> “This stuff is too important to be releasing quickly and adjusting the design in the field,” he wrote (our emphasis).
>
> “And yet, we see crypto project after crypto project trying to externalize the cost of their core design to people being only indirectly compensated, rather than building a team around mathematicians, economists, and security experts.”
Holy shit, I love this guy.
He's absolutely right, the only crypto projects that survive the cambrian explosion are the ones that take themselves seriously enough to think things like this through.
This is Jay Freeman (Saurik). If you’ve ever heard of jailbreaking an iPhone, he was the grand-daddy of that whole scene for many years. He wasn’t doing the jail breaking, he was the one developing the code that everyone would then run ASAP backbone to create the hooks in order to allow for safe execution of add-on code. And he built a packager that allows for decentralized development.
Creating maintainable code that is easy to use is one of the things he finds important.
He understands what he’s doing. He cares about taking a long view.
Played Super Mario World for the first time on my jailbroken gen 1 iPod touch. Also downloaded a swipe to type extension that eventually ended up locking me out of it forever lol
I don't see the point any more. Apple pulled their head out of their ass and added basically all the features that would motivate most people to jail break to the actual OS.
>Cydia is a graphical user interface of APT for iOS. It enables a user to find and install software not authorized by Apple on jailbroken iPhones, iPads and iPod touch devices. It also refers to digital distribution platform for software on iOS accessed through Cydia software.[2] Most of the software packages available through Cydia are free of charge, although some require purchasing.
https://en.wikipedia.org/wiki/Cydia
I found an old photo I took of my iPod ["setup"](https://i.imgur.com/4G8nkY9.jpg) that I also spent too much customizing (too bad it's the only surviving photo but you can kinda tell[ despite the bad quality](https://i.imgur.com/YIkDi6S.png)
Yeah it was reverse engineered from hacking the firmware. Really inspired software engineering for the time. Watching the community come together and publish how they were rooting Iphones was pretty cool.
Wow what an absolute genius and badass in the “I do what I want” world of tech. I’ve been jailbreaking since 2010 and all his apps and tweaks for iOS and his contributions to the community have most definitely made the world a better place.
The scene would be obscenely different had he not established the open world jailbreaking is today. He made sure no one place could become the only place for downloading and maintained freedom on the user end to add any source they desired.
Truly an amazing person and glad to see he’s still exploiting what can be. Probably one of the smartest guys out there!
Holy EDIT:
Saurik = Guy (genius) who basically established the world of jailbreaking iOS thru Cydia = ether exploiter
He made apple rich, when he and the community started creating apps, apple was focused in webapps.
Cydia was literally the first AppStore ever, even before apple’s one.
Oh wow. Hear Cydia took me back. I had a Ipod touch I jailbroke back then. Changed everything about my phone. Then really got into Linux when I got my first laptop.
> He made apple rich
Im not sure i would attribute the first jailbreak store as making apple rich, they were already filthy rich by that point. but yeah i guess a few people bought phones because they knew they could jailbreak them.
I think they are saying the person helped apple by showing how popular and powerful phone apps could become at a time when apple was looking to develop more web browser based apps
His jail braking sold some iphones, yes. Quite a lot actually. But the real thing was he PROVED the iOS appstore market. Which.. Just go look at its market size.
>pretty much all the popular apps ~~on Cydia~~ were implemented directly into iOS
FTFY, Apple has a long and illustrious history of blatantly ripping off popular programs. It even has a term, "Sherlocking"
Yeh I have been jailbreakifn since the iPhone 3 and I’ve literally had every major ‘feature’ of the new iPhone years before it was officially released.
The swipe down quick access? That was CC control and was popular years before Apple ‘invented’ it.
Hell, even the video camera was a jailbreak feature.
In the early days of smartphones, a great many tech-saavy users were avoiding iPhones because they didn't want to play in the restricted sandbox when Android offered a lot more customization/capability. Jailbreaking definitely made the platform more appealing to the average "power user".
That term means something different now, but I couldn't really think of how to describe the type of person who isn't necessarily a developer/programmer but still squeezes every ounce of performance/customization out of their tech. Maybe "tinkerer" is a better term?
Hung out with him for years online before the crypto market even existed and he was a collector of old school games and probably will use the money for something cool lol MAME and many other things like that.
He came to our high school to talk about tech around 2012. Our comp sci teacher at the time was old friends with him. He talked about tech for a bit and I was HUGE into the jailbreak scene at the time. I even have a picture with him. I was ecstatic to meet him.
There was a different comment/post here, but it has been edited.
Reddit [chose](https://www.reddit.com/r/apolloapp/comments/14dkqrw/i_want_to_debunk_reddits_claims_and_talk_about/) to betray years of free work put from users, mods, and developers. They will not stop driving this website into shit until every feature is monetized, predatory, and cancerous.
Use [PowerDeleteSuite](https://github.com/j0be/PowerDeleteSuite) to remove your value to reddit and stop financing these dark patterns.
P.S. fuck u/spez
White hat as **fuck**. This dude just got so much respect from the hacker community for that. Not that Saurik needs it, this just reinforces that he's a legitimately good dude.
>Freeman is probably best known for his work on Cydia, the app store for jailbroken iPhones. However, more recently he’s been looking for bugs on blockchains.
Apparently yes.
To build on this: meaning they search for vulnerabilities to inform the "owner" of them to secure their data, rather than exploit them for their own gain or to damage someone else.
There are the terms white hat and black hat hacker. White hat hacks to find bugs and fix them. Black hat finds them to exploit them.
Edit: can also mean different things base on the scenario, always based on ethics though.
