IERI UNA PERSONA (SCONOSCIUTO)  HA PRELEVATO OLTRE 60 MILIONI DI DOLLARI DALLA DAO. La Dao è una struttura che e' stata creata poco tempo fa  usando come valuta di riferimento una Cripto chiamata ETHERIUM e una blockchain dedicata open souce. 
UNA STRUTTURA CHE E' STATA CREATA PER RACCOGLIERE CRIPTOVALUTA (COME FOSSE UNA SPECIE DI FONDO) .  La DAO e' stata creata per gestire in automatico i fondi che riceve, ridistribuendoli a progetti che vengono sottoposti e che gli "azionisti" decidono democraticamente di investire.Questa idea ha avuto un successo senza precedenti e ha saputo raccogliere in poco tempo una quantita' enorme di denato (oltre 150 milioni di dollari).
Ma ieri qualcuno ha prelevato 60 milioni di fondi ..qualcuno potrebbe pensare a un furto...qualcuno a un atto di un hacker MA E' VERAMENTE COSI? sentendo l'altra campana si scoprono cose molto interessanti e una diversa visione della realta'.
se uno crea una struttura per dare soldi seguendo una certa procedura (scrivendo un codice automatico) e una persona seguendo tale procedura preleva dei soldi si puo' considerare un furto? un appropriazione indebita? o no?
prima di andare oltre PROPONGO QUESTO ARTICOLO da BLOOMBERG che prova a riassumere la faccenda meglio:
about a hack at the DAO, the Distributed Autonomous Organization that lives on the Ethereum blockchain and that was supposed to take money from investors and invest it in projects voted on by the investors and administered through smart contracts. Instead -- surprise! -- the DAO was hacked, and about $60 million worth of Ether (Ethereum's digital currency) was stolen. Or that is the terminology -- "hacked," "stolen" -- that most people have used, and that I used this morning. But maybe it is wrong? The most interesting thing to read about the DAO hack is this Medium post:
By any usual interpretation (including those commonly used by’s team in the past hours) the hacker has stolen money from other users and violated the intent of the DAO.
However, according to the DAO’s own legal contract, there is no such thing as theft and the intent is completely unimportant — the only important and relevant thing are the smart contracts themselves. Consequently, there is no real legal difference between a feature and an exploit. It is all a matter of perspective.
For example, one interpretation is that this unusual recursive splitting function is itself a feature and that a user simply used this feature to take funds into a sub-DAO. In some ways this is no different from what attempted to do via its own proposal, except that instead of running it through the voting system it ran it through a splitting smart contract.
From the standpoint of the submitters of the original capital, this may seem an egregious departure from the marketing pitch. But from the standpoint of the DAO, there simply is no difference between the two. And the legal contracts seem to point to the DAO as the canonical version.That is: The DAO was advertised to users as, well, a Distributed Autonomous Organization that was supposed to take money from investors and put it in projects voted on by the investors and administered through smart contracts. (I mean, it was advertised in much more hyperbolic ways than that -- "a new breed of human organization never before attempted," etc. -- but the gist was a vote-based venture fund. See here for more explanation.) There were websites and forums explaining, in English, for humans, how the DAO would work, what its security features were, etc. (Some of the explaining was done by, a blockchain company associated with the DAO.) But there was also this bit of boilerplate:
The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain.
Or, as DAO's "Principles" page put it last month:
The DAO is borne from immutable, unstoppable, and irrefutable computer code, operated entirely by its members, and fueled using ETH which Creates DAO tokens.
The descriptions didn't matter; only the code did. The descriptions didn't allow for today's hack, but the code did. (By definition! If the code could be hacked, the code allowed for the hack.) Any vulnerabilities in the DAO's code were not flaws in the code; they were flaws in the descriptions -- which were purely for entertainment purposes. The DAO's websites failed to explain to investors that the code allowed a hacker to take $60 million by using a "recursive splitting function." But the recursive splitting function itself is part of the DAO's code, and therefore part of the DAO. Using it isn't a "hack," and using it to take money isn't a "theft"; it is just using the DAO as intended. Where the only measure of intent is what is allowed by the "immutable, unstoppable, and irrefutable" code.The words "hack" and "theft" make human, normative presumptions about how you're supposed to use the DAO code. But the code doesn't care. The code can't be "hacked." It can only be used; its use has no normative implications. As one person put it on Twitter: "So it's an arbitrage?"
This is of course childish and silly. It isn't how human institutions operate. But it is very much how "smart contract" utopians want future institutions to operate, or how they think they want those institutions to operate. "Immutable, unstoppable, and irrefutable"; free of human bias and stupidity and intervention; a utopia of coldly logical code. Human expectations are irrelevant, except to the extent that they are correctly translated into code. When we last talked about the DAO, I said:
