He did not steal anything. He beat the fund (Indexed Finance) at their own game.
He has not stolen anybody's password, has not modified DeFI code - simply executed a set of financial transactions according to the rules (expressed as DeFI smart contracts) and profited from it.
Indexed Finance is an unlicensed investment firm. The promoters knew the risk ( decentralized finance) and now they want to blame someone who outsmarted them at their own game.
I agree with your assessment of cryptocurrencies. Here is a thought experiment that I use with other people: Ask yourself why none of the top 10 global investment banks have started their own crypto exchange. Now, add the 20 largest stock, futures, and options exchanges. Still none. After all, it is "just" market making (with a bit of clearing, custody & execution services). What is wrong with this picture? For me, the real issue is that KYC (know your customer) legal requirements will drain all the profit from the operation and expose the ibank/exchange to enormous legal risk.
Another one to make you scratch your head/chin: The world's busiest crypto exchange is Binance. The Wiki page literally says: "Headquarters: Unknown". How can anyone trust a company like that? Who regulates it? What enforcement agency will help in the event of fraud?
90% agree with this , with the little caveat that law and regulation always are a couple of steps behind huge innovations. Unfortunately sometimes companies think this gives them freedom to break current laws and regulations.
That's happening because crypto 'value' doesn't exist in a vaccuum, immune to the vagaries of the tradFi markets. When shit hits the fan, credibility matters. That's why traders park cash in government bonds when a market sell-off happens; a government bond essentially guarantees you get your money back quickly when you're ready to go back into the markets.
The recent moves by the administration have been so incompetent as to tank the bond market as well, thereby leaving few safe harbors. And no harbor is less safe than crypto.
By now everyone who stands to gain from (ab)using crypto is probably already convinced. Almost everyone else heard so much about scams and illegal activities around crypto that they find it too risky. So the current admin is preaching to a small choir, to the angst of the large one.
What I like is that every time there's a hack, or someone loses money over crypto either due to some illegal action or just unintended consequence of using it, you have a few more people demanding more regulation and state intervention. If only crypto regulation was scoped exclusively to when they need it after being swindled out of it.
I think this was edited - my understanding of the original comment was that it was primarily for buying things on the darknet ("illegal transactions").
And drugs. And delivery of bribes to the sitting US president (these are not the same as illegal transactions because when the president does it it is not illegal).
I posted the original comment everyone is replying to so it's clear I'm not fan of crypto. To be fair, literally everyone I've ever known, including myself, has only ever used cash to buy drugs. I can't put that on crypto.
There's a pretty big market for drugs and other illegal things on onion websites.
You send an encrypted order, transfer crypto to an escrow wallet, then they send the product in the mail.
Oh, it is illegal. It's just that the DOJ is turning a blind eye because someone at some point wrote a "memo"[0,1], which it seems can be the bane of global peace and prosperity as we know it. (Yes, it is ironic that a memo in some countries like the U.S. can affect everyone else.)
P.S. I understand the context in your comment here. Just expanding on it for cynicism's sake.
You've cited policy which blocks prosecution of sitting Presidents -- but that didn't necessarily enjoin eventual justice from being served after his term(s) end. However the outcome of Trump v. United States, 603 U.S. 593 (2024) appears to not just block prosecution but grant immunity, meaning what would normally be a crime ceases to even be a crime.
That ruling appears to draw a nearly complete shield of immunity around Presidents for any crimes done as 'official acts,' and nearly everything can be claimed to be an 'official act' especially given how vaguely-scoped much Presidential power has become. I consider it pretty unlikely that we'll ever see a former President even be charged with a crime if Congress doesn't explicitly repudiate this ruling with an actual law.
> I consider it pretty unlikely that we'll ever see a former President even be charged with a crime...
You could have stopped the sentence here; most US presidents are responsible for acts that appear to be criminal but for the fact that it is political convention not to charge them. The most egregious case I recall was Anwar Al-Awlaki [0] - where he seems to have been killed on the president's orders without actually having done anything specific to justify it. Searching for "crime" on his Wikipedia page turns up nothing much. If a president isn't publicly investigated by the judicial system for having a US citizen killed it is hard to see when charges would be appropriate.
> where he seems to have been killed on the president's orders without actually having done anything specific to justify it.
This was an assaination as part of an armed conflict if i understand correctly.
There are a lot of things you can argue about with the morality of the drone strike program, but its at the very least grey. As a general rule, armed conflict involves killing people who have done nothing wrong other than being on the wrong side of the conflict.
Its possible it still might be a crime, but i think it would be on the standard of if its a war crime, and not an ordinary murder.
P.s. i dont understand what him being an american citizen has to do with it. Its not any more ok to kill non-citizens.
Okay. Well in that case, my (uninformed) take is that both holding the president personally criminally liable for actions of the US government that they authorized, and not holding the president accountable for campaign finance violations they undertook on the path to getting elected, are about equally ridiculous. But it seems that we’re doing the second one.
I'm honestly lost on what you might be alluding to with the "campaign finance violations"; but that is a classic up there with the remarkable rate that whistle-blowers turn out to be guilty of sexual assault nothing-burgers. I expect candidates will routinely violate campaign finance laws and don't see why that is more than a minor problem until someone outlines what the actual issue is in a specific case.
If they're taking millions of dollars from Chinese NGOs that would be a problem. If they filled out a form wrongly and there is no motive involved that isn't interesting. Might be worth a few political points on a slow news day.
Those laws are a poster child for the high risk of selective enforcement leading to political corruption.
The story of Anwar Al-Awlaki and his American US-born son who was killed in the attack authorized by the Obama administration must not be forgotten.
The issue of presidential powers and conduct must be a non-partisan issue. Trump merely walked through the cracks created under Obama.
Being well-intentioned (“protecting Americans against terrorism”) is not sufficient excuse for murdering an American minor due to the sins of his father no matter how much the Obama administration DOJ attempted to make it legally permissible to do so.
<Trump merely walked through the cracks created under Obama.>
Which were dependent on the GWB administration (forced renditions, torture prisons), the Reagan administration (Iran-Contra etc), the Nixon Administration (Watergate etc), FDR's admin (concentration camps), on and on and on.
The expansion of Presidential power is non-partisan. Congress would be the logical counterbalance but other than in fits and starts has generally abdicated this role to the SCOTUS which has now been captured by believers in the unitary Presidency.
Thank you. I tried to keep my comment short, but your expansion was necessary on second thought. For better or for worse, I expect this to be relitigated. (Unless all outgoing presidents start the tradition of pardoning themselves from now on.)
The reason is that what constitutes an official act is up in the air, and let us be honest, the incumbent president is not known for staying inside the Executive branch's lane.
But the sheer unwillingness of the DOJ to prosecute, creates a catch-22: you need indictments to change or clarify Trump v. United States, 603 U.S. 593, and right now there are two options:
Somehow revive the private right to criminal prosecution (and of the president at that)(See Linda R.S. v. Richard D., (1973) 410 U.S. 614 (citations omitted)) or a Federal Court to appoint counsel to investigate a former or incumbent president. (Young v. U.S. ex re. Vuitton et Fils, (1987) 481 U.S. 787.) And I am not sure which one is less likely to happen. (Or for Congress to take that role beyond impeachment, which is even less likely.)
The case where the precedent was set suggests that it is within the outer perimeter of what the President does to give a speech designed to whip up a crowd before they head them off to the Capitol to attempt a coup.
While Trump may go farther than that, it is hard to imagine any other President in our history who would have considered doing anything more deserving of criminal prosecution in a US court.
Given how polarized our country has become and the requirement for a 2/3 majority in the Senate, it is also difficult to see how we could ever again wind up in a situation where the threat of impeachment is a significant concern to a sitting President. Given the current state of the Republican party, I'm not even sure whether an attempted military coup by Trump would get that result.
I agree completely. He doesn’t need to do a coup now that he has absolute power for four more years given the vacuum of leadership that is the legislative branch, but he absolutely would get away with it if he chooses to someday.
You'll need a stronger defense than that in court because courts absolutely create and deal in gray areas where technical fine lines exist.
What you need to argue is that the the smart contracts were valid contracts that the creators intended to and had opportunity to understand and that their creation was their act of negotiation of a position. It isn't really a stretch, but with amounts like this probably more diligence would have been due than that. Calling it theft is ridiculous on the other hand.
I disagree simply on the principle that nobody has any choice in whether or not to participate. Calling it a social contract just sounds too… soft? for what it really is.
> nobody has any choice in whether or not to participate.
You've hit a key point of disagreement amongst philosophers about the idea of the social contract.
Some of them say it's not voluntary because we were all born into a existing society, others say, sure it is, you can just give up all your property and go live in the forest.
Others then reply that disabled people and children can't do that.
But also the idea of living in a forest is not really an option for most people in the modern world. So my personal take is that the social contract is inherently non-voluntary in the modern world.
> Calling it a social contract just sounds too… soft? for what it really is.
Why do you think a social contract implies softness? For most of it's existence the social contract allowed slavery, ritual killing in the form of warfare and duels, and it still allows the death penalty in much of the world.
