Author: Tim Beiko

Compiled by: GaryMa Wu Blockchain

Ethereum core developer Tim Beiko published a long article on February 22, 2025, explaining why Ethereum cannot "roll back" to reverse a hacker attack, such as the recent Bybit hacker incident. He provided the background of the historical events of Bitcoin and TheDAO, and discussed why rollback is not feasible in today's Ethereum ecosystem. Wu Blockchain has compiled and summarized the original text and corresponding comments as follows:

Yesterday, after Bybit was hacked, some people asked again why Ethereum cannot "roll back" the blockchain to reverse the hacker attack.

Although the experienced experts in the ecosystem almost unanimously believe that this is not feasible, it is worth explaining why this seemingly reasonable proposal is technically infeasible, especially for those who are not very familiar with it. If you are one of them, this is a simple explanation of why this is impossible.

First, let's understand the background of rollback:

The concept of blockchain "rollback" originated from an early event in the Bitcoin blockchain. In 2010, less than two years after the launch of Bitcoin, a vulnerability in the client software caused the creation of 184 billion (yes, billion) Bitcoins in block 74638.

To fix this issue, Satoshi released a software patch for the Bitcoin client, making these transactions invalid. This effectively "rolled back" the chain to block 74637. In less than a day, the new chain accumulated enough computing power to become the main chain, and all the rolled back user transactions were included in the new chain. Note that at the time, Bitcoin's mining difficulty was 100 billion times lower than it is today, and the BTCUSD price was around $0.07.

In short, this situation was unique because there was a clear protocol vulnerability that caused the problem transactions, which were easily identifiable due to their massive scale. Additionally, Bitcoin's limited adoption at the time made it easy to distribute a new client version and quickly mine a new chain segment.

Ethereum and TheDAO:

Ethereum's early history had a seemingly similar crisis, which often leads to confusion about the practicality of rollback. In 2016, a popular Ethereum application, TheDAO, controlled about 15% of all ETH at the time. Unfortunately, hackers found a vulnerability in the application's code that allowed them to steal all of these funds. This was clearly different from the Bitcoin case, as the Ethereum protocol itself was functioning correctly, and the problem was with the application built on top of Ethereum.

Fortunately, the developers of TheDAO had implemented a security measure that required a one-month withdrawal freeze before funds could be withdrawn. This provided a unique opportunity to address the vulnerability: the application code could be changed to prevent the funds from ultimately reaching the hackers.

Since the application itself could not do this, the Ethereum protocol developers had to make direct changes to the blockchain history. This was called an "irregular state change" because the application's "state" was modified by manually updating the database, rather than through valid Ethereum transactions.

Roughly comparing this to the Bitcoin vulnerability, it would be equivalent to setting the balance of the address that received the 184 billion BTC to 0, rather than re-mining a chain that excluded these transactions.

This upgrade was controversial, and the Ethereum community actually split as a result. Some miners refused to run the software patch and continued mining on the chain where the hacker event occurred, which is now known as Ethereum Classic. The chain we call Ethereum today is the one that implemented this software upgrade.

Similarly, this situation was unique. The funds stolen from TheDAO were actually frozen for a month, giving the community time to coordinate the software upgrade. The fact that the funds were frozen also had another major advantage: the hacker attack did not "spread." If the hackers could freely move the funds, "freezing" the funds would be an endless game of cat and mouse, as the protocol is open-source, and any potential changes to freeze the funds would have to be made public, giving the hackers enough time to move the funds elsewhere.

This brings us to the Bybit incident.

Why we cannot roll back Ethereum

Earlier this week, the Bybit exchange was hacked for 401,346 ETH (about $140 million). The theft was caused by a custodian of the funds signing misleading transactions through a compromised multi-sig interface.

The root cause of this hacker attack is more sophisticated than the TheDAO and Bitcoin overflow vulnerabilities. Neither the Ethereum protocol nor the underlying multi-sig application used by Bybit had any issues. It was a compromised interface that made the transactions appear to be doing one thing when they were actually doing another.

From the Ethereum protocol's perspective, there is nothing that can distinguish this transaction from other legitimate transactions on the network. There is no violation of protocol rules that can be patched to isolate the stolen funds, as in the Bitcoin vulnerability case.

Additionally, the funds are immediately available for the hackers to use. Unlike the TheDAO case, where the community had a month to deploy an intervention, here the hackers started moving the funds on the chain immediately.

Even if we could solve the above cat-and-mouse game, the Ethereum ecosystem today is vastly different from 2016. DeFi and cross-chain bridges mean that any stolen funds can be easily mixed within the application network. For example, the stolen funds can be exchanged on a decentralized exchange, and the resulting tokens can be used as collateral in DeFi protocols, with the borrowed assets then bridged to a completely different chain.

This high level of interconnectedness means that any irregular state change, even if socially acceptable, will produce a nearly unmanageable chain reaction. A complete "rollback", even if only a portion of the recent chain history is invalidated, would be even worse. Any settled transactions, many of which have impacts outside of Ethereum (e.g., exchange sales, RWA redemptions, etc.), would be undone, but their off-chain components cannot be.

Therefore, the conclusion is that while Bitcoin was able to "roll back" its blockchain 15 years ago, today Ethereum's interconnected nature and the settlement of on-chain and off-chain economic transactions make this infeasible.

Technically, Ethereum could still potentially perform irregular state changes if the funds were frozen and isolated. The last time such a change was proposed was in 2018, addressing a vulnerability in the Parity multi-sig wallet that froze about 500,000 ETH (see EIP-999), but it was strongly opposed by the community due to the controversy around the TheDAO event.

Comment: Is it still possible to perform a social hard fork at this stage? Set the Lazarus funds to zero (as they are easily traceable) and perform an irregular state change to send the funds back to the Bybit addresses?

Response: Technically, this is not possible. If we announce a hard fork, what if they move the funds to another address before it takes effect? If the hackers move the funds before the fork, the fork will be futile. Additionally, the hackers could cause the entire network to freeze through malicious interactions (e.g., sending a small amount of funds to all addresses), similar to a denial-of-service (DoS) attack.

Comment: If the TheDAO hacker incident happened now (with a one-month fund freeze and potential community coordination), do you think Ethereum governance would accept an irregular state change again? Or has the protocol culture completely shifted towards strict immutability, even in extreme cases?

Response: It's hard to say! TheDAO controlled about 15% of all ETH (30 times the current Bybit hacker incident), but the outcome was more controversial than expected. I think this is a major reason why the Parity hacker incident (about 500,000 ETH, with funds frozen and thus recoverable) was never fixed through a hard fork. To provide some perspective, TheDAO held an amount roughly equivalent to the value of all WETH today plus all the staked ETH on L2s (not just the ETH on L2s, but all L2 tokens). That's a scale of intervention that the ecosystem, which was much less mature at the time, would have struggled with.

Comment: The same logic can also be applied to more centralized chains, like Solana, right? So, for hackers, both Solana and Ethereum are sufficiently decentralized?

Response: That's correct. Solana may be able to implement a hard fork faster than Ethereum, but you would still have many secondary effects, and the risk of the attacker moving the funds before the hard fork takes effect.

Comment: If wETH is attacked, would you roll it back?

Response: No, the same principles apply. Attempting to roll back wETH would have many unintended consequences and is not feasible.

Reply: I have no choice, but I think this may be the minimum scale to at least raise this issue? My view is more that comments about DAO often make it look like "just an application", rather than the situation where WETH and all L2 layer funds are frozen in a way that is easy to recover. (The key point is the scale of funds and whether they are easy to recover)