How much of this is... "Return it or we break your legs"?
I'd be significantly concerned about coming into $27 mn, even if (according to the laws of Medes and Persians and smart contacts) it was mine to rights.
There's "I hate you $1,000 much", and "I hate you $1,000,000" much. I should be able to manage the first. The second? Not so much.
Can confirm. I had a co-founder screw me out of >$1mm. It's not something I think I'll ever "get over". As in, if I see him walking down the street I may enter a state of temporary psychosis.
You are dramatizing. Bitfinex is a bit shady but not Cocaine-dealers kind of criminal. Add that to the fact that many miners are anonymous or are actually pools run by actual companies. Best they can hope for is a legal proceeding.
> Bitfinex is a bit shady but not Cocaine-dealers kind of criminal
Not far off [1]. Serial counterfeiting, fraudulent tax losses, shipping "a large block of wood" in a box supposed to contain memory chips.
Granted, no proven track record of violence. But most people in the illicit drug trade have no such record. And this one doesn't show evidence of good judgment.
Crazy. Was this just the result of a typo? Perhaps not, considering:
- The transaction sender set both the max total fee and the max priority fee to above 10 million. Most UIs require at least two manual setting changes to do this.
- The sender is Bitfinex -- they're pros and not just a mon and pop.
Maybe it could just be a transfer from the sender to whoever the miner is...
Take a typical $23 transaction fee, which comes out to ~0.00775756 ETH
Of course, everyone knows you don't want to do math as floating point, you want to use an integer representation. 1 ETH can be divided into 1e18 "Wei" or 1e9 "GigaWei".
So that 23 USD could be expressed an an integer "7757560", with the expectation that the decimal point would get moved 9 points <- thataway to become 0.00775756 ETH
If somewhere in your code you do some kind of money formatting that turns 7757560 GWEI into 7757.56 ETH, you've got your $23,000,000 USD mining fee.
This is why in "classic" fintech they used so-called "decimal" fixed-point numbers for decades. To not use COBOL as an example let's check something more modern, e.g. Rust[1].
This sounds about right but I think the mistake is a little bit simpler. In an eth transaction you don't actually specify the total fee, you specify the gas price. In the raw transaction it is measured in wei. But in UIs it is common to represent price in gwei (see e.g. https://ethgasstation.info/).
So instead of a bug in converting gwei to eth, I bet somebody thought they were specifying the raw price in wei but the input box assumes gwei and does a x1000000000.
My position for ages now has been that it was a mistake to make floating point types first-class primitives in most programming languages. Integers and rationals should be the go-to types for most code most of the time. If you really need a IEEE float, you should reach into a library to get it.
What you include as a first-class element in your languages, versus what is packed away in a library, will affect what developers do with your language.
For instance, Numpy provides array-language [1] capabilities to Python, but because it isn't a first-class element in the language Python is not thought of as an array language, and using it as one would be a bit clunky.
Decimals are just the subset of rationals where the denominator is always a power of 10, so the representation and arithmetic operations are simple if you already have rational support (though if you need to preserve decimal results, you need approximation logic for division, since dividing two rationals with denominators that are powers of 10 may result in a rational with a denominator that is not a power of 10.)
> though if you need to preserve decimal results, you need approximation logic for division, since dividing two rationals with denominators that are powers of 10 may result in a rational with a denominator that is not a power of 10.
This is also true for adding, subtracting, and multiplying, though in those cases it is always trivial to convert the result into a form where the denominator is a power of 10.
The CEO of diversifi is Will Harborne. The Miner is Christopher Harborne his father. Assuming this was deliberate what benefit for Christopher Harborne to possess this coin for a few hours? (thats what occurred)
Yep. In one of the previous cases of jaw-dropping txn fees, while we never learned who lost so much, we can be pretty sure it was a program as the exact same thing happened again 24 hours later.
> DeversiFi — a non-custodial exchange that spun out of Bitfinex in 2019 — said the transaction originated via its platform, which offers access to DeFi protocols "without paying gas fees." These transaction fees, it turns out, are paid out through one of Bitfinex's main wallets, which ended up footing the bill.
Am I understanding correctly that Bitfinex is subsidizing DeversiFi transactions? How does this work? And why does Bitfinex do this?
If the money laundering theories in this thread are correct, then could be related to that.
But also Biftinex/Tether benefit if people lock up their USDT into earning schemes rather than trying to redeem them for fiat. It reduces withdrawal pressure and allows Tether to keep the game going.
(This is assuming the common theories that Tether is unbacked/poorly backed are true. In a ponzi, managing withdrawals is paramount, and all the crypto high yield earning on stablecoins provides a way to discourage withdrawals)
I haven’t thought through the trading aspect though or why that would be subsidized. I guess it does soak up USDT as well.
Edit: a couple other facts came forward.
Deversifi was originally called Ethfinex, a Bitfinex spinoff
> The miner that got the fee is owned by Christopher Harborne, Bitfinex shareholder
Oddly enough I looked at DiversiFi’s twitter[1] right after reading your update and they re-tweeted[2] someone mentioning DiversiFi’s founder, Will Harborne. Are they related?
You can't redeem tether for dollars from Tether themselves, yes, but when you swap tether for dollars at a third party exchange then Tether has to pump some dollars into the trade to support the peg.
I’m not sure if they do, but if there was sell pressure they would have to or peg would break. Possible there is not sufficient sell pressure at moment.
When you sell USDT for USD on exchange, someone is providing that dollar. If no private market participant willing, then peg slips. You would expect fiat withdrawals in downturns and peg slippage absent support.
>How much does bitfinex support the price at $1 on exchanges?
An open question. Several attorneys general have ongoing investigations regarding the tether peg.
A really grim and cynical person might make the case that exchanges want something like tether to exist, and are incentivized to fudge the public-facing numbers regarding tether trade volume and its order book.
I think what you're saying here is that if there was a run on tether, bitfinex might stop supporting it. And sure, I think that's probably true. But I'm asking how much of a role do they play in actively supporting it day to day. Are they the principle buyer of the currency when people want to liquidate? Or is it other people?
