Posted on

The 'Dark DAO' Threat: Vote Vulnerability Could Undermine Crypto Elections

Malicious cartels just might be lurking on your blockchain.

At least, that’s the latest finding from Cornell University researchers Philip Daian, Tyler Kell, Ian Miers and Ari Juels, who reached the conclusion in a paper published last week on a vote manipulation scheme it termed a dark decentralized autonomous organization, or “dark DAO.”

Describing the dark DAO as an entity set up using smart contracts, it would be undetectable, buying users votes in order to overwhelm governance systems, issue false signals or engage in market manipulation. According to the paper, such an attack would have far reaching-consequences in that it’s applicable to any project that uses a form of governance in which those who own the coins would have a say in decisions.

Adding weight to the finding, is that this distinction applies to an increasingly large amount of cryptocurrencies, including those with valuations in the billions.

Projects like EOS, Tezos, Tron, Decred and Polkadot, for instance, have all deployed various forms of blockchain voting in an effort to formalize decision-making on their software.

Several of these systems rely on a technology called delegated proof-of-stake, which requires a certain number of nodes to be chosen to validate transactions on the network. As such, token holders are allowed to stake their coins – basically posting them to the blockchain to prove they control them – in an effort to make their votes go further.

Others seek to overcome the governance hurdles faced by major blockchains by allowing stakeholders to vote on technical changes – or what Tezos calls a “self-amending crypto ledger.”

And while some of these projects have already hit roadblocks in their experimentation, according to the Cornell researchers, a dark DAO could cause havoc in a way that surpasses what’s happened in the past.

“The whole decentralization enterprise is founded on democratic ideals, so voting seems a natural governance mechanism,” Juels told CoinDesk. “Unfortunately, it’s hard to get right and until a catastrophe occurs, people tend to assume that theoretical problems won’t materialize.”

The co-author pointed to The DAO hack in 2016, where a malicious user drained 3.6 million ether from the first DAO built on ethereum, adding:

“In a post-2016 world, the fact that election systems can and will be subverted should be crystal clear.”

Past precedent

According to the researchers, this particular dilemma is another case where entrepreneurs in the blockchains space seem to be turning a blind eye to past analysis.

Ethereum founder Vitalik Buterin and ethereum researcher Vlad Zamfir, for example, have criticized on-chain voting mechanisms as “plutocracies,” whereby the wealthy – those that own more coins – rule.

The paper states:

“The blockchain space today, with predictable results, continues its tradition of ignoring decades of study and instead opts to implement the most naive possible form of voting.”

According to the paper, a dark DAO works by essentially dominating voter participation, which is especially disconcerting since many of these votes have suffered from low turnout.

One of the “attack flavors” the paper describes is that of the impact of “trusted hardware.” Because such hardware allows computation to occur in an “enclave” or private setting during which time it’s still submitting proofs, the authors argue this would allow nefarious actors to participate in the attacks without their identity being revealed.

This also means that the manipulated votes couldn’t be detected either.

“Potentially nobody, not even the DAO’s creator, can determine the DAO’s number of participants, the total amount of money pledged to the attack or the precise logic of the attack,” the paper states.

Such a cartel could overwhelm a cryptocurrency, “covertly collecting coins until it reaches some hidden threshold, and then telling its members to short the currency,” it continues.

More attacks

But that’s not to say that systems different than those employed by on-chain governance blockchains are particularly safe either.

For instance, the researchers also detail a bribery attack that could be committed against ethereum’s signaling tool, called Carbon Vote. (A proof of concept for the attack was published to correspond to the release of the paper.)

In this example, a smart contract simply offers to buy votes and can do this in a private or a public way.

The blog post warns that as blockchains begin communicating with each other – also known as interoperability – such incentive-based attacks between competing blockchains are likely to become more frequent.

“In a world with only one smart contract system, ethereum, internal incentives may lead to stable equilibria,” the paper states, adding:

“With two players, and the underdog incentivized to launch a bribery attack to destroy their competitors, such equilibria can be disrupted, changed and destroyed.”

While Jake Yocom-Piatt from Decred acknowledges that these kinds of attacks stand to be highly problematic in the future, the issue is one for both systems that deploy both on-chain and off-chain voting mechanisms.

He told CoinDesk: “It is difficult to defend against vote buying, and it is currently an open research topic how to best defend against it.”

Mitigating the threat

Speaking to CoinDesk, representatives from several on-chain governance projects – Decred, Polkadot and Tezos – said a crucial defense strategy is to raise the cost of attack.

