Tim Beiko Detailed explanation: The amount of ETH stolen by Bybit hits a record high, but why can't Ethereum roll back?

Author: Tim Beiko

Compiled by: GaryMa Wu said blockchain

Ethereum core developer Tim Beiko published a long article on February 22, 2025, explaining why Ethereum cannot "roll back" to reverse hacking, such as the recent Bybit hacking incident. He provides context for the historical events of Bitcoin and TheDAO and discusses why rollbacks are not feasible in today's Ethereum ecosystem. Wu Shuo compiled and sorted the original text and corresponding comments and replies as follows:

After Bybit was hacked yesterday, some people asked again why Ethereum cannot "rollback" the blockchain to reverse the hacker attack.

While experienced people in the ecosystem almost agree that this is not feasible, it is worth explaining why this seemingly reasonable proposal is not technically feasible, especially for those who don’t know much about it. If you are one of them, this is a simple explanation of why this is impossible.

First, let’s understand the background of rollback:

The concept of blockchain "rollback" originated from an early event in the Bitcoin blockchain. In 2010, less than two years after Bitcoin was launched, a vulnerability in the client software caused 184 billion (yes, billion) of Bitcoin to be generated in block 74638.

To fix this issue, Satoshi released a software patch for the Bitcoin client that invalidates these transactions. This actually "rolls back" the chain that continues to produce blocks during this period to block 74637. In less than a day, the new chain accumulated enough computing power to prove it and became the main chain. All rolled-back user transactions were included in the new chain. Please note that Bitcoin mining was 10 billion times less difficult than it is now, and the price of BTCUSD was about $0.07.

In short, this situation is unique because there is a clear protocol vulnerability that leads to problematic transactions that are easy to identify due to the huge number. In addition, Bitcoin’s limited adoption at the time made it easy to distribute new client versions and quickly mine new chain segments.

Ethereum and TheDAO:

There was a seemingly similar crisis in the early history of Ethereum, which often led to confusion about the practicality of rollbacks. In 2016, a popular Ethereum application, TheDAO, controlled about 15% of all ETH at that time. Unfortunately, hackers discovered a vulnerability in the app's code that allowed them to steal all of this money. This is obviously different from the situation in Bitcoin, because the Ethereum protocol itself works normally, and there is a problem with the application built on Ethereum.

Fortunately, TheDAO developers have implemented a security measure that it takes one month to freeze before withdrawing money from the app. This provides a unique opportunity to resolve the vulnerability: App code can be changed to prevent funds from eventually flowing to hackers.

Since the application itself cannot do this, Ethereum protocol developers must make changes directly in the blockchain history. This is called an "unnormal state change" because the "state" of an application is changed by manually updating the database, rather than through valid Ethereum transactions.

A rough comparison with the above Bitcoin vulnerability is equivalent to setting the address balance of 184 billion BTC to 0 instead of remining the chain that excludes these transactions.

This upgrade caused controversy, and the Ethereum community was actually divided as a result. Some miners refused to run software patches and continued to mine on the chain where the hacking incident occurred, which is now called Ethereum Classic. What we call Ethereum today is the chain that implements this software upgrade.

Again, this situation is unique. The DAO's hacked funds were actually frozen for a month, giving the community time to coordinate software upgrades. There is another major advantage in the freezing of funds: this hacker attack did not "spread". If hackers can move funds at will, "freeze" funds will be an endless cat and mouse game, because the protocol is open source, and any potential changes that may freeze funds must be publicly given to the hackers, giving them enough time to transfer funds. Go elsewhere.

This leads to the Bybit event.

Why can't we roll back Ethereum

Earlier this week, the Bybit exchange was stolen 401,346 ETH (about $1.4 billion). Theft is caused by the custodian of funds signing misleading transactions through the damaged multi-signal interface.

The root cause of this hacker attack is one layer higher than the overflow vulnerabilities of TheDAO and Bitcoin. No matter whether it is the Ethereum protocol or the underlying multi-signature application used by Bybit, there is no problem. Instead, a damaged interface makes transactions seem to be doing one thing, but actually doing another.

From the Ethereum protocol perspective, nothing can distinguish that transaction from other legal transactions on the network. There is no place to violate the protocol rules, and hacked funds can be isolated by patching problems like Bitcoin vulnerabilities.

In addition, funds are immediately available to hackers. Unlike the situation at TheDAO, where the community had a month to deploy intervention, where hackers immediately started moving funds on-chain.

Even if we can solve the cat and mouse game mentioned above, the Ethereum ecosystem today is very different from 2016. DeFi and cross-chain bridges with other chains mean that any stolen funds can be easily mixed in the application network. For example, stolen funds can be exchanged on a decentralized exchange, and the resulting tokens can be used as collateral in the DeFi protocol, and the borrowed assets are then bridged to completely different chains.

This high degree of interconnection means that any abnormal state change, even if socially acceptable, will have a nearly unmanageable ripple effect. Completely "rollback", even if the most recent chain history part is invalid, it will be worse. Many of the settled transactions have impacts outside Ethereum (such as exchange sales, RWA redemption, etc.) will be revoked, but the off-chain part cannot be revoked.

Therefore, the conclusion is that although Bitcoin was able to “roll back” its blockchain 15 years ago, today, Ethereum’s interconnected nature and settlement of on-chain and off-chain economic transactions make this impossible today.

Technically, abnormal state changes are still possible on Ethereum when funds are frozen and quarantined. The last time this change was proposed in 2018, targeting a vulnerability in Parity’s extra sign-up wallet, about 500,000 ETH was frozen (see EIP-999), but the community strongly opposed it due to the controversy caused by the TheDAO incident.

Comment: Is it possible to perform a social hard fork at this stage? Zero the Lazarus funds (because they are easy to track) and make abnormal state changes, send the funds back to the Bybit address?

Reply: Technically impossible. What if we declare a hard fork and a block before it takes effect, they transfer funds to another address? If a hacker moves funds before the fork, the fork will not help. Additionally, hackers can cause the entire network to freeze through malicious interactions (such as sending a small amount of money to all addresses), similar to a denial of service (DoS) attack.

Comment: If the TheDAO hacker incident happens now (funding is frozen for one month, community coordination may be possible), do you think Ethereum governance will accept abnormal state changes again? Or has the protocol culture turned completely to strict immutability, even in extreme cases?

Reply: It's hard to say! TheDAO owns about 15% of all ETH (30 times the current Bybit hack), but the results are more controversial than expected. I think this is a big reason why the Parity hack (about 500,000 ETH, funds are frozen, so recoverable) has never been fixed by hard fork. To provide some perspective, TheDAO has approximately the same staked ETH as today’s WETH plus all L2 guaranteed value (not just ETH on L2, but all L2 tokens). That was the scale required for intervention, and the ecosystem was far from mature now.

Comment: The same logic can also be applied to more centralized chains, like Solana, right? So, for hackers, are Solana and Ethereum decentralized enough?

Reply: That's right. Solana may implement hard forks faster than Ethereum, but you still have many secondary effects, and the risk of attackers moving funds before the hard fork takes effect.

Comment: If wETH is attacked, will you roll back?

Reply: I don't have the option, but I think this is probably the smallest scale to at least raise this topic? My point is more about the comments about DAO often make it look like "just an application" than the case where WETH and all L2 tier funds are frozen in a way that is easy to recover. (That is, the key point is the scale of the fund and whether it is easy to recover)