The value of an up-and-coming cryptocurrency that has been touted as a possible successor to bitcoin slumped on Friday, after a hacker took advantage of a software flaw to siphon off nearly $50m worth of digital bits.
The currency, called ether, tumbled by 25 per cent, souring a rise that had seen the total value of ether in issue reach a peak of $1.6bn earlier this week.
Ether is the currency used by Ethereum, a blockchain platform that has been winning an increasingly enthusiastic following this year in the cryptocurrency world. Ethereum can be used to create so-called smart contracts, or automated agreements, making it a distributed platform for all kinds of business transactions beyond currency transfers.
On Friday, Vitalik Buterin, the Russian programmer who came up with the idea for Ethereum while a teenager, pleaded for online exchanges to halt trading ether while developers try to sort out the software flaw. The problem occurred in an application running on Ethereum rather than in the system itself and people involved in the system “should sit tight and remain calm”, he urged.
Mr Buterin’s intervention, and the methods now being considered to undo the diversion of cash out of the system, mark an ironic inflection point for the cryptocurrency.
Supporters of systems such as bitcoin and Ethereum claim much of their value stems from the fact that they are distributed networks governed by clear rules embedded in software, making them immune from the kind of intervention by central authorities that characterise traditional monetary systems.
However, the Ethereum community might now have little choice but to go back on its principles and retroactively invalidate some past transactions if it wants to maintain confidence in its system, said Emin Gün Sirer, a computer science professor at Cornell University.
“This is our brush with ‘too big to fail’,” he added. “Otherwise, the number of people who will be turned away from cryptocurrencies and smart contracts will be too great.”
The crisis for Ethereum arose when it emerged that an unknown participant had taken advantage of a loophole in the system to siphon more than 2.4m units of ether from an entity called The DAO. Set up last month as a type of crowdsourced venture capital fund, the DAO raised nearly $170m worth of the digital currency, with a view to investing it based on votes from its members.
The weakness in The DAO’s software had been identified in advance, said Mr Gün Sirer, who had himself co-authored a paper pointing to possible flaws. He added that the complexity of writing code for Ethereum made the same flaw a potential threat in all applications on the system, though it represented a “growing pain” that was likely to be solved once more developers were aware of the problem.
Under The DAO’s rules, currency withdrawn from the fund has to sit in another account for 27 days, meaning that the ether that has been diverted is now effectively frozen. That has left Ethereum’s backers facing the choice of reversing the transactions, or allowing them to stay in place and leaving backers with a loss.
The decision has been complicated by the fact that the diversion of cash was not the result of an “illicit” hack of the system, said Mr Gün Sirer. Rather, investors in The DAO were simply outsmarted by someone who had a better understanding of how the code functions, he said.
The conundrum triggered a vigorous online debate on Friday over whether it was right for a central “authority” to intervene.
“Ethereum worked exactly as intended. I don’t believe software should be updated when it works exactly as intended,” wrote one commenter on Reddit. “You assume the risks of your investment. If you don’t understand your investment, you assume unknown risk. Anything else is a bailout by a central authority, ie the antithesis of the crypto world.”
Get alerts on Bitcoin when a new story is published