Arthur Breitman, co-founder of the Tezos project, said, “At the end of the day, the only viable protection mechanism is ensuring that decisions involve sufficient skin in the game to ensure accountability to the network.”

Breitman also said that research into futarchy, in which decisions are made by future markets, could help on-chain governance going forward.

But according to the paper, the only defense against such attacks is more trusted hardware, “to know a user has access to their own key material (and therefore cannot be coerced or bribed), some assurance is required that the user has seen their key.”

Still, Juels noted that the reliance on trusted hardware will seem “anathema to a lot of the cryptocurrency community.” As such, he suggested the possibility of “social mitigations” or “community-implemented deterrence to election subversion.”

However, he and Daian warned of the complexity here.

“The mitigations for such threats are primarily social, in many cases imperfect, and in many cases likely complex enough to introduce additional vulnerabilities or attacks,” Daian told CoinDesk.

According to Daian, oversights of this type are common within the industry:

“In general, the blockchain space is extremely myopic: many of the ideas currently being put forward are not sustainable long-term, and only work because the systems being secured are either small or uninteresting to sufficiently motivated adversaries.”

Yet, the Cornell researchers plan to publish another article soon to discuss other available schemes that could eliminate, or at least diminish, the chance of these attacks being perpetrated.

Daian said, “I would strongly caution against direct reliance on any voting scheme vulnerable to vote buying or coercion in decision making.”

Not scared of the dark

Still, while ominous, other researchers don’t seem particularly fazed by the paper.

Griff Green from Giveth, an ethereum-based charity organization, said that little experimentation has gone into smart contract-based autonomous organizations since The DAO hack in 2016. As such, the likelihood that a group has created a dark DAO is slim, according to him.

“DAOs are built to decentralize decision making across stakeholders over shared resources. If that shared resource is ‘circumventing an on-chain election’ then sure, of course, it might be done one day, but we don’t even really have DAOs out in the wild yet,” he told CoinDesk.

“There is no foundation to really draw any conclusions on how DAOs can be used to circumvent other DAOs in their own elections,” he continued, dismissing the paper as “mental masturbation.”

Luke Duncan from Aragon, an ethereum application for building DAOs, seemed similarly calm.

While he admits the connotation around dark DAOs is negative, the industry is interested in protecting the privacy of organizations or individuals using the technology, so looked at in a different way, the research could point to positives.

He added:

“With any of these powerful technologies there’s how it can be used for useful applications and censorship resistance and then how people can use the same techniques to do more nefarious things.”

Dark water image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

EOS CTO Proposes Rehauling Constitution as Disputes Over Governance Continue

Chief Technical Officer (CTO) of blockchain protocol EOS Dan Larimer has proposed rehauling the project’s existing constitution to limit so-called arbitrators’ powers, in an EOSGov Telegram chat today, June 27.

Larimer’s proposal comes in response to recent controversies surrounding the structure of governance on the EOS blockchain, in which three distinct groups work to ‘keep one another in check,’ as defined by the project’s current constitution.

These three groups in the EOS ecosystem are the so-called Block Producers (BPs) – the equivalent of miners on the Bitcoin (BTC) blockchain – the arbitrators (EOS Core Arbitration Forum (ECAF)) and Token-Holders.

The ECAF in particular has drawn criticism over the reportedly opaque nature of its role and powers, thrown into relief by a series of mishaps that have occurred since the EOS mainnet first went live June 15.

In the recent Telegram discussion, Larimer argued that “forcing people into an unknown arbitration system for undefined reasons is a fast way to cause people to run.

He proposed that arbitrators’ role should be limited to cases where there is a “strong foundation with very clear and defined failure points that can be arbitrated” – in his opinion, only where there is a “code – intent mismatch.”

June’s arbitration mishaps have caused an outcry from prominent crypto industry members, including Charlie Shrem and Nick Szabo.

One recent incident saw the Block Producers reportedly receive an emergency ECAF order to refuse to process transactions for 27 accounts – “pending further review of the claims by an Arbitrator,” with the “logic and reasoning” for the order to be posted at a later date.

On June 24, EOS BP New York said it could not “with confidence execute any subsequent statements claiming to be a valid ECAF opinion,” after a further – apparently fake – ECAF order had been issued.

As Dogecoin creator, Jackson Palmer, remarked on Twitter yesterday, Larimer is effectively today suggesting to “scrap[…] the entire [EOS] ‘constitution’ and start[…] over.”

