Is there a formal difference between hacking into someone else's server and, say, for example, exploiting an Ethereum contract, or exploiting a bug on a Lightning app that allows you to withdraw more than you should?
Discussion
Yes there is a difference in most jurisdictions
I guess its depends on how serious
I remember the Mango (a shitcoin defi exchange/protocol) exploiter was sued, even if basically he also announced the possible exploit in detail on the 🐦 app before doing it.
one affects more people than the other (in general)
Yes, if we use the interpretation that 'code is law'. Making the smart contract bulletproof is on you. However, breaking into a server is like sneaking into your house: just because you left the backdoor open, it doesn't mean they are welcome inside.
There is a difference.
If the server is locked down and not meant to be public, then it's the digital equivalent of breaking and entering.
If you're talking about exploiting public open source software like an ETH smart contract, that's more like the digital equivalent of picking up a wallet off the ground and keeping it.
If a server is connected to the internet then some data must enter into it. What data? That is defined by the rules of the software running on that server. If you send data and the server accepts it, you're playing by the rules.
Are you trying to hack a server?
Nevertheless, I agree with your viewpoint. People hack Ethereum protocols all the time, that's how it was written right? Code is law.
I think by having IRL police being the backstop for code bugs we've made devs lazy. We need better infrastructure to secure our things on the internet, not pay police to catch internet thieves(doesn't work because thieves have better security).
Logically yes, legally in most jurisdiction no.
Not legally the same. One is an attack on a concept, the decentralized protocol, the other is on an asset owned by an individual (or org). The CFAA prohibits unauthorized access to an individual’s or company’s computers or systems. Blockchain / protocol vulnerabilities can be exploited without the unauthorized access
In a court, I imagine they would be tried differently because they paint a different picture of intent. And also the resulting damage may be different. 
Lubin and Buterin should be sued for ethereum exploits for marketing it as a viable platform
Nostr is super neat but this is a question for a lawyer. Not a nym.
Lightning is meant to have all legal disputes settled on chain so if the bug doesn’t subject the attacker to a penalty disincentive then the attacker has done the network a favor by showing the weakness. Lightning will never have “juries prudence” anywhere other than the Bitcoin blockchain.
Tldr- no formal difference - and if it’s meant to be the payment rail of the world in the future, any legal formality will be irrelevant.
None
Yes, when you “hack” someone else’s server you are performing “unauthorized access”. Not so with a contract or protocol weakness that can be exploited by, say, submitting (malformed?) transactions to your own node, so you never did any unauthorized access. That’s the difference
Depending on your jurisdiction even clicking a wrong link can put you in jail. Don’t look for justice in computer law.
Both cases are theft regardless of what the particular laws of the jurisdiction say.