“Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.”
They hacked multi – sig (like a 2-3 party joint account, where all users must provide their key to unlock) wallet, not because the cryptography was unsound, but because a dev left a bug that lets you factory reset the software.
This whole episode reinforces 3 things we know in Cybersecurity;
1. Cybersecurity has to begin at coding, that’s why we push the idea of DevSecOps.
2. Cybersecurity is not a afforded just from a tool or method, it is an ongoing battle and it requires situational awareness and rapid response to treats and attacks.
3. The real benefit of Open Source communities is the amplification of creativity and brain power in dealing with threats and exploits. The trade off between seeing the vulnerabilities in the source code are a minor cost compared to the benefit of the community bringing evolving improvements and resilience.