Crypto persona WhalePanda said the proposal was basically “a similar governance model like $ETH where the foundation bails out big losses/hacks/DAO-ish events… but more centralized.”

Since going live this month, the EOS network has faced technical issues, on top of the furore over arbitration matters.

EOS is currently the fifth largest cryptocurrency on CoinMarketCap, with a market cap of $7.2 bln. The coin has seen an over 4 percent growth over the past 24 hours to press time, trading at $8.07.

Posted on

Vitalik Buterin Talks About DAO Like Forks, Sharding and More

Vitalik Buterin, one of the most important figures in the cryptocurrency world, and Ethereum’s founder, talked about scalability, forks and more. During a meeting at the Wang Feng’s Ten Questions show he said that Hybrid Casper may still launch before sharding.

The main intention was to create Casper as a smart contract on Ethereum, to make the design as easy to build as possible. And at the same time, the team was going to keep working on sharding.

Buterin commented about it:

“The new roadmap is still ‘Casper then sharding,’ but the first version of Casper is modified so that it is ‘along the way’ to a full Casper and sharding implementation.”

At the moment, there is no estimative date for when casper or sharding might be launched.

Vitalik Buterin

Fred Wang decided to ask about what a BTC core developer said about migrating their code to platforms like Buterin explained that, for him, it is very unhealthy when companies see their business model as being VC followed.

“At this point, I think it is very possible that Ethereum will never see any more coin recoveries, because there are enough cases that are politically contentious that any attempt to set a bar will lead to people just below the bar complaining that they were not included,” commented Buterin.

Back in November 2017, Ethereum’s second most popular client, Parity, has been hacked and 500,000 ETH have been blocked. At the time of the hack, these ETH were worth $150 million dollars.

In order to unlock the frozen funds, Parity explained that they backed the idea to make a hard fork if the community decided to support it. But even at this moment, Vitalik Buterin did not like the idea. Instead, Buterin stated that the best solution was to allow private key holders to withdraw their Ether.

But then, he explained that there is a possibility to see a ‘cleanup’ of the chain to restore some funds.

“Though it is also possible that when we move to sharding, there will be some kind of one-time ‘cleanup’ of the public chain that will restore funds to as many people as possible. That said, I do think tit is my place to make that decision or even heavily influence it,” he commented.

Moreover, he gave his opinion about the future of the cryptocurrency space. He said that he would like to see a stabilized industry and more projects working in order to have better products.

Buterin stated:

“I expect that over the next few years the industry will stabilize, and we will see fewer tokens issued and more projects that pay more attention to providing value, and there will be more correlation between fundamental value and price.”

At the moment of writing this article, Ethereum (ETH) is the second most important cryptocurrency in the market, being traded around $450 dollars at press time. In general the virtual currency market is operating in a downtrend and most of the assets are losing between 3% and 10%.


Posted on

Ethereum Classic Upgrades Network Protocol to Ensure Mining Remains Viable

Ethereum Classic (ETC) has now successfully implemented a protocol upgrade that will ensure that mining remains viable in future, according to ETC Block Explorer data yesterday, May 29.

The fork, dubbed ECIP-1041, has removed the so-called “Difficulty Bomb” feature from the ETC network at block 5,900,000. The ‘bomb’ was a component of the original Ethereum (ETH) code that was designed to exponentially increase the difficulty of mining to the point where it would become impractically slow, thereby triggering the need to transition to a Proof-of-Stake (PoS) consensus algorithm. This feature has commonly been referred to as the ‘Ethereum Ice Age,’ because it would essentially ‘freeze’ block validations.  

Ethereum Classic formed after Ethereum hard-forked from the original blockchain in 2016 over disagreements in how to handle the DAO hack.

The ECIP-1041 protocol upgrade will not result in an AirDrop, nor in the creation of a new token.

For its part, in October 2017 Ethereum acted to postpone the difficulty bomb by over a year, as the Foundation continues to lay the groundwork for the transition to its hybrid PoS system, Casper.

Once Ethereum moves to PoS, ETC’s network – which reportedly has no plans to transition to PoS – could potentially hope to inherit a significant part of the mining hashpower dedicated to ETH in its current form.

The PoS-PoW debate continues to divide the crypto community. Just this week, a Brazilian researcher calculated that it could take just $55 mln to hack Ethereum Classic’s network to make $1 bln profit, arguing that the network’s PoW algorithm was more vulnerable to a 51% attack than previously assumed.

