Wormhole is now owned by the crypto arm of a large traditional financial trading company, Jump Trading. Here's a tweet from the CEO of Jump Crypto saying that they put up the funds:
"Jump put up 120k of it’s own ETH because we believe in Wormhole and want to support it in this stage of its development."
It's kind of a new thing for them. They do HFT and the like in normal financial markets.
>Jump Trading is a registered broker-dealer and member of multiple exchanges including the CME Group and the New York Stock Exchange.[13][4] They are also members of most European exchanges including Eurex and the London Stock Exchange.[14][15]
>In September 2021, Jump announced their cryptocurrency business through a new brand named Jump Crypto
Also from their website:
>We empower exceptional talents in Mathematics, Physics, and Computer Science to seek scientific boundaries, push through them, and apply cutting-edge research to global financial markets.
Jump is really good, I’m not sure I’d compare them to RenTech, that’s very select company, but certainly Jump Crypto has a lot more in common with e.g. Alameda Research than they do with $COIN_COMPANY.
It’s a very opaque business, but AFAIK Jump’s bread-and-butter desks are more like ultra-low-latency microwave-tower Chicago <-> NY/NJ arbitrage.
When conducted ethically (which ic clearly not always), arbitrageurs and market makers provide a critical, socially useful function. There are ways to cheat, and people do everyday, but that’s any business.
Retail traders benefit from ethical HFT whether that’s on ARCA or Binance. I’m not sure the same can be said for things like PFOF, intentionally mispriced IPOs, or offering crypto traders 100x leverage.
What's the Venn diagram look to you between projects using blockchain vs. projects using blockchain inherently designed to have or allow same pattern as Ponzi and MLM schemes?
I think there’s a general consensus about the speculative bubble in the crypto asset class, but that’s a consequence of central-bank monetary policy, you’ll find the same in real-estate, equities, precious metals, you name it. When the cost of capital is ~0, the scammers come out of the woodwork. Flack-it-till-you SPAC it.
But even if it all ends in tears it will have financed research in:
- Byzantine consensus
- Gossip protocols in P2P networking
- Zero-Knowledge Proofs
- Auction Theory
- Verifiably Random Functions
- Virtual Machine execution cost models
From IO-HK: “ Philip is professor of theoretical computer science at the University of Edinburgh and senior research fellow at IOHK since 2017. He is an ACM fellow and a fellow of the Royal Society of Edinburgh, and a past chair of ACM Sigplan. Previously, he worked or studied at Stanford, Xerox Parc, Carnegie Mellon, Oxford, Chalmers, Glasgow, Bell Labs, and Avaya Labs, and visited as a guest professor at Copenhagen, Sydney, and Paris. He has an h-index of 70 with more than 24,000 citations, according to Google Scholar. He contributed to the designs of Haskell, Java, and XQuery. Philip is a co-author of Introduction to Functional Programming (Prentice Hall, 1988), XQuery from the Experts (Addison-Wesley, 2004), Java Generics and Collections (O’Reilly, 2006) and Programming Language Foundations in Agda (2018). He has delivered invited talks in locations ranging from Aizu to Zurich. Philip is a past holder of a Royal Society-Wolfson research merit fellowship, and a winner of Sigplan awards for both distinguished service (2004-09) and most influential paper (‘Imperative functional programming’, by Simon Peyton Jones and Philip Wadler).”
https://iohk.io/team/ is probably the best single link that demonstrates how absurd that statement is, but that group is far from the only one where basically any of the senior technical people could work basically wherever the hell they want.
serious question at what point do you concede your biased understanding of the world is wrong? if there is no such scenario are you really thinking critically?
Yes you did. They could've not deposited the funds in which case it would've been retail that covers the cost. Instead they do and the loss is purely on them.
This is interesting. The hacker did not return the ETH, so the $320M has come from the deep-pocketed investors and VCs behind Solana/Wormhole.
Interesting to note that the VCs are bailing out the retail users here, instead of the usual flow where taxpayers are on the hook for bailing out too-big-to-fail WallStreet banks.
> Interesting to note that the VCs are bailing out the retail users here, instead of the usual flow where taxpayers are on the hook for bailing out too-big-to-fail WallStreet banks.
If you're referring to the 2008 bail-outs, those weren't grants, they were loans and investments. To date, beneficiaries have repaid more than the initial amount netting the government (and hence the people) a significant profit. $109B to date. And the expectation of significantly more to come. Talk about a good investment. [1]
Fannie and Freddie alone received $191B and have paid $301B in dividends so far - and all the principal remains outstanding.
That's very nice and good. So if I struggle to pay my mortgage, why am I evicted instead of bailed out? It's highly unlikely that I be unemployed for the rest of my life, so I would surely be able to pay back any bailout, with interest to spare. Why do banks struggle and get bailed out, but people struggle and don't?
Or looking at it from another point of view: the money spent on bailouts wouldn't be stored under a mattress if it were not spent that way, therefore you cannot compare $109B with $0. You have to compare it, for example, with the money lost from the moral hazard of rewarding the irresponsible behaviour which led to the most destructive recession in 75 years, or to the effect the money would have had it been spent helping the millions of people that lost their jobs or had their homes foreclosed on, etc.
These are all separate responsibilities of different groups.
The Fed's charter is to maintain a low, predictable rate of inflation over the medium term and to maximize employment. You (in aggregate) won't have a job if all the employers go bankrupt due to direct investments and contagion. This will directly impact (in aggregate) your ability to make your mortgage payments.
Secondarily, regulation of the financial sector to ensure this doesn't happen again isn't JPow's job, it's the job of Congress.
Bailing out the institutions does not preclude further regulation to prevent the situation from happening again. And it certainly doesn't preclude creating a meaningful social safety net.
The Federal Reserve is absolutely tasked with regulating the banks[1].
Congress should not be in the business of preventing banks from imploding in on themselves via regulation. Congressional regulations should insulate consumers from predatory financial institution practices. FDIC insurance exists to protect consumers in the event their banks behave irrationally. There should be no backstop for the banks themselves. Even if they wanted to Congressional regulations couldn't keep pace with the speed at which financial instruments of institutional suicide are forged.
> It's highly unlikely that I be unemployed for the rest of my life
Unemployed? No. Earn what you did before? Anecdotal, but my parents know a lot of people in their 50s that when laid off, never went anywhere close to their prior salaries.
This was especially true for people who couldn't get their current job with their credentials. Plenty of senior people in places like factories and warehouses don't have degrees for example. Would they find work again if laid off?
It's kind of a political decision that varies from country as to what extent to bail people out. The UK for example has a "Support for Mortgage Interest" scheme with various terms and conditions. I'm not sure how the politics play out in the US.
probably because you, collectively speaking, kept electing people who didn't pass anti-eviction laws or strengthened tenant rights. Which most countries by the way did put in place during covid at the very least.
I mean small debtors just get to declare bankruptcy and not pay, which is a pretty good power to have. Large debtors have broader obligations to the community.
Why do people go to jail and lose all ability to make income, but corporations don't? Corporations should get virtual jail time where they're not allowed to operate for a set period of time and have all their rights stripped away.
Honestly, I'd settle for jail time for the actual persons making the illegal decisions, rather than virtual jail time for corporations. You know... personal accountability.
Say a factory is poisoning the riverwater, what is more likely to disssuade such actions: penalties to the company (taken in stride as the cost of doing business), or actual jail time and forfeit of assets to the person making the decision and reaping the profits from it?