If you asked Bernie Madoff on December 10th 2008 how well his investment fund was doing, he would say "Excellent, thank you."
The set of people who have inside information on how tether functions and the set of people who would actually tell the truth about it are entirely disjoint.
Well, they officially don't guarantee that they will redeem Tethers, but in practice they do, at least for the time being. So any withdrawal pressure would be de facto rather than de jure
Last time I checked, there were significant "limitations" (to be charitable... that you could only redeem holdings above $100K, only if you were a non-US person, and subject to 90-180 day holding periods.
People have also offered bounties for proof of people having redeemed Tether, and those bounties are still outstanding.
My suspicion is that if anyone has actually redeemed Tether, they are either institutional (and Bitfinex doesn't want to piss them off) or an insider/"friend".
Institutions are happy to provide arbitrage on tether -> any other crypto since they can redeem. Sure there's an extra step involved, but there's essentially no difference between selling to an institution for $1 of crypto and redeeming for $1.
The founders of CMS holdings talk about redeeming tether all the time. It's literally just the same as redeeming USDC or any other stable coin. And before you say they're insiders, Dan (one of the founders) used to work with the creators of USDC.
But that's like saying that in the regular market that because Charles Schwab and Fidelity are competitors, they don't have a whole lot of cooperation - they do, because at that scale (and with the amount of arbitrage and speculation in crypto), you need to cooperate with your competitors, or you will be iced out.
(This is not meant to be a critique of you, just a rant about a particular strain of blockchain evangelism)
It never ceases to amaze me that blockchain aficionados on one hand praise the supposedly revolutionary transparency of the blockchain, while on the other hand extolling that the "state of the art" concept of a ledger that isn't on the blockchain, is going to be what finally makes crypto "scale" and become viable for the masses.
This is like saying that anything not directly querying the root DNS nodes is not really using DNS. DNS responses are cached from said DNS nodes, and served by the myriad of DNS servers.
In a similar sense, blockchains with layer 2 scaling, result in all address balances being stored in the central blockchain, while people can transact with each other directly and instantly in a zero-trust, cryptographically secure manner. When either party in the transaction is "done", one of the parties will commit the address balances to the blockchain for the world to see. (The only model that makes sense, and actually allows for scaling, is a hub-and-spoke model, where everyone connects to a "node", much like with DNS, and lets the node handle the routing. This way users could keep accounts open while transacting with many different people / businesses.)
StarkEx is a blockchain, it’s just a blockchain that gets its security from another blockchain and has configurations for how to handle data availability.
So, how do you cancel a transaction with such an obvious mistake when it is recorded on a blockchain?
(This is a rhetorical question.)
EDIT: Why the downvotes? It's not okay to discuss the fact that in the possibility of human error (assuming this is one, and not a very wild —yet successful— bet on a laundering attempt), the incapacity to cancel transaction may be a problem?
You can ask Buterik to roll it back for you. He did it once for the DAO guys, so worth a try.
(Of course, that rollback also demonstrated that Ethereum is a centralised coin with a controlling entity, and that 'code is law' is just a lie, but that's another story)
No it didn't demonstrate that. Vitalik et al reached consensus for rolling back the DAO hack. A major reason why they reached consensus was that so many players had a vested interest in the rollback. If Vitalik had tried to push something unpopular, he wouldn't have been able to push it through, because - in contrast to your claims - Ethereum is not a centrally controlled blockchain.
The only difference between this and an attack is that the purpose was altruistic. It's one thing to shift to new/updated infrastructure, it's another to manipulate blockchain transactions. We just have to hope that Vitalik or whoever holds the most sway over Ethereum doesn't ever act in bad faith (in a way that may not be immediately discernable to others).
It’s increasingly hard for any person to have that much influence with so many different client implementations for Eth2, and the nodes will have to accept those changes, whereas Bitcoin is pretty much Bitcoin Core.
This is also how nation states work. And it takes probably far fewer people, less time, and can be done in secrecy when the US wants to enact a sanction and freeze accounts than it does to hard-fork ethereum.
Yeah they can always coordinate, but these things are never so clean. They'd also need to be convinced it wouldn't undermine the network faith in a way against their interests, beyond being a well hated figure. And that no fork would emerge reinstating the person (as their deed is far from hidden)
Miners can't just take money out of your account without your consent. That would require a change to how the protocol works.
At best a cabal of miners could censor you by refusing to include your transactions into blocks, and refusing to mine on top of any block that includes your transaction. But only while they maintain a majority of hashing power.
> Miners can't just take money out of your account without your consent. That would require a change to how the protocol works.
But that's exactly what we were talking about: hard forks that change how the protocol works. The parent comment that you responded to is correct in that theoretically a majority of miners could fork Ethereum to steal $100M from a single person.
The majority of nodes/users (not miners) would need to switch to the miners' new fork. Otherwise if the miners mined a block that doesn't follow the current protocol, it would be an invalid block and rejected by the network.
> The majority of nodes/users (not miners) would need to switch to the miners' new fork. Otherwise if the miners mined a block that doesn't follow the current protocol, it would be an invalid block and rejected by the network.
In the event of a contested hard fork both chains would continue to live, because some miners would mine chain A, and some miners would mine chain B. Yes, miners who mine the old chain would not accept blocks from miners who mine the new chain, you are correct about that, but the same statement holds true in reverse: miners who run the new chain would not accept blocks from miners who mine the old chain.
If a majority of miners decided to steal $100M by forking the chain, they absolutely could do that, even if the majority of users would support the old chain. In that event the tokens (which used to be worth $100M) would now exist on both chains, and it would be up to the market to decide how much the tokens are worth on each chain.
You don't need a majority of miners to create a hard fork. I still maintain it is up to the majority of nodes/users to determine if it is valid. If there has been a hard fork then by definition the network has rejected an invalid block(s). It is up to nodes/users to determine which network is "the" coin and thus mining valid blocks.