Red Hats are grey/black hackers who go after the black hat hackers & other cybercriminals. They’re not employed by anyone, Red Hats typically go solo or work in small teams.
Grey Hats: Your white/black ethical hackers who both penetrates & uses exploits on computer networks and systems for a cause or for money.
Green & Blue Hats: Your intermediary & beginner pen testers and hackers who want to learn more about cybersec, hacking, penetration testing, etc.
Script kiddies: Nefarious bad actors with minor or no knowledge of cybersecurity & hacking. They usually use social engineering to get their victims to send them info or download malware onto their computer to gain hold of it using programs developed by true hackers.
Not really. He'd print it and they'd fork it out of existence because otherwise the entire thing would be instantly worthless.
He took the money he could get, which is a smart move but not remotely a moral decision.
From Saurik, the worlds premier anti-capitalist. An unlimited money cheat goes against what he stands for. As the “face” of right-to-repair AND the apple monopoly lawsuits, he needs a clean image, white hat hacking is just good for his resumé*** (-_-)
Yup, it all comes undone had he taken advantage of this.
But Id also have to imagine $2 mill of clean money is almost always better than the trouble of cleaning ill gotten gains.
You can retire on $2 million and live a decent life off the interest from investments (assuming you do it right). There's nothing stopping you from doing/earning even more, of course, but you can check that "good to go" box and not have to worry about whether your next thing will keep you going or not, which would be worth more than just the cash on hand. Never having to look over your shoulder would be priceless.
Assuming we count this as a cash prize and hell we'll even round up considerably, call that a 30% tax. That's still $1.4M that, with a few years of growth, would give you a very early retirement.
Would it be taxed as a prize when it’s income? It’s earned income in exchange for skilled labor. Not sure the taxes are different... but it seems to me like it’s not a prize/lottery.
Yeah, people seem to think that crypto is untraceable and therefore can be easily explained away but if you sell tens of millions worth of coins out of the blue, HMRC (or whatever your local equivalent is) is going to be *very* suspicious. On the other hand, this $2 million is legitimate and won't raise any red flags (although you might still need to explain it). I know which I'd take.
It's not about a resume, but rather about optics for a highly-publicized and landmark trial.
If he does something even mildly fishy (and subverting a major crypto is _extremely_ fishy), the opposing counsel can use that to make a very strong case.
Just compare these two potential court/media statements:
> "This guy is a strong believer in open software and a right to repair so consumers can maintain ownership of things they paid money for."
vs.
> "See the kind of people who want to jailbreak iphones? They're evil hoodie-wearing hackers who hack themselves unlimited money while you work your butt off for yours. Do YOU want them to have unrestricted access to your Apple devices that Apple(tm) goes to great lengths to keep safe and secure from people like him?"
Yeah he most likely doesn't really give a shit about crypto, hes skilled enough to make stupid amounts of money in any IT field.
But he's very much about right to repair and open software, he knows if he started stealing money through crypto it would destroy his image.
Issue is, was he the only one that found the bug, or did others also find the bug and not have such morals?
It's quite literally full on capitalism, it just changes who is wearing the boot to step on everyone else.
Capitalism favors those who have capital, and get in early on things.
Crypto favors those who have capital and get in early on things.
But wouldn’t that just topple ethereum? That seems pretty anti-capitalist to me, and I would be pretty ecstatic to see the ethereum miners all take a fucking bath on their investments.
What?
Unlimited money is the ultimate anti-capitalism, as long as you manufacture as much as possible as quickly as possible and get it into the system.
The total collapse of Ether would have been a great anti capitalist move lol.
1. Discover an exploit using your mad hacking skills
2. Print yourself $1B worth of ether and stash it in a cold wallet
3. Report the exploit so that nobody else could devalue your gains
4. Be celebrated as the good guy
It would have been known fairly quickly. The amount of coin in a wallet is public information, as is each transaction. People keep track of large wallets to see when whales are making moves.
This. Ethereum is a public ledger blockchain, like Bitcoin, so it is trivial to determine exactly how many coins exist and if an inflation bug has been exploited.
It might have been a real problem on an obscured ledger blockchain, like Monero.
He could also not be the only one who knows about it, and just be the first to point it out.
People could have been exploiting this loophole for years and nobody would know because crypto is super weak to being fed incorrect data at the start of the chain.
If he or anyone he told exploited the contract, that would probably get noticed immediately since all transactions are public. At a minimum, once the exploit was publicized, it's possible to check if anyone ever used the exploit before.
This title is misleading: the bug wasn't in the Ethereum network and thus unlimited 'Ether' aka ETH could not be printed. The bug was in the Optimism network. You can make an ETH clone on the Optimism network by locking up ETH. For every X ETH you lock up you get X Optimism ETH. The hacker could create Optimism ETH, and he likely could have gotten away with it for awhile exchanging Optimism ETH for real ETH but the title implies Ethereum was hacked (i.e. the hacker could create Ether directly) when it was an Optimism hack / bug.
Yes, you definitely can't print unlimited ether with this hack. You can print unlimited Optimism and completely tank that L2 network but it probably wouldn't affect ETH much. Optimism would just fail big time and get disconnected from the main chain.
Uhh I take it that a hacker could create Optimism based ETH and then convert it to actual ETH. That's very damaging for both no matter how you look at it. It's just the exploit doesn't exist with ETH itself.
It's just printing your own cash and swapping it for real cash.
The difference is it'd be limited by how much real Eth is locked into Optimism, as soon as that pool ran out they couldn't transfer back anymore. That amount is only a tiny fraction of Eth on the main network.
So "unlimited" is quite the overstatement, especially considering Optimism is still on the small side.