The problem is that a company can be a revolving door of people taking the fall for crimes. The better dissuading action is to force the company to shutter operations for a set period of time. It's only fair that such a catastrophic punishment can happen to individuals that it can also happen to businesses that are generally much, much more harmful.
There were multiple stages of bailouts, including Federal Reserve asset purchases which directly transferred resources from dollar holders to for-profit shareholders and bondholders. The Fed's intervention dwarfed the TARP bailout and is the largely the reason TARP was successful...they moved the economic loss from Treasury to the Fed.
That's not how the Fed works. [edit] (As I replied in a peer comment, increasing the money supply is not debasement or a loss - that is measured from its impact. In the years subsequent to the bailouts inflation hit at some point an annualized -4% before returning to a range of 0-2% going into COVID.
Modern economics isn't as simple as "supply up bad.")
Aside from the other considerations, "it was a good investment" stuff is just ridiculous. The general bank isn't in operations to make money - it's in operation to protect the market, the currency and the economy as a whole so whether it makes money is irrelevant to whether these loans were a good idea.
But even more, if the Fed basically designates a bank "too big to fail" (as the Fed did) and loans the bank the money it currently needs, the markets can this. And this allows the bank to "print money" itself by issuing bonds - since now the market knows those bonds are effective guaranteed by the Fed and so equal to money. Thus the bank can easily issue enough bonds to repay or over-pay the Fed. But that's not a "see, problem solved!" situation.
The theoretical problem of this sort of action is naturally these large entities potentially issue loans and borrow without being disciplined by risk. That might be compensated for by other actions - say preventing them from issuing risky loans. But things still wind-up a bit "distorted". I'd recommend Doug Noland's Credit Bubble Bulletin on the subject.
> Aside from the other considerations, "it was a good investment" stuff is just ridiculous. The general bank isn't in operations to make money - it's in operation to protect the market, the currency and the economy as a whole so whether it makes money is irrelevant to whether these loans were a good idea.
The central bank did not make these investments, Congress did, and so the yields did not accrue to the central bank but to the Treasury. If you've ever met the IRS you know that the job of the Treasury is in fact to accrue revenue.
The central bank's charter is to maintain a low, predictable rate of inflation over a medium term and to maintain maximum employment.
> The theoretical problem of this sort of action is naturally these large entities potentially issue loans and borrow without being disciplined by risk.
I agree, which is why Congress needs to better regulate the sector. However that's Congress' job not the Fed's.
I don't think any of your actually change my point that the project making money is irrelevant to and a distraction from the basic impact of the loans.
While one can debate whether just regulation can prevent private investors from engaging in risk, there are other impacts as well. Putting a whole lot of money into bank which invest in "safe assets" like real estate, causes the relative price of those assets to increase. This distorts the economy - that disproportionate rent and real estate price increases over the last ten and twenty years are arguably a product of Fed largess. And these have been a disaster for anyone not being buoyed by the risings - the majority of those in lower income categories.
Housing is a very different matter, one primarily defined by zoning. Zoning rules in major metros prevented supply from meeting demand by preventing new construction. Zoning rules outside major metros made the average new home 2X bigger. [1] Combined these make houses dramatically more expensive even though the cost per square foot on average, adjusted for inflation, is exactly the same as it has been since the 1970s.
Japan for instance has seen their M2 money supply 3X from 1990 to 2022, while the affordability of a house there hasn't decreased since 1995. [2]
This is due to their federal zoning rules which permit housing construction practically everywhere. [3]
The increase in price of housing is what's driving inflation, not vv imo.
And for what it's worth, I think Glass-Steagall (brought in as part of the post-Great Depression reforms) did a very good job of preventing retail banks from investing in toxic garbage and its repeal in 1999 was IMO a major contributing factor to the crisis in the first place. [4]
The increase in price of housing is what's driving inflation, not vv imo.
That's like saying "price increases lead to inflation". Which is true but illuminating.
Limitations on housing construction certainly made homes especially valuable as an investment in places like California. But the vast amount of money-created-out-of-thin-air was what sought this reliable investments. The situation you mention is just related to what I describe, it doesn't refute what I describe.
The main thing is that this inflating of money has a number of noxious qualities, the inflation of housing costs just being one of them. Prices are signals for how resources should be allocated and distorted prices result in distorted allocations of resources. For small example, there's a daft and dangerous plane to restart a fricken gold mine in the little tourist next to my town - with all attendant potential for multiple types of pollution and with gold only getting kind of play because it's a fixed asset with a price driven sky-high by the present money creation process.
>Japan for instance has seen their M2 money supply 3X from 1990 to 2022, while the affordability of a house there hasn't decreased since 1995. This is due to their federal zoning rules which permit housing construction practically everywhere.
I mean I've no doubt that's some sort of a factor, but on the other hand the population of Japan is also almost exactly the same as it was in 1995 whereas the US population has increased by 25% in the same period - I'm not sure I'd so easily rule out demographics as a factor!
All that means is that supply met or exceeded demand, which is the point that I'm making - we are precluding supply from meeting demand via artificial supply constraints.
In their case it was a combination of a declining population and zoning rules. However, the decline AFAIK was concentrated outside urban areas. Tokyo grew from 32.5M to 37.5M between 1990 and 2022 without any increase whatsoever in the real dollar price of housing.
I hope this is not an argument for more bailouts. A lot of people walked away with riches while ruining the US economy. "I lost $100 but lookit I just got back $15" is not a win, it's just... less of a loss.
A bit of googling brought me to a paper which points out that even the CBO and the Congressional Oversight Panel independently came to the conclusion that the bailouts subsidized the banks to the tune of over 60 billion dollars [0]. The paper itself puts the value closer to 90 billion. From the article:
> Costs on an ex post cash basis were only identified for a subset of the above programs, but it is likely that on that basis the government came out ahead. Hopefully, the reader has been convinced that there is little meaningful information in this fact.
> those weren't grants, they were loans and investments
Those loans and investments weren't guaranteed to be paid back, the government took a risk.
Assuming risk of loss is a valuable thing that gets traded all the time through futures, options, swaps and other derivatives. Those futures, options and swaps have a cost.
The fact that the government gave away that value for free means it was a massive gift to Wall Street banks.
I suppose it depends on exactly which program you're looking at, but since you mention Wall Street banks, I assume you're talking about the Capital Purchase Program.
I don't think it's reasonable to say that this was given away "for free". If it was "free" then there wouldn't have been any over-recovery at all, would there?
In the CPP, the government bought preferred stock in a number of banks (mostly not Wall Street ones, but whatever). That stock could've been worthless if the banks failed, but otherwise the banks were required to pay an annual dividend of 5% through 2013 and 9% thereafter; plus there was a whole host of supervision of their activities, including limitations on their ability to pay ordinary dividends.
The government paid far more for the preferred stock than the fair market value. 100% of the difference between the fair market value and the actual price paid was a gift to Wall Street banks that was never paid back.
Nonsense. Most investments carry an element of risk. The Capital Purchase Program may have looked like a bad investment (negative NPV) at the time, but the record makes it clear it actually paid off.
It makes no sense to say "in 2008, the government expected to lose money on the CPP so that's what happened; gift to the banks that was never paid back" and then drop the mic while ignoring what actually happened.
For example: TARP's Congressional Oversight Panel estimated that the $25bn capital infusion into Wells Fargo represented a subsidy (difference between fair market value of the preferred stock and the amount paid) of about $1.75bn.