> You don't need a majority of miners to create a hard fork. I still maintain it is up to the majority of nodes/users to determine if it is valid. If there has been a hard fork then by definition the network has rejected an invalid block(s). It is up to nodes/users to determine which network is "the" coin and thus mining valid blocks.
Nope, I was very clear that in this context there is more than one network, so expressions like your "by definition the network has rejected invalid blocks" doesn't make sense. Network A rejects blocks by network B, and network B rejects blocks by network A. There is more than one network. You don't need to look further than Ethereum Classic to see that this can happen in practice. The "minority chain" doesn't just disappear magically.
I think we are losing track of the original claim which was miners could steal $100M from a user. Let's say I create a fork (network B) in which a user's account is set to 0 and mine has the amount that the user once had. In no sense have I stolen $100M from the user if it's on a chain that people don't recognize as being the one that represents the user's money (network A).
The original implication was you don't want to piss miners off otherwise they can unilaterally decide to take your money away. That is false.
> The original implication was you don't want to piss miners off otherwise they can unilaterally decide to take your money away. That is false.
If you are retreating your argument to that goal post, then we are in agreement: pissing off miners will not result in miners stealing your money. Your original argument was stronger, however. You were asserting that a minority-supported fork would not be able to steal money, which is not true.
I'm not retreating anything, that is still my assertion. The miners alone cannot delete your money. That was the original claim[1]. My responses[2] from the beginning have been addressing that.
It is a common misconception that miners, because they are the ones who produce new blocks, have power over the network and set the rules. That is not the case. Miners determine the order and inclusion of __valid__ transactions. Deleting your money would require a fork. Even if a majority of miners mined their own fork but didn't get users/nodes on board they would be wasting their time on what is essentially an altcoin that they alone care about. The network would ignore them and your $100M has not been deleted because it still exists on the chain everyone actually cares about.
There are only so many different ways I can state the above idea (going-on 4 times in this thread alone). If you still disagree, then I'm sorry I wasn't able to explain it any better. I'm going to politely decline from responding any further to this thread because I think we are just wasting each others' time.
[1]
"I guess you'd better hope you're never on the wrong side, politically, from a majority of ETH miners."
You're talking about minority-supported forks as if it was some kind of hypothetical scenario, where these forks couldn't possibly have any value. But it's not a hypothetical scenario, it's a scenario which has occurred multiple times in practice. So we don't have to discuss in hypotheticals about whether those minority-supported forks would have any value or not; we can look at what actually happened in those instances. For example, Bitcoin Cash right now has $9B market cap (not $0, like you imply).
The original claim was simply that the miners could delete $100M, not that a single person could unilaterally steal it.
I think it's not impossible to imagine miners and nodes voting to hard-fork a coin because some genocidal villain, Mr LiterallyHitler, had a large amount of wealth wrapped up in it.
You're getting downvoted because it's a longtime well-known problem of the blockchain. The answer to your question is that nobody can reverse the transaction or undo it. That's kind of the point, for better or or for $23m worse.
If the downvotes were inappropriate, other users will usually correct them (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...), but off-topic, guidelines-breaking complaints like the one you added don't get garbage-collected when that happens, so they linger on, adding noise to the thread.
The idea that the code maintainers get to decide which transactions are valid or not is insane. Almost as insane as saying an 'easy' fix is to arbitrarily fork the chain undermining it's whole purpose.
I'm not defending anything here but adding context. It wasn't JUST the "code maintainers." They made a proposal and all of the nodes "voted" by opting in or out. A lot of them opted out (Eth Classic) but majority usually wins in these situations. Did certain entities have more influence or power in this situation, yes 100%. Is that better or worse then how it would play out in standard US finance system? I'm not sure, you decide.
You can roll back Ethereum transactions without forking the blockchain if you build the rollback mechanism into your settlement contract.
There isn’t anything to “fork” in USD since it isn’t a blockchain, but different USD settlement layers get out of sync and have to be manually reconciled. If you instead tried to “fork”/replicate USD in that situation, you’d probably be thrown in jail for life. I personally prefer the blockchain way of expressing my option through code and seeing if anyone wants to follow me and not having to ask for permission.
The new kingmakers are the stablecoins. Whichever chain they decide to honor has a huge amount of economic weight behind it.
How much of this economic weight is real, at least in the case of Tether, is another story. I suspect we'll find out in the next few years as regulation ramps up.
I'll answer even if it's rhetorical, but there are some blockchains (I used to work for one) that allow arbitrary state transitions as long as it's approved by an approved authority.
Now, Ethereum has another way to fix this: forbid transactions that use a gas fee MUCH MUCH larger than the current average one.
if it's mined the only possible way would be to bribe the miners to revert the blocks by paying even more (like time bandit attack) or renting soooo much hashpower to create your own fork.
If it's not included yet you need to send another transaction with the same nonce that sends yourself 0 ether but with a higher gas price asap, this is not a guarantee however because the miner would probably still go with the transaction that is more profitable for them and because the fee was so high it got included in under 1 minute.
So once this transaction landed in the (public?) mempool it was gg.
Reversing transactions is massive problem in finance in general. It causes losses for merchants in both physical shops and online sellers because there's no objective measure of whether a transaction was a mistake or not so it's begging to be abused for fraud. Even if a court decides, somebody still loses when both parties had different expectations. People have overpaid wages or social welfare payments taken back from them after they already assumed it was correct and spent it, and are now in a big debt. People accidentally sign contracts that require them to pay more than they expected. There's fraud where people buy an item online, then claim they never received it and get their payment refunded while keeping the item.
You're assuming there's some benevolent God who can arbitrate who's right and who's wrong. In reality, people get screwed by bad payment reversal decisions all the time and there's no objective way to decide in every case.
The point is, even with all the failings of the courts, different interpretations of language, and every other flaw, it's still better than having no recourse at all.
> There's fraud where people buy an item online, then claim they never received it and get their payment refunded while keeping the item.
