GuShiio.com The root cause of this hack goes one step further than TheDAO and Bitcoin spillover vulnerabilities.
Author: Tim Beiko
Compiled by: GaryMa Wu said blockchain
Tim Beiko, the core developer of Ethereum, released a long article on February 22, 2025, explaining why Ethereum cannot “roll back” to reverse hacking attacks, such as the recent Bybit hacking incident. He provides background on the historical events of Bitcoin and TheDAO, and discusses why rolling back is not feasible in today’s Ethereum ecosystem. Wu said that the original text and corresponding comment replies were compiled and organized as follows:
After Bybit was hacked yesterday, some people again asked why Ethereum couldn’t “roll back” the blockchain to reverse the hacking attack.
While experienced people in the ecosystem are almost unanimous in agreeing that this is not feasible, it is worth explaining why this seemingly reasonable proposal is not technically feasible, especially for those who don’t know much about it. If you are one of them, this is a simple explanation of why this is impossible.
First, take a look at the background of rollback:
The concept of blockchain “rollback” stems from an early event in the Bitcoin blockchain. In 2010, less than two years after Bitcoin was launched, a flaw in client software resulted in the creation of 184 billion (yes, 100 million) bitcoins in block 74638.
To fix this problem, Satoshi released a software patch for the Bitcoin client to invalidate these transactions. This effectively “rolls back” the chain that continued to block during this period to block 74637. In less than a day, the new chain accumulated enough computing power proof and became the main chain, and all user transactions that were rolled back were included in the new chain. Please note that at that time, Bitcoin was 10 billion times less difficult than it is now, and the BTCUSD price was approximately US$0.07.
In short, this situation is unique because there is a clear protocol loophole that leads to problematic transactions that are easy to identify due to their large number. In addition, Bitcoin’s limited adoption at the time made it easy to distribute new client versions and quickly mine new chain segments.
Ethereum and TheDAO:
Ethereum’s early history had a seemingly similar crisis, which often led to confusion about the practicality of rolling back. In 2016, a popular Ethereum application, TheDAO, controlled about 15% of all ETH at the time. Unfortunately, the hackers discovered a flaw in the app’s code that allowed them to steal all of these funds. This is significantly different from the situation in Bitcoin, because the Ethereum protocol itself is working normally and there is a problem with the application built on Ethereum.
Fortunately, the developers of TheDAO implemented a security measure that required a month to freeze withdrawals from apps. This provides a unique opportunity to resolve vulnerabilities: app code can be changed to prevent funds from ending up flowing to hackers.
Since the application itself cannot do this, Ethereum protocol developers must make changes directly in blockchain history. This is called an “abnormal state change” because the “state” of the application is changed through manual updates to the database, rather than through a valid Ethereum transaction.
A rough comparison with the above-mentioned Bitcoin vulnerability is equivalent to setting the balance of addresses receiving 184 billion BTC to 0, rather than re-mining the chain that excludes these transactions.
The upgrade caused controversy and effectively divided the Ethereum community. Some miners refused to run software patches and continued to mine on the chain where the hacking incident occurred, which is now known as the Ethereum Classic. The chain we call Ethereum today is the chain that implemented this software upgrade.
Again, this situation is unique. TheDAO’s hacked funds were effectively frozen for a month, giving the community time to coordinate software upgrades. The freezing of funds has another major advantage: the hacking did not “spread.” If hackers could move funds at will,”freezing” funds would be an endless cat-and-mouse game, because the protocol is open source, and any potential changes that might freeze funds must be disclosed to hackers, giving them enough time to move funds elsewhere.
This led to the Bybit incident.
Why can’t we roll back Ethereum
Earlier this week, 401,346 ETH (approximately $1.4 billion) was stolen from the Bybit exchange. Theft is caused by the custodian of funds signing misleading transactions through a compromised multi-signature interface.
The root cause of this hack goes one step further than TheDAO and Bitcoin spillover vulnerabilities. Whether it is the Ethereum protocol or the underlying multi-signature application used by Bybit, there is no problem. Instead, a damaged interface makes the transaction appear to be doing one thing, but actually doing another.
From the perspective of the Ethereum protocol, nothing can distinguish this transaction from other legal transactions on the network. There is no violation of the rules of the agreement, and hacked funds can be isolated by patching problems like Bitcoin vulnerabilities.
In addition, funds are immediately available to hackers. Unlike TheDAO, where the community had a month to deploy intervention, hackers immediately began moving money along the chain.
Even if we could solve the cat-and-mouse game mentioned above, the Ethereum ecosystem today is very different from 2016. DeFi and cross-chain bridges with other chains mean that any stolen funds can be easily mixed across the application network. For example, stolen funds can be exchanged on a decentralized exchange, the resulting tokens can be used as collateral in the DeFi protocol, and the borrowed assets can then be bridged to a completely different chain.
This high degree of interconnection means that any change in abnormal conditions, even if socially acceptable, will have a chain reaction that is almost unmanageable. A complete “rollback”, even if the most recent chain history is partially invalid, will be even worse. Any settled transaction, many of which have effects outside of Ethereum (such as exchange sales, RWA redemptions, etc.), will be revoked, but the off-chain portion cannot be revoked.
So the conclusion is that while Bitcoin was able to “roll back” its blockchain 15 years ago, today, the interconnected nature of Ethereum and the settlement of economic transactions on and off the chain make this impractical today.
Technically speaking, abnormal status changes may still be made on Ethereum even if funds are frozen and quarantined. The last time such a change was proposed was in 2018, when approximately 500,000 ETH was frozen in response to a vulnerability in the Parity multi-sign wallet (see EIP-999), but the community strongly opposed it due to controversy over the TheDAO incident.
Comments:At this stage, it may still be possible to have a hard social fork? Zero Lazarus funds (because they are easy to trace) and make abnormal status changes to send funds back to the Bybit address?
Reply:Technically impossible. What if we announce a hard fork and before it takes effect, they move funds to another address for one block? If hackers move funds before the fork, the fork will not help. In addition, hackers can cause the entire network to freeze through malicious interactions (such as sending small amounts of money to all addresses), similar to a denial of service (DoS) attack.
Comments:If the TheDAO hacking incident occurs now (funds are frozen for a month, community coordination is possible), do you think Ethereum governance will accept abnormal status changes again? Or has the culture of protocol completely shifted towards strict immutability, even in extreme circumstances?
Reply:Hard to say! TheDAO owns about 15% of all ETH (30 times the number of current Bybit hacking incidents), but the results are more controversial than expected. I think this is a big reason why the Parity hack incident (approximately 500,000 ETH, funds frozen, so recoverable) was never fixed with a hard fork. To provide some perspective, TheDAO has approximately a pledged ETH equivalent to the value of all WETH today plus all L2 guarantees (not just ETH on L2, but all L2 tokens). That was the scale needed for an intervention, when the ecosystem was far less mature than it is now.
Comments:The same logic can be applied to more centralized chains, such as Solana, right? So, are both Solana and Ethereum decentralized enough for hackers?
Reply: That’s right. Solana may implement a hard fork faster than Ethereum, but you still have a lot of secondary effects and the risk of attackers moving funds before the hard fork takes effect.
Comments:If wETH is attacked, will you roll back?
Reply:I don’t have a choice, but I think this may be the minimum scale to at least bring up the topic? My point is more that comments about the DAO often make it seem like it’s “just an application” rather than a situation where WETH and all L2 tier funds are frozen in an easily recoverable way. (That is, the key point is the size of the capital and whether it is easy to recover)