However, in 2009, Wells Fargo bought back the investment after having paid $1.44bn in dividends. Then, in 2010, the Treasury also sold $840mm in Wells Fargo warrants that were part of the CPP deal.
What we thought would happen: lose $1.75bn. What actually happened: made $2.28bn. If that isn't "paying back" from your perspective, could you please suggest what would be?
An increase in supply is not a debasement. That is measured post-facto based on its impact. Inflation was strongly negative between 2008 and 2010, hitting an annualized -4% in 2009. [1] The Fed was also making good progress unwinding its balance sheet going into 2020, before COVID hit.
I love all the Austrian Economics (thanks Satoshi!) comments we get in a supposedly data-driven environment.
How does this chart [0] show a debasement of any sort? We were in a 'secular demand stagnation crisis' back then! Is everyone here just too young (oh God) to remember 2012?
> How does this chart [0] show a debasement of any sort?
It's the gigantic jump in the blue line almost halfway between 2008 and 2010. A spike in the value of "all assets" is the definition of currency devaluation.
Because QE is an active tool to support credit liquidity and they determined that markets were liquid enough to remove that support.
EDIT: And just to be very clear to the 2 people who read this comment, maintaining a balance sheet is still market support b/c you still buy treasuries on the open market to offset the principle of your existing treasuries that reach maturity. So stopping the growth of the balance sheet just means you're not accelerating support. Tapering is the thing that you do if you're worried that your balance sheet is 'debasing' the currency.
> some economists have interpreted price inflation as a desperate method by which the public, suffering from monetary inflation, tries to recoup its command of economic resources by raising prices at least as fast, if not faster, than the government prints new money.
Only the long-debunked Austrian school defines inflation as a function of supply alone. The rest of the world moved on to defining inflation in terms of the measured, real-world change in the purchasing power of money - which comes under pressure from a number of different factors that aren't captured by supply.
For instance, supply chain disruptions making basic goods more expensive and increasing competition for them. Or, zoning policy prohibiting construction of new housing sufficient to meet demand in high-growth metro areas raising the cost of housing. Or zoning policies in suburban areas making housing 2x bigger on average now than in the 1970s. [1]
Defining inflation as a function of supply distracts us from the real-world problems causing broad-based increases in price.
Purchasing power is a function of a whole ton of things, including supply chains. If goods require more inputs or are less efficient to produce that will increase their price. This in turn decreases the relative purchasing power of a dollar. This can happen due to all sorts of externalities, for instance a tax. Or it can go down due to efficiencies in manufacturing technology or biotech. Or, a massive global pandemic leading to supply chain disruptions can cause prices to go up. Or housing can become more expensive because of zoning rules.
The "supply of currency units" is a fundamentally inadequate measure to capture this. It is too simplistic. Nobody takes it seriously except for a small group of very vocal online crackpots because it is so obviously unfit for purpose. [1]
We re-defined it as our understanding grew. The way we update practically any model in the face of new evidence.
Japan single-handedly demolishes the Austrian model. Their M2 supply grew 3X from 1990 to present but inflation remained 0% measured over thirty two years. Prices did not change from 1990 to 2022. [2, 3]
Yes you are. Watch how i can simplify it for you...
> The idea that inflation is anything other than an increase in the supply of money is an intentionally confounding theoretical device with no basis in reality.
> An increase in supply is not a debasement. That is measured post-facto based on its impact.
An increase in supply is always a debasement.
It's true that you might see the following chronology:
1/1/2020: value of the currency measured
6/6/2020: supply of the currency increased
1/1/2021: value of the currency measured; it's higher than it was last year!
But that doesn't mean the issue on 6/6/2020 wasn't a debasement. It definitely was, and the reason it doesn't look that way is your very low-resolution measurement of value. If the supply increase hadn't happened, the value on 1/1/2021 would have been even higher.
An increase in supply alone isn't debasement. A higher supply doesn't imply a lower value, because what you do with that new supply matters. If you mint a $10T coin and throw it under your mattress, then you haven't decreased the value of anything even though the supply has increased dramatically.
This is why we measure, and why Austrian economics fell out of favor decades ago.
See Japan for a concrete example. [1, 2] Their M2 money supply is almost 2.5X higher since 1990 but their CPI is dead flat over the same time period. It's actually seriously problematic for them.
> If you mint a $10T coin and throw it under your mattress, then you haven't decreased the value of anything even though the supply has increased dramatically.
How has the supply increased in this scenario? What if, instead of minting the coin, you just tell people that you've done so?
The supply of money has only increased if you're able to spend the putative addition to the money supply.
You can tell them all you want, but as Japan shows us, it doesn't actually matter. What matters is what you do with the supply which is why we measure.
Are you asking how supply works in my hypothetical, simplified example where the point I'm trying to make is that new supply in isolation doesn't matter - what you do with it does?
Or as you asking how it happens in the real-world example of Japan, where their supply increased from 400000B JPY to 1200000B JPY between 1990 and present, while everything remained the same price? And how this is seriously problematic in their economy?
You claimed that minting a coin with face value $10T increased the money supply. I'm saying this is not true, because that coin cannot be spent and therefore doesn't contribute to the money supply. It doesn't matter what you write on the coin.
What matters isn't what you do with "money"; it's what you can do with it.
Again, Japan proves you wrong and me right because they 3X'd their money supply and prices stayed exactly the same for 30 years in real and notional terms. Austrian economics does not explain that. Which is why we don't use it.
Tripling the money supply cuts the value of money by a factor of three. Without any exceptions. There is no other possible outcome. That's not even an Austrian idea.
But there are other things that affect the value of money. Tripling the money supply and seeing the value of money stay constant tells you that something else was pulling the value of the yen up at the same time that additional supply was pulling it down.
> Tripling the money supply cuts the value of money by a factor of three. Without any exceptions. There is no other possible outcome. That's not even an Austrian idea.
This is not true, though, haha.
Which is why the Austrian model, which only takes into account the former, is obviously and woefully incomplete - and has been rejected.
I guess you didn't get the memo. The US abandoned the gold standard in the 1930s and with that the US dollar became a fiat currency, i.e. a currency that isn't backed by anything. A fiat currency cannot be debased because it has no "base".
Not really bailing out retail. There was enough liquidity for retail users to exit the tokens at risk without a penalty.
On the other hand the VCs themselves that are large owners of the tokens in Solana ecosystem would incur large losses, and that's excluding additional losses from reputation in future. It just shows how successful Jump VCs are when they put up $320M in a few hours. Maybe a month of their PnL?
I don't see how this is an indicator of that. They didn't put in USD. They put in ETH. Which is a thing that has no requirements to be backed by fungible legal tender reserves. So, they're not actually putting up cash as a replacement. It's more like they're putting up assets as a replacement, but it's not even that concrete really. They're not the same thing.
They're trading in chits, not money, when things like this happen. At least that's the case for as long as you can't regularly and commonly transact in ETH. The spot price/value of ETH multiplied across all the ETH that exists doesn't seem to be a description of total USD (or EUR or whatever) reserves available to convert ETH to USD, et al. as far as I can tell.
The point I'm making is that this says absolutely nothing about their ability to eat a $320M loss because they didn't eat a $320M loss if what they put up was ETH because they can't transact in ETH, they don't fund their operations in ETH, they don't pay their LPs returns in ETH, etc. etc. etc.
It might well be that they can eat a $320M loss on the regular, but if so, this situation isn't any kind of indicator of it.
There's precedence for this in the crypto space as well. In 2017 Coinbase famously reimbursed everyone [1] impacted by an ETH flash crash that pushed the price from $320 to $0.10.
