I recently completed my Master’s degree in Computer Science at ETH Zurich and had the good fortune of receiving an ETH Studio New York scholarship to work on my Master’s thesis at Cornell Tech in New York City. I very much enjoyed my stay in New York and had the privilege of collaborating with researchers from Cornell Tech, and elsewhere, on a number of exciting projects focused on improving the security of blockchain applications. Most notably, the Hydra project for decentralized bug bounties; Tesseract, a fast and secure exchange for cryptocurrencies built on trusted hardware; and hackthiscontract.io, a website for teaching people about smart contract security in a hands-on way.
Cornell Tech is a newly established Engineering school right in the heart of New York City jointly founded by Cornell University and the Technion – Israel Institute of Technology. In fact, the school is so young that its campus was not yet built when I arrived in New York. I spent the first few months of my visit in Cornell Tech’s temporary offices in the Google building before it moved to the all-new permanent campus on Roosevelt Island, a small island in the East River right next to Manhattan.
In retrospect, the timing couldn’t have been better as the transition period allowed me to also experience the vibrancy and bustle Manhattan’s Chelsea neighborhood and many delicious lunches at the nearby Chelsea Market. After relocating to Roosevelt Island, I enjoyed the stunning views and calm and remote feeling of “island” life — at least by New York standards.
As it turned out, I could have hardly chosen a more relevant research topic than blockchain security. As I was working on my thesis, cryptocurrencies went through a gold rush: the prices of Bitcoin and Ethereum increased by a factor between 10 and 100. As a result, exploiting a security vulnerability in these systems could net an attacker from anywhere on the globe millions of dollars in difficult-to-trace virtual currency. Indeed, during my time in New York, a multitude of high-profile hacks of smart contracts and trading platforms occurred resulting in the loss of hundreds of millions of dollars’ worth of cryptocurrency.
A Surprisingly Exciting Summer School
One of those hacks, the first Parity Multisig hack, occurred while I happened to be attending the 2017 IC3 Ethereum Crypto Bootcamp in Ithaca, New York — the home town of Cornell University. I remember sitting in a lecture on the formal semantics of the Ethereum Virtual Machine, when suddenly the volume of ambient talk in the lecture hall began to rise and the present Ethereum luminaries started to leave the lecture hall right in the middle of the talk. Rumors travelled quickly and I learned that a major hack of a Multisig wallet contract had occurred. My colleague/researcher Phil Daian and I were curious about the details and so we grabbed a laptop and began looking for the vulnerable contract. Thanks to the in-depth knowledge of the technical underpinnings of Ethereum that we had developed in the course of our research, we were quickly able to find the “hack transaction” on the blockchain and started to pore over the code of the hacked contract. We identified the vulnerability and started to explain it to others, who were curious, when we were asked to join a group of white hats (ethical security hackers) who had assembled in one of the Gates Hall meeting rooms. We spent the next several hours frantically working with the white hats scanning the blockchain by increasingly sophisticated means to find any other contracts that might be affected by the same vulnerability before someone malicious could exploit it and steal more funds.
When all was said and done, the hacker had stolen a total of 153’037 ether (≈ 30 million USD at the time of the hack). The white hat group had managed to save the other 377’105 ether (≈ 74 million USD) that had been at risk of theft. And the participants of the Bootcamp went out and celebrated a thrilling last day.
This is just a brief anecdote, but it illustrates how going abroad enabled me to forge new connections and have meaningful experiences that I would never have had if I had stayed in Zurich.
The ETH Studio New York is currently looking for more students who want to go to New York City. I highly recommend it!
A word of thanks…
A big thank you to Prof. Srdjan Capkun, Prof. Ari Juels, Dr. Claudio Marforio and Dr. Jürg Brunnschweiler for enabling me to go to New York and have this and many other great experiences — I can’t wait to go back one day.
By Lorenz Breidenbach
Lorenz studied Computer Science at ETH Zurich and is working as an SNF BRIDGE fellow in the System Security Group of Prof. Srdjan Capkun. Lorenz’s current research is focused on blockchain security. You can find some of the projects he has worked on at https://thehydra.io, https://gastoken.io and http://hackthiscontract.io, or follow him on Twitter @ethlorenz.