Posted on

PBoC Director Bullish On Blockchain, But Sees Potential In More Centralization

The director of the Institute of Digital Currency at the People’s Bank of China (PBoC), Yao Qian, believes that while Blockchain has benefits, its shortcomings need to be resolved in order for it to “become the financial infrastructure of the future,” according to an opinion piece by Qian published by state-owned media outlet Yicai today, April 27.

After listing the benefits of Blockchain technology – its security, reliability, use of smart contracts and a peer-to-peer system – Qian notes that “it is precisely because the blockchain technology mainly served Bitcoin in the early stage [why] in some aspects it has obvious shortcomings and deficiencies.” The main problems, according to Qian, are an inability to scale and needs for improvement of data privacy and the governance mechanism.

In the opinion piece, Qian writes that since the “public chain cannot be ‘shut down,’ it’s error repair is also extremely tricky”:

“Once a problem occurs, especially a security hole, it will be very deadly.”

If one relaxed the decentralization of Blockchain, “many problems could be solved,” Qian notes:

“For example, in a multi-center system such as a coalition chain, upgrading the bottom of the blockchain by shutting down the system, or emergency intervention, rolling back data, etc., are available means when necessary. These methods help to control risks and correct mistakes. For regular code upgrades, controllable intelligent contract replacement is achieved by separating code and data, and combining multi-layer smart contract structures.”

Qian references the DAO hack of 2016, when around $60 mln in Ethereum (ETH) was stolen, as highlighting how when problems arise, they “cannot be repaired by shutting down the system and centralizing upgrades as a centralized system does.” The lack of centralized governance mechanisms also means that “problems can only be resolved through soft forks or hard forks, which will eventually lead to confusion and division.”

In the future, Qian sees “various blockchain systems hav[ing] different levels of decentralization to meet the specific needs of different scenarios.”

Solutions to the problems that Qian has identified in the current state of Blockchain technology are a potential addition of the verification methods used by military control systems or chip design, as well as “avoid[ing] human errors as much as possible through mathematical proof.”

Qian concludes by writing that “the blockchain belongs to the public and serves the public interest”:

“The blockchain should not be owned by anyone, let alone a small fraction of the super-rich. Therefore, some people are opposed to the governance of the chain.

Overall, the governance mechanism on the chain is still in the process of controversy and exploration. There is not yet a unified opinion and we need further attention and research.”

Cointelegraph recently reported that the election of a pro-market economist to head the PBoC could have a positive impact on the Chinese cryptocurrency sector. Qian also notes that Chinese president Xi Jinping recently spoke of the need for China to focus on tech development:

“We must resolve to maintain our perseverance, identify the focus, and accelerate the promotion of core technologies in the field of information.”

In early March, the now-former head of the PBoC said that Blockchain technology should not “spread too rapidly” in order to prevent a negative effect on financial stability. The new governor, Yi Gang, who was appointed in mid-March, is reported to have spoken positively of Bitcoin, calling it “inspiring” and stating that it gives “ordinary people [the] freedom to participate.”

The debate over whether Blockchain and Bitcoin as entities must always go together was raised earlier this month by the CEO of Lightning Labs, who challenged the “Blockchain over Bitcoin” narrative. The separation of the two concepts has been practiced by central banks like the Reserve Bank of India, which promotes Blockchain innovation while saying that cryptocurrencies can destabilize the traditional financial system.

Posted on

Ethereum Proposal To “Resurrect” Disabled $360 Mln Parity Contract Shut Down

A week-long vote on a proposal in regards to the Parity hack wallet reversal, which proposed to restore a disabled contract to unfreeze 587 wallets holding 513,774.16 Ethereum (ETH), has ended with a majority “no” vote today, April 24.

In November of last year, a Parity user “accidentally killed” the Parity multisig library by activating a vulnerability to become the owner of the library, and then self-destructing it. Prior to that, the library had been “fixed and re-deployed” with the vulnerability after Parity was hacked of around 150,000 ETH in July 2017.

In response to the accidental freezure of the ETH funds, Parity wrote in a blog post that they are working on Ethereum Improvement Proposals (EIP) that could propose ways to unblock the funds.

EIP-999 presented on April 4 and written in regards to the frozen ETH “suggests restoring the WalletLibrary by a patched version to allow the owners of the dependent multi-signature wallets regain access to their assets.” EIP-999 received 330 “no” votes, 300 “yes” votes, and 9 “don’t care.”

