Blockchain And Crisis Of Governance: Hackers As An Emergency Service Of The System
10 December 2018 19:15, UTC
A shift from central management and control to decentralized environment
Since a few years, decentralized blockchain initiatives are on the rise. Due to this new technology it is possible to design process and industry models in such a way that traditional trusted third parties can become obsolete. This new technology allows for process design and industrial business models that eliminate (trusted) third parties.
“Smart contracts” make it possible to transfer value without the services of a bank, insurance, public notary, escrow company or letters of credit. Blockchain-based smart contracts are unique in that they can hold and transfer value in a pre-programmed way and can hold on to and update internal information, based on messages received.
The smart contract execution and value storage is performed by the blockchain. It is believed that when deployed a smart contract has a fixed code of operation and this code cannot be altered anymore. This is only partially true. Although the code cannot be altered anymore, there still are possibilities, with proper rights and consensus of all involved parties, to update variables within the smart contract that could represent data elements such as executions dates, payment terms, amounts and even owners of the contract. These characteristics can result in more efficient processes where transfer of value plays an important role, leading to faster and cheaper transfers and more transparency. An escrow account could, in the most extreme form, be already set up for the costs of a few cents.
The disadvantage of these new technologies is that when deployed intervention is only possible in very limited cases if possible at all. This feature may be very inconvenient when a dispute between the involved parties is at hand. Due to transparency, all involved parties are known and such disputes can be resolved using classical judiciary methods. But even worse, if hackers manage to penetrate the code of smart contracts, to perform undesired changes or actions, there is no more third party to intervene and restore the code to the original situation. Elimination of third trusted parties in this case is thus highly inconvenient.
In addition, a hacker can browse the smart contracts of a blockchain and look for similar contracts with a possible flaw in them. When identified, the hacker can change all smart contracts that qualify and thus affecting multiple parties. These parties will not be able to contact a trusted party to take their smart contracts “off line”.
Unexpected crisis governance in a decentralized world
A situation as described above exactly occurred in the “Ethereum” blockchain in July 2017. A certain smart contract, named a multisig wallet, contained a flow in hindsight that could be exploited by a malicious hacker (black hat hacker). At that time and still today, these particular multisig wallets, where multiple parties need to sign off before value is transferred, were/are seen as the safest online. The flaw in this particular smart contract resulted in the fact that someone who wasn’t one of the designated signees could transfer value of of them anyway without the original signees signing off. Due to the above described code search possibilities, all wallets vulnerable to this flaw could be traced in a relatively easy way.
On July 19th 2017 a potential of $ 240 million in cryptocurrencies could have been stolen by the black hat hacker. Due to the lack of a trusted third party for monitoring and possible intervention, there was no way the black hat hacker could be stopped if this hack was undetected by the community. This resulted in the fact that a potential $240 million dollars worth of cryptocurrencies could be stolen out of these smart contract accounts on July 19th 2017. The huge potential problem was that, as there is no third party for monitoring and possible intervention, there was no stopping these black hat hackers if it would have gone undetected.
That night though, something unexpected happened. By sheer coincidence one of the involved designated parties that got hacked by the black hat hacker, had contact to a white hat hackers community. White hat hackers break code without malicious intent just to warn the community of potential security flaws. Using the same browsing the code the white hat hackers transferred as many funds from the affected wallets as was possible. They published a list of hacked accounts allowing anyone that had proof of original ownership of those accounts to recover the saved funds to a secured account. This salvage operation resulted in $210 million saved by the white hackers and only $30 million that got stolen by the black hat hackers.
Despite the lack of a central and independent monitoring party the community managed to intervene and reduce the structural damage to a mere $30 million while securing $210 million. This is a beautiful example of crisis governance taking place in a decentralized and unstructured environment. The contact to the white hackers was of essence to the present solution. Most companies working with blockchain lack such contacts exposing them to possible malicious attacks.
This example leads to 2 urging questions:
1. Would it be possible to create such a (central) warning entity in a decentralized world?
2. Would the white hat hackers be protected by law in such a situation?
Intervention of ethical hackers as governance model?
The previous example shows that white hat hackers without malicious intent can play a crucial role in averting attacks and damage control. The white hat hackers’ intervention, with all good intent, can be viewed by regulators as a criminal act. The salvage of the involved values (cryptocurrencies or tokens) can be seen as a theft, while placing these values on a secured independent account can be viewed as fencing as the white hat hackers did not act on specific order or by power of attorney of the rightful owners.
A possible and logical solution could be (under Dutch Law) to make the white hat hackers “special criminal investigators” or “buitengewoon opsporingsambtenaar” (BOA) in Dutch. A dedicated website needs to be designed where any possible victim can push a “Red Button”. The BOA can then start their investigation and act on behalf of the Police or any other governmental organization in averting a criminal attack. The major issue in such a situation is that the white hat hackers often mistrust any governmental organization and are not prepared to leave their anonymity just to be organized.
Possible solutions
The white hat hackers are free spirits protecting their own identity. They are loose group and often by nature do not wish to be organized. In a crisis situation they need to be validated on the spot and be part of an official organization while adhering to strict procedures and approvals to protect them against any possible prosecution. Such a group needs to undergo a strict screening and approval with due respect to their anonymity. This given antagonism leads to complex situations while we wonder if possible solutions may be devised. A further analysis of possible solutions will follow in the next article.
About the authors:
Esther Vroegh is criminal lawyer highly interested in technological developments and their effect on (corporate) governance and the law. Olivier Rikken is a blockchain & smart contract expert, keynote speaker from Amsterdam and been highly active in training, consulting and implementations in the field of blockchain for several years.