They aren't doing this because it is the morally right thing to do. They are doing it because they feel that the $320m is important to secure the value of their business, the Solana ecosystem (thanks for the correction arberx), and crypto in general.
My personal interpretation of that, there are a lot of awfully rich people who are scared of the bubble popping.
Nothing happens in finance because it is "the morally right thing". It's all a game of incentives. Wall Street Banks take disproportionate risks because they are incentivized to do so.
The interesting thing here is how the un-bailout-able nature of ETH affects the players in Crypto. Because ETH can't be magically printed, the VCs have to decide if they will walk away or bail out the retail end users. It looks like they decided to do the latter.
This has happened more than once in Crypto - I can think of the Binance hack, where Binance bailed out the users. OpenSea has also been covering ETH lost by its users who had their Bored Apes stolen because of user mistakes.
I wonder what it is about Crypto that causes large players to cover user loses. I need to learn more.
> I wonder what it is about Crypto that causes large players to cover user loses.
The answer is in the comment you replied to:
> there are a lot of awfully rich people who are scared of the bubble popping.
The value or cryptocurrencies depends on hype and on convincing the next chump that they should buy in. The large players have a lot of money invested which they will lose if the cryptocurrency value tanks because people lost trust. Covering user loses is itself an investment; it contains the damage by making the issue die down.
Exactly, this move tells us that the people behind Wormhole think that $325m is the lower bound for the risk to their previous investment if they didn't act. That means they likely have billions at stake in which they fear losing or like I originally said they are worried it is a bubble that might pop.
Were the 2008 bank bailouts done because it was the morally right thing to do or because they felt like it was important to secure the value of the economy.
It seemed like there was a lot of awfully well resourced individuals that were scared of slipping into a depression
>Were the 2008 bank bailouts done because it was the morally right thing to do or because they felt like it was important to secure the value of the economy
Both. It was done to preserve the value of the overall economy. That impacts everyone at every level of society and therefore it was the morally right thing to do. You can argue that the specific action taken wasn't the most effective approach, but the goals were noble in 2008. The goal here is that these rich people don't want to lose their investments.
Not meant as an attack on the parent comment but I've been interested in the concept of judging things by inputs versus outputs. I see aspects of this in many controversial subjects; particularly homelessness. Different groups of people seem to focus on one side and ignore the other side of the equation when making arguments. These groups just end up talking past each other then and don't make progress towards a consensus.
I'm curious what kind of research (or keywords to search for) there is around this topic. Is it just a morality thing or does it go beyond that?
Government does not invest a limited pot of money like 'savings', it conjures up money out of nowhere and can deploy ulimited amount of capital. The only limit on this activity is literally breaking the economy, causing inflation, etc,
If you propose we dump that money in education, well, we should, but it does not mean we should not bail out the banks - these two problems do not compete for same resources.
Sure. The GGP tried to say the bailout was an investment with profits though. It's not as simple as "They got low returns so it was a bad investment", but it's also not as simple as "They got returns so it was a good because it was an investment."
Even if you accept the amazing, faulty premise inherent in this comment (see the other response for more on why one shouldn't), the timeline is misleading.
For example, TARP (about $475bn) was more than 93% recovered by the end of 2012. The bank-related programs had already over-recovered $23bn versus the $245bn disbursement by that point with approximately a 4% internal rate of return.
Not to mention the inflation rate between 2008 and 2010 was -4% and then 0% for a hot minute thereafter. Factoring that, plus the 4% nominal return, meant that the programs yielded something like 8-10% annualized real returns.
Not if you consider that the return was a nice side effect of also not crashing the world economy. Not every "investment" is just about making money, this one just had the nice side effect of not costing it as well.
This is a commonly repeated trope that is completely false and based on very questionable accounting. Namely the omission of opportunity cost and the comparison of static parameters to temporal parameters.
What do you think that paper actually says? I keep seeing it cited as "no, this is how much the bailouts really cost!", but that's not what it's about at all and anyone who has actually read it cannot credibly come to that conclusion.
It's about assessing the fair value of the bailout programs, at the time they were executed - i.e. the estimated net present value of the future cashflows under the bailout programs. The author argues that it unhelpful from a policy perspective to do an ex post analysis because it only describes what happened in this case, rather than what could've happened. i.e. when considering whether a bailout is good value, we should consider what happens if its unsuccessful.
There is absolutely no doubt that the bailouts have been profitable for the government in terms of actual repayments.
"Drawing selectively on existing cost estimates and augmenting them with new calculations, I conclude that the total direct cost of crisis-related bailouts in the U.S. was on order of $500 billion, or 3.5 percent of GDP in 2009. [...] Those conclusions stand in sharp contrast to popular accounts that claim there was no cost because the money was repaid, and with claims of costs in the multiple trillions of dollars."
From 3.1.3. See Wall's analysis of Fannie Mae and Freddie Mac for more detailed discussion of their bailout costs:
"Treasury collected $147 billion from Fannie and $98 billion from Freddie. As explained earlier, interpreting this tally as a cost measure is conceptually flawed for several reasons. Wall (2014) also discusses the shortcomings of this approach, which has been used to argue that the government has been more than fully repaid and that value should be returned to the shareholders."
From the conclusion:
"Nevertheless, the total is large enough to conclude that the bailouts were not a free lunch for policymakers as some have claimed."
What the paper is saying seems pretty clear to me: bailout costs have been inaccurately measured and reported popularly at both ends. It was neither unfathomably expensive, nor profitable to the tax payer.
If you lend me $100 and I pay you back $107 you can declare you profited from the loan if you literally only look at the principal and repayment amount, but finance is not so simple, especially at a national level. Opportunity cost, inflation, depreciation, and numerous other factors exist. The total cost of you lending me $100 could have been significantly more than $107.
I invite you actually to read the whole paper. Please pay attention specifically to section 2.1 where the author contrasts "fair value", "ex ante" and "ex post" approaches to direct cost estimation.
The paper says that you cannot look at a successful bailout and conclude that it must have been good policy, because success was not guaranteed; you instead need to look at the range of outcomes that are reasonably possible to estimate the likely costs.
The author doesn't at all say that the "ex post" account of actual cashflows is an inaccurate measurement of what happened; only that it doesn't represent a useful policy tool for estimating whether other bailouts represent good value.
Section 2 is literally the basis of my original point that declaring repayment as profitable to the tax payer is inaccurate accounting of costs. I've read the entire paper. I'm not sure why you're so bent on ignoring plainly stated facts that align with my contention that the bailouts were not profitable to the tax payer. They weren't. It's explicitly stated.
"At 3.5% of 2009 GDP it is a cost that is big enough to raise serious questions about whether taxpayers could have been better protected."
It even directly states that citing the propublica bailout tracker, which the root comment does, as evidence of "profit to the taxpayer" is deeply flawed and one of the reasons the paper is addressing the issue. This is the entire reason I cited it
"The press typically reports bailout costs on an ex post cash basis despite the problems with that approach. For example, ProPublica, a highly regarded non-partisan news organization, created a 'Bailout Tracker' that has been keeping a running tally of government asset purchases and cash receipts under TARP and from the bailout of Fannie Mae and Freddie Mac. In their most recent update dated September 27, 2018, they report a total net government 'profit' of $97 billion. Policymakers also tend to cite ex post cash results. For example, in 2012 former president Barack Obama claimed that, 'We got back every dime used to rescue the banks.' Other media outlets report skepticism about such claims,7 but news organizations generally lack the financial acumen or resources to produce credible cost estimates of their own."