And of course, the blockchain solves none of this. It just makes rectifying the problem far more difficult.
> > There's fraud where people buy an item online, then claim they never received it and get their payment refunded while keeping the item.
> And of course, the blockchain solves none of this. It just makes rectifying the problem far more difficult.
Web3 stores would use an escrow service for physical goods where the buyer's money goes into the escrow contract and gets released to the seller when the buyer receives the item. In the case of a dispute it would summon a Kleros jury of say 30 jurors who would look at the presented evidence and come to consensus on an outcome. A lot of these problems have already been solved in a decentralized way but it's still early days so higher complexity projects take a while to come to fruition.
How would any reversals be decided without a benevolent God? I've shown that traditional finance can't do it "correctly". Apparently smart contracts can't either. Courts can't because the law is sometimes ambiguous and unknown before it's tested in court. Traditional contracts can't because people get tricked by not reading the fine print. I think nobody can except an imaginary benevolent God.
If you just call the boss of reversals and say "sorry I made a terrible mistake, please reverse the payment", how can he trust that you're not the fraudster yourself? Even in the case in this article, how can any 3rd party truly know that it was a mistake and not just someone pretending it was a mistake so they can get it back?
Blockchain solves the problem of chargeback fraud. It's one specific class of fraud but it's solved by that technology even if other classes of fraud are created.
Not in every case, for sure. But many cases are pretty easy to arbitrate. This one for example: when the transaction fees 230× greater than the transaction amount, it is fair to assume that is was not meant to be that way.
If I loose my credit card and/or it gets stolen, and someone uses it in the time between when I declare I lost it and when it is blocked, my bank is required by law to refund me (and I guess my bank attempts to get their money back too, but that's not really my problem).
Also:
> There's fraud where people buy an item online, then claim they never received it and get their payment refunded while keeping the item.
A blockchain can't solve that kind of problems. And it never will. It is not because something is written on a blockchain that it is true, except for cryptocurrencies because that is how they define truth. But as soon as you have something happen in the real-world (in your example, an item sent in exchange for a payment), then a blockchain is useless, or at least, it is not any more useful than any type of ledger.
Everyday credit card users who rely on the bank to protect them from fraud should not be using cryptocurrency directly. They also should not carry their money around in cash, yet cash still exists and people can take personal responsibility for the risk of loss if they choose.
A blockchain can solve "didn't receive the item" fraud because the merchant has the payment before they send the item and can refuse to refund it. Of course it creates a new kind of risk for the buyer, but that's not what we're talking about here.
It's inevitable that transactions made in error cause problems for the sender or receiver or both, but it is still better to have a human judge scrutinize the case with the ability to impose a more reasonable outcome than the status quo, than to have no such recourse. The position of defi fans that it is better to have no such recourse is ludicrous.
Your example is a good one: that particular case was carefully scrutinized by the court and the judge decided that the outcome was reasonable, mainly because the creditors who received the money were owed the money. If the outcome was obviously unreasonable, e.g. Citibank had simply sent $1B to some random address, of course the judge would have reversed it.
>Here's an example of traditional finance screwing someone over for making an obvious mistake. Where's this ability to reverse transactions when you need it?
It still exists, and note that the case did reach a court. It just happens that the beneficieries were also owed that money, and that allowed them to win the subsequent lawsuit:
If you’re in the financial transaction business, a big chunk of the service you provide is dispute handling, people tend not to realize this. It isn’t a simple cost of business or side service, it’s a primary competence of anybody responsible for handling money.
Yes, that's why it's a big problem. They also often make the wrong decision and leave people screwed over. Just look at all the complaints from Ebay sellers who got ripped off by Ebay siding with the fraudulent customer. There are cases where the seller can't trust the buyer and the authorities that are supposed to be arbitrating disputes can't be bothered doing their job because it's too hard. That's where crypto's non-reversibility is useful.
It's the exact same flaw as cash. If you mess up and send it to the wrong person in the mail or set it on fire, there is absolutely no recourse, unless there's someone to sue maybe.
As long as you understand that I don't see the problem. I use cash a lot myself. Of course, we basically did invent the entire banking system to get away from the many downsides of literally lugging bags of gold around, like theft and loss without recourse.
You're pointing out an obvious major flaw with blockchain that is a consequence of what many in the crypto community believe to be an advantage, namely that your assets cannot be seized without your private key.
Your post is basically this, but less humorous so people are upset.
https://xkcd.com/538/
So to answer your question, how you revert this transaction is to buy $5 wrench and go have a conversation with the miner.
Think of ETH fees as more or less an auction. When you submit a transaction to the Ethereum network, you're hoping it will be mined as soon as possible. Miners select which transactions to include based on the miner fee.
The minimum miner fee that is required for a transaction to be processed promptly is therefore constantly an open question / constantly changing, which gives rise to services like https://ethgasstation.info/ which attempt to tell you how much you should reasonably expect to pay.
In terms of how today's outcome is possible: when you are submitting a transaction, any amount of ETH that you have on your account could validly be spent as the fee.
So in this case, either by human error or a software bug, someone with a large amount of ETH in their balance essentially spent all of it on the transaction fee.
The miner _gets_ all of those ETH. So some lucky miner just got a huge spike in profit.
They probably mixed up their spent output with the fee output. It happens from time to time and some miners are happy to send the funds back. But it'll be interesting to see what happens in this case when it's $23m.
Ignoring the already public statements that have already been made by the Bitfinex and co, and the fact that a large transactions like this is guaranteed to trigger folks in the community to poke at the transaction, I'm curious what leads you to believe that its a money laundering attempt?
Details are scarce at this point but this is just another data point suggesting that DeFi doesn't solve a real problem. Yes, the existing financial infrastructure is slow and costly but in a pretty good local maximum. Touted features of DeFi that are arguably worse than what they're replacing:
1. "Your contract is executed exactly as it is written! No loopholes, no shenanigans!" Clearly this is a double edged sword. Since code is a lot more complex than written human language, expressing intent can be very difficult. In a regular contract, if your counterparty figures out a clever way to cheat you out of your money, you can sue them in court and the judge will very likely tell them to give the money back and slap them with damages too. Apparently in Ethereum Smart Contracts, you can accidentally/inadvertently allow for a gas fee that 230x the transaction value and there's literally nothing anyone can do for you.