Voting was a “coin vote,” which in this case allowed those with the dead, affected wallets to be able to vote with the ETH in those wallets just by signing the message, according to a Reddit post by user x_ETHeREAL_x. Before the vote was over, x_ETHeREAL_x posted that “the reason “yes” is winning has nothing to do with community sentiment”

“It is Parity, the original ethereum foundation members now part of parity, and even their own self-destructed wallet voting. Do not be fooled — this has nothing to do with “community” sentiment!”

The debate over whether to return lost or stolen funds to users versus maintaining the immutability of the Blockchain has been around since the DAO hack of around $60 mln in June of 2016.

The subsequent fork to restore users’ money led to a split off of Ethereum Classic – which kept the money with the hackers – by crypto enthusiasts that believed a return of the funds via a fork shouldn’t be used in any case.

Posted on

Legitimising the ICO Token: Finding Utility Over Security

Startup fundraising, in the traditional VC methodology, was flipped on its head in 2017 when a boom in ICO creation saw hundreds of companies forming on the Blockchain with its attached digital currency being born in the form of an investable token. However, this crowdfunding platform which exploded at a rapid rate has finally been hauled in by regulators and authorities who have noticed a few worrying trends. Bodies like the SEC have had a closer look at the tokens coming out of ICOs and in most cases declared them securities.

Suddenly, what is essentially an attempt to fundraise is subject to federal laws and the company, which is supposedly trying to create something innovative with the help of Blockchain technology, is expanding vast amounts of energy just trying to be by the books. But, there is a way around this. Not all tokens being developed off the Blockchain need to be of a nature that leads them to being classed as securities. There are a few other types of tokens that can be built off the Blockchain, including utility tokens.

While there are more than just two types of tokens, including equity, work, share-like and asset-backed, it is important to hone in on two types that can be used to define a new token coming through an ICO- the utility and the security token. In understanding the difference between the two, ICOs can choose a direction that can work better for them on a path of least regulation.

Securities Token

Towards the end of July last year, the SEC, on catching up to the ICO craze, dealt a telling blow to ICO regulation going forward. Looking back at the DAO tokens from 2016, the SEC declared that ICO tokens may be securities and subject to federal securities laws.

It was never intended for ICO tokens to be securities, but SEC chairman Jay Clayton noted that every ICO token the SEC has seen so far is considered a security and explained that if a crypto-asset issued by a company increases in value over time depending on the performance of the company, it is considered a security. “You can call it a coin, but if it functions like a security, it’s a security.” He added:

“Prospective purchasers are being sold on the potential for tokens to increase in value,  with the ability to lock in those increases by reselling the tokens on a secondary market  or to otherwise profit from the tokens based on the efforts of others. These are key hallmarks of a security and a securities offering.”

So, by definition, a security token can be found by employing the Howey Test. This test seeks to find if a token has the following attributes- does it offer an opportunity to contribute money and to share in the profits of an enterprise managed and partly owned by respondents? And, secondly, does the scheme involve an investment of money in a common enterprise with profits to come solely from the efforts of others?

Clearly, the most common tokens seen coming out of the majority of ICOs fall into this categorization and thus come under federal law.

Utility Tokens

On the flip side, there is another style of token that can serve a role in many cases where security tokens are being sought at the peril of the company insighting the ire of securities regulators. A utility token can be defined “to represent future access to a company’s product or service. The defining characteristic of utility tokens is that they are not designed as investments; if properly structured, this feature exempts utility tokens them from federal laws governing securities.”

There are already some highly successful utility tokens, as Vinny Lingham explains the use of utility tokens for Civic, his identity verification coin. “Civic has created one bln utility tokens that provide access to identity verification-related services in a decentralized, token-based ecosystem,” Ligham wrote on his blog. These tokens represent a unit of account for the network. The bigger the network grows, the more utility in the token,  and because the number of tokens is fixed. As the size of the network and transaction volumes within it grows, this will create demand for the tokens.”

As if to highlight the underutilization of utility tokens, it was reported that of 226 ICOs, only 20 are used in the running of their networks, that is to say, they are utility tokens, according to Token Report.  Storj is another example of a company that utilizes utility tokens, as their co-founder and chief strategy officer Shawn Wilkinson explains: “The Storj tokens we released allow people to use space on the network. We raised half a million dollars through the token crowdsale, and in 2015.” He adds:

“For many companies, utility appears to be an afterthought, but for a token to be successfully adopted into the community, it is the most critical component. With the amount of tokens on the market today, and new ones being launched every day, it’s clear there is a bubble, though the size of it might be debatable. When the market slows, the tokens that have no utility will ultimately not have any value at all.”