You're not going to force your flawed interpretation onto me and convince me the author is not stating exactly what she's stating plain as day, and has reinforced with subsequent work and commentary. That's called gaslighting
“My analysis imposes the discipline of a fair-value approach, which incorporates the uncertainty about the size of eventual losses at the time assistance was extended and the cost of that risk. By contrast, popular accounts simply add up realized cash flows or tally total risk exposures.”
As we look back, there is no uncertainty. We know what happened. The bailout was successful (within its parameters) and was more than repaid. You don't need to do any counter-factual analysis to show that, you can just go look at the reports to Congress from the Department of the Treasury.
To understand that paper, take an analogy from gambling.
Say I plan to play roulette; I'm the U.S. government, the bet is the bailout. Let's just assume I'm going to bet $1 on red.
I want to understand the cost of the bet at the time I place it; this is the fair value of the wager (bailout). The odds against winning a bet on red with an American roulette wheel are 1 1/9:1 and the payout is 1 to 1 - so the expected (fair) value of the bet is -$0.053. The author attempts to do the same for the bailout, bearing in mind the uncertainties, and comes up with -$500bn.
Now, at the roulette wheel, the expectation that I'm going to lose out $0.053 needs to be balanced against the excitement and pleasure of the wager. In the bailout case, the fair value of the bailout needs to be balanced against the anticipated broader economic results of the intervention like containment of the credit crisis and the shoring up of the mortgage system.
We spin the wheel and it's 32, red. We're lucky and so we win back our stake plus another $1. In the case of the bailout, the intervention was successful, the economy recovered, and the bailout money was more than repaid.
The popular account that the author alludes to corresponds to looking at this bet and saying "betting on red was obviously the right thing to do because I made 200% of my money back and I had fun gambling". The author isn't disputing that the bailout was more than repaid (she stipulates that in the abstract of the paper!), or that the economy rebounded. She is absolutely right that this is the wrong way to look at the expected cost of a bailout in the future.
Fundamentally, from a finance/economics perspective, there is no incompatibility between saying "the fair-value cost of the bailout was $500bn" and "the government made billions of dollars on the bailout". That's because the definition of a cost requires an analysis of the expected return. You do agree with this, right?
The original comment stated that the bailouts have been profitable for the taxpayer and cited the ProPublica bailout tracker as evidence of this.
I said that they have not been profitable to the taxpayer. I pointed out that the conclusion that they've been profitable to the tax payer is based on flawed cost accounting methods and cited the paper.
In the paper, the author very explicitly stated it was not profitable to the tax payer, directly calls out the misleading nature of the ProPublica tracker, explains why it's misleading, verbosely explains and justifies a more accurate cost accounting methodology, describes the results of using this methodology, and commentates on how these results and the methodologies that produce them may be used in the future to make more accurate and less misleading cost assessments of bailouts in the future.
I've directly quoted the paper numerous times in which the author clearly states that the bailouts were not profitable to the taxpayer, flaws in methodologies that indicate they were profitable to the taxpayer, and why different methodologies are needed that more accurately reflect whether the true cost of a bailout results in a situation that is profitable to the taxpayer.
In conclusion, and to reiterate my original point. The bailouts were not profitable to the taxpayer except when using deeply flawed cost accounting methodologies such as ex post cash flow analysis, which the author, in great detail, explains is a woefully inadequate for measuring the cost to the taxpayer of a bailout.
In fact because it is most likely that a recession will be followed by a recovery, it is probable that the government will show a “profit.” However, bailouts are costly because of the possibility of relatively unlikely but very costly states of the world where recessions persist and recoveries are low.
As I think we can agree, it was not the case the 2008 recession was persistent with low recovery; yet it is the possibility this could have been the case that increases the cost.
Cost analysis is absolutely orthogonal to an actual accounting of profit and loss, which is why the author consistently uses quotes around the word "profit". The cost of doing a thing has nothing at all do with whether it turns out to be profitable! Profitability is exactly a matter of ex post cash accounting; there is just no other way to measure it.
I guarantee you have never quoted a section of the paper that says the bailouts were unprofitable to the taxpayer because the author never makes that claim: because it would be false. You will also never find a reference to "cost accounting" in the paper, again because those concepts are orthogonal within the author's framework. By all means double-check the paper on both those points.
If you're trying to answer the question "did the tax payers get back more money than they put in to the bailout", then the only way to do that is by ex post analysis of cash flows: the answer is "yes they did". If this were a business, that would be the definition of a profitable investment.
Until you understand that costs are nothing to do with profitability, you're doomed to misunderstand this paper.
"The government earns a 'profit' from the bailout of -$200 + $210 = $10 million. Figure 3 illustrates the situation and makes clear its conceptual shortcoming."
"At 3.5% of 2009 GDP it is a cost that is big enough to raise serious questions about whether taxpayers could have been better protected."
You're just plain wrong mate. Taxpayers don't need to be protected from profitable ventures. I dunno what the hell definition for profit you're making up, but it's literally defined on the basis of cost in accounting and finance.
... "conceptual shortcoming" as a cost analysis technique, which is the subject of the paper. I literally just explained this in my prior post. Cost analysis can tell you nothing about profitability. Cash flow analysis can tell you nothing about costs.
Protection means "structuring the bailout differently to reduce the downside risk".
Accounting profit is literally revenue minus appropriate cost analysis. You can't determine profit without appropriate cost. That's the point of the paper and my contention. You're wrong. Stop gaslighting.
Cost means something different in economics from what it means in accounting. A cost in accounting terms is an expenditure. When an economist talks about a cost, they are talking about an opportunity cost, which is one that is contingent on the expected return of an activity. If you don't believe me, go read about it on Wikipedia or whatever.
Section 2.1.1 - "For a bailout cost measure to be economically meaningful, it has to be evaluated as of a fixed point in time. In most cases, the natural choice is the year the bailout is initiated, for instance, when new legislation is passed or administrative policy changes are announced or implemented, or shortly thereafter."
The author does this. She evaluates the cost of the bailout at a fixed point in time, the year the bailout is initiated, which is to say 2008. She arrives at a number of $500bn.
What happens after 2008 is irrelevant to her cost analysis. If you don't understand this, you don't understand anything about the paper at all. Look at every subsection in section 3 where the author considers the different elements of the bailout. When she's considering fair value cost, it's always in reference to contemporaneous reports (2008/2009 sources) or estimates on that basis.
Also, please stop accusing me of gaslighting: I'm not asking you to question your reality, I'm just asking you to question your understanding of an economics paper - there's no power dynamic here that would put you into a vulnerable position and allow me to bully you, even if that were my intent. We're just people on the internet.
I'm done here now, by the way, as there doesn't seem to be much more to say. If you have friends who have a strong background in economics, I really suggest you show them the paper, and this thread.
I thought the whole point of Bitcoin and similar cyber coins is a decentralized system. But it appears it is not the case. Still the infra is controlled by certain large private corps. Some of them known to Public and some are not. What if this controlling entity which has access to the code commits purposefully did "exploit commit" and take the money out of the system or what not. All it took is couple of approvals to a pull request. This is centralized system to the core.
In this case it's the bridge that's fairly centralized. There wasn't any hard forks or other manipulation of the underlying blockchains (except for sending transactions on them).