The U.S. legal system has built up a pleasantly redundant system of safeguards so that investors usually get more or less what they expect. If you invest in a U.S. public company, you are in a sense signing up for a certificate of incorporation and bylaws, which are written in lawyerly language. But you also get a prospectus that explains the terms of your investment in relatively (relatively!) plain English. Also the terms of that investment -- how you vote, what duties the company owes you, what rights you have, etc. -- tend to be constrained by federal securities law, state law, stock exchange listing requirements, underwriter due diligence, public policy, custom and tradition. Even if you invest in a company whose bylaws say that the board of directors can sacrifice you to a demon on the first full moon of a leap year, it's unlikely that that term would be enforced. There is only so much leeway to depart from the standard terms.
If you invest your Ether in a smart contract, you'd better be sure that the contract says (and does) what you think it says (and does). The contract is the thing itself, and the only thing that counts; explanations and expectations might be helpful but carry no weight. It is a world of bright lines and sharp edges; you can see why it would appeal to libertarians and techno-utopians, but it might be a bit unforgiving for a wider range of investors.
That was exactly a month ago. The bright lines and sharp edges have now sliced the DAO's techno-utopians, or at least their wallets, apart.
The DAO's leaders, and the community at the Ethereum blockchain that created it, are now trying to fix the hack by freezing the hacker's funds and discussing what to do next. But it's not so simple:
I do not know quite how a court would decide, but it is quite possible that in the eyes of the court, the hacker is himself simply a legitimate operator operating in the bounds of the smart contract and it is those who are attempting to change the smart contract post facto that are violating the law.
Indeed, it could even be the case that the “hacker” in this case could sue for damages and the return of funds if the smart contracts were altered to “protect investors,” or whatever else our new regulatory system is attempting to do.
Good lord I hope that happens. There isn't much reason to think that a court, in a regular human jurisdiction, staffed by regular human judges, would see the world the way the DAO's disclaimers do. Just slapping a disclaimer on the DAO's website saying that no advertisements or expectations can "supercede or modify the express terms of The DAO’s code set forth on the blockchain" doesn't make it so. If Goldman Sachs had slapped a disclaimer on its contracts with the LIA saying that it had entered into the contracts at arm's length and after taking appropriate advice, and that nothing said or understood outside of the contracts could supercede or modify the express terms of the contracts, that wouldn't stop a court from hearing the LIA's case. It might help Goldman's argument, but the court is interested in the facts in the world, not just what is said in the contracts. If the DAOers find their hacker, or "hacker," and bring him to court, I am not sure many courts would be too sympathetic to an argument that his hack was just part of the system. (Any more than the FERC was sympathetic to JPMorgan's argument that its electricity trades were just part of the system.) And while cryptocurrency/blockchain/smart-contract fundamentalists have a tendency to think that they can place themselves outside of national legal systems just by saying that things happen "on the blockchain," the national legal systems have a tendency to disagree.
The most fascinating thing about the DAO hack may be the way it exposes these tensions. To true believers in smart contracts, there is no problem here. The system is fine; the failures -- writing bad code and not anticipating this attack -- were trivial, mere human error. Next time, write better smart contracts and you'll be fine. To those true believers, changing the code after the fact -- even to conform it to almost-everyone's reasonable expectations about how the DAO would work -- would be a betrayal of the smart-contract ideal.
On the other hand, to the humans who read the English descriptions of the DAO and invested their money based on their reasonable expectations, their losses probably do seem like a problem. You can't really base the financial system of the future on computers rather than humans, on trusting to immutable code no matter what happens. Financial systems are supposed to work for humans. If the code rips off the humans, something has gone wrong.
Ora le soluzioni al problema sono le piu' disparate. Qualcuno ha proposto di fare un hard fork retroattivo. In pratica i miners decidono di tornare indietro nel tempo e cancellare tutte le operazioni fatte prima di una certa data (la data del furto) IN MODO TALE CHE IL FURTO NON ACCADA.
Ma cosi facendo si creerebbe un precedente sfiduciante nei confronti della blockchain stessa. Questo furto infatti non è minimamente imputabile alla blockchain o a etherium ma a come è stato scritto lo SMART CONTRACT DAO. Quindi non si tratterebbe neppure di furto o appropriazione solo di un errore della dao ..e chi ha preso i soldi lo ha fatto rispettando lo smart contract DAO.
In pratica la utopia che il codice fosse perfetto porta a questa insanabile contraddizione. Se il codice prevale, lui non ha commesso un furto?
 leggete del resto le regole della DAO
 "The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. "
chiaro no?

