With the fast rise of Ethereum and its cryptocurrency Ether’s value there have been a rash of large hacks and thefts associated with exchanges and storages of the cryptocurrency. Bitcoin as a tradable asset has been no stranger to theft since its inception, counting high profile losses such as Mt. Gox, however Ether’s relatively new exposure to exchanges and burgeoning technology to inexperienced customers and users seems to have left it with some relative vulnerabilities as far as security goes. One of the latest thefts of ETH has been reported on the reddit forums where 7218 ETH (roughly 160BTC) went missing when a user tried to buy DAO tokens using the Ethereum Mist wallet.
The technology surrounding the crowdsale of Slock.it’s DAO tokens as well as Digix’s gold-backed DGD tokens and Augur’s REP tokens has created demand for the ability to trade these assets after the crowdsale is complete. This has been a market opportunity that the likes of Gatecoin have gone after in creating an exchange offering for customers to be able to buy, sell and trade tokens along with other cryptocurrencies and fiat.
Some people believe that it’s highly unwise to store large amounts of cryptocurrency on exchanges due to their being prime targets for hackers. Those views would certainly be validated by Gatecoin’s recent hack.
However, using the core technology of the Ethereum Mist wallet should seem like a secure technological bet if done correctly and with due technical precautions. However, with Ethereum being such a young technology along with many other aspects of the cryptocurrency world, there’s not a ton of user friendly material out there on how to transact using the software confidently from a layperson’s perspective.
In the case of the noted theft above, the user was attempting to buy into the DAO token crowdsale using their Ethereum Mist wallet. While some information has been collected regarding the theft and the IP addresses used to take the ETH, doing research about what happened after the funds are already gone may prove to be fruitless. What can come of benefit from this highly unfortunately situation is possibly collective learnings for the DAO and other crowdsales like it to educate participants on how to safely buy and trade tokens.
Back in early April before the DAO crowdsale began, Slock.it published a blog post encouraging people to become “DAO ninjas” and become familiar with the process of using the Ethereum Mist wallet. It’s clear Slock.it wanted to make sure that people are perfectly comfortable sending and reciving ETH and interacting with a token as well as backing up their private keys for security’s sake.
There’s also a good amount of resources on social media and technical forums about fine details on keeping funds in an Ethereum Mist wallet safe. Many posts around this theft have to do with the person who lost their funds doing the wrong thing when handling their technical settings on their wallet. However, anyone who’s downloaded the Ethereum Mist wallet will know that while it’s a decent GUI interface, it’s certainly not 100% intuitive through and through and that inherent safety and security should not be trusting with it or any single internet connected cryptocurrency wallet.
Regardless if there’s a security bug with the Ethereum Mist wallet or there’s some lack of education around how to operate the wallet from a layperson’s perspective, something must be done to prevent continued cases like this. Of course, Ethereum has only just moved from its Frontier release to Homestead and is working on a more stable platform, however, there needs to be more clear resources for people who wish to participate from a non-engineering level in DAO’s and cryptocurrency trading so that they’re not made victims to what seem like silly mistakes or misunderstandings after the fact.
It’s the responsibility of not only the Ethereum developers to facilitate this education, but also the community of users who wish to see the ecosystem grow as well. Bitcoin made it through these sorts of events in its early days, and so will Ethereum.
Edit: It seems that the user who lost 7218 Ether modified his default client, resulting in his loss off coins. More can be read here.