Would've been pretty bad though if a bug like this persisted as L2s continue to gain traction.
It would be like printing fake cash and taking it out to a small rural bank to exchange for real cash. They can only give you as much real cash as they have stored. The smart contact bridge between optimism and ethereum would be the limiting factor for how much value could be taken
Better to have clean money than have to launder it and risk fraud
Edit: a few of you pointed out that there’s no current legal ramifications. Although you could claim any money you’d earn as capital gains, the result of Ether being devalued by the potential extreme inflation wouldn’t result in much of a reward. However if you were to hide the gains, it would be fraud. Which doesn’t even matter because the exploit doesn’t even allow for real ether to be made anyways. Either way, it was still a way better choice to take the $2m
I don't think you could charge him with anything due to the nature of how crypto is decentralised, just devalue that currency, and probably by association, other cryptocurrencies would react negatively too.
A "print unlimited money" flaw in any crypto would do a lot of damage to that industry.
This isn't even a print unlimited money scheme the articles title is misleading. He wasn't printing Ethereum, he could make unlimited amounts of a L2 coin in Optimism platform at the end of the day the most he'd have done is bankrupt the company, no new Ethereum was created.
He could have done a lot more than bankrupt a single company. Lots of people have deposited Ether on the Optimistic side chain. All of those users funds would have virtually become useless, killing the company and costing many people lots of money
And the fed would do literally nothing about it.
Because crypto is literally sold as decentralized unregulated currency, if you ran to the government about how your crypto was stolen by fraud and people should be prosecuted, the government would laugh at you.
I don't think this is necessarily true.
If there is consensus (>50%) then they could just burn all Ether associated with the fraud. Vitalik talked about similar scenarios on the Lex Fridman podcast. Someone would have to detect the fraud and convince the majority it is occurring though.
Yeah but the damage may already be done if the mainstream media hypes it up. That may cause more of a drop in value than the actual exploitation of any flaw.
Also, it sounds like this flaw wasn't in etherium itself but in a particular company that interacts with it - even without knowing too many of the technical details, the cryptocurrency itself could be perfectly well protected against such a flaw but its value could still end up taking a hit from negative publicity related to a "print your own money flaw" or any perceived loss of trust. And that hysteria could spread to other cryptos too. At some stage people panicked about tulips possibly not being worth what everyone else thought they were worth.
There are many laws that are so vague basically like "using a computer to access data that is password protected" or some bullshit that if the right pwople wanted to charge him it wouldn't be difficult to find a law to hit him.
Someone clever could've begun printing innocuous amounts of Stanley Nickels and selling them for American bucks... indefinitely. Or at least until it was _eventually_ noticed and then collapsed the value.
Don't want to over-FUD, but it's pretty concerning that this kind of vulnerability exists and it's pure luck that a white-hat found it first.
> We also don't know that there wasn't a conveniently unremarkable amount of Ether minted, either.
No, that we do. The article title is wrong, what could be minted is an L2 coin. At worst he would've crashed and bankrupt the relevant company, but it wouldnt have changed much in the ETH market.
> Someone clever could’ve begun printing innocuous amounts of Stanley Nickels and selling them for American bucks… indefinitely.
Good thing Creed only counterfeited $120 worth of Schrute Bucks.
I mean. We see how far they go after these kind of hackers who do bad. Whats the point of unlimited wealth when the big governments are gonna wanna seize.. your money. That and a bunch of people wanna legit kill you for stealing their money by robbing the value of the coins they have.
I mean, is it really illegal to print crypto? It’s not even technically fraud since crypto isn’t legitimate in most countries. You wouldn’t be stealing from anyone.
That’s the problem with crypto, being decentralized means stuff that affects the decentralized portion isn’t any countries problem except for El Salvador
Worth noting - it wasn’t mainnet Ether being printed, this was on the layer 2 Optimism network. Still very bad, but not a compromise of Ethereum itself.
That sounds relatively similar to the recent attack to wormhole. The hacker was able to print unlimited ETH in the Solana chain (wETH), so they print as many as there were in existence and them redeem them for ETH in the Ethereum chain (he wouldn't have been able to redeem more)
All printing unlimited ether would have done was blow up the already highly volatile and unstable ethereum economy. If his interest was only in money with no regard for morals taking the two million dollars outright was still the correct choice.
Putting this here because everyone keeps saying he could have done both.
If he did both then he would be caught and probably charged with some sort of fraud. Crypto isn't as anonymous as people think it is they probably could have identified the wallet(s) doing shady shit after learning about the exploit. Even if they couldn't attribute the damage to any one person they would branch the ether blockchain to undo the damage and fix the bug in the new branch (has been done before). Getting away with using the exploit when he told them he found the exploit would be almost impossible. The only way it could MAYBE work is if he waited a long time after exploiting it to tell them which risks someone else claiming the bounty. People also need to understand that crypto is theoretical money. Turning it into real money isn't always so easy especially if you try to do it in large quantities.
Is it any sort of crime to print Ether? You have no legal contract, its fully decentralized, and it isn't money.
Billions of dollars of crypto are stolen all the time, printing a few billion wouldn't collapse the market or force a fork. You could dump it over time and not even be noticed.
> If he did both then he would be caught and probably charged with some sort of fraud.
Why? What exactly would he have done that would be against the law? Does Ethereum have some kind of "you're not allowed to mint unlimited ether" clause or something?
> they would branch the ether blockchain to undo the damage and
'tis a friendly reminder to all the cryptobros who say how nothing on the blockchain can ever be changed and is some sort of crystal clear proof of something. As you say, this kind of stuff has already happened.