Utility tokens can be further explained as coupons for the company and the service it is developing. A real-world example is something like retailers accepting pre-orders of video games that have not been released. It is a token that differs from the usual ICO token that many are used to, and while it is not a perfect fit for every company, there already have been instances where utility tokens have filled a role in place of security tokens letting the Blockchain solution focus on its primary goal. This was seen with Filecoin which raised $52 mln.

Choosing utility over security

Of course, as easy as it sounds, choosing a utility token over a ‘normal’ security token to avoid the SEC, there is more to it than that. Some companies will rely on the securities nature of their token, but the standing on it is, there are a lot of companies that won’t.

There are an array of different types of utility tokens, each with different characteristics that could encompass an ICOs’ needs. If the company cannot find a place in any of the below categorizations, then they have a case for building a securities token. However, if the token can fall into them, then really, there is no need to create a new native token which could lead them through a regulatory minefield. It is first important to divide tokens into fungible or non-fungible.

Utility fungible and non-fungible tokens

These types of tokens are ones which are simply interchangeable for one another. The fungible nature of it means that the asset, good or token is interchangeable with one of equal value, and it does not matter about its individuality. Gold is often cited as a fungible asset as an ounce of gold, regardless if it is in coins, ingots or dust, is still worth the same thing.

Thus, in terms of a fungible utility token, where they are interchanged for one another, we can see more categorization. For instance, on the Blockchain, there is the possibility for the System Incentive Token, which essentially are used to get people on the network to perform a desired behavior. A company that bases its ICO around this operation does not need a native app and can operate with a host of other tokens.

The same goes for a voter token which is another situation where Blockchain and tokens come into play, but again, there is no need for a native securities style token for this. These governance tokens enable those on the network to vote, and clearly, a utility token is sufficient for this. In a similar vein, membership tokens are also classic examples of utility fungible tokens as again, the token is just being used to access the platform, and utilize the services.

On the other side of assets, a non-fungible item is one that is unique, such as land, or in the Blockchain space- CryptoKitties.Utility Non-Fungible Tokens are thus mostly used to determine ownership of a specific token or digital asset. So, with a number of ICOs, on face value, clearly fitting into the above-mentioned categories, one has to ask why they decided on a native securities-style token which will lead to regulatory pressures?

Beyond the definition

The definitions of security token and utility token, and even the other ones which are a little more niche are still definitions from a pre-Blockchain era.

Dejun Qian, founder of Fusion and the creator of QTUM, which currently sits in the top 20 on Coinmarketcap, explains that tokens are still a very new and unique Idea, and while people try and pigeonhole them, they should really be defined individually.

“The reason people try to figure out if token is a security or a utility is because people are thinking which laws the token needs to be compliant with. When people say that the token is a utility, it means that the token is designed and embedded in the Blockchain infrastructure. Naturally, it can then serve as a very important part in the Blockchain. It is very creative and can then also provide a lot if different opportunities for the Blockchain.”

But in Qian opinion, we should transcend the bold security vs. utility perspective: “On the other side, there is the token which is regarded as a security. We have current laws covering the securities industry, and there are a lot of things we need to comply with, so people think about it in a similar way. I think we need to put more effort on the utility side, and even something else far beyond only security vs. utility. Because from my perspective, tokens are neither security or utility, it is a new thing and we cannot put a new thing in an existing framework, to determine what it is.”

Posted on

Contentious Ethereum Fund Recovery Proposal Continues To Spark Debate

The Ethereum Improvement Proposal (EIP) that led to the resignation of an EIP editor over his personal legal concerns has been closed, but an identical proposal has been reopened on Github to relatively negative fanfare.

The original EIP proposal #867 was introduced by Musiconomi developer Dan Phifer as an option for how to more easily modify the Ethereum (ETH) Blockchain to redistribute address balances in the circumstance of lost funds.

EIP editor Yoichi Hirai had criticized the draft for what he saw as its violation of a Japanese law about the creation of electromagnetic records, as well as it being “at odds with Ethereum philosophy.”

When the original proposal was closed, the Ethereum Reddit community responded positively in a thread that congratulated the community, one user calling it a “big win for the Ethereum community and network.”

Comments on Github on the opened version of proposal #867 showed the polarity of users’ views on standardizing lost fund recovery.

User oxidizer called the proposal a “Trojan horse for Ethereum,” writing that “adding a recovery mechanism, no matter the amount of refinement and “safeguards” put in place, weakens the protocol.”