> Why do you think a social contract implies softness? For most of it's existence the social contract allowed slavery, ritual killing in the form of warfare and duels, and it still allows the death penalty in much of the world.
I think they are saying that the words "social contract" sound more collaborative and voluntary (to them) than what the phrase actually refers to. Your examples would only reinforce that view.
It is a subjective stance on a coined phrase, but given most of our laws were settled by people not living now, and enforced on people not living when the laws were created, and there is no periodic process of ensuring laws reflect the living, the words "social" and "contract" are being stretched quite a bit.
(On the other hand, the meanings of most phrases drift from the nominal meanings of their constituent words.)
If you don't sign a contract you are not bound by it, and you are not protected by it. If the law doesn't apply to you, that cuts both ways: people can kidnap or murder you with impunity for any valid-sounding or completely-made-up reason.
But the benefit of living in a society is that those people that _cannot_ survive without the society, _can_ with it. They still have the option to live outside society, they'll just perish. And that sucks. But by being part of society and gaining the benefits thereof, you are agreeing to follow it's rules (or suffer the consequences if you do not).
I would not survive away from society due to medical needs. In exchange for being able to acquire the items I need to survive, I follow the constraints of living in that society. But it _is_ a choice. I could choose to go live in the woods without said benefit; and I'd die.
> But the benefit of living in a society is that those people that _cannot_ survive without the society, _can_ with it
Hence why it's a "contract". Both parties benefit. Society gets to exist, the people in it mostly have better lives than they would living alone in a forest. Admittedly, that's a low bar and we could stand to improving things.
But the point of "living in the forrest is not an option" isn't that the person in question is incapable of surviving there. It is that the society claims ownership of the forrest an will punish you for trying to live there. I mean, try sleeping in your own car in California, or some other US states...
That's just the nature of almost any society: they are actively hostile towards such outliers.
To be fair, this philosophical discussion originated in the time of Locke and Hobbes, and back then it was far more viable to go off and live in a forest, especially if you went to America to do it.
>But also the idea of living in a forest is not really an option for most people in the modern world. So my personal take is that the social contract is inherently non-voluntary in the modern world.
This idea is ridiculous because even if you could go live in a forest a large part of the enlightenment was that states grabbed control of the periphery (forests) of their domain. You can no longer run of into the forest. The state will still want you to fit into the existing ownership structures, censuses, taxation regimes, etc. If you commit a crime it will still be decided by the existing courts.
I don’t think something being a contract is reliant on there being a compelling alternative though. But then it’s usually hard to tell what’s important to philosophers.
> I don’t think something being a contract is reliant on there being a compelling alternative though
Legally, a contract must be entered into voluntarily by both parties. If either party is coerced into joining, then it is no longer considered to be a contract. I assume that philosophers use the same meaning of the word contract.
But you’d have to draw a distinction between “I have to sell my company to Microsoft because they’re the only ones with the expertise to run it,” and “Microsoft sent someone to hold a gun to my head until I signed this paper even though I actually have other options.”
In this case it seems more like the former since no one is really actively combing the woods for hermits and forcibly integrating them into society. I guess it’s not unimaginable for something like that to happen, but I don’t think you could say that that’s reason that most of us are part of society. I do guess you could argue that point, but the argument would have to be that society is actively taking away viable alternatives to force people who otherwise would not have to have to join it, not that such alternatives never existed in the first place.
I dare you to name a forest that someone won’t try to kick you out of pretty quickly.
The US has forest rangers, among others, as do most countries. Even in remote Siberia and Alaska, it likely won’t be long before someone defending a mining claim or similar gets you removed or tries to shoot at you, though you might get long enough in some spots to live half a life at least.
Every society I’m currently aware of has something similar going on, and they absolutely are trying to remove opportunities to stay outside of their bounds.
Just because some subsets of the crypto industry want to operate entirely outside the law doesn't mean the whole industry wants to operate outside the law. As evidenced by anyone who pays taxes on their crypto.
Saying "he used the system as it was designed, even if not as intended" is more or less equivalent to saying that any computer hack or zero day is also "using the computer system as designed".
You even plausibly extend that to picking locks in the physical world.
So yes, it does make sense for the law to get involved.
Smart contracts give you a lot of financial automation and guarantees that regular courts do not. Furthermore, any litigation or arbitration in court is very expensive. If you can use smart contracts to simultaneously increase the complexity and sophistication of your transactions while also reducing the number of times you need to go to court, you've created value.
And, a lot of crypto projects do pair their smart contracts with regular contracts, or at the very least with ToS
Smart contracts are supposed to eliminate a huge swath of disputes, so often people don’t need courts at all. People can put business rules in place that aren’t violated - and not just for contracts.
For example bidders at Christie’s and Sotheby’s sometimes don’t have the money but the houses can’t make a big scandal. They try to hold another auction and sell it to someone else as if the guy sold it.
In crypto it would be trivial to endure bidders have put up the money. You can refund the lowest bidder below N winners. You can also ensure payouts happen at agreed-upon rates. You can prove escrow. And stuff like that.
Imagine a bunch of donors or investors seeing how their money is spent because it is on the blockchain. Or imagine a community having roles and knowing that each role was granted properly.
In web2 anyone who can get into the database can modify any records and then you hope court cases and chilling effects will undo the damage retroactively.
>Smart contracts are supposed to eliminate a huge swath of disputes, so often people don’t need courts at all
That just sounds like near total agreement with me.
Dont get me wrong, I love smart contracts conceptually. But if the parties to a smart contract desired court arbitration, they should include a function for it in the smart contract. Like a swing vote for a trusted third parties keys.
Without that, to me, you are signalling acceptance of the outcome of the code without arbitration. If you seek a court to interfere with the execution of a smart contract that never included a provision for arbitration then you are in my mind, as guilty of ignoring the intent of the smart contract as any hacker might be.
And if you were just going to court to dispute the smart contract, you may as well just have accepted a legacy contract. Escrow, multiple parties, etc etc all solved problems in the traditional legal space.
It seems more like a contract dispute to me. My first thought is that a commercial court could decide who keeps the money.
(Clearly in the real world the American authorities have decided it's a criminal matter. I just find it odd that a "smart contract" dispute falls under criminal rather than commercial law.)
The point of cryptocurrencies is to reward people who make hardware available for in-public multiparty computation. The point of that is to be able to create rulesets and expect that they'll be followed within the confines of the system.
It's bonkers to me that the only rulesets people care to implement on such a platform are just reflections of money as we know it. How unimaginative. I wish we'd make something new rather than translating something old--bugs and all--into a new language.
Hardware availability is a use case of cryptocurrency, but not the point. The point is a decentralized accounting system that no single party can manipulate, for good or bad. You can apply that to hardware availability, digital game economies, supply chain accounting, etc. but the point of crypto is more abstract than any of that.
Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other.
> the point of crypto is more abstract than any of that
It has to do with operating in spite of somebody who would otherwise tamper with your information. It's about durability in the face of sophisticated adversaries.
I was trying to get at the point of crytocurrency. The accounting system can handle anything at all, so why bother with the coins? We've had coins for thousands of years, they're the most boring app imaginable. Why bother maintaining artificial scarcities when we could be addressing real ones?
But at the end of the day, if nobody provides hardware for it to run on, then, we can't have that accounting system. And those people have to pay their electric bills, and for the hardware they're using, and for that they need something money-shaped. The point of cryptocurrency is to be that money-shaped thing. We need it to interface with the traditional finance system until we can replace that system with something better.
You could contribute to a goal that they care about, or give them something they need, or help find somebody who will. Or you can promise to do so in the future.
Using "value" as a medium is problematic because we increasingly don't value the same things. It worked ok back when food took so much effort to grow that securing it represented a significant portion of our mindshare. Then money was reliably a proxy for our shared agreement that food was good.
But now that it's so much easier to make the necessities that we agree on, we spend more time perusing contradictory outcomes. Which is more valuable, if my endeavor succeeds and yours fails, or visa versa? Whose agenda am I furthering when I decide to value a dollar? It's hard to participate in because I can never figure out whether I'm hurting or helping.
Better would to let people be explicit about what they want so that we can the things that have consensus and work towards those. As it is we're letting the ownership of scarce abstractions determine what gets done, which is just bonkers. It was once the best we could do with only the laws of physics at hand to enforce the rules (re: the scarcity of gold), but now we can do better.
A list of ways people can trust each other (e.g. to be a skilled plumber, or to be a fair mediator, to be a real human, to not let their key get compromised, and many other things). I call these colors.
Also there's a directed graph where the nodes are users. Edges on this graph indicate that this user trusts that user, the edges are colored to indicate which type of trust it is.
Given two users, they can compare graphs to decide if they both trust (transitively) any other users in some set of colors. Also, if cycles appear, then that cycle is a community of experts and they can follow the graph in reverse to find out which other users consider them experts.
