Where Is My Bailout Ethereum?

in #ethereum8 years ago (edited)

I've been a big believer in Ethereum, but recently I've received a reality check. I got hit by an attacker that stole most of my Ethereum! How did that all happen? We'll get to that soon enough. Let's start from the beginning. 

 As you may or may not know there was once a entity called The DAO. This entity was based on having a big group of shareholders who invested in The DAO. These shareholders would accept and reject proposals based on a certain consensus. If the proposal was accepted and made money the DAO shareholders profited. If the proposal failed the shareholders lost value they basically lost money. 

Yes, really simplistic explanation I know, but I'm not going to go into explaining The DAO. There are plenty of articles and white papers that explain it already. I read up on it and though it was an interesting idea, but wasn't convinced that it was ready from prime time. For now I stayed on the sidelines. I bought a couple hundred tokens (2 ether) just for education purposes.

Soon enough a gigantic hack came that stole millions of Ether from the DAO. Now we all had to decide was should we bailout the victims of a malicious attack? Or should we let the investors pay for backing a losing entity and/or not fixing this issue before it happened. The hard fork idea came down the pipe and was widely accepted. This split ether in two, Ethereum (ETH after hard fork) and Ethereum Classic (ETC the original chain). All of this seemed to go off without a hitch ETC volume was low and support was fringe. 

Some time passed and ETC was on the rise. I was told to that my original ETH before the fork still existed on the ETC chain. Alright makes sense. So I decided to grab the existing ETC and put it on the exchange so I could sell it if it went high and roll it back into to ETH or hedge in case ETC for some reason succeeded. Simple enough, right! WRONG!!!!!!

Here is where it all went downhill. I had a friend who said they were syncing the ETC chain use my private key to transfer the ETC into Bittrex. We transferred a little bit and everything looked good, the ETC showed up in my exchange account so we transferred the rest. Meanwhile, I hadn't opened my Ether Wallet in a while so it wasn't synced. I opened up the wallet and it started syncing. Everything looked good and my balance was there so no problems. 

A day or two later my wallet finally finished syncing. Looking at the final value and realized almost all of my Ether was GONE!!!.... What happened?!! Did I transfer it out by accident? I decided to investigate the chain and found the very same transactions from my wallet to my Bittrex wallet on the ETH chain. 


 Wait, I never initiated a transfer did I? I quickly realized that someone had replayed the same transaction from the ETC network on the ETH chain. Of course!  Well I figured the wallet didn't exist on the ETH chain or so I thought. I contacted Bittrex to see if they could use the private key from my ETC account to recover the funds. No response....

Here is my address on etherscan.io in case you want to check it out for yourself: 0x2f46b512819B25F30795A8CDEf7D336AbFf3A6fD

Later on I found the funds had been transferred using a split safe contract into anther account check out the account that took my coins on etherscan. This is just one hacker with over 100,000 ether stolen. I'm guessing this isn't the only person doing this. The account is growing! Yes they are still stealing Ether. 

Now I'm not saying that I am not to blame. I'm sure if I had done more research I would have found info on people getting replay attacked and could have ether moved my ether into another account and/or used a split safe contract to split my ether. I just didn't realize I needed to. So for my ignorance I take responsibility and yes humbly accept my loss. What else can I do right?

In the end, I wonder what is the Ethereum foundation & community doing to protect Ethereum holders from hackers and thieves? Are they doing enough? Should we be doing more? (I say "WE" because it is up to all of us!) And finally where is my and other victim's bailout!? To be clear I'm not sure I should get one but I'm asking  the question because we did it for the DAO right? I think the right question is what is our plan to combat this?Lastly maybe Satoshi was right in deciding limit code executions? I'm just putting the questions out there. I'm not against Ethereum. I actually, in spite of my crushing loss (Crushing to me 60 ether I worked hard for that ether),  but I think these questions should be asked soon rather than later. 

Here is my ethereum account if you want to check it out 0x2f46b512819B25F30795A8CDEf7D336AbFf3A6fD. 

I encourage you to do some research before transferring their ETC. Here is a couple of nice links to help you do it safely.  https://blog.ethereum.org/2016/07/26/onward_from_the_hard_fork/

 https://www.reddit.com/r/ethtrader/comments/4uo5iz/the_nobrains_trick_to_separate_your_eth_and_etc/ 

Supposedly you can also move your ETH into a newly created account and then move your ETC. Don't take my word for it though. Do your research and do what you think is best. GOOD LUCK!

Sort:  

Can you explain exactly what process you used to transfer the ETC to the exchange? Did you friend rob you? Or did you friend use a service that he thought was secure and turned out not to be?

I did not use a service. We merely synced the ETC chain with the Ethereum based wallet. Then imported my private key and transfered the ETC to my Bittrex account? We moved a small amount first, then when we were sure the ETC was was in the Bittrex wallet, we moved the rest. I unfortunately was under the impression it was that simple and not aware of the replay attacks. The link to the hackers wallet is listed above. You'll see he is still taking coins and converting some of them to DGD tokens. http://etherscan.io/address/0xfbb1b73c4f0bda4f67dca266ce6ef42f520fbb98.
I am certain my friend is not a this hacker and very sure it was a replay attack.

I don't understand then how the hacker got your coins. If your transactions played on both chains, they would have transferred the coins to precisely the same account on both chains.

It was the same account on both chains. As the the coins transferred to my Bittrex account 0x4f7144b02273bdc4083b98ea075a5ab13fa9d4dd the transaction was replayed on the ETH chain. Have a look http://etherscan.io/address/0x4f7144b02273bdc4083b98ea075a5ab13fa9d4dd. As to how they got the coins out of that mirror account on ETH I have no idea. The must have found a way to create an ETH account for a specific address or something.

Only Bittrex could have transferred those funds. Only they had the key to the account. (Unless something much weirder is going on.)