User Aribo went into more detail about the functions of the Ethereum philosophy, stating that fund recovery is not the responsibility of the system’s developers:

“Instilling the recovery of funds as a necessary function of the system is IMO misunderstanding the function of the system. Ethereum is not a bank or a private company that has profits/losses and investments. If someone loses money in the economic system created within Ethereum is at its own peril, and it never should be the function and responsibility of the system, and thus its developers, to allow the recovery of these funds and, even less, build the rules/standards for this to happen.”

Implementing a standardized method for returning lost or stolen crypto has long been a contentious point of debate in the crypto community, for some view any such action as going against the values of Blockchain’s supposedly inherently immutable nature.

The Ethereum community has already been divided once over such a dispute, when a hard fork was implemented in the aftermath of the DAO hack, leading to the split between Ethereum (ETH) and Ethereum Classic (ETC) — with ETC maintaining the Blockchain with the stolen money still with the hackers.

Posted on

Ethereum Code Editor Resigns Over Legal Concerns For Ledger Amendment Proposal

Ethereum code editor Yoichi Hirai has resigned from his position following personal concerns that an Ethereum Improvement Proposal (EIP) over a standardized format for lost fund recovery would potentially violate Japanese law.

Hirai both tweeted his resignation as well as posted a more dramatic explanation of his reasons for resigning on Github:

“My blood pressure is higher since I found this draft. I don’t sleep well. My family accuses me of mental absence. I believe these are signs that my abilities are not ready for the task of the EIP editorship. I resign from the post of an EIP editor.”

Musiconomi developer Dan Phifer and two developers from startup TapTrust introduced said proposal, which seeks to create a solution method for a simpler way to amend the Ethereum blockchain that would allow to redistribute address balances in the case of lost funds.

A hack last June on the Parity Ethereum client caused Musiconomi to lose their ether raised by crowdfunding when Parity froze their multi-sig wallet. Phifer’s proposal would allow such lost funds on the Ethereum platform to be returned in the case of a similar future hack.

Hirai’s reportedly main problem with the proposal is what he sees as its conflict with a Japanese penal code on the “Unauthorized Creation of Electromagnetic Records.” He writes on Github that he doesn’t think that “anybody has the authority to make an irregular state change”, because he doesn’t believe that Ethereum users know about or authorize the EIP process, and thus doesn’t want the non-democratically chosen EIP leaders to make these kind of rules for Ethereum users.

Hirai adds that he thinks the proposal is “at odds with the Ethereum philosophy”, because Ethereum was made to avoid “single points of failure and the need of trust”. In a later comment, Hirai amended that he could ignore his understanding of the Ethereum philosophy, but that he can’t ignore violations of the penal code.

Software engineer Afri Schoedon, who also works in community management at Ethereum and technical communication at Parity, has come out strongly in favor of Phifer’s proposal. In response to Hirai’s negative comments about the proposal on Github, Schoedon tweeted asking Hirai to step down as an EIP editor:

Hirai responded directly to the call for resignation, tweeting that stepping down would signal that he allows other people to ignore the penal code and thus break the law. However, Hirai did resign about 10 hours after that tweet.

Hirai’s resignation over this proposal, even though he cites his personal legal responsibility as his impetus, brings up the question of whether Blockchain should be modifiable in the case of hacks or errors that lead to a loss of user funds.

The recent hack of Nano from the BitGrail exchange caused a furor in the crypto world when it came out that Bitgrail’s owner had allegedly asked for the altcoin’s ledger to be altered to cover the losses.

The largest example of conflict over the nature of Blockchain’s ability to be edited was the aftermath of the DAO hack, when stolen funds were moved back to their rightful accounts through a hard fork that led to the split between Ethereum (ETH) and Ethereum Classic (ETC). Ethereum Classic is the original Blockchain where the stolen money remained with the hackers.

Vitalik Buterin, co-founder of Ethereum, had tweeted on Feb. 14 in response to a @whalepool tweet criticizing him for his decision to hard fork Ethereum, “doing rescue forks in exceptional circumstances can be a great choice for nascent early-stage blockchains.”

In response to Buterin’s tweet, Greg Maxwell, former Bitcoin developer, posted on Reddit that Ethereum’s operators are missing the main point of the hard fork debate:

“The point they’re missing? No one should have that power. If there is even a choice to make the system has already failed.”

Posted on

What is a DAICO, Explained

What is a DAICO?

