Ethereum Core Developer Insights: Why Ethereum Rollback is No Longer Feasible Today?

Original Article Title: "Tim Beiko Explains: Why Ethereum Cannot Roll Back After Bybit Incident?"

Original Article Author: Tim Beiko
Original Article Translation: GaryMa, Blockchain Wu Shuo

Ethereum core developer Tim Beiko published a lengthy article on February 22, 2025, explaining why Ethereum is unable to "roll back" to reverse a hacker attack, such as the recent Bybit hack. He provided background on Bitcoin and TheDAO historical events and discussed why a rollback is not feasible in today's Ethereum ecosystem. The following is a compilation and translation of the original article and corresponding comment replies by Wu Shuo:

Following the recent hack of Bybit yesterday, some individuals once again questioned why Ethereum cannot "roll back" the blockchain to reverse a hacker attack.

While experienced individuals in the ecosystem almost unanimously believe this is unfeasible, it is worth explaining why this seemingly reasonable proposal is technically infeasible, especially to those less knowledgeable. If you are one of them, here is a simple explanation of why this is impossible.

First, Let's Understand the Background of Rollbacks:

The concept of blockchain "rollback" originated from an early event in the Bitcoin blockchain. In 2010, just under two years after the launch of Bitcoin, a vulnerability in the client software led to the generation of 184 billion (yes, billion) bitcoins in block 74638.

To fix this issue, Satoshi released a software patch for the Bitcoin client that invalidated these transactions. This effectively "rolled back" the chain that continued to mine during this time to block 74637. In less than a day, the new chain accumulated enough proof of work to become the main chain, and all rolled-back user transactions were included in the new chain. It is important to note that at that time, Bitcoin's mining difficulty was 100 billion times lower than it is now, and the BTC/USD price was approximately $0.07.

In short, this scenario was unique because there was a clear protocol bug that led to the problematic transactions, which were easily identifiable due to their immense quantity. Additionally, Bitcoin's adoption at the time was limited, making it easy to distribute a new client version and swiftly mine the new chain segment.

Ethereum and TheDAO:

Early in Ethereum's history, there was a seemingly similar crisis that often confuses people about the practicality of a rollback. In 2016, a popular Ethereum application called TheDAO controlled around 15% of all ETH at the time. Unfortunately, a hacker discovered a vulnerability in the app's code that allowed them to steal all of these funds. This was fundamentally different from Bitcoin's case, as the Ethereum protocol itself was functioning normally, and it was the application built on top of Ethereum that had the issue.

Fortunately, TheDAO's developers implemented a security measure, which required a one-month freeze period before any withdrawals from the application could be completed. This provided a unique opportunity to address the vulnerability: the application's code could be changed to prevent the funds from ending up with the hacker.

Since the application itself could not do this, Ethereum protocol developers had to make changes directly in the blockchain's history. This was referred to as an "extraordinary state change" because the application's "state" was altered through manual updates to the database, rather than through valid Ethereum transactions.

Comparatively rough to the Bitcoin vulnerability mentioned above, it was akin to setting the balance of an address receiving 184 billion BTC to 0, instead of re-mining to exclude those transactions.

This upgrade sparked controversy, leading to an actual split in the Ethereum community. Some miners refused to run the software patch and continued mining on the chain where the hack occurred, which is now known as Ethereum Classic. The chain we now refer to as Ethereum is the one that implemented this software upgrade.

Similarly, this situation was unique. The hacked funds in TheDAO were actually frozen for a month, giving the community time to coordinate the software upgrade. The frozen funds had another major advantage: the hack did not "spread." If the hacker could move funds freely, "freezing" the funds would have been an endless cat-and-mouse game because the protocol is open-source, and any potential changes that could freeze the funds would have to be disclosed to the hacker, giving them enough time to move the funds elsewhere.

This leads us to the Bybit incident.

Why We Can't Roll Back Ethereum

Earlier this week, Bybit exchange was hacked for 401,346 ETH (approximately $1.4 billion). The theft was perpetrated by the custodian of the funds signing deceptive transactions through a compromised multi-signature interface.

