Ethereum’s Frozen Funds, YouTube Kid Trauma, Backstage at Web Summit
I interviewed Joseph Lubin, cofounder of Ethereum, the hottest blockchain network next to Bitcoin, on stage at the Web Summit tech conference in Lisbon, Portugal, this week. While we chatted, the world learned that hundreds of millions of dollars worth of Ether, the very much in vogue cryptocurrency Lubin helped launch in 2015, had effectively been vaporized.
The calamity was supposedly an accident. A self-described novice programmer going by the online alias “devops199” took control of a library of code used by certain digital wallets built by the Parity project, a group of crypto programmers. The code was hosted on the Ethereum blockchain, and it enabled multi-signature protection for cryptocurrency storage, where multiple keys are required to withdraw funds. Once the supposed amateur realized his coup, he executed a “kill” function that deleted the key bit of code—thus freezing accounts indefinitely. He rendered as much as $ 300 million in Ether inaccessible.
The lockdown affected all Parity-based multi-signature wallets created since July 20th. On that day, the Parity team updated its product to recover from another attack that allowed hackers to steal about $ 30 million worth of Ether from a few of these wallets. The developers failed to catch a mistake in the software that enabled anyone to claim ownership of that critical multi-sig code. It’s an ironic twist, given that the code was designed to help decentralize wallet ownership in the first place.
Despite the setback, the incident did not seem to diminish anyone’s enthusiasm for Ethereum at the Summit. I hosted another panel on ICOs, or initial coin offerings, a newfangled way to fund crypto ventures, that was packed to the brim with entrepreneurs interested in selling their own digital tokens. And its not just newcomers interested in the stuff. While prepping for another panel on how blockchains may affect the music industry, a manager for the musician Wyclef Jean probed for more information about the technology backstage.
As exciting a project as Ethereum is—and it is exciting—it is still young and untested. As I wrote in my profile of Ethereum’s boy wonder Vitalik Buterin a year ago: “Given the breaches, it’s fair to wonder: Will Ethereum and other blockchain networks ever be trusted enough to replace our current financial system?” We’re stilling grappling with that question today; Ethereum and its siblings hold much promise but, as Lubin agreed, there will be plenty more bumps and crashes along the way.
Enjoy the weekend.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
CSI iPhone Edition. Police can’t unlock the Texas church shooter’s phone, which sets the stage for a new legal battle over encryption. The tragedy also raised some morbid forensic questions—like when to use the finger of a dead suspect to unlock the phone’s TouchID or, in the case of the iPhone X, whether cops can use the face of a deceased suspect.
The missing factor. Three quarters of the population are neglecting to use multi-factor authentication, a key security feature that defends against account takeovers, according to survey conducted by the cybersecurity “unicorn” startup Duo. In fact, more than half of the survey’s respondents had never even heard of the security measure. Learn how to apply it here.
“F” is for friends. It’s always unsettling when Facebook prompts you to befriend a person you think Facebook has no business associating with you. The social network teases out subtle relationships between people by cross-correlating contact information from people’s inboxes and phones.
Open sesame. Benjamin Delpy’s powerful password-hacking tool Mimikatz has been showing up in Russian spy schemes and globe-circling, business-crippling ransomware attacks, like NotPetya and BadRabbit. Despite its misuse lately, the program was originally created to persuade Microsoft to fix the way Windows machines stored and secured passwords.
Don’t look at me! Russia did it. Ex-Yahoo CEO Marissa Mayer blamed a massive hack that took place during her tenure at the Internet company on Russian agents during a Senate committee hearing. She testified this week alongside former Equifax CEO Richard Smith.
Share today’s Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
—Fortune’s Jen Wieczner explains HPE’s new “blockchain as a service,” which could make it easier for banks, airlines and others to create secure transaction records.
ONE MORE THING
YouTube is systemically traumatizing your children. Artist and writer James Bridle exposed the seedy underbelly of Google’s streaming service in a widely shared essay on the blogging site Medium this week. Bridle dove into how shady content shops use automated bots to churn out hours upon hours of violent, sinister, abusive video content that targets young kids—a problem that YouTube is doing a terrible job of policing. “Disturbing” doesn’t even begin to describe this phenomenon.