Not a day goes by without millions in cryptocurrencies vanishing into thin air. Scams, hackers, lost passwords… The causes can be varied, but this time we have perhaps the most stupid: tens of millions have been made inaccessible after a typo.
It all starts, however, with an attempt to prove that cryptos can be a trustworthy system. Since March 2022, a case has shaken one of Ethereum’s competing cryptocurrencies, Juno. In question, a “whale”a user holding a very large number of tokens, accused of manipulating the market in order to inflate his portfolio.
In a first for a cryptocurrency, Juno users took part in a vote to determine whether or not to confiscate its tokens from this user, a Japanese named Takumi Asano. In April, the “yes” finally won the ballot.
Andrea Di Michele, a developer of Juno, explains to CNET that he sent a programmer the address of the wallet (a series of numbers and letters) where to deposit the 36 million dollars (34 million euros) of Takumi Asano while waiting that the community decides what to do with it, as well as its “hashcode”, a digital fingerprint.
Bad luck: the character string generated by the cryptographic hash looks very similar to an address.
What had to happen happened, and the programmer in charge of the transfer accidentally copied and pasted the hash in place of the address, thus sending all the tokens to a wallet that does not belong to anyone. It is also always possible to see the millions of dollars that are quietly waiting on the account.
However, Juno, like other cryptocurrencies, has a process to avoid such an error. Juno is crypto Proof of Stake (PoS, “proof of participation” in French), that is to say that rather than miners, it has validators, who must monitor the transactions passing on the blockchain in exchange for remuneration, up to the capital that they have invested on said blockchain.
Where were those validators then? According to CNET, they were there, since the failed transaction was verified by no less than 125 of them. None thought to check that the recipient’s address was correct, so all voted to approve the transaction. Not really a good showcase for Juno’s security.
The problem with a decentralized system is that, unlike a traditional transaction, no bank is there to recover the money paid by mistake, and each financial movement is theoretically irreversible.
The developers assure that they will be able to recover the sum with a new vote, but that is starting to do a lot for a decision supposed to be extraordinary and a system sold as perfectly secure.