It's sort of like how we have representatives in congress, except instead of being one layer deep with millions of people being represented by one, it can be as nested as needed to ensure that the experts are not overloaded (since many of us are somewhere in the middle, we distribute the load by playing both roles--depending on who we're dealing with). It also differs from typical representative democracy because you can express trust in somebody's diplomacy and simultaneously avoid trusting their understanding of economics (or whatever other colors you care to).
Ideally it would be a system in which the most trusted and capable people for any job are easy to find and easy to support, and in which we focus on becoming skilled and trustworthy rather than on the ownership of scarce things.
Human societies already work like this, they have for a million years or so, but it stops working well when the cognitive burden of walking all of these trust graphs becomes too much to bear, then things get authoritarian. We now have the technology to scale it better, but the implicit non-specialized authorities are still in charge.
A couple of applications for this that could work in the near term:
1. If you have a dispute, you can use the data find a mediator who is trusted by you and the other party. And not just trusted, but trusted in the relevant way. This is a step towards a better court system, better because the arbiter is explicitly trusted by the complainants and because the arbiter is an expert in the color of the complaint.
This would solve the well-somebody-needs-to-be-able-to-undo-the-transaction problem without invoking a bank and without leaving it unsolved. The transaction arbitrator would be determined by the trust settings of the parties to the transaction. There's a lot more consent and specificity in that than in what we're doing.
2. If you find a dubious claim, you can see who signed it and check for a trust path between you and that person. 1,000,000 fake amazon reviews mean nothing through that lens, since you don't trust them. But two or three reviews signed by people that you explicitly trust (perhaps transitively) would mean a great deal. This gives us a way to ignore scammers and malicious AI's and creates a space in which being trustworthy is an asset (contrast this to the world we've built which is more about commanding the most attention).
I'm not saying I have it right, but such things are worth trying in general, and "crypto" isa much better medium for them than bureaucracy (although I'm more excited about CRDT's than blockchains, because I think partition tolerance is more important than consistency).
Funny, I thought the whole point was to hold on to the bag as long as you can. Think back to the first time you heard about btc or eth, and how much return a modest investment would have made. It's the people that sold early that lost out.
You're not wrong, but has there ever been a time when buying & holding the 3 largest market cap coins wasn't a winning strategy?
Most of the deadcoins were very low cap, and low cap investments are inherently risky. Most of the rugpulls were schemes around small coins or individuals not actually holding the private keys to the wallet.
Money is a technology. Its purpose is whatever use you want to put it to.
Like any technology, a money system can be designed so that it works well enough for a small set of intended purposes, and poorly for all other purposes. Moreover, its uses can be constrained by laws.
I think an open question is whether existing laws related to money or property apply to cryptocurrencies. For instance, "theft" and "fraud" cover a lot of things, without specifically listing all of them.
If it's ambiguous whether such laws apply to crypto, then sure, someone could use the legal system to settle the matter. In fact, using the legal system to remediate undesired transactions could be as good a use of crypto as any, if "anything goes."
>If you believe in cash, does that mean you can't run to the courts if someone steals your cash?
No, because the point of cash isn't to circumvent government control of the financial system. If you build a whole system just to decentralize financial control and avoid government influence but then appeal to the government as soon as you don't like what happens, you're doing something wrong.
> If you believe in cash, does that mean you can't run to the courts if someone steals your cash?
If your security proves insufficient to prevent a theft, that doesn't mean the theft was legal! It just means your security was insufficient.
Stealing someone’s private key and then using it to steal their assets is very different from exploiting edge cases of get rich quick schemes.
It's quite different in intent. When you stash crypto within a defi contract that you authored, and that contract states that the crypto can move under certain conditions, and then folks come along and say "hey, I meet those conditions" and move the crypto, then no crime has been committed!
If you didn't want folks to be able to get the crypto under those conditions, then why did you make the contract grant them the crypto in those conditions? I can't take a stack of $100 bills and leave it on the sidewalk with a post-it note saying "only to be picked up by John" and then sue the person named John who comes by and picks up cash. I also can't get mad when Alice sees the stack and tells her friend John to come pick up the money with his name on it.
So it is with crypto. Why are you using crypto if you don't want to follow the rules? That sounds to me like you're trying to do unregistered securities trades...
In the legal system, formation of a contract requires intent. If it can be demonstrated that there was no intent to form a provision of the contract, no "meeting of the minds", then I don't believe it is enforceable. (Though IANAL.)
The point is that there's a pretty big publicly published document informing the world of their intent. It's called a contract, and they said "this will be the rules by which we abide."
It's a very hard battle to say "wow, I didn't intend to have my contract say that, despite writing that and publishing it." You'd have to have a lot of auxiliary material explicitly stating the opposite of what your contract actually said, or you'd have to convince others that what the contact actually says is so difficult to understand that there was no way to anticipate that the contract allows what it does. And even then, I don't know if that'd pass because "I didn't think of that at the time" is commonly not accepted as a way to get out of breach of contract.
I think you’re confusing “smart contracts” with “legal contracts”. They’re not entirely different but exploiting a loophole in a smart contract doesn’t necessarily meet the standard of a legal one.
> To form a contract, there must be: a) an offer and acceptance of said offer; b) consideration for the offer, or some value exchange; c) an intention to form legal relations; and, d) a certainty of the terms of the contract
The people who made the smart contract almost certainly wouldn’t tick all four of those boxes definitively. It’d be an interesting civil case probably!
It's actually pretty well established that a typo in a contract doesn't isn't enforceable, particularly if the party trying to enforce it is acting in bad faith.
The problem here is that those crypto contracts aren't designed to be security. They are intended to be contracts.
It's like opening a bank account, and the contract says "You can only access your own money in the vault. Everything you can access is yours to use as you see fit." On your first visit the manager brings you into a vault with hundreds of cash-laden tables. He shows you to an empty table, and says "Here's your table. Enjoy!".
Are you allowed to take money from the other tables? Clearly the contract says you can, but surely that can't be what they intended? Is it theft to "break their security" by walking over to another table, or is it just a hidden perk of the contract you signed?
Moreover they're designed to be contracts with the explicit intention of enabling trustless exchange without third party oversight, under the belief that the code can replace a legal system
unlike actual contracts, which are written with the expectation that disputes may occur and be resolved by arbitrators and a legal system (who will probably rule that a poorly drafted clause 2b doesn't in fact grant you the right to take all the other customers' money)
> Are you allowed to take money from the other tables? Clearly the contract says you can, but surely that can't be what they intended?
If their entire business model is based on giving a service that allows you to store your money in safety without any government dependency, while in reality they allow everyone else to take your money, then they deserve whatever happens to them.
It turns out that once a financial system becomes big enough, the US will apply its finance laws to it. Finance laws are designed to prevent sudden unexpected transfers of wealth from one (wealthy) unwilling party to another based on unanticipated loopholes.
The point of bitcoin, in words of their creator is to “allow online payments to be sent directly from one party to another without going through a
financial institution.” That’s it.
> If you believe in cryptocurrencies, you can't run to the courts when people use them as designed
Shouldn't, but can.
Anyway, you're assuming most of these crypto people are true believers in the technical attributes of crypto currencies, but I think most of them don't understand or care about that and are just trying to get rich.
"Code as law" was attempted as a defense in another token-related "hacking" case.
It didn't work there, and it won't work here either.
If you end up using the legal system to remediate undesired transactions, what's the point of cryptocurrencies in the first place?
That is a philosophical argument completely unrelated to whether or not something is illegal. Cryptocurrencies aren't a replacement for the law, nor do they stand outside of it.
> That is a philosophical argument completely unrelated to whether or not something is illegal.
Most comments saying that cryptocurrency holders should abide by "code is law", are not actually saying that we should abide by "code is law" and abandon the legal system.
It's a classic argument to show that the purported benefits of cryptocurrency are a farce.
>And when people leave their home unlocked the thieves should get to keep their stuff.
That's not what happened here. What happened is that the crypto company said, "Follow this contract," and their customer followed the contract and took their money, and then the crypto company was like, "But not like that!"
Ostensibly, the whole point of cryptocurrencies is to decentralize financial control and not depend on governments for that service. If you then depend on governments the second you don't like what happens, there's no point to cryptocurrencies.
It's like building a home on a land which has no system of law because you like anarchy, and then complaining when a fellow anarchist steals your stuff.
If you can't distinguish "not what I intended" from "not what I wanted" then there is probably no reasoning with you. Luckily for the rest of us, making this distinction is a pre-requisite for becoming a judge or lawyer.
I really didn't intend that as an insult! I just find it very easy to distinguish between a case where someone followed reasonable rules and got an outcome they didn't like, versus a case where someone found absurd rules - clearly not intended by anyone - and exploited them for an undeserved gain.
If you see a case where someone exploits a badly-coded computer program to take a hundred million dollars from someone, refuses to return any of it (even when offered several million dollars for their trouble), refuses to co-operate with the judges and the rest of civilised society, and just see "waa waa baby doesn't like his medicine" then I don't see how to actually reason with you. That's just a value difference, not really an insult.