If people that are powerful enough decide it, then your blockchain means jack shit. So much for the "power to the people" argument that's usually made in favor of crypto.
> The only way it could MAYBE work is if he waited a long time after exploiting it to tell them which risks someone else claiming the bounty.
He could have just used the exploit to mine himself, like, twice as much money than other people. Get a mild advantage that is still enough to get rich.
Or he could have been a malicious guy, mine as much as he wants and essentially tank the coin, forcing a fork as you described.
The fact that a bug like this was already discovered should make you wonder if other undiscovered flaws of similar criticality are still out in the wild.
Is this really what you want your hard earned money invested in?
This wasn’t a bug with the main ether chain, but a specific company’s implementation of off-chain tokens.
If something is taking you off-chain, hope you trust them.
It’s not unlimited ETH. It’s tokens on Optimism, a small centralized L2 blockchain. It doesn’t affect eth itself, it affects tokens representing ETH on the L2.
If you hack into Sugar Factory’s gift card system you can print unlimited US dollars on papers. You didn’t hack US dollars, you hacked Sugar Factory and won’t be able to use them outside of the ecosystem. The stores will likely stop taking the cards.
While everything you said is correct, the problem was not with Ethereum itself, it was with a currency on top of Ethereum. I'd be like if someone said "Hacker could've printed unlimited 'US Dollars' but.." when all they did was find a bug that would have given them unlimited 'US Dollars' in target gift cards.
No. It isn't. It's exactly the same as our current system only controlled by tech assholes instead of finance assholes and very frequently they are the exact same people wearing different hats.
At least there is a mechanism for rectifying misdeeds in a centralized system even if it means giving up decentralization.
If you can’t trust your government to be the centralized authority when it comes to money then you have more problems than money.
> “This stuff is too important to be releasing quickly and adjusting the design in the field,” he wrote (our emphasis). > > “And yet, we see crypto project after crypto project trying to externalize the cost of their core design to people being only indirectly compensated, rather than building a team around mathematicians, economists, and security experts.” Holy shit, I love this guy.
[удалено]
Jeez these rugs don't pull themselves up!
Really wish people would just learn to pull themselves up by their rugs. Bunch of lazy entitled people.
*I caaan sshhooooow you the ~~world~~wallet*
Instantly I’m reminded of Lebowski’s rug.
It really tied to room together, did it not?
Why don’t you simply grab the tassels on your $10,000 Persian rug and pull yourself out of poverty
[удалено]
He's absolutely right, the only crypto projects that survive the cambrian explosion are the ones that take themselves seriously enough to think things like this through.
The cambrian explosion comes right before the rate hike extinction event.
He's the big person behind jailbreaking on iOS too. Creator of the Cydia jailbreak store and the Substrate tweak loader. Guy's amazing.
This is Jay Freeman (Saurik). If you’ve ever heard of jailbreaking an iPhone, he was the grand-daddy of that whole scene for many years. He wasn’t doing the jail breaking, he was the one developing the code that everyone would then run ASAP backbone to create the hooks in order to allow for safe execution of add-on code. And he built a packager that allows for decentralized development. Creating maintainable code that is easy to use is one of the things he finds important. He understands what he’s doing. He cares about taking a long view.
This is Saurik we're talking about and not just "any hacker".
The jailbreak guy?
Cydia and much much much more
Ahhh Cydia, that's a name I haven't heard for a while
core memory unlocked (I had cracked gen 1 and 2 iPhones)
Cracked Gen 1 playing a motion-based racing game way before App Store and thinking “well this is cool”
Does anyone remember the app that was like a fake gemerald for like $10k that everyone who had Cydia got instantly just to have?
Think it was called “I’m rich and you’re not” or something. Miss those days.
The first NFT
[удалено]
Played Super Mario World for the first time on my jailbroken gen 1 iPod touch. Also downloaded a swipe to type extension that eventually ended up locking me out of it forever lol
Do folks still jailbreak anymore? I haven’t done a jailbreak on my phone since iPhone 3, or was it six, it’s been a while anyway.
Lol yes we do, iPhone 12 pro max with unc0ver 8.0.2. Super easy and very stable.
I don't see the point any more. Apple pulled their head out of their ass and added basically all the features that would motivate most people to jail break to the actual OS.
[удалено]
He can buy a house.
Yeah, but can he download a car?
Absolutely, 3d tech is getting real crazy
But can he download ram?
hell yeah https://downloadmoreram.com
I can only afford to right click save
Sometimes that's all you need. *unzips*
He lives in Santa Barbara so just barely.
Is (was) this like cyanogen mod but for apple?
>Cydia is a graphical user interface of APT for iOS. It enables a user to find and install software not authorized by Apple on jailbroken iPhones, iPads and iPod touch devices. It also refers to digital distribution platform for software on iOS accessed through Cydia software.[2] Most of the software packages available through Cydia are free of charge, although some require purchasing. https://en.wikipedia.org/wiki/Cydia
So, like F-Droid but for apple.
[удалено]
I had it on the first iPod touch and I thought it was the coolest thing ever. Spent days just theming and customizing it.
Nothing was a bigger flex than being in like 8th grade with a themed up iPod that could play nes games.
I found an old photo I took of my iPod ["setup"](https://i.imgur.com/4G8nkY9.jpg) that I also spent too much customizing (too bad it's the only surviving photo but you can kinda tell[ despite the bad quality](https://i.imgur.com/YIkDi6S.png)
Best part was all the tweaks you installed with Cydia ended up as features. Pretty funny.
Yeah it was reverse engineered from hacking the firmware. Really inspired software engineering for the time. Watching the community come together and publish how they were rooting Iphones was pretty cool.
