[daddyo]

> but if I hacked into it and took the 1s and 0s making up your balance, well, there's no question that's a crime.

It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property).

> if you're abusing a fault in the code, that's very clearly fraudulent behavior.

Another way to put this is that you are using the contract in a manner how it was defined by the author. Compare with a misconfigured web server showing open directories of files, or a robots.txt with a typo in it (ignore: /adminn). What is a fault and what is a feature? Who decides this? Solely the author of the contract? The parties involved (who splits the ties)? A majority of 3rd party volunteers? If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?

> doesn't mean that it doesn't fall into existing laws

If law was a software product, we are definitely a few pull requests behind its intended use. Look at how long it took to update authorship/copyright laws with the evolution of the internet, and how ugly things are when wrestled into the old framework of: I create it, I forever own it.

[s73ver]

"It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property)."

This is quite wrong; it's still considered a crime of stealing from the bank. The law does not care if you used a computer to do it instead of using dynamite to break into the safe, nor should it.

"Another way to put this is that you are using the contract in a manner how it was defined by the author."

No. If you are using an undisclosed exploit, then that is not true in the least. If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud. No amount of, "you should have known better" or "you should have done your research" will help you. Take the recent case of the hack involving Etherium. It exploited something in the "smart contracts" which very few people knew existed, and, judging by the actions of the team in charge, clearly was not meant to be there. But beyond that, if the contract were to be disputed in court, one thing that would become very clear is that no rational person would be expected to believe that was the intention of both signing parties. And thus, it would be decided that the contract was fraudulent.

"If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?"

So if I forget to lock my door, then my house should be free game for everyone?

[daddyo]

> This is quite wrong; it's still considered a crime of stealing from the bank.

The law cares. Like I said, in many jurisdictions this was only recently amended with special clauses -- clarifying the distinction between physical and virtual goods. In some jurisdictions theft requires fraudulently taking a physical tangible good: virtual goods can not be stolen (but you can still be charged with computer intrusion). Remember also the debate about downloading a cam movie vs. stealing property of movie studios.

> If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud.

But the contract is out there for both parties and their lawyers to have a look at it, before agreeing to it. If Google indexes my /admin directory because I made a typo error in our crawling contract (robots.txt), who is ultimately to blame? Judging by my actions and panic, the directory was clearly meant to be excluded. If we end up with the "smell test" in court for smart crypto contracts, we should just go back to "dumb" paper contracts and signatures.

> So if I forget to lock my door, then my house should be free game for everyone?

Non-sequitur. If you publish an article on Wikipedia then it is free game for everyone to visit it, edit it, and you can not retro-actively say: you are not supposed to be here.