>I just find it very easy to distinguish between a case where someone followed reasonable rules and got an outcome they didn't like, versus a case where someone found absurd rules - clearly not intended by anyone - and exploited them for an undeserved gain
I think you overestimate how easy it is to distinguish between these two. A reasonable common example is people like Bernard Marantelli exploiting lotteries. The lottery does not intend for people to play as Marantelli does. You can (and people do) argue that he's stealing money, but should he go to jail for playing the lottery in a way "not intended by anyone"? I don't think so.
It's the same with card counters at a casino. The casino can throw card counters out because they can decide who plays at their establishment, but it would be unreasonable to jail card counters for playing blackjack in a way casinos don't intend.
>If you see a case where someone exploits a badly-coded computer program to take a hundred million dollars from someone
This phrasing removes relevant context to the point where it no longer represents what actually happened.
>refuses to return any of it (...)
I did not comment on any of this at all.
>I don't see how to actually reason with you
This is dismissive and denies my ability to be convinced by reasonable arguments. It is insulting, even if it's not intended that way.
I think both those cases are easy to decide, and are legitimate play. Even if they were not legitimate, I think the remedy is simple -- not jail, but at worst return the money that was taken. In this case, even if deciding the merit of the case is hard, there was a transparently reasonable remedy (return 90% of the funds, continue with your life) which Medjedovic rejected. More than just rejecting the offer, he then went on to launder the tokens through a mixer, fled the country, and has refused to put the funds in escrow while the case is decided in court. None of this is reasonable, in my opinion, and I am 100% ok with the legal system forcing him to comply.
> This phrasing removes relevant context to the point where it no longer represents what actually happened.
I don't think it does, but you don't explain why, so there is not much to argue. It is hard to get an objective description of what happened, but as far as I can tell, the liquidity pools operated by Indexed Finance are governed by a smart contract, the smart contract contained a mistake, and by exploiting that mistake, Medjedovic was able to drain them completely.
Can you explain to me in simple english how that is using the contract as intended? Note that "it's what the smart contract said" is not sufficient, for the same reason that "the web server allowed me to make that request" is not a defence against a charge of computer hacking. What the smart contract says is actually almost irrelevant. What is relevant is what it was intended to do.
Incidentally, why should I be rooting for this guy? It seems like literally the only argument in favour of what he did here is "everything that is possible is fair". His extraction of money is purely parasitic, and aside from merely identifying the bug, he hasn't done any useful work at all. I would grant that this applies to the lottery and card counting examples too. But why should I care that he's having his money taken away?
Many people disagree with you and describe what these people do as theft, so it's not as easy as you think.
>which Medjedovic rejected
I made no points at all about what he did afterward. This is all irrelevant to my point.
>I don't think it does, but you don't explain why
I did explain why further up in the thread. It's not just a badly coded computer program; it's a badly coded computer program that acts as a contract intended to circumvent government control of money. That's the context.
People agree to adhere to the smart contract instead of putting their money into a financial institution that uses contracts backed by laws enforced by governments. This guy adhered to the smart contract, and when the crypto company didn't like the outcome, they decided that none of the crypto stuff mattered and that the laws enforced by governments mattered after all.
But this makes cryptocurrencies entirely pointless. If you can use legal means to circumvent undesired smart contract outcomes, then you can just do that in the first place and not have the smart contract.
>Can you explain to me in simple english how that is using the contract as intended?
Yes, of course. Smart contracts are self-executing contracts. The agreement you make is written in the code of the contract. That is the intention behind a smart contract. It makes no sense to say that you did not adhere to the contract if it allowed you to do something. So by definition, anything you do that the contract enables you to do is using the contract as intended.
>Note that "it's what the smart contract said" is not sufficient, for the same reason that "the web server allowed me to make that request" is not a defence against a charge of computer hacking
Again, this argument ignores the context of smart contracts. Web servers don't claim that their code is a contract.
>why should I be rooting for this guy
It doesn't matter. I'm not rooting for this guy. I'm not arguing emotionally in favor of some guy who did something. In fact, I think he's a shithead.
> It makes no sense to say that you did not adhere to the contract if it allowed you to do something.
I think this is the point where I really disagree with you. I don't see how this is different for smart contracts, as opposed to, say legal contracts written in english. It is not true in general that just because a contract says something, that those exact terms are enforced. There is a whole body of law around what terms are enforceable, what to do in cases of mistakes, and so on.
I am now really unclear on what your position is. I thought originally that you were in favour of smart contracts, and that it was somehow unfair or unethical for e.g. a court to rule whether a smart contract was intended to do something different than what it did. So I am trying to understand why you think it is unethical. In this case I think it is unethical to obey the smart contract, and that what this kid did is unethical and should be illegal. Are you saying what he did is wrong, but he should be allowed to do it anyway? If so, why?
>I don't see how this is different for smart contracts, as opposed to, say legal contracts written in english
It's different because the whole purpose of smart contracts is to circumvent governmental power structures. Otherwise, people would use regular contracts.
Technologically, it's much easier to set up a payment system using a centralized database in a specific jurisdiction and have people sign normal contracts to use the system. People create cryptocurrency systems to avoid that. They put much effort into creating payment systems independent of existing power structures. If this system does not work without backup from the legal system and governmental power, then all that effort is pointless.
>I thought originally that you were in favour of smart contracts
I think they're interesting.
>Are you saying what he did is wrong, but he should be allowed to do it anyway?
Yes.
>If so, why?
Using existing governmental power structures to punish people who adhere to smart contracts in ways some system members don't like invalidates the whole system. If cryptosystems don't work purely technologically without judicial support, they don't work, period.
I think you're letting the perfect be the enemy of the good. It seems like an obvious advantage to have systems that decide the outcome automatically and correctly 99% of the time, despite requiring occasional corrections from outside. That's not the same as a regular contract, so it doesn't follow people would always either choose smart contracts or traditional ones.
What you're hoping for is, taken literally, impossible. Smart contracts can't protect people from fraud, or coercion. Since the law does protect them from these things, smart contracts cannot be totally isolated from the legal system (even if everyone wanted this, which they don't).
> Using existing governmental power structures to punish people who adhere to smart contracts in ways some system members don't like
Fine, but what about in ways that the rest of society don't like?
The problem is that Smart Contracts aren't sold as "Computer Program" they are sold as binding agreements forged in code. The code was agreed to by all parties.
I absolutely get your position, and possibly hypocritically supported the main branch when ethereum had a big fork over exactly this issue. But its also not hard to see where the "code is law" guys are coming from.
The entire point of a home is not to escape traditional finance. It's by design not compatible with a simple "thief breaks into house" comparison, otherwise the entire enterprise is a scam and they should be criminally prosecuted for fraud the second they ask for legal dispute resolution on transactions that happened on ledger.
> He did not steal anything. He beat the fund (Indexed Finance) at their own game.
As popular as this idea is online, it doesn’t work that way in the courts.
Intent matters in issues of the law. The “finders keepers” rules don’t apply in legal matters in the real world.
If someone logs into their bank and notices that changing the account number in the URL lets them withdraw from other people’s accounts, no court is going to shrug it off and say that it’s the bank’s fault for not being more secure. Likewise, finding a vulnerability in a smart contract doesn’t automatically give someone the right to any funds they collect from exploiting it.
We all know the “code is law” arguments about smart contracts are just marketing bluster. The lawyers do, too.
The intent of the whole underlying system is that the intent of all the parties be described by code of the smart contracts. Which are intended to be composable, intended to be used in unanticipated ways, and intended to operate independent of any human oversight. The system is also intended to avoid all ambiguity by enforcing the contracts exactly as described by the code... and to provide certainty of transactions and prevent them from being undone after the fact.
Everybody involved knows all of that, and claims it as a positive feature of the system. At least until they find out that it's actually hard to write bug-free code.
There may indeed not be a legal "meeting of minds" (although there very well also may)... but from an ethical point of view, everybody involved knowingly signed up for exactly that kind of risk. And honestly it would be good public policy if the law held them to it. Otherwise you get people trying to opt out of the regular legal system up until it's inconvenient.
There'd be more of a case if he'd exploited the underlying EVM implementation. But he didn't. He just relied on the "letter" of a contract, in an environment that everybody had sought out because of unambiguous to-the-letter enforcement.
Exactly this. If what is written on the blockchain is not the law in the context of anything involving blockchains and DeFi, then the whole idea of blockchains and decentralized finance is pointless.
You’re assigning a set of beliefs to an entity that doesn’t hold them. The authors of the code are pursuing the matter in court i.e. they see smart contracts as an efficient decentralised solution to a complex problem within the existing legal framework.
I assume OP means it in the sense that the system intends novel uses that the designers didn't necessarily consider. Same with programming languages (or language in general), for example.
> If someone logs into their bank and notices that changing the account number in the URL lets them withdraw from other people’s accounts, no court is going to shrug it off and say that it’s the bank’s fault for not being more secure
When you open a bank account, there is an actual contract and regulatory framework that governs how you use the account. A URL parameter is an implementation detail that no more alters the contract than a broken lock on a vault would alter the contract.
