ELI5 why we cannot "rollback" Ethereum? After yesterday's Bybit hack, crypto commentators are again asking why Ethereum cannot "rollback" the chain to reverse the hack. While experienced ecosystem actors near-unanimously agree that this is infeasible, it's worth breaking down why this reasonably sounding proposal is technically intractable for less knowledgeable observers. If that's you, consider this an "ELI5" version of why this is impossible. First, some context on rollbacks: The idea of a blockchain "rolling back" stems from an early incident in the Bitcoin blockchain. In 2010, less than two years since Bitcoin's launch, a bug in the client software caused 184 billion (yes, *billion*) Bitcoins to be minted in block 74638. To fix this, Satoshi released a software patch to the Bitcoin client which invalidated the transactions. This had the effect of "rolling back" the chain which had kept growing in the meantime to block 74637. In less than a day, the new chain had accumulated enough proof-of-work to become canonical and all user transactions that had been rolled back were included in the new chain. Note that at the time, Bitcoin's mining difficulty was 10 billion times lower than today, and the BTCUSD price was about 0.07$. In short, this situation was unique in that a clear protocol bug led to the problematic transactions, which could easily be identified due to their large amount. Additionally, Bitcoin's limited adoption made it easy to distribute a new client version and quickly mine a new chain segment. Ethereum and TheDAO: Ethereum's early history had a superficially similar crisis which often leads to confusion about the practicality of rollbacks. In 2016, a popular Ethereum application, TheDAO, had ~15% of all ETH in existence under its control. Unfortunately, a hacker found a bug in the application's code that allowed them to steal all of these funds. This was notably different than the Bitcoin situation because the Ethereum protocol worked as intended, it was the application built **on** Ethereum that had an issue. Luckily, the developers of TheDAO had implemented a failsafe where withdrawals from the applications were frozen for a month before they were completed. This presented a unique opportunity to address the bug: the code of the application could be changed to prevent the funds from ultimately going to the hackers. Because there was no way in the application itself to do this, Ethereum protocol developers had to make the change directly in the blockchain's history. This is called an "irregular state change", because the "state" of the application was changed by manually updating the database, rather than, say, by a valid Ethereum transaction. A rough comparison to the Bitcoin bug above would be to have set the balance of the addresses that received the 184 billion BTC to 0, rather than re-mining a chain excluding those transactions. This upgrade was contentious and the Ethereum community effectively fractured over it. A subset of miners refused to run the software patch and kept mining on the chain where the hack happened, which still exists as Ethereum Classic. The chain that is known as Ethereum today is the one where this software upgrade was activated. Again, this situation was unique. Hacked funds from TheDAO were effectively frozen for a month, giving time for the community to coordinate on a software upgrade. The funds being frozen had another major advantage: there was no "contagion" from the hack. Had the hacker been able to move funds at will, "freezing" the funds would be an impossible cat and mouse game, as the protocol is open source and any potential change which froze the funds would have to be broadcast to the hacker, giving them plenty of time to move their funds elsewhere. Which brings us to the Bybit incident. Why we can't rollback Ethereum Earlier this week, the Bybit exchange had 401,346 ETH (~1.4B USD) stolen. The theft was caused by the custodian of the funds signing a misleading transaction in a compromised multisig interface. The root cause for this hack was higher up the stack than both TheDAO and the Bitcoin overflow bug. There were no issues with the Ethereum protocol, or even with the underlying multisig application used by Bybit. Instead, a compromised interface made it appear as though a transaction was doing one thing while it was actually doing another. From the perspective of the Ethereum protocol, there is nothing to distinguish that transaction from other legitimate transactions on the network. There is no protocol rule that was broken where patching the issue would isolate the hacked funds, like in the case of the Bitcoin exploit. Furthermore, the funds were immediately available for the hacker to spend. Unlike in the case of TheDAO, where the community had a month to deploy a surgical intervention, here the hackers immediately started moving the funds onchain. Even if we could solve the cat and mouse game described above, the Ethereum ecosystem is far different today than in 2016. DeFi and bridges to other chains mean that any stolen funds can easily be mixed within a web of applications. For example, stolen funds can be swapped on a decentralized exchange, with the resulting tokens being used as collateral in a DeFi protocol, where the borrowed assets are bridged to a completely separate chain. This level of interconnectedness means that any irregular state change, even if socially palatable, would have near-intractable ripple effects. A "full rollback", where a portion of the recent chain history was invalidated, would be even worse. Any settled transaction, many of which have implications outside Ethereum (e.g. exchange sales, RWA redemptions, etc.) would be undone, with no way to revert the offchain half of it. So, to conclude, while Bitcoin was able to "rollback" its blockchain 15 years ago, today, the interconnected nature of Ethereum and settlement of onchain <> offchain economic transactions, make this intractable today. Technically, irregular state changes are still possible on Ethereum in cases where funds are frozen and isolated. The last time such a change was proposed, in 2018, to address a bug in Parity's multisig wallet where ~500,000 ETH were frozen (see EIP-999), it was strongly opposed by the community of the contention resulting from TheDAO.