Exactly. Vitalik Buterin even shared his concerns on the fundamental security limits of cross-chain bridges earlier this year:
> For example, suppose that you have 100 ETH on Ethereum, and Ethereum gets 51% attacked, so some transactions get censored and/or reverted. No matter what happens, you still have your 100 ETH. Even a 51% attacker cannot propose a block that takes away your ETH, because such a block would violate the protocol rules and so it would get rejected by the network
> Now, imaging what happens if you move 100 ETH onto a bridge on Solana to get 100 Solana-WETH, and then Ethereum gets 51% attacked. The attacker deposited a bunch of their own ETH into Solana-WETH and then reverted that transaction on the Ethereum side as soon as the Solana side confirmed it. The Solana-WETH contract is now no longer fully backed, and perhaps your 100 Solana-WETH is now only worth 60 ETH. Even if there's a perfect ZK-SNARK-based bridge that fully validates consensus, it's still vulnerable to theft through 51% attacks like this.
> I thought the whole point of Bitcoin and similar cyber coins is a decentralized system. But it appears it is not the case.
It's the case in Bitcoin, but not as much in Ethereum and other ecosystems. The latter have a track record of compromising on that principle to bail out thefts enabled by shoddy engineering practices (this, The DAO, etc).
Crypto is not monolithic. Bitcoin is still by far the most decentralized token. Many new crypto currencies have more or less centralized characteristics.
But in this case, the bridge is a smart contract. You too can create a smart contract with full power given to yourself. So being a smart contract does not say that it’s centralized or decentralized. A decentralized smart contract is called DAO, if we omit some details.
I was replying to another comment and came to a realization. It deserves its own comment.
Jump Trading fixed the problem by depositing $320M ETH tokens into the Wormhole's ETH account to ensure the falsely issued wETH tokens are backed. The fake Solana tokens released from the fake wETH were deposited back into Wormhole's Solana account. They are still in Wormhole's Solana account after the re-capitalization. It's basically they're using the $320M ETH tokens to buy a bunch of Solana tokens, created by the hackers.
So at the end, they're not really out of $320M money; they still have the $320M Solana tokens, fake or not. It's just the general public got screwed by having $320M of Solana tokens inflated up on them.
I don't think this is right at all. The attack first created 100,000 wETH ($320 million) on the Solana side, and then bridged 93,750 wETH ($250 million) to ETH on the Ethereum side [1]. So some of the added ETH backs the remaining 6250 "extra" wETH tokens on the Solana side, but almost all of it would have gone to replace the stolen 93,750 ETH, and that's a pure loss. Either way I don't think this would cause any inflation, since the wETH still corresponds 1:1 with locked ETH.
In a normal setting when a user deposits his SOL to create the wETH, where does the SOL go at the end when the wETH is settled? Where does the SOL go when it's released from the wETH?
The wETH pairs X amount of SOL with an ETH. When it's settled, it releases both the SOL and the ETH to the corresponding parties. When the wETH is falsely created, it creates the SOL it wraps.
SOL is the gas on Solana smart contracts. In a "normal" transaction on Solana, SOL goes towards paying the TX fee itself.
In the case of the Wormhole bridge, there are transactions on both the Ethereum mainnet side (paid for in Ethereum gwei) and the Solana network side (paid for in Solana gwei). The only lossy factor is in the bridging fees themself which are typically a "flat" fee.
This isn't correct. There's no Solana tokens in the equation at all, so I assume you mean wrapped ETH on Solana, and that all got sent through the bridge to Ethereum, so it doesn't exist anymore.
I think you've gotten confused. Jump did have to fork over $320m worth of tokens to fill the hole from the hack. There's no weird accounting trick here
> Jump Trading fixed the problem by depositing $320M ETH tokens
Do you have an etherscan link (ie txid) for this?
At the moment all we've got is a "funds are SAFU" tweet.
$320M is not chump change. I have trouble believing this ends any other way than (a) Wormhole goes kaput, (b) hacker gets doxed and gives back the loot. There might be a lot of fractional-reserve posturing before one of these occurs, of course.
Yes and no. I see your point on one hand. Hackers mint 120k wETH. Bridge guarantees 1 wETH = 1 ETH. Therefore, hacker transfers 120k ETH to their Ethereum account. They can then sell this for approximately $320 M not to Wormhole or Jump Trading, but to the market who will collectively pay $320 M hypothetically (of course, slippage is a thing).
But, on the other hand, since Jump restored 120k wETH (valued at $320 M), they kind of are “out” that money in the sense that they would not have spent that without the hack. They are now forced into an “investment” of 120k wETH. They may profit from their investment if the price of the asset rises, but they may also lose some of their investment if the price decreases. Likely, it won’t fall to 0 so they are not “out” $320 M in the sense that the hackers directly stole that, but they essentially forced to trade $320 M for 120k wETH.
I don’t see how the public is screwed here. There is no “inflation.” They essentially increased the backing assets of the bridge by 120k wETH at current ETH market price.
“The SOL token distribution is as follows: 16.23% went towards an initial seed sale, 12.92% of tokens were dedicated to a founding sale, 12.79% of SOL coins were distributed among team members and 10.46% of tokens were given to the Solana Foundation. The remaining tokens were already released for public and private sales or are still to be released to the market.”
So how were the seed Solana tokens backed by ETH based on the distribution? Weren’t they created out of the thin air?
Isn't it Jump Trading that is out $320M? Didn't they put up the money to make sure the maliciously created Solana tokens were backed by [whatever they're supposed to be backed by]? Jump doesn't own the tokens now, do they?
Jump Trading still has the maliciously created Solana tokens at the end, valued at $320M. They might lose some by Solana inflation but it's not like they're really out of $320M.
They apparently just supplied the backing assets without receiving anything in exchange, presumably to preserve trust in the larger ecosystem/chain. Pretty interesting precedent!
Or central banks, for that matter? They print new money, and use it to buy and hold financial assets (usually government bonds). New money was added to the system, other assets were taken out.
They didn't expand the supply of SOL, they "expanded" the supply of wormhole bridged ETH, or rather returned the liquidity ratio of bridged ETH to 1:1.
Bridged assets are really just an IOU issued by the bridge, all the assets remain in custody of the bridge on whatever network they came from (in this case, Ethereum mainnet). As long as you can take that "IOU 1 ETH" to the bridge and get back 1 mainnet ETH, everything runs smoothly. If you can't, the market will decide the value of those IOUs accordingly.
Easy - print 300 millions of any one of the half a hundred existing stabletokens, then exchange them for ethereum tokens. Or if they were of the founders of some token, they can spend part of their premine for Eth. Possibilities are endless if the market is "free" :)
That's not actually a thing though. There are people/entities with large ETH holdings who could well be motivated to foot this loss, but they can't just magic (real) money out of thin air.
Bitfinex isn't the party in question here. Unless Jump has their own coin they can mint out of thin air and convince people to buy for Ether, or are able to convince any of the other main tokens to mint for them, this scenario isn't even plausible.
None of this is remotely accurate and nobody minted Solana. They minted tokens that no longer exist ON Solana. $320 was spent in ETH - a plenty liquid asset that they have that much less of and that lowers the total value of their holdings by that much.
I'm not sure about the state of things in 2017, but in 2022 Coinbase will convert your USDT into USD and let you withdraw it. I have a lot of trouble believing the likes of Coinbase have either not done serious diligence on Tether or are willing to perpetuate what would probably be the largest ponzi scheme in world history by a long shot. Coinbase is a public company with executives that are not eager to go to prison, not a bunch of anons with frog avatars.