But when you interact with a smart contract, the smart contract is the contract. What you are allowed to do is defined by what the smart contract lets you do. You don't need to open an account, agree to T&Cs or sign any other sort of contract to interact with the smart contract.
If the smart contract is not the contract, how would you propose we can determine what the real contract is?
> when you interact with a smart contract, the smart contract is the contract
This is one viewpoint but certainly not the only viewpoint and definitely not the viewpoint of the authors of the contracts in question.
Smart contracts are a novel method of executing contracts, but like all contracts the parties involved and the contract itself is subject to legal oversight in the relevant jurisdictions.
The big difference is that those are centralized systems owned by corporations, and accessing them in a way which you're not supposed to, such as by changing a bank account number or exploiting a zero day, is a crime.
With DeFi it's different; the code is public and decentralized. There was no unauthorized access to anything here. From my reading of what was done, it was essentially taking advantage of the poor trading strategy of Indexed Finance.
I'm not going to pretend to be a lawyer, but I don't see a lot of parallels between this and e.g. using SQL injection to obtain unauthorized access to a system.
I'm not a lawyer either, but I suspect the technical structure is not determinative. Contract law has certain features. These technical constructs purport to enable contracts to be written and executed such that subsequently the courts cannot but find that what the code did is final and there is no possible legal reconsideration. Clearly, this is the prior expectation of the parties, but whether it is the case under all circumstances is a function of contract law (and other applicable law) not the technical constructs. The code is not what will finally be determinative.
To give an analogy, it's like writing code in a high level language and saying that it will prevent side channels such as spectre. But such side channels are a function of the hardware, not the high level language. The hardware in defi is ultimately the law, not the servers.
> I suspect the technical structure is not determinative
Correct. The courts care about intent, structure is secondary.
This is the classic “you don’t get to walk into my house just because you found an unlocked door” that HN users struggle to understand when the digital equivalent is under discussion e.g. an unsecured API.
> This is the classic “you don’t get to walk into my house just because you found an unlocked door” that HN users struggle to understand when the digital equivalent is under discussion e.g. an unsecured API.
Except this is not how DeFi and dApps work. The network is decentralized. At no point was any unauthorized access to a system performed. This is not the same as entering private property through an unlocked door, or using SQL injection to gain unauthorized access to a system.
This is not to say Medjedovic is innocent; he made extortionist threats, and gleefully admitted he stole money from people, so wire fraud charges seem obvious. As you say, the courts care about intent, and his intent was clear. But you can't apply the normal charges of accessing a computer without authorization here.
> MEDJEDOVIC understood that his conduct circumvented the intended functioning [...] MEDJEDOVIC discussed a plan to "steal crypto," referred to the exploit as involving "glitch" and "fake" liquidity, and described the code for the exploit as a "rape."
> MEDJEDOVIC also prepared a "POST-EXPLOITATION" plan for himself, which included, among other things, "KEEP the configs Burn the evidence, including the histfile" and "Book flight to: Pack Bags," as well as another file labeled "Decisions and Mistakes," in which he wrote, "Going On the run / Yes / Chance of getting caught<Payoff for not getting caught"
> Immediately after obtaining the flash loan, MEDJEDOVIC wrote "Raping Now" in the public event long for the transaction.
There's extremely strong evidence that he believes he's committing a crime, and specifically "steal[ing] crypto" in his own words, so yes. And when you have records effectively saying "I believe I am committing a crime", it becomes a lot easier to convince a jury you committed a crime.
Thanks for this; so we have: wire fraud, money laundering, and an interesting charge “unauthorized damage to a protected computer“ that sees the Ethereum EVM as a distributed computer…
Yeah, this one is very interesting; the charge is for "intentionally caus[ing] damage without authorization to one or more protected computers, including the Ethereum Virual Machine (EVM), which was implemented through, among other nodes, a full Ethereum node running in the Eastern District of New York."
This seems ambitious. The implications seem quite dire; if I'm running a full Ethereum node do I have the ability to say which smart contracts are "authorized" to execute on my implementation of the EVM? If I see a smart contract do a trade I don't like, is someone committing a crime against me? I don't think this will stick if Medjedovic ever goes to court.
The entire point of cryptocurrency contracts is supposedly that “code is law”. Running to the courts as soon as someone does something you didn’t intend only highlights that people don’t actually believe this.
The code is law thing is a grey area. But I am open to the idea that this young man did not break any rules, just found flaws in the system. In the same way that card counting should not be against the law just because it resulted in the house being disadvantaged. These things should be addressed with patches to the rules, not legal action.
be careful with card counting, most casinos do "business" in such way that there is NO advantage for player. no matter what player does.
so all american youtube sagas about doing card counting in PRESENT time are fraud to dupe people into thinking that it is possible to card count. NOW TODAY.
Card counting is still possible (albeit a bit harder) in the present day - the mathematics are the same. Most casinos use more decks and don't deal as deeply into the shoe, but it is still entirely possible to gain a statistical edge over the house, which is why casinos will still ban you from playing blackjack if you are playing with an advantage(counting, varying your best sizes greatly based on the count, sitting out and watching until the deck gets deeper, ect). They will never ban you from games like Roulette, where you there truly is no way to gain an advantage over the house regardless of what strategy you use.
It's not really a grey area, there is a tacit contract with a mutually understanding that they will use the code to fulfil certain items in the contract, it doesn't take away the need to fulfil the rest of the parties obligations.
The company and its customers knew what they were getting into; to get protections from the law and guarantees, financial institutions need to get licensed and comply with all the rules, regulations and law. Of course, this includes providing transaction data to the relevant parties to help them detect tax evasion and money laundering.
> to get protections from the law and guarantees, financial institutions need to get licensed and comply with all the rules, regulations and law.
That’s not how the law works.
If someone breaks the law or doesn’t comply with regulations, that’s a separate issue. It doesn’t entitle a third party to steal their funds.
If you were to rob a drug dealer, you couldn’t argue that they weren’t complying with the law and therefore you were free to take it. You would both have broken laws.
If you write a contract and give it to a lawyer with the instruction, "Anyone who satisfies this contract gets this money." And someone satisfies the contract to the lawyer's -but not your- satisfaction, and the lawyer sends the money, did the third party steal from you?
Is that how it works legally? If you hack into computers using a zero day, did you also just access the computer according to the way it was programmed? Just because you can do it technically doesn’t mean it’s not fraud/something else.
If that's not how it works, where's the line for what is fraud and what is not? Once you move away from the "code is law" principle, companies have the perverse incentive to define fraud as "any transaction that results in negative PnL for me", which is exactly what happened here.
I am well aware that "code is law" has no weight in actual law. The point I tried to raise was, given the following sequence of events:
1. You deploy a smart contract to the ethereum blockchain
2. I interact with your smart contract in some manner
how do we define whether the manner of interaction in step 2 is fradulent or not?
"Code is law" is one interpretation by crypto enthusiasts to define under what conditions interacting with the blockchain is fraud; in their definition, it's never fradulent.
Let's assume "code is law" is nonsense, as many comments here say. Then, under what conditions do we define interacting with the blockchain as fradulent? What is fraud and what is not fraud?
Edit: In the blockchain we can even formalize this. The ethereum blockchain at block K has a certain state S_K. I submit a certain transaction/set of instructions T to the blockchain which is mined as block K+1. How do we define a function isIllegal(S_K, T)? (Assuming block K+1 contains EVM instructions from my transaction T only)
You’re never going to find a binary function that tells you if something is legal or not, in the end it’s up to a human judge to decide. But imagine setting up a search engine and I enter “ Robert'); DROP TABLE INDEX; --” as a search term. Would you say that’s a crime? That’s a perfectly fine thing to search for, right?
> You’re never going to find a binary function that tells you if something is legal or not, in the end it’s up to a human judge to decide.
... but the whole point of cryptocurrency, or at least of smart contracts and "DeFi", is to reject that and try to build a parallel system. That's presumably based on a belief that you can write code that behaves the way you intend, regardless of whether you really can do that or not.
So perhaps the judge should decide "Well, you signed up for that when you tried to opt out of having human judgement govern your deals. Have a nice day.".
And in fact perhaps there should be formal statutory law that makes it clear that's what the judge is supposed to decide in any case that isn't itself "borderline" somehow. Which the case at hand shouldn't be.
That's neat, but the bitcoin whitepaper opens with:
> Abstract. A purely peer-to-peer version of electronic cash would allow online
payments to be sent directly from one party to another without going through a
financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.
Why do you think you can dismiss the obvious claim that cryptocurrencies are a form of decentralized finance with a "no, it isn't"?
If I put up a sign „trespassers will be enslaved“ on my property and then force people who trespass to work for me, would that be fine because they knew what they were getting into? You can’t just create your own justice system which contradicts the real one by making contracts.
> Let's assume "code is law" is nonsense, as many comments here say. Then, under what conditions do we define interacting with the blockchain as fradulent? What is fraud and what is not fraud?
The thing is, laws can have issues and bugs as well, just like code! And we have courts to judge not just when someone outright breaks a law but also when someone is skirting on the edges of the law.