2. "No need for expensive lawyers/bankers!" True! But you now need to pay expensive computer scientists to write/review your contracts, who are probably at least twice as expensive as the bankers. Oops.
3. "Not centralized! Don't be chained by unjust government regulation!" True, but also probably not optimal for 99.5% of people. Anyone who has been banned from Venmo for making a North Korea joke knows how annoying AML/KYC is, but by and large the regs (in the US at least) are written in a way that protect the average joe and society as a whole.
100%. I keep harping on the point that "smart contract" is such a bad name for these things. A real-life contract is not the execution of the task(s) itself, it's the legal recording and reinforcement of the promise(s) made by the parties if/when things go wrong.
In normal contracting the paper is the source code and you need to find some real live people to be the compiler. Sometimes it's everyday people, sometimes operations professionals, developers, finance or legal personnel. Ultimately you always can fall back on the court or arbitrator as the ultimate compiler and interpreter. So, different compilers maybe for smart contracts? ....
I'm trying to roll with you on this idea, but I can't help but think that this is just a square-peg round-hole thing. I am a (mostly non-practicing) lawyer; but I teach IT full time.
Like "A.I," a lot of people dream about the idea of revolutionizing or strongly improving on law via code, and I don't see it happening, ever. It's this well meaning and seductive idea that we can leverage the superior power of computery thought and ideas to "correct" the foibles of humans -- but I think "human disputes" are too slippery to be bound by code, and the beauty and triumph of "law" as a system is that it too is slippery enough to manage it reasonably.
To me it's strongly related to the complete layman fantasy of "well, they should have just written the law more clearly and everything would be fine."
Don't discount the capriciousness of the law's execution. In many cases, being the right skin color and wealthy comes across like a superpower compared to Joe Average. I'd hazard a guess that many "use code for law" types basically want to put Lady Justice's blindfold back.
That doesn't mean it's a good idea, nor that is bad. It comes from good intentions, is all.
(Very aware that those can be used for paving certain roads)
Sure, I get the impulse to try and that in many ways is the lovely thing about the spirit of tech and hackery... buuuut also I'm a black man whos seen e.g. entirely too much "oh they were well intentioned" when the AI thought the black folks were monkeys. So, yeaaaah, not holding my breath. :)
Yes, and the reverse also is an interesting thought exercise-- if this paper contract really was a piece of software, what would folks do to QA it, write it, interpret it. I mean, paper contracts are written using hopelessly buggy and ambiguous human languages theoretically capable of so many non-harmonious interpretations. The solution really is about friendly, trusted compilers approaching the contracts from a fundamentally cooperative direction. You write a contract with your trusted partner on a napkin at dinner. And when trust fails, courts interpret in an explicitly prosocial way.
Not just 23x...but 230x transaction value ($23M to send $100K). Not to mention it was 7,700,000x the going rate for the other transaction in that same block.
This might be a very naive question, but would it not be the case that many contracts would be essentially similar in nature? So while weird loopholes would exist at first, over time there could be a large library of tried-and-true contracts which could be applied to the situation at hand?
The key difference (which is categorical) is that if there is a latent bug in one of these contracts that goes unnoticed and then gets exploited later, you're still out the money. Intent doesn't matter.
There is essentially a 0% chance of such an outcome with a regular contract (at least in US contract law). Intent is a cornerstone of contracts in the real world. Just because someone came up with a clever "exploit" doesn't entitle them to rip you off. This is a very good thing.
On Ethereum there's an organization called OpenZepplin that does exactly that. They have common code for making contracts that are ownable, upgradeable, follow NFT / ERC20 standards etc.
That is arguably tending towards centralisation, as there will then be a market of brokers that know which contracts to suggest, and then there will be other places that will only accept contracts from a known broker.
There will, of course, be the more expensive brokers that can exploit loopholes, but even as a stretch this isn't vastly different to a bank account in the Caymans.
Of course, you don't have to participate - you can hold the 'cash' equivalent or concoct your own scheme, but you're not as protected from loss as you otherwise might be (provided there's an insurance package of sorts, in the absence of regulation).
Smart contract code is open-source[1], so the centralization you're talking about shouldn't be confused with the (de)centralization of power people talk about when they talk about the decentralized web or decentralized finance. Circling around a small set of trusted open-source technologies doesn't cause centralization of power, as we can see with GNU/Linux, HTML/JS, ...
[1]: On many platforms smart contracts are stored in the form of high-level interpreted languages. On Ethereum, the blockchain stores EVM code (assembly), but contracts that haven't "verified" their source, typically by uploading the high-level code to etherscan.org, are seldom used (with some notable exceptions).
I contend that it doesn't cause centralisation of power, but centralisation and power are inevitable should the project hit the mainstream, proper:
- GNU/Linux - GNU/Linux is open source but centralised. The userspace is the part that is distributed, via operating systems, and the source control is distributed, via git. But it's all for one Linux kernel. You can also build your own kernel, but that doesn't really make linux 'decentralized'. Similarly, Linux for a lot of people means 'Ubuntu'.
- HTML/JS - this is centralised under WhatWG/W3C, etc. Arguably, these days, it's actually centralised under Chrome, because what Chrome does eventually becomes the spec. You can freely build your own implementations of HTML and JS/Ecmascript but most likely, you are using the centralised implementation via webkit, blink, or gecko.
So, the fact that smart contract is open-source doesn't really mean anything. It'll grow big, then as a matter of convenience it will start to consolidate. git, for example, is decentralised, but git forges (github, gitlab, etc.) provide centralisation as a convenience.
You are correct and there is already a bunch of off the shelf contracts that are basically plug and play...however it takes little knowledge to actually publish said contract and a small typo can either make the contact never accessible or easily exploitable.