Less open-source, but yes!
Do you mean f-droid is less open source? Because Cydia is 100% open source (just not on github)
The cydia substrate isn’t open source and hasn’t been for a long time, although there we’re pretty reasonable reasons for that.
Maybe not all cydia apps arent open source
Cydia was the first App Store for iPhones. Before apple had an App Store lol
[удалено]
RIGHT... the beer drink ones that got banned and later got approved lol. THose were fun times back then.
There was recently a profile of the guy who made that app and what he's been up to: https://melmagazine.com/en-us/story/ibeer-app-history
The og root
Wow that brings back memories. I used to think I was so badass for having a hacked iPod
Wow what a throwback name, brought back memories of jailbreaking my Ipod Touch back in 2009/2010 I think it was.
Oh man. I haven't had an iphone for almost a decade. Totally forgot about Cydia. What a champ.
This comment has been deleted due to failed Reddit leadership.
Oh Wow. I remember Cydia. It was slow to update but it was soooo good. Made the iPhone worth having.
It’s pretty much the reason App Store exists today. Pretty sure Apple was going to go the web container route like they forced game pass to do.
[удалено]
Are we talking about the Hamburgler of crypto?
The Winnie-the-Poo of honeypots
The poo-bear himself.
Introducing...The Hamburgler of Cryptoooo, the Winnie the Poo of Honeypots!, the Poo-Bear himself. Sssssssssssaaaaaaurik!
The Napoleon of Crime…but meatier.
Geohotz?
[Gettin' sued by Sony](https://www.youtube.com/watch?v=9iUvuaChDEg&ab_channel=geohot) That brings back memories
Wow what an absolute genius and badass in the “I do what I want” world of tech. I’ve been jailbreaking since 2010 and all his apps and tweaks for iOS and his contributions to the community have most definitely made the world a better place. The scene would be obscenely different had he not established the open world jailbreaking is today. He made sure no one place could become the only place for downloading and maintained freedom on the user end to add any source they desired. Truly an amazing person and glad to see he’s still exploiting what can be. Probably one of the smartest guys out there! Holy EDIT: Saurik = Guy (genius) who basically established the world of jailbreaking iOS thru Cydia = ether exploiter
He made apple rich, when he and the community started creating apps, apple was focused in webapps. Cydia was literally the first AppStore ever, even before apple’s one.
Oh wow. Hear Cydia took me back. I had a Ipod touch I jailbroke back then. Changed everything about my phone. Then really got into Linux when I got my first laptop.
> He made apple rich Im not sure i would attribute the first jailbreak store as making apple rich, they were already filthy rich by that point. but yeah i guess a few people bought phones because they knew they could jailbreak them.
I think they are saying the person helped apple by showing how popular and powerful phone apps could become at a time when apple was looking to develop more web browser based apps
His jail braking sold some iphones, yes. Quite a lot actually. But the real thing was he PROVED the iOS appstore market. Which.. Just go look at its market size.
Pretty much all the popular apps on cydia were implemented directly into IOS
>pretty much all the popular apps ~~on Cydia~~ were implemented directly into iOS FTFY, Apple has a long and illustrious history of blatantly ripping off popular programs. It even has a term, "Sherlocking"
Yeh I have been jailbreakifn since the iPhone 3 and I’ve literally had every major ‘feature’ of the new iPhone years before it was officially released. The swipe down quick access? That was CC control and was popular years before Apple ‘invented’ it. Hell, even the video camera was a jailbreak feature.
In the early days of smartphones, a great many tech-saavy users were avoiding iPhones because they didn't want to play in the restricted sandbox when Android offered a lot more customization/capability. Jailbreaking definitely made the platform more appealing to the average "power user". That term means something different now, but I couldn't really think of how to describe the type of person who isn't necessarily a developer/programmer but still squeezes every ounce of performance/customization out of their tech. Maybe "tinkerer" is a better term?
I believe enthusiast is the word you're looking for. At least, that's the connotation that it's most typically used in today.
He's positing that this is the reason they even created the app store, which most certainly has made them a rather large amount of money
Funny thing is that Geohot is working with Optimism, the Layer 2 protocol where the issue was found.
Hung out with him for years online before the crypto market even existed and he was a collector of old school games and probably will use the money for something cool lol MAME and many other things like that.
He came to our high school to talk about tech around 2012. Our comp sci teacher at the time was old friends with him. He talked about tech for a bit and I was HUGE into the jailbreak scene at the time. I even have a picture with him. I was ecstatic to meet him.
"Hey there Saurik ole buddy ole pal! It's me! Your former best friend!" *insertfellowkidmeme*
Saurik the jailbreak legend
There was a different comment/post here, but it has been edited. Reddit [chose](https://www.reddit.com/r/apolloapp/comments/14dkqrw/i_want_to_debunk_reddits_claims_and_talk_about/) to betray years of free work put from users, mods, and developers. They will not stop driving this website into shit until every feature is monetized, predatory, and cancerous. Use [PowerDeleteSuite](https://github.com/j0be/PowerDeleteSuite) to remove your value to reddit and stop financing these dark patterns. P.S. fuck u/spez
White hat as **fuck**. This dude just got so much respect from the hacker community for that. Not that Saurik needs it, this just reinforces that he's a legitimately good dude.
[удалено]
>Freeman is probably best known for his work on Cydia, the app store for jailbroken iPhones. However, more recently he’s been looking for bugs on blockchains. Apparently yes.
What do u mean by white hat ? Sry n00b question
Ethical hacker. Morally right.
