Why Blockchain needs Hackers to be safe? The Ethereum Parity robbery study case
The recent robbery of $31M in the Parity multi-signature wallets on the Ethereum network should definitely need to be studied and fully understood by each Company Headquarter who pretend to be involved in Blockchain technology.
In my opinion, it exhibits something that is probably not totally clear in the Industry (and probably more for Big Companies): in case of trouble, the own disruptive nature of Blockchain requires to be both highly technical and very responsive to take the best decision and solve the problem.
To summarize, Blockchain functional disruption comes from two fundamental features:
- It is distributed
- It cannot be altered retroactively
From the very interesting article just below, this robbery was made possible because of a bug present in the code of the multi-wallet (a smart contract) proposed by the Parity Company. As written in the article : "all programmers, no matter how experienced, have a nonzero likelihood of making a mistake".
So the subject here is not to discuss about the bug itself, but what is the procedure to fix a Blockchain problem when it occurs !
Because the Ethereum Blockchain 1/ is distributed and 2/ cannot be altered retroactively, the only solution for the Company was to steal the money from all the remaining buggy multi-wallets in the same way that the thief itself did (before to refund all the clients of course).
For each Company involved in Blockchain business, this implies to keep in mind those two points at the minimum:
- First, very high skilled Blockchain experts (some "white-hats") cannot be avoided. More, they must be comparable in term of expertise to the potential thieves (the "black-hats").
- Second, fixing issues could require to take decisions which may possibly break initial agreements with clients (because unfortunately unexpected bug cannot be forecasted...)