> Since code is a lot more complex than written human language, expressing intent can be very difficult.
Isn’t that the other way around? Natural language remains an unsolved problem, and formal verification of software is pretty much a requirement for compilers. Your example is evidence of that: intent in natural language is easy to distort and hard to prove, thus making it much more complex
Well let's put it this way - in natural language, we say stuff and implicitly assume we've done our best to express intent, but it may not be perfect (hence lawyers). In smart contracts you express your intent into a contract and then we pretend there was no intent. There is only the contract. And that's a massive floor.
Hard to say if this satirical or not ("Etherium") but will respond in good faith.
1. Same argument can be used in the opposite way, you can verify the counter party will act as expect, there is no need for costly litigation as backstop.
2. An engineer reviewing a contract once will not be more expensive than hiring a full time banker to review each transaction or a lawyer to pursue a legal battle.
3. Decentralization and regulation are not mutually exclusive.
Agree with 1/, disagree with 2 and i have a different point of view on th 3rd point.
A lawyer can review a contract, miss a loophole/backdoor, and then argue to the court that the backdoor was placed there in bad faith, recoup his client losses. You can't do that with code. If you load a backdored code, you can't argue "this is unfair" to a court of justice.
On the 3rd point, i think "good" crypto (and by that i mean non-obvious shitcoins) tend to centralize a lot.
This accident actually proves the exact contrary. Despite these obvious flaws, people are still using DeFi.
There must be something of value in there that you're missing. And it's not speculation, as there are way better ways to speculate in crypto than by using DeFi (shittokens, NFTs, ...).
Lottery tickets aren't a good investment, but people still buy them.
It's certainly true that there is activity in the DeFi space, and it's certainly possible that this activity is because DeFi is just so gosh darn amazing at solving people's need for basic financial products.
...at least in theory. But if you're going to make that rather extraordinary claim, I think you need to provide some extraordinary evidence.
I'm disputing the logical conclusion from the facts at hand that no real problem is solved, not providing a value judgment about DeFi.
It's not an extraordinary claim but common knowledge in the start-up investment land that when you see an ugly, flawed product get an unexplained amount of engagement, you become interested.
> Lottery tickets aren't a good investment, but people still buy them.
Lottery tickets solve the real problem of hopelessness about improving one's financial situation through work. It might not be a worthwhile investment in financial terms, but it has its use just like entertainment media or alcohol.
People inject heroin, drink liters of soda and gamble their life savings away too, but none of that is evidence that these are healthy or socially valuable activities.
My explanation of the prevalence of DeFi is that it's currently at or near the peak of the hype cycle and there's a ton of money to be made either by trying to legitimatize the ecosystem or else via run of the mill pump and dumps.
People pay tens of millions of dollars everyday to use these on-chain platforms. They could avoid all those fees if they just wanted to speculate on token prices by using centralized exchanges, of which many have very lax KYC requirements.
I don't have a breakdown of what people are using Ethereum for, but certainly a lot of those uses are stuff like NFTs, i.e. implementing other purely speculative assets. And there are lots of crypto startups using Ethereum, whose money is sourced from a different kind of speculation (er, "investment"). So again, it's not enough to just point at activity and say "look, real value!"
I don't disagree that the vast majority of the activity derives more or less indirectly from price speculation of some sort. But the thing to note is that so much of it is done on-chain instead of on centralized exchanges which have comparatively negligible fees. At the very least this proves the technologies themselves as suitable platforms for speculation (vs simply being the target of speculation).
"Speculation platform" is already a big, legitimate and very popular use case (the importance, influence and appeal of Wall-Street in the US and the whole world is evidence of this).
But how much of the "value" of the chain "as a platform for speculation" is simply the hype around crypto? (Which is, in large part, driven by speculation-driven rising prices of cryptocurrencies.)
For example, anyone could have sold the equivalent of NFTs decades ago using a centralized ledger (perhaps using multiple trusted third parties for security). That didn't happen.
Likewise, it's pretty clear that if you have a startup idea that could be implemented with or without crypto, you get a valuation boost if you take the crypto route. (Hello Long Blockchain Corp.)
So: speculation-driven cryptocurrency prices rise -> entire crypto sector hyped to the moon -> startups move in to collect hype-driven investment -> smart contract activity observed -> this "proof" of utility drives more hype.
I'm curious how this works. As I understand it, Bitfinex would have do this by not broadcasting the transaction to the network and instead keeps it on a single miner and it gets included when the miner snags a block but how does that help launder money?
Is it some sort of deniability thing to say your hilariously unreasonable miner tip was mined by a random miner who may or may not be you? Surely regulators/prosecutors aren't this gullible.
Regulation/prosecution is lagging way behind in this space. Even in traditional finance, Ponzi schemes and money laundering go on for years.
It's also important to consider the psychology of things like Ponzi schemes. A bright 12 year old can understand why a Ponzi scheme falls apart in the long run. But for most of the people running them, they aren't thinking about the long run. They're responding to short-term incentives. An investor wants money back? Well there's money, so let's give some to them. Low on money? Go out and sell more people on putting money in. People have concerns? Reassure them that everything's fine, better than fine, amazing in fact.
So the question of "do they think they can get away with it in the long run" is not really the right one to ask. 100% of their attention is on the short term. They carefully avoid thinking about the long run at all, because it's way too uncomfortable. As long as the problems are deniable enough in the short term, they're just going to keep going.
The cool part is all of these transactions are public and can be archived by regulators for long term forensics and enforcement activities while still within the statute of limitations. Might take years, but government can take its time investigating and prosecuting. Regulation can lag because there is no rush; the evidence is preserved by the very nature of the technology.
That's a positive for sure, but regulatory latency enables more scamming. That added burden to limited regulatory capacity mean the increased scamming makes it likelier that the small fry will get away.
While I don't doubt it's a method used for money laundering, this particular instance probably isn't it. For one, if you're money laundering, you don't want the transaction to show up on the front page of HN.