 e' evidente che questo atto (attacco) di appropriazione di soldi dalla DAO (apparentemente regolare per le regole della Dao stessa) potrebbe essere considerato un reato in un modo o nell' ci si domanda subito: IN QUALE GIURISDIZIONE? E con quel tribunale competente?

quello che potrebbe essere fatto da parte di chi ha perso soldi e' trovare un giudice e spiccare un avviso di garanzia verso l'inventore e promotore della DAO..
QUESTI ULTIMI HANNO  promosso un codice, dichiarandone la perfezione, che ha indotto persone a trasferirti valori. E a causa di quel codice quei valori si sono persi.
Ma bisogna vedere se esite un proprietario del codice ..o se esiste solo un promotore e che cosa veramente si affermi sulla "perfezione" del codice..

l'intero meccanismo degli smart contract deve essere messo sotto processo e analizzato con intelligenza e nel rispetto delle normative vigenti. questo è un classico caso secondo il quale LO SMART CONTRACT HA AGITO BENE E QUINDI NON E' UN FURTO..MA E' UN FURTO SECONDO L'ETICA COMUNE E SECONDO ALCUNE LEGISLAZIONI
Insomma... NON ESISTE UN CODICE CHE VIVA DI VITA PROPRIA..vallo a dire a chi ci lavora sugli smart contract.....
comunque si intravedono  responsabilità del programmatore SUFFICIENTEMENTE PESANTI...
 ecco un primo pensiero da parte di un membro ASSOB.IT  :
Provo a sintetizzare le idee di quelli più attenti tra noi: Il danno alla reputation di Ethereum è grosso. Stiamo tutti aspettando la reazione della Foundation. Qualsiasi cosa decidano di fare avrà conseguenze molto dure o per i soldi di chi ha investito nella DAO o per la reputazione di Ethereum come ambiente decentralizzato e neutrale.
Per la reputazione di Ethereum nel lungo periodo saremmo dell'idea di non alterare il protocollo per arginare le perdite e agire in modo conforme ad esso costi quel che costi.
Chi ha investito in TheDAO sapeva cosa faceva o comunque avrebbe dovuto saperlo. Non essendoci una specifica di funzionamento e siccome le regole di funzionamento di TheDao sono scritte unicamente nel codice, l'episodio può essere classificato molto difficilmente come furto (dal punto di vista tecnico si tratta dell'utilizzo delle funzionalità della stessa).
L'episodio ha alcune similitudini con quello che il Bitcoin ha subito con Mt.gox. Sarebbe sbagliato cercare di rimediare agendo di forza sul funzionamento del sistema per un problema in un contratto.
Sono in atto colloqui febbrili per agire ai margini cioè negli exchanges per bloccare prelievi e negoziazioni oltre a censurare gli indirizzi degli hacker che già di per sè comprometterebbero l'idea di fungibilità della valuta.
Il Bitcoin non é più un esperimento. Ethereum ha ancora punti molto delicati e poco esplorati.
Come ci ha spiegato Peter Todd a Milano meglio giocare col fuoco che col mercurio. Ethereum deve attraversare le sue crisi ora che ancora non è tanto diffuso. Un progetto così ambizioso deve essere visto su un orizzonte molto lungo.

To the DAO and the Ethereum community,

I have carefully examined the code of The DAO and decided to participate after finding the feature where splitting is rewarded with additional ether. I have made use of this feature and have rightfully claimed 3,641,694 ether, and would like to thank the DAO for this reward. It is my understanding that the DAO code contains this feature to promote decentralization and encourage the creation of "child DAOs".

I am disappointed by those who are characterizing the use of this intentional feature as "theft". I am making use of this explicitly coded feature as per the smart contract terms and my law firm has advised me that my action is fully compliant with United States criminal and tort law. For reference please review the terms of the DAO:

"The terms of The DAO Creation are set forth in the smart contract code existing on the Ethereum blockchain at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413. Nothing in this explanation of terms or in any other document or communication may modify or add any additional obligations or guarantees beyond those set forth in The DAO’s code. Any and all explanatory terms or descriptions are merely offered for educational purposes and do not supercede or modify the express terms of The DAO’s code set forth on the blockchain; to the extent you believe there to be any conflict or discrepancy between the descriptions offered here and the functionality of The DAO’s code at 0xbb9bc244d798123fde783fcc1c72d3bb8c189413, The DAO’s code controls and sets forth all terms of The DAO Creation."

A soft or hard fork would amount to seizure of my legitimate and rightful ether, claimed legally through the terms of a smart contract. Such fork would permanently and irrevocably ruin all confidence in not only Ethereum but also the in the field of smart contracts and blockchain technology. Many large Ethereum holders will dump their ether, and developers, researchers, and companies will leave Ethereum. Make no mistake: any fork, soft or hard, will further damage Ethereum and destroy its reputation and appeal.

I reserve all rights to take any and all legal action against any accomplices of illegitimate theft, freezing, or seizure of my legitimate ether, and am actively working with my law firm. Those accomplices will be receiving Cease and Desist notices in the mail shortly.

I hope this event becomes an valuable learning experience for the Ethereum community and wish you all the best of luck.

Yours truly,
"The Attacker"

Message Hash (Keccak): 0xaf9e302a664122389d17ee0fa4394d0c24c33236143c1f26faed97ebbd017d0e
Signature: 0x5f91152a2382b4acfdbfe8ad3c6c8cde45f73f6147d39b072c81637fe81006061603908f


2 commenti:

Anonimo ha detto...

ethereum nn ha colpa se non che uno dei fondatori ha a che fare anche con Dao
io spero si riprenda presto (e nn solo xche posseggo degli eth, ma per il concetto stesso di etereum)

Anonimo ha detto...

Forse è stato lui..

Andrea (Torino)