It’s an improvement on the ICO fundraising model that incorporates certain aspects of DAO’s.


The idea was suggested by Vitalik Buterin in January 2018 and is aimed at making ICO’s more secure by involving investors in the initial project development process.

It will further enable token holders to vote for the refund of the contributed funds if they are not happy with the progress being made by developers.

For projects that implement the DAICO concept, it will force a level of accountability on developers and give token holders additional peace of mind that they are guaranteed to either see at least a minimum viable product or get their money back.

How does a DAICO work?

It starts off as a Smart Contract in contribution mode.


The DAICO contract will have a mechanism where contributors can send funds to the project in exchange for network specific tokens. When the crowdsale period ends, the contract will prohibit anyone from contributing any further, i.e., normal token sale.

There is one variable that comes into effect after the contribution period has ended called the tap variable. This tap in the contract can be programmed to predetermine the amount (per second) that developers can withdraw from the token sale funds.

Initially, the limit will be set to zero, but contributors can then vote on a resolution to increase the tap.

Tap Mechanism

What elements from a DAO are incorporated?

There are three main elements taken from DAO’s.


First, at no point is complete trust placed entirely on a centralized team. Decisions on funds from the get-go are decided by a democratic voting system.

Second, funding is not released in a lump sum, but a mechanism is implemented to spread it over time.

And finally, there is an opportunity to refund the contributed money. This decision is based on the ‘wisdom of the crowds,’ i.e., the contributors can vote for a refund of the remaining finances, if the team fails to implement the project.

How is it different from an ICO?

The main difference is access to funds.


With an ICO, once the token sale finishes, developers have complete access to all the contributed funds. Developers have to calculate in advance how much is necessary to produce a minimum viable product and once they reach this amount, called ‘the soft cap’, they can start to work on the product and spend the money on whatever they deem necessary. If they don’t reach this initial soft cap, they have to refund the money. But if they do, there’s no further real obligation.

With a DAICO, contributors can vote on resolutions (during the development phase) to either increase the tap or to return the remaining contributed funds (self-destructing the contract).

What are the benefits compared to ICO’s?

It puts more control in the hands of investors.

Contributors have much more to say and influence in the development stage of the project. If they are not happy with how the project is progressing, they can set the contract to withdraw and get a refund.

This completely mitigates the risk of scam ICOs where developers hold a token sale and then run away with the money as soon as the ICO is finished, without producing any product.

As the amount of funds that gets released from the Smart Contract is limited and strictly controlled, it will reduce the occurrence of 51% attacks. Even if a 51% attack does happen, where an attacker wants to send funds to a chosen third-party, the consequences will be contained to the amount that was authorized to be released by the contributors (or the developing team) at any one point (the tap).

With an ICO, once the team raises tens of millions of dollars, it suffers deterioration in its motivation to implement the project; or, at least, the activity decreases significantly. With DAICO model the team’s  motivation to bring the idea to life, i.e. to deliver the product, is sustained over a lifetime period.

What are some of the potential challenges with DAICO’s?

As with any new concept, there will be some challenges that need ironing out.

If developers hold a large chunk of the distributed tokens, they potentially only have to influence a small percentage of contributors to sway their vote and get more funds released from the Smart Contract.

Contributors’ education is also crucial. They need to understand why the price of a specific token is rising or falling to make the right decision when voting on increasing the tap amount, or returning the funds. The best decision is one based on the facts relating to the project itself, not on emotions connected to the price of a particular token.

Finally, contributors can also completely disengage by putting all their trust in the DAICO concept itself and therefore feel it’s not necessary for them to actually partake in votes and resolutions, reducing the majority threshold and weakening the security of the mechanism.


What are some of the main characteristics of a DAICO?

It’s hard to say as the concept has never been implemented yet.

However, to answer the question, it is helpful to look at a project that plans to conduct the world’s first DAICO.

The Abyss, for instance, a next generation digital distribution platform based on a crypto reward ecosystem, plans to do this with the following DAICO features:

  • A resolution to vote on tap increases can only be initiated by project developers.
  • There’s a percentage limit by which the tap can be increased at a time (to prevent abuse).
  • The frequency of potential tap increases is limited (no more than say once every two weeks).
  • Only investor tokens can be used to vote, not those held by project developers.
  • Contributors will be informed well in advance of a planned poll.
  • When contributors decide to terminate the project, the Smart Contract will change to withdrawal and refund their money, while at the same time destroying tokens held by developers.

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.