Take Germany's "cum ex" scandal for example. Billions of euros were effectively defrauded from the state and on paper the scheme appeared legally sound, but in the end it was all shot down many years later because the actions of the "cum ex" thieves obviously violated the spirit of the law.
The only difference is that blockchains are distributed worldwide and there is no single entity that can be held accountable and forced to execute or reverse any given transaction.
Alright, please go ahead and define under what legal pretext this guy's behavior might be illegal.
There are other cases where interacting the blockchain is illegal in a very clear manner. Example: if I know an Iranian or North Korean entity has the keys to an Ethereum wallet, and if I send USDT to that wallet as a Western citizen, that is very illegal due to sanctions.
The context is completely different though. Building a normal computer app is not an attempt to do anything without government or legal structures so it makes sense that normal computer apps would be protected by government or legal structures.
It doesn't really make sense for people to build smart contracts that are intended to be an extra-judical agreement where the code enforces the rules and then run to government whenever something they don't like happens. What is the purpose of smart contracts at all if you still need the entire legal apparatus around them?
What does agreeing to a contract that inherently implies trying to work around the need for government in contracts means? What does it say about intent?
If for example, the firm that lost money had been saying "Code is Law" in their previous pro-crypto statements and had explicitly talked about smart contracts being extra-judical it seeems there intent would be to avoid legal intervention entirely and it would require a fairly high bar to argue that any bug could result in a lawsuit.
It may not pass muster with a judge in some backwater, but with one in the Northern District of California or a jury of their HN peers, it might. Laws are what we make them.
Imagine I write a contract and empower an AI to execute it. I put $10,000 in a bank account and write, "I'd like a nice car."
I do this of my own free will, at my own hazard. I know I'm playing this game. I have intentionally elected to use a system that will execute without any further intervention or oversight on my part. Verbally, I state that I am confident enough in the writing of my instruction that I feel secure in whatever outcome it may bring.
The system automatically executes and someone has sold me a very nice remote control car.
Isn’t, in the US system, the definition of fraud built up through a combination of legislation and case law from previous ‘grey area’ cases? I think most laws tend to have some balance between what is easy to define/understand and what is desirable to allow/disallow.
What does one have to do with the other? Fraud is "intentional deception to gain an unfair or illegal advantage, often resulting in financial or legal harm" what does that have to do with code? What could code even do about fraud?
(realizing that im so old. if this is what i totally forgot, what else of this magnitude of signifince i do not remember anymore. that i was part of/ was involved/ it affected me.)
It depends if acted in accordance with the terms of the contract then it's fine but if he did something not covered by the contract it's theft.
If I run an unmanned lemonade stand out front and leave a pile of money on the table, and say take your change, if you take more than what you're owed that's theft regardless of how easy it was.
Indexed Finance's mistake was not being Vitalik Buterin and then putting on a sad face and ask for the shitcoin to fork to a version where they didn't screw up.
This is a tiresome argument. Stealing is a moral concept first, and a legal concept second. You can steal without breaking any laws, the same way you can be a bad person without breaking any laws.
Assuming he can get his hands on the tokens and then convert them to local currency. Not impossible, but it's worth noting that he still hasn't managed.
But wont somebody think of the Incompetence Finance Inc. - we cant have fraudsters defrauded, with legal means. The upper caste taketh the lower giveth that is tardition since the dawn of time.
In the real world, code is not law. Computers are not a magical gateway to another reality where existing laws and rules no longer apply.
What matters is if Medjedovic engaged in activities that would be illegal in the process of acquiring the funds from Indexed Finance. A theft is theft whether it is physical or digital; victims aren't required to have perfect security and criminals are not allowed to exploit weaknesses to just take something that belongs to someone else.
Medjedovic is accused of exploiting "glitches." From a legal perspective, that would be no different from a thief exploiting a "low" wall or an unsecured window. Glitches aren't invitations any more than an open window. In other words...not a defense. (And in the U.S., specifically see the Avraham Eisenberg case, which is basically the same fact pattern. Eisenberg lost. His sentencing was postponed to last week but appears to have been postponed again.)
Then he skipped town after he was ordered by a court to put his tokens into escrow. If he truly believed that "code is law" and that the tokens were rightfully his, he wouldn't have skipped town. At that point...his own actions demonstrated that he didn't believe that what he did to acquire the tokens were legit. (The Fugitive notwithstanding, innocent people don't run.)
Then he "exploited glitches" for another DeFi. See above.
Then he attempted to launder the tokens...with some guy he found on the internet. Someone who legitimately believed that they legally owned the tokens would have hired lawyers, not money launderers, to gain access to their property. (Aside: any money launderer willing to launder money for a stranger is almost certainly undercover law enforcement...)
Then he moved to a country without an extradition treaty, and in the past few months has been spouting racist far-right nonsense in the hopes of getting pardoned.
Is he guilty? His own actions say that even he thinks he is.
He can believe the tokens are rightfully his, and still believe that authorities don't see it his way. Like if you're in Salem and know you're not a witch, you'd want to take off too and chill in no-extradition treaty countries, so you don't get boiled alive by people with different outlooks.
I like the analogy of an unsecured window. It doesn't seem to apply to a hypothetical (idk specifics of this company) purely private company in some crypto-friendly country that doesn't have any ties to the rule of law.
Irrelevant, his thoughts in the matter or him being a shithead don't make the unintended use of a smart contract illegal or not. This is just usual case of Wilhoit’s Law by shitcoin peddlers.
> There must be in-groups whom the law protects but does not bind, alongside out-groups whom the law binds but does not protect.
They are outside of regulatory scrutiny but god-forbid someone uses the same excuses to take their funny money.
"U.S. Attorney Damian Williams said: “Today, Shakeeb Ahmed was sentenced to prison in the first ever conviction for the hack of a smart contract and ordered to forfeit all of the stolen crypto. No matter how novel or sophisticated the hack, this Office and our law enforcement partners are committed to following the money and bringing hackers to justice. And as today’s sentence shows, time in prison — and forfeiture of all the stolen crypto — is the inevitable consequence of such destructive hacks.”
The undisputable matter of fact is this: there have already been several cases of people who thought they could invoke the "(smart contract) code is law" argument to outsmart judges and the legal system.
But that's fantasy. In practice these people, when caught, go to prison.
> Indexed Finance is an unlicensed investment firm. The promoters knew the risk ( decentralized finance) and now they want to blame someone who outsmarted them at their own game.
And DeFi exchanges are "unlicensed brokers". And yet I posted a case where the hacker who "outsmarted" them is now in prison: how smart one has to be to end up in prison right?
Post me a case where an "unlicensed investement firm" sued a thief who "outsmarted them" and where the judge decided to let the thief walk free.
For I posted a case from justice.gov to prove my point.
A masked man creeps through the shadows of a sleeping town.
He looks both ways, then uses a knife to unlatch a door from the outside. He slips into near pitch blackness. He moves confidently in the darkness - he's worked for this bank before, checking on their security from theft.
Out comes his lock picking tools - the bank president's office door opens with a quick rake. Cheap lock.
Inside, with no windows to betray him, he lights a candle. There in the corner stands the safe. He knows it inside and out, and has been practicing. Five minutes later, the lock is picked, and he loads up the gold, cash, and bonds inside.
He puts the candle out, slips back outside, and returns to his room at the lodging house, climbing in through the window.
The next morning, with the discovery of missing gold, the town looks like someone kicked over a fire ants nest. It only takes 30 minutes before people start wondering about "bank security expert" who had just been in the bank every day.
A crowd heads over the boarding house, growing in size as it goes.
"Did you steal our money?", they ask?
"ABSOLUTELY NOT," he replies, "I merely used my immense mental powers to out hink several flawed physical security measures, breaking no laws of physics, in such a way that the gold, cash, and bonds previously belong to you are now in my possession, and now belong to me. No theft has taken place, only the movement of certain levers, of which anyone who knew how could move, and the movement of afterwords of certain goods."
"So you stole our money!!", the town shouted.
"No, no, I just interacted with the universe according to its very own publicly available rules. No theft has occurred!"
An old cowhand, covering him with double barrel, spoke up, "Walll, guess he's right. We deserved to lose all that money. He did nothing wrong at all."
Yes, running transactions for asymmetric benefit allowed by code on a platform underpinned by a technology whose proponents espouse "code is law" is at all comparable to a man picking a lock on a bank safe. Very astute.
In this case the only person espousing the idea of "code is law" is the hacker. Neither the blockchain's builders, nor the hacked protocol, nor the users are saying that.
"code is law" is a meme that primarily lives on hacker news. Only a tiny fraction of crypto people believe it or say it.
> In April 2016, in Switzerland, the Slock.it team was introducing their ambitious plan: The DAO, a decentralized investment fund governed entirely by code. "Imagine a fund with no board, no CEO," founder Christoph Jentzsch explained, "all decisions are made by token holders through smart contract-based voting. This is the ultimate realization of 'Code is Law'."
> A masked man creeps through the shadows of a sleeping town.
> He looks both ways, then
... walks into a casino, realizes there's a flaw in how they shuffle and deal cards, and then makes a shit ton of money exploiting this weakness.
