The 18-year-old graduate student took advantage of a flaw in the Indexed Finance code and uncovered a legal puzzle that still worries the blockchain community. Then he disappeared. Excerpt from the report: On Oct. 14 at a home near Leeds, England, Lawrence Day was having dinner with fish and chips on the couch when his phone rang. The text was from a colleague who worked with him on Indexed Finance, a cryptocurrency platform that creates tokens that represent baskets of other tokens – as an index fund but on a blockchain. A colleague sent a screenshot showing a recent deal and then a question mark. “If you didn’t know what you were looking at, you could say,‘ Nice trade, ’” Day says. But he knew enough to be alarmed: the user had bought certain tokens at drastically reduced prices, which should not have been possible. Something was very wrong. Day jumped up, spilling food on the floor, and ran to his bedroom to call Dylan Kellar, co-founder of Indexed. Keller sat in his mother’s living room in six time zones near Austin, disassembling a DVD player to save one of his lasers. He picked up the phone to hear Day, who was suffocating, explain that the platform had been attacked. “I just said, ‘What?'” Keller recalls.

They pulled out their laptops and delved into the code of the platform with the help of a handful of acquaintances and the executioner Day Feeney (named after bitcoin pioneer Hal Feeney) who sat on his shoulder in support. Indexed was built on the Ethereum blockchain, a public book that stores details of transactions, which meant there was a record of the attack. It took several weeks to find out exactly what happened, but it turned out that the platform was deceived, greatly underestimating the tokens owned by its users, and selling them to an attacker at an extraordinary discount. In total, the person or people responsible for it stole $ 16 million in assets. Keller and Day stopped the bleeding and repaired the code, enough to prevent further attacks, and then turned to a public relations nightmare. On the Discord and Telegram platforms, token holders traded theories and accusations, in some cases accusing the team and demanding compensation. Keller apologized on Twitter to hundreds of Indexed users and claimed responsibility for a vulnerability he was unable to detect. “I fuck,” he wrote. The question is who started the attack and whether to return the money. It is assumed that most crypto-exploits are inside the workplace until proven otherwise. “The default will be, ‘Who did it and why are the developers?'” Day says.

As he tried to fall asleep the morning after the attack, Day realized he had heard nothing from any of the staff. Weeks earlier, a frame under the username “UmbralUpsilon” – anonymity is the standard for crypto communities – appealed to Day and Kellar at Discord, proposing to create a bot that would make their platform more efficient. They agreed and sent the down payment. “We were hoping he could be a regular contributor,” Keller says. Given the scale of their chats, Day expected UmbralUpsilon to offer help or sympathy after the attack. Nothing instead. Day pulled out a log of their chats and found that only half of his conversation remained; UmbralUpsilon deleted his messages and changed his username. “It made me get out of bed like a shot,” Day says.

Source by [author_name]

Previous articleKZN employees are on high alert due to unfavorable weather conditions over the weekend
Next articleTwo new wage proposals were rejected by striking Sibani workers