Yeah why not do this over time with smaller fees. With the ridiculous gas these days you might be able to sneak quite a few tx in under the guise of “nft bots” but not 7500 eth in one tx
Various claims on reddit using phrases like "set the gwei limit the same as the gas limit" and "new EIP 1559 transaction", which I can barely make sense of, but it sounds like they may have been in entirely different units?
Anyway, be your own bank, I'm sure you can figure this out. /s
Its not money laundering, lol.
a) Bitfinex is an exchange, they don't need to launder. They are the laundry!
b) You usually want to get the money back when your launder. This is handing 20 million dollars to a random on the street who takes your transactions.
I get that point, but I was asking for what is then the real reason. The only two I've seen proposed are money laundering (perhaps by collusion with the miner) or mistake (accidentally confusing the transaction amount with the tip - still meaning the intention was to pay $100k in transaction fees).
It's also potentially risky. What if a big mining pool, upon noticing the huge fee mined by another miner/pool, decides not to mine on top of that block, but in competition with that block in hope of snagging the fee for itself?
There's been a lot of talk about reorg due to MEV (which this could be considered MEV), but to the best of my knowledge it hasn't happened yet. This seems like a big opportunity because this is ~3000x bigger than the standard block reward
We need Ethereum to always prevent this. Or the big mining pool will just do this for every block and allow ONLY THEIR blocks to be processed. Then they get 100% of mining of the ETH mining fees.
This reinforces by most miners being willing to join, to get a share in monopoly rents over miners-never-earning. The big mining pool(s) could let in enough to stay big enough. But not too many to spread the monopolistic gains by too broad a base.
The recipient in this case absolutely appears to be "associated" with Bitfinex, who don't understand the concept of "arms length", so entirely 'nepotistic' transactions like this would be par for the course (remember the loan between Bitfinex and Tether, who were at the time being stated as independent and unrelated, yet somehow the same two people signed and countersigned the loan for both sides?).
> DeversiFi — a non-custodial exchange that spun out of Bitfinex in 2019
From the article.
And as said, given previous dishonesty from Bitfinex about all sorts of unrelated parties (they claimed to be independent of Tether, until that was proven a lie, and they are heavily intertwined with their bank, Deltec, who says that they have "insight into every transaction and Tether"), I'm going to consider Occam's Razor, here.
Etherscan indicates that the transaction was in the mempool [0]. My understanding is that this wouldn't show up if it was mined without releasing the transaction to the mempool.
Is this even still possible? Since EIP-1559 miners like ethermine stopped including their own tx for 'free' presumably because you cant pick and choose anymore.
You can still pick and choose, EIP-1559 forces miners to burn part of the fee, which means it's no longer "free" to the miner to include these transactions. In the case of this transaction, Bitfinex also included a very large tip that went to the miner.
No, there are 2 parts to the fee. The base and the tip. The base is burned and the tip goes to the miner. This transaction burned 0.008493159450499633 eth (~$25) and paid the miner the rest.
Yes. For instance on etherscan there's a "Confirmed within x secs" indicator, which is "Estimated duration between time First Seen and included in block".
Even if it is logged, there are ways this behaviour could be masked.
Say a colluding miner mines blocks including this unbroadcast transaction until they finally hit the block target with this transaction included.
Bitfinex then broadcasts the transaction to mempool. After some plausible delay (but a short enough one that no one else gets a chance to mine it), the colluding miner publishes a valid block including the transaction. No one can confirm that the miner didn't receive the transaction from mempool like everyone else, and then 'get lucky' shortly after.
I'm not saying this is what happened, I think user error is more likely. But it can neither be ruled out nor easily proven.
Its been years since competing blockchains projects added fee limits at least in the front ends if the protocol cant allow it so that this does not happen.
It happened many times on ETH and it will happen again because the devs simply dont care.
BTW the money laundering idea is complete nonsense. You dont do that by making large transactions so that mainstream media writes about it and investigations are triggered.
This is just the usual HN crypto bias that seeks for confirmation that everything cryoto is illegitimate.
Various Ethereum wallets warn you about excessive fees, and even set reasonable defaults (especially post 1559). Even if they didn’t, Ethereum devs aren’t the same as Ethereum wallet devs and each group has their own opinions about how to handle fees and UX. It’s disingenuous to say that “Ethereum devs don’t care” about any specific issue and you should be more specific about who you’re criticizing.
It’s unlikely that Bitfinex was using a consumer-faci by wallet and they could easily build those checks into their systems.
I mean the devs of the network ofc they are the only one who could completely stop this. UI/wallet devs can only partially because people dont need to use an UI and can still use old software too.
They very obviously dont care because the problem is know since years and the sum of accidental fees could probably pay google whole software dev personnel to write 1000 different possible fixes but nothing was ever done about it.
How do you solve it at the protocol level? Let's say I set a gas price of 0.00000004 eth. Is that too much or too little? If you try to enforce the price to be within some range of the average of past n transactions it could:
1. make transactions that were valid at the time of creation suddenly invalid if the average moves, which is frustrating to all parties
Most other projects implemented a hard coded (can be changed with software update) upper limit that is outside of real use. This means people can still set way to higher fees by accident but not accidentally loose millions.
There might be better ways but clearly doing nothing at all is worse.
And yes, I know ETH is in a uniquely bad situation on this because the range of legitimate fees is enormous.
Yes there would have been a window for that, if you could spin up insane hash power in minutes. However ethereum blocks happen on average every 13.5 seconds and this TX is now 1,558 blocks in the past, it's not likely now.
Those figures assume that the miners other than yourself are honest. The big risk with MEV is that in theory it could trigger all miners to prioritize reorging (51% attack) instead of building on the longest chain.
This is a really interesting point, and an issue that Bitcoin will likely run into as the block reward nears zero, and transaction fees provide the majority of the miner revenue. Miners could be incentivized to reorg blocks in order to get transaction fees.