The root cause of this hack goes a level higher than TheDAO and the Bitcoin overflow bug. Neither the Ethereum protocol nor the underlying multi-signature application used by Bybit had issues. Instead, a compromised interface made transactions appear to do one thing while actually doing another.

From the Ethereum protocol's perspective, there was nothing to distinguish this transaction from other legitimate transactions on the network. There was no breach of protocol rules to isolate the hacked funds, as could be done to patch the issue in the Bitcoin vulnerability.

Furthermore, the funds were immediately available for the hacker to use. In contrast to TheDAO situation, where the community had a month to deploy interventions, here the hacker immediately began moving funds on-chain.

Even if we could solve the aforementioned cat-and-mouse game, the Ethereum ecosystem today is vastly different from 2016. DeFi and cross-chain bridges to other networks mean any stolen funds can easily be laundered within the application network. For example, stolen funds could be exchanged on a decentralized exchange, the resulting tokens used as collateral in DeFi protocols, borrowed assets then bridged to a completely different chain.

This high level of interconnectivity means any non-standard state change, even if socially acceptable, would lead to almost impossible-to-manage cascading effects. A full "rollback," even with only recent portions of the chain's history invalidated, would be worse. Any settled transactions, many of which have off-chain impacts (such as exchange sales, RWA redemptions, etc.), would be reverted but their off-chain portions cannot.

Therefore, the conclusion is, while Bitcoin was able to "rollback" its blockchain fifteen years ago, today, Ethereum's highly interconnected nature and settlement of both on-chain and off-chain economic transactions make this unfeasible in the present day.

Technically, a non-standard state change could still occur on Ethereum in cases where funds are frozen and sequestered. The last time such a change was proposed was in 2018, addressing a vulnerability in the Parity multi-signature wallet where around 500,000 ETH were frozen (see EIP-999), but due to the controversy sparked by TheDAO incident, the community strongly opposed it.

Comment: At this stage, is it still potentially possible to carry out a social hard fork? Zero out the Lazarus funds (as they are easily traceable) and carry out a non-standard state change to send the funds back to the Bybit address?

Reply: Technically not possible. If we were to announce a hard fork, what if they move the funds to another address one block before it goes into effect? If the hacker moves the funds before the fork, the fork would be useless. Additionally, the attacker could cause a network-wide freeze through malicious interactions (such as sending small amounts of funds to all addresses), akin to a denial-of-service (DoS) attack.

Comment: If TheDAO hack were to happen now (funds frozen for a month, potential community coordination), do you think Ethereum governance would once again accept a non-standard state change? Or has the protocol culture completely shifted towards strict immutability, even in extreme scenarios?

Reply: It's hard to say! TheDAO had control of around 15% of all ETH (30 times the current Bybit hack amount), but the outcome was more controversial than anticipated. I believe this is one of the primary reasons the Parity hack (around 500,000 ETH, funds frozen and hence recoverable) was never fixed via a hard fork. To provide some perspective, TheDAO held approximately the equivalent of all WETH today plus all L2 collateralized value (not just ETH on L2, but all L2 tokens) in staked ETH. That is a scale of intervention the ecosystem was far from mature enough for at the time.

Comment: The same logic can also be applied to more centralized chains, such as Solana, right? So, for hackers, both Solana and Ethereum are decentralized enough?

Reply: Exactly. Solana may be faster in implementing a hard fork than Ethereum, but you would still have many secondary effects and the risk of attackers moving funds before the hard fork takes effect.

Comment: If wETH were to be attacked, would you rollback?

Reply: I do not have the choice, but I think this is possibly the smallest scale at which this topic could be raised? My point is more that comments about DAOs often make it seem like "just an application" rather than a situation where WETH and all funds on Layer 2 are frozen in a way that is easy to recover from. (i.e., the key point is the scale of funds and ease of recovery)

Original Article Link