Original author: Tim Beiko
Original translation: GaryMa Wu talks about blockchain
Ethereum core developer Tim Beiko published a long article on February 22, 2025, explaining why Ethereum cannot be rolled back to reverse hacker attacks, such as the recent Bybit hack. He provided background on historical events of Bitcoin and TheDAO, and discussed why rollbacks are not feasible in todays Ethereum ecosystem. Wu said that the original article and the corresponding comments and replies are compiled and organized as follows:
After the Bybit hack yesterday, some have again asked why Ethereum can’t “roll back” the blockchain to reverse the hack.
While experienced people in the ecosystem are almost unanimous in their view that this is not feasible, it is worth explaining why this seemingly reasonable proposal is technically unfeasible, especially to those who are less knowledgeable. If you are one of them, here is a simple explanation of why this is impossible.
First, let’s understand the background of rollback:
The concept of a blockchain “rollback” stems from an incident in the early days of the Bitcoin blockchain. In 2010, less than two years after Bitcoin was launched, a bug in the client software led to the creation of 184 billion (yes, billion) Bitcoins in block 74,638.
To fix this, Satoshi released a software patch for the Bitcoin client that invalidated these transactions. This effectively rolled back the chain that had continued to produce blocks during this period to block 74637. In less than a day, the new chain accumulated enough hashpower proof to become the main chain, and all rolled back user transactions were included in the new chain. Note that at the time, Bitcoins mining difficulty was 10 billion times lower than it is now, and the BTCUSD price was about $0.07.
In short, this situation was unique because there was a clear protocol vulnerability that resulted in problematic transactions that were easy to identify due to their sheer volume. Additionally, Bitcoin’s limited adoption at the time made it easy to distribute new client versions and quickly mine new chain segments.
Ethereum and TheDAO:
Ethereum’s early history featured a superficially similar crisis, which often leads to confusion about the practicality of rollbacks. In 2016, a popular Ethereum application, TheDAO, controlled about 15% of all ETH at the time. Unfortunately, hackers found a vulnerability in the application’s code that allowed them to steal all of these funds. This was clearly different from the Bitcoin situation, as the Ethereum protocol itself was functioning fine, but it was the applications built on Ethereum that had problems.
Fortunately, TheDAO’s developers implemented a safety measure that froze all funds from the app for a month before they could be withdrawn. This provided a unique opportunity to address the vulnerability: the app code could be changed to prevent the funds from ending up in the hands of the hackers.
Since the application itself cannot do this, Ethereum protocol developers must make changes directly in the blockchain history. This is called an irregular state change because the state of the application is changed by manually updating the database, rather than through valid Ethereum transactions.
A rough comparison with the Bitcoin vulnerability mentioned above is equivalent to setting the balance of the address that received 184 billion BTC to 0, rather than re-mining the chain that excludes these transactions.
The upgrade was controversial and effectively split the Ethereum community. A portion of miners refused to run the software patch and continued mining on the chain where the hack occurred, now known as Ethereum Classic. The chain we call Ethereum today is the one that implemented the software upgrade.
Again, this situation is unique. TheDAO hacked funds were actually frozen for a month to give the community time to coordinate a software upgrade. Having the funds frozen has another major advantage: there is no “contagion” from the hack. If the hacker could move the funds at will, “freezing” the funds would be an endless game of cat and mouse, and since the protocol is open source, any potential changes that could freeze the funds would have to be made public to the hacker, giving them enough time to move the funds elsewhere.
This brings us to the Bybit incident.
Why cant we roll back Ethereum?
Earlier this week, 401,346 ETH (about $1.4 billion) was stolen from the Bybit exchange. The theft was caused by the custodian of the funds signing misleading transactions through a compromised multi-signature interface.
The root cause of this hack is higher than TheDAO and Bitcoin overflow vulnerabilities. Neither the Ethereum protocol nor the underlying multi-signature application used by Bybit has a problem. Instead, a damaged interface makes the transaction appear to be doing one thing, but actually doing another.
From the perspective of the Ethereum protocol, there is nothing that distinguishes this transaction from other legitimate transactions on the network. There is no violation of the protocol rules that can be isolated by patching the problem like the Bitcoin vulnerability.
Furthermore, the funds were immediately available to the hacker. Unlike the DAO case, where the community had a month to deploy an intervention, here the hacker immediately started moving funds on-chain.
Even if we can solve the cat-and-mouse game described above, the Ethereum ecosystem today is very different than it was in 2016. DeFi and cross-chain bridges to other chains mean that any stolen funds can be easily mixed across the application network. For example, stolen funds can be exchanged on a decentralized exchange, and the resulting tokens can be used as collateral in a DeFi protocol, with the borrowed assets then bridged to a completely different chain.
This high degree of interconnectedness means that any abnormal state change, even if socially acceptable, will have nearly unmanageable ripple effects. A complete rollback, where even the most recent portion of chain history is invalid, would be even worse. Any settled transaction, many of which have effects outside of Ethereum (e.g. exchange sales, RWA redemptions, etc.), would be reversed, but its off-chain portion cannot be reversed.
So, the conclusion is that while Bitcoin was able to “roll back” its blockchain 15 years ago, today, the interconnected nature of Ethereum and the settlement of on-chain and off-chain economic transactions makes this not feasible today.
Technically, it is still possible to make abnormal state changes on Ethereum while funds are frozen and quarantined. The last time such a change was proposed was in 2018, when about 500,000 ETH was frozen in response to a vulnerability in the Parity multi-signature wallet (see EIP-999), but the community strongly opposed it due to the controversy caused by TheDAO incident.
Comment: Is it possible to do a social hard fork at this stage? Zero out the Lazarus funds (as they are easily traceable) and do an abnormal state change to send the funds back to the Bybit address?
Response: Technically impossible. What if we announce a hard fork, and one block before it goes into effect, they move the funds to another address? If the hacker moves the funds before the fork, the fork will be useless. Alternatively, the hacker could cause the entire network to freeze through malicious interactions (such as sending a small amount of funds to all addresses), similar to a denial of service (DoS) attack.
Comment: If TheDAO hack happened now (funds frozen for a month, community coordination possible), do you think Ethereum governance would accept abnormal state changes again? Or has the protocol culture completely shifted towards strict immutability, even in extreme cases?
Reply: Hard to say! TheDAO had ~15% of all ETH (30x the current Bybit hack), but the results were more controversial than expected. I think this was a big reason why the Parity hack (~500,000 ETH, funds frozen, so recoverable) was never fixed via hard fork. To provide some perspective, TheDAO had roughly the equivalent of all WETH today plus the value of all L2 secured (not just ETH on L2, but all L2 tokens) staked ETH. That was the scale needed for an intervention, and the ecosystem was far less mature than it is now.
Comment: The same logic can be applied to more centralized chains like Solana, right? So, both Solana and Ethereum are decentralized enough for hackers?
Reply: Exactly. Solana could potentially hard fork faster than Ethereum, but you’d still have a lot of secondary effects and the risk of an attacker moving funds before the hard fork goes live.
Comment: If wETH is attacked, will you roll back?
Re: I don’t have the option, but I think this might be the minimum scale to at least bring up this topic? My point is more that comments about the DAO often make it seem like it’s “just an app” rather than a situation where WETH and all L2 funds are frozen in an easily recoverable way. (i.e. the key point is the scale of funds and whether it is easy to recover)