> UPDATE (6:10 p.m. EST): The majority of the funds -- some $22.1 million worth of ETH -- have been returned to the Bitfinex-controlled wallet. The transaction was sent at 5:14 p.m. EST at a cost of $33.74.
Christopher Harborne is Will Harborne's father and has been involved with Crypto Currencies from the early days. The relationship was covered by Private Eye magazine (ed 1517) on the #Fincenfiles
> The transaction was a smart contract interaction with the amount of tether sent to one wallet before being passed along to Deversifi’s wallet. It used the newly implemented EIP-1559 type of transaction, which was designed to make Ethereum fees easier to predict.
Why is everyone saying this isn't a shady trade when the person who got the $23m is a weird person with a pseudonym in thailand and fueled Brexit? Is it because that guy seems on the level?
Well this happened in a context where fraud and shadiness are essentially the norm, and strict adherence to letter of contract (not intent) is somehow seen as a virtue.
I don't know, but it's an unlikely mistake to make, and they have a lot of know how in the business. I expect them to know something we don't about the protocol, and setup things in a way that they get the money with plausible deniability.
It's not. This is like not subtle at all, there's a lot of real time monitoring on fees to decide the optimal one for your transactions. If this was not a mistake and it's really someone trying to hide the 23m transaction, they just didn't know what they were doing. A normal transfer would have been sneakier.
I keep seeing people blaming money laundering but I’ve yet to come across anyone even attempting to explain how the money laundering would theoretically work? Is there a way to manipulate or influence which miners get with transactions?
> Is there a way to manipulate or influence which miners get with transactions?
Some cryptocurrency nerds can correct me if I wrong, but AFAIK yeah. If miner is your friend you can sent privately to him in advance signed transaction that need to be secretely included in a block. Then you can only distribute the transaction itself over network after that miner already started to mine block with said transaction.
TBH I have no idea if it's possible to get block included on chain if it's had "secret" transactions in it, but for certain it's possible for one miner to start work on block with said transaction few seconds earlier than others. There is still risk that someone else will mine it though.
Miners get to choose what transactions make it into their block. Instead of broadcasting the transaction to the mempool, the sender could send it directly to the miner who could hold onto it and included it only once they'd mined a block successfully.
Not sure I think it's likely, though - could have just been a user miskeying something.
Laundering is the process of making dirty looking money legit. This isn't particularly good way to do that. When the miner sells the $23 million, it isn't hidden to the normal income because the amount is so large. They have explain it to their financial service providers who will request explanations. Their investigative team will easily do blockchain analysis and find the transaction. If the sending address is in any way connected to the miner, the "scheme" will be bust.
I don't think there is any money laundering going here. The point of money laundering is to raise as little attention as you can, and that is not happening here. Weird transactions and income makes you just more suspicious.
It's possible to set this up in a way that gives them plausible deniability (by broadcasting the transaction publicly after the colluding miner confirmed it has a block), so this could have been a way to repay debts with funds that aren't legally/technically allowed to be used in this way.
I do doubt that explanation though, as $23 millions is nothing for Bitfinex and any of their execs could get this amount from personal funds if it was really needed.
I don't know exactly how ETH works, but it seems like with bitcoin there could be a risk like this:
You send your huge-fee transaction secretly to your co-conspirator miner. They start trying to include it in their blocks, and eventually get one (call this block X). But now your transaction is not a secret anymore, and so another large miner can decide to keep trying to mine off of block X-1, but including your transaction. If they can outpace your miner (maybe by spinning up extra compute), they will produce a longer chain in which the $23M goes to them instead of your intended recipient.
It seems like a very large mining fee would change the incentives that are supposed to keep miners all working on the same chain.
I feel like we need some common name to refer to the persistent phenomenon of basically everything being called money laundering in online comment sections.
How much GPU capacity can you rent on GCloud / AWS / Azure / Oracle Cloud / IBM at once? You only gonna need it for a few minutes since blocks for ETH mined every 15 seconds.
Someone should be able to do the math of how much $ it's gonna cost.
This is not how it work though. When mining is on the way your transaction should already be included. What miner can do though is to never publish your transaction unless he got a block and fairly certain that he'll be the first.
Also if miner has target to get so high fee he can easily spend few millions to increase their mining capacity for a short burst, etc.
But what's the point of making it through Tx fees -> Hitting all news outlets versus just sending the money normally, as nobody would really bat an eye.
Lol to all the downvoters. You truly believe that everything cryptocurrency related is a scam and money laundering, whilst hidden-from-public-eyes banking ledger is saint? Take you pink sunglasses off, please.
Like this smart-contract stuff is cool but it's still definitely in a nascent state. Maybe one day it will be well tested enough to actually use for for now I think the likelihood of these bugs just increases as complexity and layers are added on.
Nah. It'll be like every other production system in existence: once the bugs are triaged to an "acceptable" level, then the C-suite decides to focus on adding new features.
To those claiming that this is an example of crypto being a scam / useless / unsafe:
I'd point out that if this is a case of incorrect data entry, similar cases happen in traditional finance with some regularity, and in the majority of those cases (e.g. someone sends a large amount to the incorrect bank account), there is no legal recourse to recover those funds and companies resort to asking nicely for the money back (usually it works).
One important thing to note is that in traditional finance if the money gets sent to person B, because person B hacked my e-mail, there is an enforcement mechanism to get the money back.
However, this is not as true for crypto. If I steal 5M from your account and put it into mine then you can't get the money back if I don't give up the key. And, while the state will personally arrest you, they are going to be a lot less likely/able to recoup any crypto.
Here is the block, showing a reward of 7678ETH: https://etherscan.io/block/13307440
From that 7676ETH was the fee by Bitfinex (see OP).
And here (around 10 hours later) is a transaction from the miner giving back 7385ETH to Bitfinex: https://etherscan.io/tx/0x85294effd53126b3bfa9e7f655267e00ac...
Wonder if they talked or just decided to do this as a show of good will. Either way, still kept around $800k so not a bad deal.