After losing a shit ton of money because they didn't plan for someone to play the game in an unexpected way, the owners of the casino demanded the money back.
"Did you steal our money?", they ask?
"ABSOLUTELY NOT," he replies, "I didn't get any non-public information, I didn't manipulate the deck, and you have yet to point to a single hand that was not played entirely within the stated rules of the game. You're just mad because I noticed that you fucked up and bet accordingly."
So which one is it? Code is contract and he should get to keep the money. Or crypto is governed by laws outside of crypto and so he violated the “spirit” of the code and hence is a criminal?
It seems like right now the crypto industry makes the decision to their convenience on a daily basis.
I think the name smart contract is misleading because if you believe that the code is law then there is no actual contract in the smart contract. There is no meeting of the minds, no agreement on what the contract means or what is considered customary. Just a machine floating in the ETHer you can interact with. You owe the machine nothing and it owes you nothing.
There is a third way: Private adjudication. I see no reason why the crypto community couldn't run its own private court system, similar to what e.g. Randy Barnett describes in chapter 5 of Anarchy and the Law.
(Obligatory, I don't work in crypto or have any special connection to it, I just think people forget this third option even exists when it's really the most common way most private industries actually resolve disputes most of the time.)
It already does run its own private court system, it's the consensus process that is used to upgrade the protocol. If there was enough consensus there could be a fork that returned the funds, but that will never happen.
Private court system? How does it work? Regular court system works because the government has the threat of violence, has the muscle and rights to hunt, capture and detain. if "private court" rules against me and I refuse to obey, how will they make me obey? There is no "or else" embedded in it so it will be useless.
its a cryptocurrency, the courts legitimacy would likely come from the community forking as necessary to resolve issues as identified by the court, in the same way the us judicial branch gets its legitimacy from the us executive branch employing force as necessary to resolve issues as identified by that court.
its a broader group to convince, sure, but there is a clear 'or else' from which the court can get that legitimacy. 'return the money or else we will return it for you' is a meaningful or else
It seems absolutely bonkers to me that someone would write a smart contract that lets them bleed $50m without automatically stopping after they lose the first $1/10/100k.
That seems hard to implement. Presumably the move was all based on regular transactions. You can't just say, "If we're losing money, stop it", you have to concretely specify the conditions.
In the real world locks are meant to keep honest people honest and slow down the dishonest people until someone notices and stops them.
There’s a world where crypto could be sold the same way, but the sycophants drowned that out for long enough that we aren’t in the Trough Disillusionment now so much as the Trough of Open Mockery.
There definitely some hypocrisy, but it might work differently in the law.
As devs, we might claim that 'code is the law' but my guess is that the law does not care. That is, one cannot overwrite property laws by a few lines of code.
Consider how disclaimers work--we are increasingly putting limitations on what rights you can contractually forfeit.
Yes, we have laws. When should the law intrude on the private transaction of two parties? Typically, the law holds both parties to their contractual agreement. If those two parties have contracted to abide by the output of an algorithm, can the law distinguish good faith manipulation of algorithmic inputs to benefit oneself from bad faith manipulation of algorithmic inputs to benefit oneself? Given that the whole point of a smart contract is to encode the terms of the agreement as code, when is it appropriate to step in and alter that agreement?
> a U.S. company named Cicada 137 LLC sued Mr. Medjedovic in Ontario. The identity of the person or people behind the company is unknown, but Cicada said it lost US$9.69-million worth of digital tokens to the exploit. (It’s common for significant investors in cryptocurrency to shield their identities.)
> Mr. Medjedovic left home after receiving death threats
So, crypto-dealers hiding their identiyty and issuing death threats now appeal to law.
He made the mistake of not already being wealthy before he manipulated the currencies. It's truly funny reading this when the US stock market is manipulated at will. I'm not trying to be political, just remarking on the absurdity of it all.
I followed this case when it happened. It was $16M at the time, not sure how it became $65M now. I suppose it doesn't matter - any number above $100k probably grants the same punishment*
Interesting side-note : the people he took/stole from - they offered him 10% if he returned the rest. He said no in a tweet trolling them.
Contrary to the opinions in this thread, I think he was smart to run away. Remember that he did this from Canada, not the US. Countries don't have the same extradition treaties with Canada that they do with US.
If he had stayed, he would almost certainly be convicted. No court can possibly understand "code is law". Courts' job is only to interpret the law, not make the law. And the law was not written for crypto. You cannot fit a square in a circle without distortion.
What I think would have happened is the courts, rather than introducing novel precedent, would have preferred to just rely on existing case law and declare him a criminal.
Another interesting side-note : the judge presiding the case made a public comment asking the guy to come back to Canada promising him a fair trial. The guy didn't show up - maybe he didn't receive the message.
Overall, even with the benefit of hindsight, we still can't be sure if he was smart to exploit this or not. Forced to live in a few countries but with a lot of money.
* It's because (1) laws were designed when numbers were lower (no one had $16M to steal); (2) humans can't visualize big numbers (individually, $16M is just as big as $65M in my head)
Doesn't seem worth it. Live as a fugitive, with your face publicly known, so you always have to watch your back from criminals who'd jump at the chance to extort you once they found out who you are.
"extort" is a pretty benign word for torture. I'm pretty sure there are criminals that will kidnap him and then cut off fingers one by one and do worse things until he gives up the money.
My personal belief is that this was not fraud and "Code is Law" works. Yet, this guy is a perfect example of how intelligence and wisdom are not the same. He was clearly smart and dedicated enough to pull off this sort of trade successfully multiple times in a row, and probably all he had to do to get away with it was keeping his mouth shut. Or at the very least not get convicted by default on contempt of court charges by ignoring a court summons.
Agree, but the wisdom here is in recognising that once you made $65m in seconds at someone else's expense they will try to recoup that amount by any means necessary.
The entire space of smart contracts falls within the intended functionality of the systems that implement them, which make this particular use of them conceptually unlike things like buffer overflows.
Calling it a "hack" or an "attack" as this article does (while strawmanning the opposite case) is a deliberate attempt to muddy the waters, and is a failure of journalism.
One universal law is that if you steal from people with more money than you, you're screwed. And the more money they have, the worse off you are.
But on a serious note, whenever you read about some people that have either managed to outright steal crypto, or find some vulnerability which hasn't been legality tested...and they just pack their bags, hoping to live life free, forever after. It just seems so naive, too naive with how smart these individuals otherwise tend to be.
I think it is fair to say that once you'll cross a threshold, could be a million. could be 10 million. could be 50 million. All depends on who you've taken it from, you'll realistically be hunted for life.
The people that do get away with these things, are state sponsored operators - but they don't walk away with tens of millions in loot, either.
EDIT: Reading the article, this guy sounds like a real piece of work.
It reminds me of the Sam Bankman-fried case, but it also quite different. SBF thought the abstractions would protect him from the law when he clearly was misleading investors and using code to abstract away his fraud. However, in this case, the code/fraud was presented and used as intended. While I believe SBF was innocent of defrauding his early investors who were foolish to trust such a system, he was guilty for other reasons.
Andean Medjedovic's case shouldn't have even made it to court and he had no obligation to leave his crypto or cashed out legal tender with some "custodian" and spend the next several years of his life as a beta tester for establishing case law. This wasn't just "code is law," more accurately, "under the stipulations of the contract, code is law."
This is completely different from the SBF case. SBF was lying about things, it was more like a Bernie Madoff type scheme. As a CEO he had fiduciary duties he neglected.
This guy won a game of poker against the house, and now the house is mad.
Based on this article, it doesn't sound like he did anything illegal (initially). He saw an opportunity and took advantage of it not unlike high frequency trading in the late 90s/early 2000s. Decentralized markets operate in a space that's inherently risky -- if they don't want to get exploited, hire better engineers or get out of the game. Begging the government for help when you got bested isn't how decentralization works.
My favorite is one of the text files on the attacker's computer:
A file labeled "Decisions and Mistakes," in which he wrote, "Going On the run / Yes / Chance of getting caught<Payoff for not getting caught / (NA) / Risk is typically underpriced in modern world.
A lot of people seem to argue that the original intent was for disputes to be handled by the courts. That is, governed by laws outside of the crypto's smart contract implementation. And thus the company is right to seek judicial help and label this act as theft. Alright, sure, on its surface that doesn't seem like an unreasonable position. After all, we all trust the courts right?
But, if this really was agreed upon by most of the parties involved, shouldn't the smart contract have include giving the courts a master-key that allows them to override the blockchain when necessary? Undoing fraudulent transactions and such. Can we really argue that everyone expected disputes to be handled by the courts if this wasn't implemented?
There is no technical reason why it couldn't have been done, as far as I can tell. It would not be great for PR perhaps, since it sort of goes against what a lot of the original crypto enthusiasts believed in: decentralization and protection from future hypothetical tyrannical governments. But at least it wouldn't be half as hypocritical as what we have today.
