| ▲ | fragmede 7 hours ago |
| > Important: To avoid potential real-world harm, our work only ever tested exploits in blockchain simulators. We never tested exploits on live blockchains and our work had no impact on real-world assets. Well, that's no fun! My favorite we're-living-in-a-cyberpunk-future story is the one where there was some bug in Ethereum or whatever, and there was a hacker going around stealing everybody's money, so then the good hackers had to go and steal everybody's money first, so they could give it back to them after the bug got fixed. |
|
| ▲ | PunchyHamster 6 hours ago | parent | next [-] |
| The whole ethereum fork was such a funny situation. "Our currency is immutable and all, no banks or any law messing with your money" "oh, but that contract that people got conned by need to be fixed, let's throw all promises into the trash and undo that" "...so you just acted as bank or regulators would, because the Important People lost some money" "essentially yeah" |
| |
| ▲ | ChadNauseam 5 hours ago | parent | next [-] | | The old version stayed around but (essentially) nobody wanted to use it. If they had, the forked version would be worthless. That is the difference. A cryptocurrency fork cannot succeed without the consent of the community. No one is compelled to use it the way that you are compelled to accept the decisions of a regulator. | | |
| ▲ | ceejayoz 5 hours ago | parent [-] | | Well, the consent of some of the community. Potentially far, far less than a majority of the community, even, considering it's not one person, one vote. |
| |
| ▲ | 4 hours ago | parent | prev | next [-] | | [deleted] | |
| ▲ | latenightcoding 6 hours ago | parent | prev [-] | | when the core devs lose money, the rules change. | | |
| ▲ | DennisP 5 hours ago | parent [-] | | It's been nine years since the chain split, which happened within the first year. No irregular changes have been made since then. Two major hacks caused over a hundred million dollars in losses to Parity, a company founded by one of the core devs. That dev lobbied heavily for rescue, and the community refused. Bitcoin also made an irregular change, a year and a half into its history. | | |
| ▲ | csomar 4 hours ago | parent [-] | | It just shows that the decision making is very centralized and failure of ETC shows that the community is not interested in a true immutable ledger. |
|
|
|
|
| ▲ | toomuchtodo 7 hours ago | parent | prev | next [-] |
| I’m surprised folks aren’t already grinding against smart contract security in prod with gen AI and agents. If they are, I suppose they are not being conspicuous by design. Power and GPU time goes in, exploits and crypto comes out. |
| |
| ▲ | JimmyAustin 6 hours ago | parent | next [-] | | There are a great many of them, you just can't see them in the dark forest. https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-forest | |
| ▲ | TheRoque 6 hours ago | parent | prev | next [-] | | Check the prizes for the bug bounties in big smart contracts. The prizes are truly crazy, like Uniswap pays $15,000,000 for a critical vuln, and $1,000,000 for a high vuln. With that kind of money, I HIGHLY doubt there aren't people grinding against smart contracts as you say. | |
| ▲ | px43 7 hours ago | parent | prev | next [-] | | Of course they are, and they've been doing it since long before ChatGPT or any of that was a thing. Before it was more with classifiers and concolic execution engines, but it's only gotten way more advanced. | |
| ▲ | mschuster91 7 hours ago | parent | prev | next [-] | | As soon as money in larger sums gets involved, the legal system will crack down hard on you if you are anywhere in the Western sphere of influence, easy as that. In contrast, countries like North Korea, Russia, Iran - they all make bank on cryptocurrency shenanigans because they do not have to fear any repercussions. | |
| ▲ | yieldcrv 5 hours ago | parent | prev [-] | | I mean they are, the only news here is that Anthropic isn't staffed by ignorant know-it-alls that wholesale dismiss the web3 development space like some other forum I know of |
|
|
| ▲ | venturecruelty 4 hours ago | parent | prev | next [-] |
| "Money". The real cyberpunks would switch to anonymous, untraceable cash. |
|
| ▲ | beefnugs 6 hours ago | parent | prev | next [-] |
| I couldnt find it in the article, how do they "assume" how many victims will fall to these contract exploits? And to go further: if it costs $3500 in ai tokens, to fix a bug that could steal $3600, who should pay for that? Whos responsibility is it for "dumbass suckers who use other peoples buggy or purposefully malicious money based code" ? At best this is another weird ad by anthropic, trying to say, hey why arent you changing the world with our stuff, pay up quick hurry |
| |
| ▲ | DennisP 5 hours ago | parent [-] | | Contracts themselves can hold funds. Usually a contract hack extracts the money it holds. $3500 was the average cost per exploit they found. The cost to scan a contract averaged to $1.22. That cost should be paid by each contract's developers. Often they pay much more than that for security audits. |
|
|
| ▲ | mightypirate 7 hours ago | parent | prev [-] |
| [dead] |