Jane Street made $8bn in 2020 [1]. $320M is probably peanuts in exchange for maintaining the stability of a market they dominate in capturing arbitrage money on.
Jump Trading Group isn't some rando crypto org, it's a legit hedge fund established in 1999. Supposedly it has at minimum $150M AUM[1] but because it's a private company nobody actually knows the real amount. We can predict that they probably have a few billion in cash lying around if they've been successfully trading for over 20 years. Jump Crypto, the group that bailed out Wormhole, is their crypto trading division.
The numbers are off because it is a private company. They have $150M in disclosed assets, the true number may be magnitudes higher and probably is if the company can cough up $320M on a dime. Unless you have insider trading information there is no way to know Jump's real AUM.
And $300M available for use within 24 hours. I'm sure Google, Netflix and Walmart all have $300M+ they wouldn't care if it went missing. But all the paper and presentations needed to touch a tenth of that sum would take months. But this guys had it on hand as if they were quarters at an arcade.
I didn't explain my reasoning there. Most of SOL is in the hands of VC investors and hasn't hit the free market.
If you don't have any other liquid asset, it would make sense to go the route of selling your SOL for ETH. But it looks like this was not necessary and the ETH to fill up the contract again was either at hand or sold over the counter.
The $21B is the trading volume for all pairs. Most ETH pairs are BTC, fiat currencies or stablecoins. If somebody had sold SOL to get ETH that would have been noticeable.
I love FOSS, but attackers being able to exploit bugs they read in fixes before they are deployed is certainly a downside - especially when the project manages billions of dollars.
What process can/should be implemented to address this attack vector?
Holey moley, that is insane. It's pretty wild that a good test engineer can either eat dirt at a big company or help himself to millions of internet dollars by robbing poorly-secured startups
Your argument about security is as old as FOSS itself, and it usually comes down to whether security through obscurity is valuable or not. I wouldn't say I'm qualified to weigh in on it either way myself
My question is less about security by obscurity, and more "how does solana/wormhole move forward"?
Would node administrators accept a non-OSS (or post-adoption open sourcing) patch, and run it on their nodes trusting the devs until adoption is wide enough to prevent exploitation?
It seems like blockchains could be in a pickle where bugfixes will inherently get exploited if they aren't released obscurely, but their users wont tolerate obscurity.
Nobody except attackers looks at the code so you can release whatever, claim it's open source whether it is or not, and people will run it. As long as number go up. Also, this hack was on a smart contract not the node software so there's really no convincing needed; Wormhole probably could have updated the contract on chain then released the source seconds later and it wouldn't have been vulnerable. Their mistake was releasing source of the patch over 10 days before applying the patch on chain.
They got robbed. Their parent and VC stepped in to bandaid over the terrible terrible press by throwing money at the problem in a bid to rebuy trust.
I've started asking people explicitly: how can anyone who has ever programmed professionally, entrust themselves to someone's program?
The interesting lemma is, don't we do that all day?
To which the obvious rejoinder is, yes, but when we do so, it is almost always in contexts in which litigation and consumer action and introduced a massive obligation of transparency, best practices, liability, insurance, and other regulatory oversight and burdens. Which still fails, e.g. when Boeing bug kill planeloads.
The wild west of this "smart contract" world has almost none of that.
Sadly the answer to the rhetorical "what are people thinking!?" is no mystery. Those that are, are mostly on the side of the grift.
Vitalik warned about cross-chain bridge risk just a few weeks ago:
My argument for why the future will be multi-chain, but it will not be cross-chain: there are fundamental limits to the security of bridges that hop across multiple "zones of sovereignty".
Note that cross-rollup apps within one zone of sovereignty are still fine. Not also that this also is a limit to the "modular blockchains" vision: you can't just pick and choose a separate data layer and security layer. Your data layer must be your security layer.
This isn’t the quite the scenario he was talking about. The Wormhole exploit is just a bug that could’ve occurred even if the bridge didn’t cross chains.
Despite being large, it was still an isolated incedent compared to the multi-chain heist one could pull off with a 51% attack on a single chain.
It's also a pretty dumb article which is very surprising coming from Vitalik. 51% attacks of the sort he describes are (remotely) possible whenever a blockchain interacts with any sort of system, not just another blockchain.
In his example, someone uses a bridge to create wrapped Eth on another chain, and then 51% attacks Ethereum, returning the Eth they used to themselves, while keeping the wrapped Eth on the other chain.
It's just as easy to have a scenario where someone sends Eth to an exchange, sells it, and then does the same thing.
To be fair the situation he was talking about was that bridges are vulnerable to reorgs/51% attacks on either side and if that happens the bridged asset might lose it's peg, while the local/native asset won't.
Restored is an interesting choice of word, Jump replaced the ETH at their cost is my read? It’s not like they wound back the transaction or got the ETH back.
They would want to be confident there are no more bugs, only a few days ago this happened, did they do a full audit of things before tipping it in? Imagine if they lost another 320m !
"restored"... that's an interesting word here, and it suggests that money was manufactured to replace that which was drained (which itself was a kind of manufacturing).
The previous HN tweet thread story about this described so many dependent moving parts that I imagine great difficulty in properly testing and proving that the entire system worked correctly in all cases. If it is built as described in that story, auditing would be an enormous task... and further, putting your name on that audit would be very risky to your reputation (since almost inevitably you will miss something and it will be exploited).
In summary, the system was too complex and offered too many ways for something to go wrong or be exploited.
The stolen cryptocurrency was not recovered. The company put in its own real (fiat if you prefer) money to cover the losses. They did this because if they don't, the operation will collapse; no one will invest if bad security means all the money disappears.
IIUC, the hackers minted new coins, they didn't transfer ownership of anything from its legitimate owner to themselves.
So I'm curious to hear: do people consider this "stealing"?
The article uses the word often and even goes as far as "unlawful" but would this have broken any laws? Even CFAA seems out since no computer was accessed without authorisation.
As a part of the hack the attacker did transfer 320M million worth of previously existing coins to themselves. That was the payoff for the hack, and the entire point of doing the hack. The minting part was just a stepping stone to that.
Also, the attacker definitely exceeded authorization - it was literally the authorization component of the code that the attacker bypassed by substituting part of it with their own ringer code.
How is this different from a bitcoin miner minting coins, trading them for another coin, and withdrawing?
If code is law, attacker was playing by the rules. I don't think this is clear-cut illegal. It looks illegal-ish, but I think a good lawyer could argue it isnt.
Does Solana/Wormhole have ToS that (in the courts eyes) overrides the state of the blockchain? If they did, doesn't that kind of defeat the purpose of a decentralized blockchain?
An exploit is technically always following the rules of a system. Take for example a sql injection. The system allowed a sql injection, you told the system to execute the sql code of your choice and bam you got what you wanted at the expense of the counterparty. This would still be considered illegal.
code is code, code isn't law. Even if you try to call it 'smart contracts'.
Code isn't law, is the point. No matter how many times people try to claim that, the legal system does not, to my understanding, actually work that way.
It would depend entirely on what a judge and a jury think about how the law ends up getting applied, were this tried in US courts.
If code isn't law, could a crypto holder sue a crypto miner for inflating the market supply and reducing the value of their holdings?
What is the legal distinction between mining (which is intent of the protocol) and this attack (presumably not the intent of wormhole)? Do blockchain services need to create ToS's which can legally supercede in the case of bugs in order for courts to punish attackers? Would blockchain users accept a service with such a delegation of state?