Of course, if you designed your crypto like this, with a court controlled backdoor, you'd unfortunately have to stop calling the whole thing decentralized. But if that's the intent, and everyone agrees to it, what's the issue?
I'm trying not to pass any value judgement on the "Canadian math prodigy" in this scenario, on the whole I don't care much about the isolated incident, but rather on whoever wrote the smart contract trying to both have their cake and eat it too.
I find crypto really fascinating from a technical and philosophical standpoint, but I'm not too fond of how it's been adapted by society as mostly a sort of get-rich-quick scheme.
He should have accepted their offer of 10% as a bug bounty. Certainly crypto folk love to act like unregulated markets but this smells like market manipulation to my armchair education and even if the market tries to play both ways, the courts won't. I do hope that the Ontario court fights the extradition, because the American laws leveled at him seem bogus by Canadian standards (wire fraud, extortion and money laundering) but that tort case might be legit.
Clever lad but horrible opsec.
Sounds to me like Indexed Finance had bad business logic and they had it coming.
There was no break in or exploiting, it was a trade using flash loans, fair enough if you ask me. A platform trading hundreds of millions should invest in proper security audits
What's the lesson? Maybe tornado cash the gas tokens before doing stuff like this and definitely never post it on social media or acknowledge that you did anything.
Be smart and have good opsec
There's a reason the guy is on the run ; it's because what he did is market manipulation and that's illegal.
However, cryptocurrencies are unregulated so you can easily argue that the laws usually governing the markets don't apply. Unfortunately for him, I don't think the judge will want to set that precedent...
How this works in traditional finance is that the big funds would screw the small guy that beats them (especially if they're from a foreign country). They claim that they use unfair or illegal practices, but the reality is that they're not that different to their own.
Ultimately the rules are written by people who look legitimate, and/or those who capture regulators.
"Code is Law" is a profoundly immature idea, and I am surprised anyone other than children take it seriously. The law is not, and never has been, something that is read literally and taken at face value. This is the entire reason that judges and lawyers exist.
Saying "The code let me do it, so it should be legal" is a bit like if I leave a "free to a good home" sign on a plant pot outside my home, and it leans on my car. It does not mean you are permitted to take my car, no matter how "obvious" it seems to you that it should.
“Code is not law. Law is law,” Mr. Gottlieb wrote in a lengthy thread to Mr. Medjedovic on X in late October, 2021. “And what you did was not a ‘clever trade.’ It was market manipulation. It’s illegal. And people go to prison for it.”
Tech exceptionalism is eternal. It takes the occasional Napster or PirateBay failure to disabuse a generation in the tech community of the triumphalist nonsense it talks itself into believing. But then the next generation comes along and doesn't know better.
While satisfying, that quote is also hilariously one-sided in it's perspective. I imagine that lawyer in the courtroom saying something like the following:
> Yes, my client did take a stack $100 bills and leave it on the sidewalk atop an elaborate contract proclaiming that those $100 bills should be given to the very next person going by the name of "John" who found this stack of $100 bills upon the sidewalk, including specific language stating that anyone, even an unforeseen party meeting such criteria, would be entitled to that money. And indeed, my client signed and dated that document in triplicate. Yes my client did go to great lengths to write such a detailed and specific contract, and he was quite sure that such a contracts terms would be sufficient to ensure that only my clients brother, John Williams, would be entitled to the money, that same John Williams who lives across town. The brother would never find that money though, because the villainous, criminal, thief of a man John Smith stole that money from off the sidewalk when walking out of Smiths front door! Smith would have you believe that he was merely fulfilling the terms of a fortuitous open ended contract foolishly entered into by an idiot who failed to think critically about the terms said idiot entered into. That, however, is not important! I am here today to say that the terms of such a contract are not what is relevant, what is relevant is how upset my client is that he no longer has his money. I can prove that Smith stole that money, no matter what the documents signed by my client say! Those contracts are not law, only the law is law. What Smith did was not a "clever deal", it was theft. Which is illegal, and people go to prison for it.
A bit over dramatic, but that's how the lawyers statement reads to me.
I am indeed aware that in such situations, since the depositor has not publicly and loudly declared their intent to deposit that money into my account, nor informed me that they will be depositing that money into my account, nor has the depositor published a contract that I've engaged with stating they need to send me that money, that such a situation would be interpreted as an accident by any reasonable person, including the legal system.
However, we are talking about a system where a party has loudly and publicly stated that they'll move money under certain public conditions and a third party has walked up and said, "I meet those conditions, I am owed said money", and the computer dutifully agrees. We are currently looking at the foolish party who has entered into a contract trying to get out of that contract because they no longer like it's terms. Unfortunately for them, human law mostly sides with contracts, even when those contracts are represented in code.
Even allowing for such a contrived example, would it be so bad if the money was taken from John Smith? The contract writer was an idiot, sure, but John Smith is an idiot too for just taking the money and expecting to be able to keep it. To say otherwise is to say we want to encourage people to take money they didn't earn, to avoid reporting it to an authority, because they'll be able to get away with it. It is also to say that the punishment for stupidity is whatever happens to be the consequence, rather than a fair punishment reasoned out by society.
(I am against prosecution in this case, but I think he should have most of the money confiscated)
What's actually confusing in the analogy? Are you actually confused or just pretending? The point is that just because a sign says something under a literal reading, it doesn't mean that it's what was intended, or what's binding. If there's a piece of paper on my car saying "free to a good home", I probably didn't intend that you can take my car (or my house, or whatever). It's not very different to the fact that a 0-day exploit on your bank's web server does not entitle the thief to your money.
Lots of things have never been, that doesn't make them a bad idea.
Your example is in the real world where there are things like weather and other variables that can't be accounted for. It's necessary for law to be based on common sense in such an environment.
But why can't we imagine removing this element of ambiguity? In a computer system you can account for all variables and completely define the environment. This would make interpretation of the law much easier which is surely a good thing.
But this kind of thing needs formal verification to work properly, which we are not good at. Trying to do it without formal verification is silly. But the broader idea is by no means "childish".
I can't imagine removing this element of ambiguity because programs are not perfect. They are a representation of some mental process, and they frequently contain mistakes. They are also, as you admit, unable to capture states of the real world accurately. Unless your smart contract is unrelated to the real world (in which case, why bother with it?) this will be a problem.
The idea with formal verification is it would make it possible and feasible to prove a program is correct. But this is a hypothetical and until that is possible it doesn't really work. It might never be possible. So today I do agree with you. It just turns into a game of "ha-ha, you didn't read the contract closely enough!"
I've been following this story because he's a local boy, I actually met him very briefly once, back when he was just a kid.
The article is skimming over some of the darker sides of his side of the story - like how allegedly his code and conversations are generally peppered with racist rants (I haven't seen any examples of such). The boy seems like a horrible case of internet poisoning - like, a brilliant mathematician child completely mangled in the head by 4chan/gamer discourse.
One part of his first heist that isn't mentioned often is that Indexed Finance says he was actually working with them and contributing to their codebase before he pulled his exploit.
“The silver lining to all of this is that Trump promised to stop the persecution of crypto people,” Mr. Medjedovic wrote on Signal. “Like, half of the people involved in this resigned/stepped down recently.”
Very interesting that he gives praise to trump after all this hassle from the US government. Why is the US even involved in this? It's a canadian dude and a canadian exchange.
Wait, I thought cryptocurrencies aren't securities? Why are our tax dollars being spent investigating this? If they're not securities (like coinbase etc would like us to believe), then he didn't do anything wrong and there are no other rules - code is law. If they are securities, then why are there so many illegal exchanges operating in plain sight?
Once again, crypto folks are all about decentralization until someone outsmarts them, then they go crying to daddy government to bail them out.
I'm not entirely sure what makes you think there's no financial regulation or laws you can break outside of securities trade, because there is and which is why he's charged with wire and commodities fraud, Hobbs Act extortion and money laundering.
O look another amazing and riveting discussion on emerging technology with real world implications… o wait it’s just a bunch of cranky people complaining about crypto.
You can't "steal" crypto; it's all just a scam that operates outside of the law.
I mean, sure, we can use the language of theft and crime figuratively, just like when we talk about animals. For instance, "the wolf stole a chicken from the coop".
If SBF had merely stolen cryptocurrency, then the FTX exchange wouldn't have collapsed entirely. SBF stole customer funds on a line of infinite credit and infinite liquidity, basically lying to customers that he owned the asset they wanted when in reality he defrauded them for speculative gain.
> Not everyone agrees. “Code is not law. Law is law,” Mr. Gottlieb wrote in a lengthy thread to Mr. Medjedovic on X in late October, 2021. “And what you did was not a ‘clever trade.’ It was market manipulation. It’s illegal. And people go to prison for it.
Boy the crypto industry better pray that market manipulation isn't illegal in DeFi-world or they're all going to prison.
He has not stolen anybody's password, has not modified DeFI code - simply executed a set of financial transactions according to the rules (expressed as DeFI smart contracts) and profited from it.
Indexed Finance is an unlicensed investment firm. The promoters knew the risk ( decentralized finance) and now they want to blame someone who outsmarted them at their own game.
reply