On the 24th of November, 2015, James Levy received about 40,000 ether from the Ethereum Foundation.
Worth roughly $35,000 at the time, the gran was an award for the efforts of Levy to create an early smart contracting tool, and one of many is meant to support work on what was then extra nascent cryptocurrency in a lot of other alternatives.
But, three weeks later, the grant has disappeared, as well as drained from his wallet in what is probably one of the largest hacks of a single wallet in the history of the platform of Ethereum.
The final result of a weak passphrase, Levy has also been silent on the matter ever since. But, now to fund a new venture which is called Tap Trust, Levy appeals to the hacker so he would return the funds, and failing that, he is turning to the community to implement what would entail a system-wide software upgrade, or hard fork, to do so.
Such an upgrade is going to rely on EIP 867, a proposal to standardize the process of recovering funds on the platform, one which has been a point of conflict for Ethereum developers.
At times heated, the discussion around the proposal is tilting toward blocking all of the attempts for the EIP to proceed. The former EIP editor Yoichi Hirai has even stepped down from his post.
As a result, citing legal concerns which could ensure from permitting the proposal to develop. And, with the community od the developer in an uproar, the proposal has also been frozen in place as the process of accepting code changes gets considered more intently.
As a co-author of EIP 867, Levy has also found himself in the eye of the storm as developers expose concerns about the proposal – everything from lamenting the governance structure of Ethereum as it relates to system-wide catastrophes to predicting that stakeholders could also collude with such proposal ratified.
The move of Levy is indeed controversial, but he feels that going public with his story might sway the current debate.
Levy told CoinDesk in an exclusive interview:
Particularly, in turns of something like a hack, it is a very significant problem for the community, and it is one that, I think the network and the platform of Ethereum and the community, we need to figure out.
As adoption continues rising, and Ethereum is increasingly adapted for use in enterprise organizations, Levy continued:
Ultimately, I also think it comes down to, are we an economic system which lives outside the rest of the society, as well as the legal system? Are we separate from that? Or, are we somehow going to interface with these things?
To step back, the hack has happened as a result of a weak passphrase, which could also lead to some to blame Levy himself. Levy defends his security efforts, saying that he suspected his private key, would still be needed to access the wallet.
But, the wallet generation tool that Levy has used, developed by the creator of Ethereum named Vitalik Buterin, had a crucial flaw in that other people could access the wallet just with the passphrase. Levy explained:
I assumed that the passphrase was going to be used in addition to some other criteria.
Later, when the wallet was drained, the levy has found his private keys were secure, and initially, he didn’t believe he had had been the victim of a hack. He said:
At first I thought that it was probably due to an upgrade or something else.
Shortly before the wallet had been emptied, some new software like Brainflayer was released, and so Levy tested the software on this own wallet, cracked the passphrase, as well as learned the bitter truth about his grant money – it was gone.
He traced the funds to another wallet, and in watching the wallet ever since, it has not noticed any movement.
They have stayed at the same address, without “a single outgoing transaction in the entire history of the blockchain,” Levy said.
And, while Levy first accepted the funds as permanently lost, it was the eerie silence of the address of the hacker which made him think a fund recovery might be possible.
Initially, Levy is going to just try some friendly communication. Levy explained:
One of the things which I am eager to do is trying to get in touch with anyone that may have access to that new wallet, as well as to try to come up with something which we can agree to regard how to remedy the situation.
But, should that not work, Levy is going to submit another fund recovery proposal which builds on his former efforts with EIP 867.
According to Levy, the new proposal requires “a very, very limited, as well as well-defined and well-structured support for undoing finality,” such as the format offered by EIP 876.
With that, Levy could recover his funds, as well as use an important portion to build something which would benefit the community of blockchain, including his new venture TapTrust, a Wikipedia-style forum for displaying objective information about tokens launched on Ethereum. Levy said:
We also trying to improve the quality of information that is available, as well as improve the capability for average people to participate in this new crypto economy without compromising their safety.
It is perhaps an especially notable statement since much of the controversy surrounding the fund recovery proposal was stoked, as of poor communication, Buterin said during a recent developer meeting.
Levy knows that his appeals might not do any good, but still believes that they are going to start a broader conversation about a pain point the community has to tease out.
While the latest discussion around fund recovery stemmed from a code vulnerability which permitted a newbie coder to freeze, at the time $160 million worth of ether in Party Technologies Ethereum client, Levy said that we should look at hacks should categorically differently.
I think that if we want to encourage organizations, as well as businesses and financial institutions to adopt Ethereum that this is, I think for a lot of them, going to be a requirement which in the event of a catastrophic situation, there is at least something which they can try to do.
And, it is a question which touches on a deeper, more philosophical rift in the Ethereum community – the concept of blockchain finality.
The concept was also first excited in the community after The DAO hack after the time when the Ethereum community voted in favor of hard forking the code so that it would return funds to its original holders. Valuing immutability under the adage “code is law,” a dissenting group forked off the main Ethereum chain, creating Ethereum classic.
Such tensions are still active in the community today, as it has been witnessed through the more recent fund’s recovery debates that would not be surprised if there was another split down the line.
Levy also told CoinDesk:
I would not be surprised if the network splits a certain point over, not necessarily the problem of ETH recovery, but more generally, the problem or are we going to have a network which we are making some accommodations so that we can integrate with society.