Firo 51% attack post mortem and vote on attackers' funds

To the Firo Community,

As you have probably heard, the Firo network suffered a 51% attack on January 18th, 2021. This attack replaced about a day’s worth of blocks, with the primary goal being to defraud exchanges out of their money.

Firo is not the only coin to suffer such an attack, Ethereum Classic, Horizen, Bitcoin Gold, Grin and Beam all experienced it and it shows the increasing difficulty of bootstrapping a pure proof-of-work coin in this day and age. The irony of this attack happening on the cusp of activating chainlocks, which would have prevented this situation entirely, is not lost on us.

The team moved swiftly and put out several emergency updates. The first of which freezes the attacker’s funds so they can’t be moved and also implemented a max re-org depth of 5, and the second will activate chainlocks within a week (at time of writing). The Firo development team is confident in our work, and hope that this activation will be successful and prevent any further attacks similar to this one.

That said, there were real, monetary damages to exchanges and its users as a result.

Description of Attack

To dispel any FUD let me preface it with these:

  • No inflation occurred
  • This was not a bug, but a nature of Proof of Work consensus
  • Hashrate was not easily rentable as Nicehash doesn’t support MTP and other sites do not have sufficient hashrate.

The attacker deposited a huge number of coins into Binance, sold them for other coins (most likely BTC, ETH and USDT) and withdrew the proceeds to a personal wallet. This was done with 3 unique KYCed IDs in batches of 10,000 FIRO to 40,000 FIRO totaling 865,951.9714 FIRO.

Through his own pool, the attacker then revealed his secret mined chain which had more accumulated work on it. This chain rolled back over 300 blocks which also reversed his deposits (and other users’ deposits) into Binance. This meant that the FIRO that were sold on Binance were no longer on Binance and had reverted to the attacker despite him already selling them and withdrawing his BTC/USDT/ETH proceeds.

Attacker consolidated all his FIRO in one address totalling 867,652 FIRO which includes his coinbase rewards he earned from mining the chain. The attacker did not take any steps to anonymize or spread out his funds.

According to Binance, they have suffered losses of 906,771.4373 FIRO. This includes funds of innocent users who also had their deposits reversed. This figure might change as legitimate deposits are rebroadcasted and confirmed. Binance’s security team is still in the midst of investigations.

Indodax has also reported losses of 82,741.37718628 FIRO. We are unsure if these are knock on effects of legitimate users withdrawing from Binance to Indodax which are now subsequently reversed. It is possible that once Binance is made whole, Indodax losses would be made good as well.

Other exchanges did not report any losses or only very minor ones.

What was done to mitigate the attack

The attack was done at a time where most of our team was asleep and we were first made aware at 6:50 AM UTC+8.

We immediately informed all exchanges and pools. Exchanges shut down deposits and withdrawals. We then issued our emergency switch to temporarily disable Lelantus to prevent the attacker from anonymizing funds.

We then rolled out updates that locked the attacker’s proceeds and also limited reorg to 5 blocks in depth. We briefed all exchanges and pools on this along with releasing the code publicly.

We also then made an additional release deploying chain locks which is scheduled to activate on block 341100 (Approximately Jan 28 2021, 11:00 UTC). This was meant to have been deployed in a few weeks but we decided to rush this to ensure exchanges are comfortable this won’t happen again.

Interesting additional information

From tracing the source of the funds of the attack (which weren’t anonymized), many could be traced from Binance’s wallets from the 16th-18th January. This meant that he had purchased these funds from Binance during this period which may explain the massive run up in price in the time period. This would have required millions of USD.

Similarly the timing of the deposits into Binance that were double spent also corresponds to the time slightly prior to when we were seeing a continuous selling activity.

We can’t be absolutely sure if the price movements are correlated to the attack but there is a strong circumstantial evidence to suggest this.

Given the way the attacker has behaved especially in not utilizing our privacy features and consolidating his proceeds into a single address (making it trivial to blacklist) while undertaking immense financial risk does beg the question whether the attacker was financially motivated. A double spend attack is only profitable if you get back the funds you sold but the scale, the amount of resources required and the lack of care in hiding the proceeds may indicate someone who is just out to discredit the project just as Lelantus was launched and chainlocks were due to be released.

We also spoke to a pool operator who reached out to us to tell us that they were approached by someone on Discord who wanted to have his own Firo MTP pool on 12 Jan. He mined a single block on it and then removed access to it and hasn’t been heard from since. We are unsure if this has any relation to the attack.

What should we do?

Binance in particular has asked about the possibility of reimbursement for their losses, and, though the team does receive a modest sum from the protocol in the form of a development fund, the Firo team has nowhere near the funds necessary to cover these damages. Our options are limited, but we would like to present them here for community discussion. Firo is, after all, first and foremost, a coin of the community, and we would never act on something so substantial without first receiving community input.

Our first option is to utilize the locked attacker’s funds to make reparations to the exchanges and its users. This Firo would be ‘mined’ on a new block and sent to a wallet controlled by the Firo development team to disperse to the exchanges that request reimbursement. It’s important to note that this will not change the max supply of Firo as the attacker’s funds have been effectively lost forever under the new protocol rules, so the newly minted Firo would cancel this out.

This approach does have drawbacks however. The centralization and subverting the proof-of-work is not something to be taken lightly, and some may see this as a dangerous precedent set for the future. But some may see it as a necessary growing pain as we install technology that will protect us from the shortcomings of proof-of-work especially as a newer coin.

