Crypto's Y2K Moment Comes as Ethereum Upgrades Network
The revamp, known as the Merge, is being billed as a seamless transition that shouldn't be noticeable to users of the most commercially important blockchain.
August 24, 2022 at 01:33 PM
4 minute read
Airplanes wouldn't be able to land. Power plants would shut down. Those were just some of the dire predictions faced by computer programmers and users worldwide as the year 2000 approached. In the end, the millennium bug that was widely expected to create computer chaos turned out to be more of a punch line to jokes than an actual problem.
Two decades later, the crypto world could be facing its own Y2K moment, when the Ethereum network undergoes a major software upgrade in September. The revamp, known as the Merge, is being billed as a seamless transition that shouldn't be noticeable to users of the most commercially important blockchain. Not everyone is convinced, especially when it comes to the more than 3,400 active distributed applications that are built on the platform.
"You know there will be those edge cases that will be interesting and exploitable," said Toby Lewis, chief executive officer of Novum Insights, a crypto analytics provider. "One thing I can guarantee, it's going to be a very bumpy ride."
Observers just need to look back to Ethereum's 2016 upgrade, when the network was besieged for weeks by so-called replay attacks, where hackers replayed users' transactions to steal tokens. The Yunbi exchange reportedly lost 40,000 Ethereum Classic coins. Developers have since implemented network-based protection measures. Even so, attacks could still take place if any of the self-executing software programs called smart contracts that run the myriad of apps on the network haven't been built correctly, according to Josselin Feist, engineering director for blockchain assurance at Trail of Bits, a security firm that audits the self-executing contracts.
Industry participants are already announcing safeguards. Coinbase Global Inc., the largest U.S. crypto exchange, said it will pause withdrawals and deposits of all Ethereum-based tokens "briefly" around the time of the Merge. Most other crypto exchanges, and even many decentralized-finance apps, which let users trade, borrow and lend tokens, are expected to follow suit.
Ethereum is transitioning from a proof-of-work system where networks of computers known as miners pluck transactions out of a data pool, and arrange them into blocks that are added to the blockchain. The miners are being eliminated as part of a plan to reduce energy consumption. After the upgrade, a newly created participant in the new proof-of-stake system known as a builder will gather transactions into blocks, which it will then send to validators. The validators will sign off on the order of the blocks that will form the upgraded blockchain.
The protective measures by the likes of Coinbase are being taken after some glitches took place during the final test of the upgrade. Some of the validators got out of sync with others, resulting in some changes to block ordering. That sort of issue can result in the need for the network to be paused, said Pedro Herrera, head of research at DappRadar. In such a scenario, a user facing liquidation, for instance, may be powerless to stop it on time.
The most disruptive issues could actually come from the emergence, around the time of the Merge, of offshoots of Ethereum. A fork in the chain would generate an almost exact replica of the Ethereum ecosystem, with copies of all its coins, nonfungible tokens and apps. People who hold an Ether token on the Ethereum blockchain will receive an additional EtherPOW token representing a forked blockchain. Some users may then try to offload POW coins, and that's where scammers can come in and execute replay attacks.
"Replaying attacks are possible during the Merge as the network becomes less secure and more vulnerable to attacks when forks happen," Justin Sun, who is an investor in the Poloniex crypto exchange and the founder of Tron blockchain, said in a message.
Crypto investors who want to do transactions around the time of the upgrade may want to consider using alternative blockchains and other safeguards.
"If you want to play with your POW assets, move them to another wallet, so there's no way for an attacker to replay the transaction," said Pedro Herrera, head of research at DappRadar.
For their part, Ethereum core developers are downplaying the risk, as opposed to the dire circumstances that many pundits warned of back in the 1990s that could result from the inability of many computers to interpret the date change at the millennium correctly.
"I don't expect replay attacks to be a significant problem, if they occur at all," said Ben Edgington, lead product manager at ConsenSys.
Olga Kharif reports for Bloomberg News.
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrump Mulls Big Changes to Banking Regulation, Unsettling the Industry
CFPB Orders Big Banks to Limit Overdraft Fees to $5. But Will Its Edict Stick?
3 minute readUS Judge Throws Out Sale of Infowars to The Onion. But That's Not the End of the Road for Sandy Hook Families
4 minute readGreenberg Traurig Initiates String of Suits Following JPMorgan Chase's 'Infinite Money Glitch'
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250