125 validators and no alerts
On the occasion of a monstrous seizure, on an account which would have extracted this sum maliciously, the Juno teams missed a major human error. In his original plan, the sum was to be transferred to a company wallet address pending a vote to decide how it would be spent.
“This was the first major example yet of the blockchain community voting to change the token balance of a single user accused of acting maliciously”explained a journalist from CoinDesk.
Only, the developer in charge of manipulation inadvertently entered the hash number instead of the wallet number. By confirming his transaction, none of the 125 validators of the blockchain network realized the error and did not object to the confirmation.
Obviously, the error was a typo, during the copy-paste, but the whole Juno team has its share of responsibility. While no member of the blockchain miners could give the alert, the message returned is very bad for a blockchain operating under the “Proof-of-Stake” principle, instead of the “Proof-of-Work” (proof of work) as is the case of Ethereum.
Validators are meant to be the guardians of network security and decentralized processing. However, in this case, they can be held responsible for not having been able to detect the error in the entry in time. Daniel Hwang, one of the Juno Blockchain Validators, was telling CoinDesk : “we screwed it all up”adding that the error was mainly “the fault of the validators” who executed the code.
A solution
Where Juno may be happy to use a Proof-of-Stake protocol rather than Proof-of-Work is that they should be able to find a solution more quickly. Indeed, the Juno blockchain relies on a so-called “governance” protocol, where token holders can vote to modify transactions in the blockchain. The majority wins, and once the vote is complete, the transaction can be reversed by an update.
A similar vote has already taken place, last week, precisely on whether Juno should be responsible for extracting the $36 million from the malicious wallet.
The update will be deep, because at the same time to bring improvements, it will come to modify the ledger of accounts of Juno – normally immutable. A final solution that would have experienced much more difficulty on a blockchain like Ethereum. Except that this one would certainly not have missed the input error, from the start…
Blockchain Security Accusations and Doubts
As a result of the misadventure, Juno’s token lost more than 10% of its value. Looking long term, many investors have already parted ways with their tokens as Juno has lost over 72% since its high two months ago.
In question, several people, including the owner of the wallet with the 36 million dollars withdrawn, accuse the members of the management of Juno of having themselves made secret transactions to enrich themselves behind the back of the community.
These accusations have not yet been verified. However, there have never been so many doubts when another event, at the beginning of April, further undermined investor confidence. The issuance of a malicious smart contract had taken the Juno network offline for more than 24 hours.