, and they are confident that someone will be able to make a decision to fix whatever problem shows up next. Ethereum should not be influenced in its decisionmaking by bitcoin precedents or what people in the bitcoin community believe, because what they are doing obviously isn't working and adhering to bitcoin principles is going to lead to the same problems that are killing bitcoin.
In conclusion, plans for an Ethereum fork should be supported by everyone interested in the future of cryptocurrency, whether they were directly affected by the DAO theft or not. Ethereum should not allow bitcoin principles to influence its decisionmaking, lest they make the same mistakes. Government agencies will have nothing to investigate if the theft is reverted and nobody lost any money. Supporting a fork avoids the dangerous possibility of the attacker poisoning the entire network with these stolen coins and forcing out businesses who must avoid the liability of becoming money transmitters. Supporting a fork sets a precedent that hackers will not be allowed to succeed in large-scale attacks, incentivizing criminals to go elsewhere.
But most importantly, the community has a moral imperative to take action in favor of the victims of this attack. The money must be returned to the victims to allow them to invest it in another DAO, pay their rent, or to raise their kids. Sometimes there are more important issues at stake than abstract principles of whether code is correct, and the consequences to real people by doing nothing are unacceptable. I will be upgrading all of our nodes to support the fork, and all of my miners will work towards it. I hope that everyone will join me in standing up for the victims, showing attackers that their actions will not be tolerated, and demonstrating that the community and leadership of Ethereum, unlike those of bitcoin, is able to respond effectively to any crisis that is thrown its way.