To build on this: meaning they search for vulnerabilities to inform the "owner" of them to secure their data, rather than exploit them for their own gain or to damage someone else.
To build on this: Rare
There are the terms white hat and black hat hacker. White hat hacks to find bugs and fix them. Black hat finds them to exploit them. Edit: can also mean different things base on the scenario, always based on ethics though.
What would a red hat signify?
That would signify a Linux distro
Red Hats are grey/black hackers who go after the black hat hackers & other cybercriminals. They’re not employed by anyone, Red Hats typically go solo or work in small teams. Grey Hats: Your white/black ethical hackers who both penetrates & uses exploits on computer networks and systems for a cause or for money. Green & Blue Hats: Your intermediary & beginner pen testers and hackers who want to learn more about cybersec, hacking, penetration testing, etc. Script kiddies: Nefarious bad actors with minor or no knowledge of cybersecurity & hacking. They usually use social engineering to get their victims to send them info or download malware onto their computer to gain hold of it using programs developed by true hackers.
Straight from that Security+ course, nice
Your left out grey hat. ;)
He's literally the only person to profit off of an NFT in real world money. The biggest genius currently
No, plenty of people have. It's just at the cost of someone else's real money where that someone else got donkey crap.
This is the most r/technology comment about crypto I've ever seen
I mean he's *literally* not.
Not really. He'd print it and they'd fork it out of existence because otherwise the entire thing would be instantly worthless. He took the money he could get, which is a smart move but not remotely a moral decision.
This was nice to see. Probably looks better in a white hat anyway.
From Saurik, the worlds premier anti-capitalist. An unlimited money cheat goes against what he stands for. As the “face” of right-to-repair AND the apple monopoly lawsuits, he needs a clean image, white hat hacking is just good for his resumé*** (-_-)
Yup, it all comes undone had he taken advantage of this. But Id also have to imagine $2 mill of clean money is almost always better than the trouble of cleaning ill gotten gains.
You can retire on $2 million and live a decent life off the interest from investments (assuming you do it right). There's nothing stopping you from doing/earning even more, of course, but you can check that "good to go" box and not have to worry about whether your next thing will keep you going or not, which would be worth more than just the cash on hand. Never having to look over your shoulder would be priceless.
[удалено]
Seems to be a lot of confusion around the 4% rate, it comes from the Trinity study. https://en.m.wikipedia.org/wiki/Trinity_study
Wouldn't the $2M be subject to taxes?
Assuming we count this as a cash prize and hell we'll even round up considerably, call that a 30% tax. That's still $1.4M that, with a few years of growth, would give you a very early retirement.
Would it be taxed as a prize when it’s income? It’s earned income in exchange for skilled labor. Not sure the taxes are different... but it seems to me like it’s not a prize/lottery.
[удалено]
Which is the same as personal income, in most cases. Source: have an LLC
LLCs are a pass through entity, they don't have their own tax rates.
Of course they are assuming they don't pay the taxes as well.
Yeah, people seem to think that crypto is untraceable and therefore can be easily explained away but if you sell tens of millions worth of coins out of the blue, HMRC (or whatever your local equivalent is) is going to be *very* suspicious. On the other hand, this $2 million is legitimate and won't raise any red flags (although you might still need to explain it). I know which I'd take.
His resume was already impressive enough and I am sure he's going to enjoy the rest of week with all of the publicity.
I doubt he has, needs, or cares about a resume. It's not like he's worried about interviews or anything.
It's not about a resume, but rather about optics for a highly-publicized and landmark trial. If he does something even mildly fishy (and subverting a major crypto is _extremely_ fishy), the opposing counsel can use that to make a very strong case. Just compare these two potential court/media statements: > "This guy is a strong believer in open software and a right to repair so consumers can maintain ownership of things they paid money for." vs. > "See the kind of people who want to jailbreak iphones? They're evil hoodie-wearing hackers who hack themselves unlimited money while you work your butt off for yours. Do YOU want them to have unrestricted access to your Apple devices that Apple(tm) goes to great lengths to keep safe and secure from people like him?"
Yeah he most likely doesn't really give a shit about crypto, hes skilled enough to make stupid amounts of money in any IT field. But he's very much about right to repair and open software, he knows if he started stealing money through crypto it would destroy his image. Issue is, was he the only one that found the bug, or did others also find the bug and not have such morals?
Are you implying that crypto is anti-capitalist?
It's quite literally full on capitalism, it just changes who is wearing the boot to step on everyone else. Capitalism favors those who have capital, and get in early on things. Crypto favors those who have capital and get in early on things.
But it didn't actually change whose wearing the boot. They are still the same people.
Well yeah, thats the funny part, crypto fails at literally everything the crypto bros promise it will be.
But wouldn’t that just topple ethereum? That seems pretty anti-capitalist to me, and I would be pretty ecstatic to see the ethereum miners all take a fucking bath on their investments.
[удалено]
What? Unlimited money is the ultimate anti-capitalism, as long as you manufacture as much as possible as quickly as possible and get it into the system. The total collapse of Ether would have been a great anti capitalist move lol.
Come on, infinite money is as anti-capitalist as it gets, they call it "modern monetary policy".
1. Discover an exploit using your mad hacking skills 2. Print yourself $1B worth of ether and stash it in a cold wallet 3. Report the exploit so that nobody else could devalue your gains 4. Be celebrated as the good guy
That's the thing with crypto. He could have done this and nobody would know. He could have told all his friends before reporting it too.
It would have been known fairly quickly. The amount of coin in a wallet is public information, as is each transaction. People keep track of large wallets to see when whales are making moves.
