A Typo Sent $36 Million of Crypto Into the Ether


One of the key selling points of the blockchain is that it’s immutable: Once data is processed, once a transaction occurs, it can’t be undone. One of the most painful downsides to the blockchain? It’s immutable. If human error causes something to be sold for the wrong price or money to be sent to the wrong place, reversing it can be difficult or even impossible.

That is the unfortunate place developers of the Juno cryptocurrency find themselves. A community vote had decreed that around 3 million Juno tokens, worth around $36 million, be seized from an investor deemed to have acquired the tokens via malicious means. (This in itself was a big crypto news story.) The funds were to be sent to a wallet controlled by Juno token holders, who could vote on how it would be spent. 

But a developer inadvertently copy and pasted the wrong wallet address, as reported by CoinDesk, leading to $36 million in crypto being sent to an inaccessible address.

Andrea Di Michele, one of Juno’s founding developers, explained to the publication that he sent the correct wallet address to the developer responsible for the transfer, as well as a hash number. Hashes connect blocks to one another in the blockchain, and at a glance hash numbers can look very similar to wallet addresses. The programmer in charge for the transfer accidentally copied and pasted the hash number, rather than the wallet address. 

Even more painful than the human error, Di Michele said to CNET, was the fact that none of the network validators caught the mistake. Blockchains require “validators” to verify each transaction, encoded in “blocks”, so that they can be added to the chain. This transcation had 125 validators, Di Michele explained, but not one checked. “This is a wake up call for validators,” he said.

Juno is a blockchain which seeks to compete with Ethereum by being more scalable and efficient (read: cheaper and less environmentally damaging). It’s a Proof-of-Stake blockchain, which is more efficient than the Proof-of-Work consensus mechanism used by Bitcoin and Ethereum. PoS systems verify transactions by having token holders vote to approve them, where as PoW chains rely on the solving of computationally demanding cryptography problems — which is why those systems crunch so much more power.

Blockchain infrastructure is mostly designed to improve decentralization, for instance, by allowing a network of people around the world to process payments instead of centralized institutions like banks. The downside to decentralization is no entity can instantly reverse human-errors like this. In December, someone accidentally sold their Bored Ape Yacht Club NFT for 0.75 ether instead of 75 ether — $3,000 instead of $300,000. Such “fat finger” errors aren’t uncommon. 

Blockchain developers have in the past found ways to reverse transactions, but the solutions aren’t simple. When a hacker exploited a smart contract in 2016 and stole $50 million in ether, Ethereum developers had to “hard fork” their blockchain to recover the funds — in essence they created a replica of the existing blockchain, keeping it identical in every way except that the stolen funds were transferred to a recovery address. It was a contentious episode. Some in the community thought it violated the principles of cryptocurrency and continued to operate the original blockchain at Ethereum Classic.

The problem may be easier for Juno’s developers to solve, owing to it being a Proof-of-Stake chain. Di Michele said that Juno runs on a governance model — where token holders can vote to alter blockchain transactions — and so changing course requires a majority vote and then a software update. 

“Funds will go to the correct address in one week or something, it’s bad but can be solved easily,” Di Michele he said to CNET. “Funds will be recovered with another upgrade that will adjust chain state. PoS chans are not like Bitcoin, they are governance powered. If governance says something, even state changes can happen.”



Source link

Leave a Reply

Your email address will not be published.