undefined | Better HN

0 pointsHWR_144y ago0 comments

It seems less concerning and more BS. I have no idea who would target blockchain engineers or why.

I do understand why "we are fighting the system, this is dangerous" would be a selling point used by employers.

0 comments

3 comments · 1 top-level

jrsj4y ago· 2 in thread

threatening someone who has the ability to intentionally introduce a vulnerability into even a relatively small cryptocurrency probably has the potential to be insanely profitable, and the odds of it even being investigated are far lower than any other form of fraud (for now).

There’s plenty of good reasons to go after some specific blockchain engineers who could do this, but otherwise yeah it seems kind of silly and over dramatic.

HWR_14OP4y ago

If the oversight on your project is so weak that an engineer can add code that steals money without being noticed, all you do is change who profits from the inevitable theft. In fact, if you allow the code to be delivered anonymously, you practically guarantee that smart people will add the vulnerability and steal the money.

jrsj4y ago

I think stronger oversight and less trust is sort of implicit in a pseudo-anonymous model. An attack like I described doesn’t require something as obvious as “code that steals money” either, it could be something much more innocuous that even afterwards appears to have been a mistake. Almost any type of bug combined with a well timed leveraged short position could result in big profits.

j / k navigate · click thread line to collapse