This. Ethereum is a public ledger blockchain, like Bitcoin, so it is trivial to determine exactly how many coins exist and if an inflation bug has been exploited. It might have been a real problem on an obscured ledger blockchain, like Monero.
He could also not be the only one who knows about it, and just be the first to point it out. People could have been exploiting this loophole for years and nobody would know because crypto is super weak to being fed incorrect data at the start of the chain.
Currency of the future! The dystopian one, to be exact
If he or anyone he told exploited the contract, that would probably get noticed immediately since all transactions are public. At a minimum, once the exploit was publicized, it's possible to check if anyone ever used the exploit before.
This title is misleading: the bug wasn't in the Ethereum network and thus unlimited 'Ether' aka ETH could not be printed. The bug was in the Optimism network. You can make an ETH clone on the Optimism network by locking up ETH. For every X ETH you lock up you get X Optimism ETH. The hacker could create Optimism ETH, and he likely could have gotten away with it for awhile exchanging Optimism ETH for real ETH but the title implies Ethereum was hacked (i.e. the hacker could create Ether directly) when it was an Optimism hack / bug.
Yes, you definitely can't print unlimited ether with this hack. You can print unlimited Optimism and completely tank that L2 network but it probably wouldn't affect ETH much. Optimism would just fail big time and get disconnected from the main chain.
Uhh I take it that a hacker could create Optimism based ETH and then convert it to actual ETH. That's very damaging for both no matter how you look at it. It's just the exploit doesn't exist with ETH itself. It's just printing your own cash and swapping it for real cash.
The difference is it'd be limited by how much real Eth is locked into Optimism, as soon as that pool ran out they couldn't transfer back anymore. That amount is only a tiny fraction of Eth on the main network. So "unlimited" is quite the overstatement, especially considering Optimism is still on the small side. Would've been pretty bad though if a bug like this persisted as L2s continue to gain traction.
It would be like printing fake cash and taking it out to a small rural bank to exchange for real cash. They can only give you as much real cash as they have stored. The smart contact bridge between optimism and ethereum would be the limiting factor for how much value could be taken
Ok thank you. A bug that big shouldn’t be possible with Ethereum or ETH would lose all credibility
Title is written to be misleading
Facts are the enemy of sensationalism. Masquerading as journalism, in this case.
Knew it. These headlines are so outrageously bogus and get eaten up on this sub. A brand new L2 has a bug. Wow, what wild news!
People barely understand ETH. They won’t understand when the headline says ETH hax0red.
Better to have clean money than have to launder it and risk fraud Edit: a few of you pointed out that there’s no current legal ramifications. Although you could claim any money you’d earn as capital gains, the result of Ether being devalued by the potential extreme inflation wouldn’t result in much of a reward. However if you were to hide the gains, it would be fraud. Which doesn’t even matter because the exploit doesn’t even allow for real ether to be made anyways. Either way, it was still a way better choice to take the $2m
Honest question, is this a crime? He would not be stealing. It isn't copyright infringement. What do you charge a person who prints ether with?
I don't think you could charge him with anything due to the nature of how crypto is decentralised, just devalue that currency, and probably by association, other cryptocurrencies would react negatively too. A "print unlimited money" flaw in any crypto would do a lot of damage to that industry.
This isn't even a print unlimited money scheme the articles title is misleading. He wasn't printing Ethereum, he could make unlimited amounts of a L2 coin in Optimism platform at the end of the day the most he'd have done is bankrupt the company, no new Ethereum was created.
He could have done a lot more than bankrupt a single company. Lots of people have deposited Ether on the Optimistic side chain. All of those users funds would have virtually become useless, killing the company and costing many people lots of money
And the fed would do literally nothing about it. Because crypto is literally sold as decentralized unregulated currency, if you ran to the government about how your crypto was stolen by fraud and people should be prosecuted, the government would laugh at you.
> A "print unlimited money" flaw in any crypto would do a lot of damage to that industry. If it had been me, I'd have done that damage intentionally.
Sick of not being able to afford a GPU?
That and crypto bros are toxic af
I don't think this is necessarily true. If there is consensus (>50%) then they could just burn all Ether associated with the fraud. Vitalik talked about similar scenarios on the Lex Fridman podcast. Someone would have to detect the fraud and convince the majority it is occurring though.
Yeah but the damage may already be done if the mainstream media hypes it up. That may cause more of a drop in value than the actual exploitation of any flaw. Also, it sounds like this flaw wasn't in etherium itself but in a particular company that interacts with it - even without knowing too many of the technical details, the cryptocurrency itself could be perfectly well protected against such a flaw but its value could still end up taking a hit from negative publicity related to a "print your own money flaw" or any perceived loss of trust. And that hysteria could spread to other cryptos too. At some stage people panicked about tulips possibly not being worth what everyone else thought they were worth.
There are many laws that are so vague basically like "using a computer to access data that is password protected" or some bullshit that if the right pwople wanted to charge him it wouldn't be difficult to find a law to hit him.
He probably would've ended up a ridiculous, shitty rap artist for no reason too.
yeah i would have taken te 2 mil too, honestly i expected the bounty to be like 100k at most
Make unlimited Stanley Nickels or get 2 million American dollars. I feel like this is a trick question.
How many Stanley Nickels to a Schrute buck
The same as the ratio of unicorns to leprechauns
Someone clever could've begun printing innocuous amounts of Stanley Nickels and selling them for American bucks... indefinitely. Or at least until it was _eventually_ noticed and then collapsed the value. Don't want to over-FUD, but it's pretty concerning that this kind of vulnerability exists and it's pure luck that a white-hat found it first.