Interestingly enough, the only people I see saying “code is law” nowadays are people who are accusing the blockchain community of being the ones pushing that idea.
Ah, I wasn't aware of the previously existing coins. This being DeFi though, was it clear who owned those particular coins or were they "owned" by the program?
I'd actually be interested to know if crypto can, from a legal perspective, be owned. Has crypto theft been successfully prosecuted before?
As for exceeding authorisation, yes, true, but IIUC, CFAA only makes illegal the unauthorised access to a _computer_. Since this is a crypto program, is there an identifiable computer that was accessed without consent?
To be clear, I'm not making any moral judgements here, I'm just curious how our current laws and moral positions apply to crypto.
Bloomberg's story on this includes the paragraph "Wormhole developers offered the hacker a $10 million bug bounty for exploit details and the return of the funds." It does not explicitly say the hacker took that bounty or refunded the stolen money. Any guesses?
Looks like your money got sucked into a crypto wormhole.
Teleported, elsewhere, through mathematimal impossibilities no-one with a computer can prove; and if they do, all the value put in disappears into the void.
Another question to ask - who lost most of the ETH in the first place? Could some of this be VCs paying themselves back and shoring up their investment in Solana at the same time?
> Notably, the hacker carried out an unlawful mint of 120,000 wETH, which was valued at around $322 million at the time. They carried out the assault by taking advantage of a Solana VAA weakness, a bridge function that verifies asset transfers.
Could anyone provide specific details as to what occurred, and how the weakness was actually exploited?
Bitcoin's network cannot be stopped by anyone. How does Solana achieve that? What does "decentralized" even mean when everything depends on individual operators?
If you had quoted the whole sentence you would've seen it's Wormhole that's down for maintenance and not Solana. Bridges aren't fully on-chain by definition and even if they were just a smart contract you can definitely have a pause clause in your code.
My speculation on this is that such a failure is catastrophic enough to destroy an entire blockchain. Solana has made billionaires out of a small group of people and they'd much rather fork over the 300 million dollars to plug this hole so as to preserve the remainder of their wealth, instead of having Solana crash to become worthless.
While in principle a bug like this could have happened on Ethereum, or any programmable blockchain platform, ultimately this attack happened on the Solana blockchain and is an attack on Solana. The people who have a vested interest in seeing Solana survive will have coughed up the funds.
Finally, it's worth keeping in mind that while failures like these become very public and it seems like cryptocurrencies are always doing nothing but crashing, failing, and losing money, there are also plenty of people making millions and even billions of dollars a year offering crypto related services. To those folks 300 million dollars, while not trivial by any means is also not the end of the world if it will allow them to continue operating.
Also noteworthy is that bridge technology is what allows these chains to have immediate utility to the market faster.
Centralized Exchanges are extremely slow in listing new blockchains, especially meta assets on those blockchains. For example, want USDC on Solana? Sorry even if your exchange listed Solana and allow for withdrawal of native SOL, they aren't allowing withdrawals of tokens to the Solana network. They dont know, don't care, don't have the development resources to prioritize that, aren't even familiar with a erc-20 standard of tokens yet, and legal hasn't gotten the rubber stamp from the New York Department of Financial Services anyway so why bother catering to the rest of the world..
Whereas the permissionless bridges plug in immediately and billions of dollars of assets can move in without bothering with a centralized exchange. Building starts immediately, forget about the permits.
So, private participants fixing a crucial bridge is the rational move.
I was wondering how a bridge could hope to earn back $300M in fees in any reasonable horizon, but if we view Wormhole as a loss leader to pump the overall Solana ecosystem (which I guess Jump is invested in) it makes sense.
I don't get that impression. It's patched and more resilient now, the exploit occurred with someone watching the github about the patch, or even more likely it was someone on the dev team/discussion about why the patch was needed. The "guardians" are still there and distributed. I don't see more distributed bridge styles being real competitors at least to Wormhole on the Solana network. Individual users didn't lose funds and their exposure is always limited to a few minutes.
Didn't they do the unthinkable a few years back, for Ethereum itself? They forked the immutable database because of a bug or exploit, I forget what it was exactly.
Similar story, rich people protecting their assets.
The failure of the first DAO for Ethereum in 2016 is what you are talking about. [0]
Its a similar story, but this time no individual at the top reversing the whole blockchain of that transaction and hard forking it to cause a revoult against the main blockchain or a new group creating something like Solana Classic, etc. whilst talking about 'code is law'.
Guessing from the available information, Wormhole works by having a pile of ETH in its account, a piles of wETH tokens backed 1-to-1 by the ETH in the account, and piles of other types of tokens, like Solana.
When the wETH coins are initially set up, there's a way to deposit the initial ETH tokens into the Wormhole's ETH account to jump start the whole process.
When a user wants to convert Solana to ETH, he deposits the Solana tokens to the Wormhole smart contract and it issues the wETH tokens at some exchange rate, taking a 1-1 ETH from Wormhole's ETH account, tying the Solana and the ETH in the wETH tokens. After the dust is settled, the user can convert the wETH tokens to ETH. The Solana tokens held in the wETH tokens are deposited in Wormhole's Solana account, the ETH tokens held in the wETH tokens are released to the user. Everything is good.
The hack was to create a bunch of Solana based wETH tokens out of the thin air, exploiting a bug in teh Wormhole smart contract. The hackers forced a settling of the fake wETH tokens against Wormhole's ETH account, taking the ETH away. In the process, leaving whole bunch garbage Solana tokens in Wormhole's Solana account. Now Wormhole's ETH account is down by $320M. Whatever wETH tokens floating out there have no 1-1 backing from the ETH account. The whole thing can collapse with a bank run.
They fixed it by depositing $320M ETH tokens into the Wormhole's ETH account to ensure the fake wETH tokens are backed as well. The fake Solana tokens are still in their account. It's basically they're using $320M ETH tokens to buy a bunch of Solana tokens, which the hackers created.
So at the end, they're not really out of $320M money; they still have the $320M Solana tokens, fake or not. It's just the general public got screwed by having $320M of Solana tokens inflated on them.
It's not the original funds that were restored; one of the hedge funds behind Wormhole put in an extra $320 million to balance the books again. The hackers still have the original $320 million.
Could this hack have allowed for the printing of eth on solana that did not actually exist on the eth blockchain or was it limited to real eth that had been bridged to solana?
You probably could have printed infinite fake ETH on Solana, but soon enough someone would have noticed that the amount in circulation exceeded what was stored in the bridge which should be impossible.
They can print unlimited Solana wETH, but it’s worthless if it cannot be exchanged for Ethereum ETH. In this case the Ethereum contract would not have had the funds to redeem all of the IOUs (wETH) in existence on Solana.
I can't imagine the target they have on their back right now. They'll have quite a decision on their hands if someone takes this second round of $320 million.
sounds suspicious how the hack occurred an hour after update, and all the funds restored as if nothing happened. Inside job or someone was tipped off? Tell your friend that there will be an update, the time, and have him exploit it on your behalf. I wonder how many of these hacks, exploits are inside jobs. Probably a lot.
guys, if you have crypto assets, move them qredonetowrk
they are decentralized custody. they will save you fees from ETH.
remember, if you don't own your keys, it's not your assets
"Jump put up 120k of it’s own ETH because we believe in Wormhole and want to support it in this stage of its development."
https://twitter.com/KariyaKanav/status/1489312871456649228
I think Jump Crypto also also heavily trading across the bridge, which means that some portion of the lost funds were their own funds.