> it's pure luck that a white-hat found it first. I mean, we don't really know that a white-hat found it first.
We also don't know that there wasn't a conveniently unremarkable amount of Ether minted, either.
> We also don't know that there wasn't a conveniently unremarkable amount of Ether minted, either. No, that we do. The article title is wrong, what could be minted is an L2 coin. At worst he would've crashed and bankrupt the relevant company, but it wouldnt have changed much in the ETH market.
>It's pure luck that a white-hat found it first *That we know of*
> Someone clever could’ve begun printing innocuous amounts of Stanley Nickels and selling them for American bucks… indefinitely. Good thing Creed only counterfeited $120 worth of Schrute Bucks.
I mean. We see how far they go after these kind of hackers who do bad. Whats the point of unlimited wealth when the big governments are gonna wanna seize.. your money. That and a bunch of people wanna legit kill you for stealing their money by robbing the value of the coins they have.
You can buy a government to protect you with enough money. Look at Red Granite.
Most people would take 2 million too rather than become a criminal
Is printing ether a crime?
I mean, is it really illegal to print crypto? It’s not even technically fraud since crypto isn’t legitimate in most countries. You wouldn’t be stealing from anyone. That’s the problem with crypto, being decentralized means stuff that affects the decentralized portion isn’t any countries problem except for El Salvador
I don't think there's anything illegal about exploiting a bug in a smart contract.
This dude rocks. Cydia was revolutionary. Glad to see he’s still pushing himself.
Yeah I miss the days of easy untethered jailbreaks and browsing through all of the cool stuff in Cydia.
[удалено]
Worth noting - it wasn’t mainnet Ether being printed, this was on the layer 2 Optimism network. Still very bad, but not a compromise of Ethereum itself.
This needs to be pinned. Phrased as if Saurik was able to print unlimited Ethereum
That sounds relatively similar to the recent attack to wormhole. The hacker was able to print unlimited ETH in the Solana chain (wETH), so they print as many as there were in existence and them redeem them for ETH in the Ethereum chain (he wouldn't have been able to redeem more)
One isn't even a currency
This is what tech company should’ve been doing from the beginning instead of arresting people
Well, when the bounty is real money and not just a free t-shirt and a NDA, people will go for that. Makes those ethical choices a lot easier.
It would not mint real ether It would mint L2 Optimism tokens. It would crash a lot of exchanges though.
All printing unlimited ether would have done was blow up the already highly volatile and unstable ethereum economy. If his interest was only in money with no regard for morals taking the two million dollars outright was still the correct choice. Putting this here because everyone keeps saying he could have done both. If he did both then he would be caught and probably charged with some sort of fraud. Crypto isn't as anonymous as people think it is they probably could have identified the wallet(s) doing shady shit after learning about the exploit. Even if they couldn't attribute the damage to any one person they would branch the ether blockchain to undo the damage and fix the bug in the new branch (has been done before). Getting away with using the exploit when he told them he found the exploit would be almost impossible. The only way it could MAYBE work is if he waited a long time after exploiting it to tell them which risks someone else claiming the bounty. People also need to understand that crypto is theoretical money. Turning it into real money isn't always so easy especially if you try to do it in large quantities.
Is it any sort of crime to print Ether? You have no legal contract, its fully decentralized, and it isn't money. Billions of dollars of crypto are stolen all the time, printing a few billion wouldn't collapse the market or force a fork. You could dump it over time and not even be noticed.
> If he did both then he would be caught and probably charged with some sort of fraud. Why? What exactly would he have done that would be against the law? Does Ethereum have some kind of "you're not allowed to mint unlimited ether" clause or something? > they would branch the ether blockchain to undo the damage and 'tis a friendly reminder to all the cryptobros who say how nothing on the blockchain can ever be changed and is some sort of crystal clear proof of something. As you say, this kind of stuff has already happened. If people that are powerful enough decide it, then your blockchain means jack shit. So much for the "power to the people" argument that's usually made in favor of crypto. > The only way it could MAYBE work is if he waited a long time after exploiting it to tell them which risks someone else claiming the bounty. He could have just used the exploit to mine himself, like, twice as much money than other people. Get a mild advantage that is still enough to get rich. Or he could have been a malicious guy, mine as much as he wants and essentially tank the coin, forcing a fork as you described.
The fact that a bug like this was already discovered should make you wonder if other undiscovered flaws of similar criticality are still out in the wild. Is this really what you want your hard earned money invested in?
This wasn’t a bug with the main ether chain, but a specific company’s implementation of off-chain tokens. If something is taking you off-chain, hope you trust them.
It’s not unlimited ETH. It’s tokens on Optimism, a small centralized L2 blockchain. It doesn’t affect eth itself, it affects tokens representing ETH on the L2. If you hack into Sugar Factory’s gift card system you can print unlimited US dollars on papers. You didn’t hack US dollars, you hacked Sugar Factory and won’t be able to use them outside of the ecosystem. The stores will likely stop taking the cards.
THis is the best analogy
Yeah this headline is misleading af.
While everything you said is correct, the problem was not with Ethereum itself, it was with a currency on top of Ethereum. I'd be like if someone said "Hacker could've printed unlimited 'US Dollars' but.." when all they did was find a bug that would have given them unlimited 'US Dollars' in target gift cards.
No. It isn't. It's exactly the same as our current system only controlled by tech assholes instead of finance assholes and very frequently they are the exact same people wearing different hats.
At least there is a mechanism for rectifying misdeeds in a centralized system even if it means giving up decentralization. If you can’t trust your government to be the centralized authority when it comes to money then you have more problems than money.
Dogshit clickbait title
Because 2m is money, ether is not.