Our second option is to not mint the Firo, effectively asking the exchanges to eat the losses. This seems unfair to the exchange, but a 51% attack is not the fault of the developers or project. There was no bug, exploit, or failure of the protocol that allowed this to happen, and it can happen to any proof-of-work coin.To ask Firo, as a project and as a community, to backtrack on decentralization and proof-of-work is a heavy ask, and we’re not sure an exchange should have the power to ask this of a coin that is trying to be real money for people.

This approach also has drawbacks, as if the exchanges do not receive reimbursement, there is a real risk of delisting. We hope this would not be the case, and hope that the exchanges consider, with the activation of chainlocks, 51% attacks would be significantly harder to pull off given it would also require masternode control.

Within the second option also lies an additional choice, should the attacker be able to keep his 867,652 FIRO which he initially legitimately obtained, sold but then got it back through his double spend attack? Blockchain purists might argue that the attacker was entitled to the funds as he acted as allowed by the protocol but it also might mean death for the project given that ~7.6% of circulating supply is now in the control of someone who obviously has malicious intent for the project despite him spending significant sums of money.

We bring these options to you, the community, for discussion and recommendation. Each option has pros and cons, and we, the Firo team, want to do right by everyone. Please make your voice heard and opinion known.

What should we do with the 51% attacker funds?
  • Keep attackers’ funds locked and use it to reimburse exchanges
  • Keep attackers’ funds locked but no reimbursement to exchanges
  • Don’t lock attackers’ funds and no reimbursement to exchanges

0 voters

It is important that we take this decision seriously and also highly recommend people to not only vote in the poll but also post in the thread. The last thing we want are sock puppet accounts with no history suddenly coming out of the woodwork to vote so we will be taking this into account.

11 Likes

Would like to thank Diego Salazar who helped me with a draft writeup for this while I was swamped with work.

13 Likes

I support the confiscation of funds for evil and use them to make up for the losses of the exchange.

5 Likes

You witness a robbery and are able to recover a bag of money while you’re looking at the victim! Do you:

  1. Return it to the victim
  2. Give it back to the thief
  3. Burn it

Easy vote for me. The money was stolen and should be returned to it’s victims. It’s really the innocent users of Binance that ultimately lose out if it’s not returned, as well as the Firo project. Binance has been very good to Firo, starting with a free listing on the exchange, highest liquidity, partnering in recovery of an inflation bug, doing multiple community events for exposure, charity events, and more…

It’s the right thing to do, please return the double spend ill gotten gains to Binance users where they belong. Chainlocks will go a long way to prevent this issue from happening again.

-K

21 Likes

Elsewhere in the forum I have said that although I prize decentralization very much that we should keep the spork to switch off lelantus in it’s first months of activation - reasoning that the would be attempts to hack.
For similar reasons I fully support using the locked funds to reimburse Binance and others. This is the moral choice.

9 Likes

I really like your simplification. It’s clear that they money belong to the exchanges, and it’s the moral thing to do to give it back.

6 Likes

I would like to echo this that Binance has been exemplary in handling matters with us and with the recovery of the inflation bug were very cooperative. A lot of details were shared with us as well on the attack and there was never ‘reimburse or we delist’. It was more of a ‘management may seek compensation’.

Indodax similarly were one of the first exchanges to support us and also the rebrand. Remember, reimbursing Binance might automatically reimburse Indodax too since Binance users might have withdrawn to Indodax.

Time is of the essence here as we want trading to resume asap.

4 Likes

I’d say go for the confiscation. However, this to a very large extent goes against every ethos in blockchain and will cause loss in other ways, particularly in being taken seriously as a privacy protocol. I support it from the moral pow particularly since this was likely someone playing with hardware gaining an unreasonable “hidden” advantage.

The inflation bug introduced an on chain blacklist, something that really shouldn’t happen adding this to the mix and the only right move forward is a swap to get rid of the blacklist and this.

A development team should not have a blacklist regardless of why it may be necessary as a temporary fix for anything other than an emergency bugfix.

This is not an emergency bugfix, it’s sloppy work in not rolling out chainlocks along with the rest of the Dash code ports. That aspect of this is not currently being owned by the team other than comments about irony and I find that disappointing.

Frankly the inept handling of this on the part of the attacker makes one wonder if this was meant as an enrichment attack or if it was meant to put the discussion on FIRO being a credible blockchain/“privacy blockchain” forever to rest. There are other players in the space who will gain from this as this series of actions/reactions seems too predictable for this to have been coincidental.

3 Likes

Chain locks were not rolled out yet as we wanted to get Lelantus out first. LLMQ masternodes was quite a huge upgrade and we were behind on Lelantus. MTP hashrate as you know wasn’t rentable on nicehash and MRR only had a little.

The decision was to roll out Lelantus first, then chainlocks as you know too many moving parts mean more things go wrong. At the time of attack chainlocks was already being tested on our public testnet.

There is a reason why no other masternode coin despite Dash has implemented chainlocks afaik and some even have broken LLMQ implementations that don’t PoSe ban. It isn’t trivial work.

7 Likes

Remember that our masternode implementation doesn’t have their implementation of sporks, governance, superblocks and other aspects that were deliberately left out. This had to be stripped carefully. As we did not have sporks, we also had to implement our own method of transitioning from the old masternode lists to the new deterministic masternode system.

Our devs also have concerns on the reliability of instant send given their low quorum threshold. It should work the vast majority of the time but what happens if it doesn’t or conflicts with a chainlock block? What we did wasn’t a simple port and while on retrospect it might have seen prudent to launch Lelantus with chainlocks, we didn’t think a difference of a few weeks would have made the difference and it was prudent from an engineering standpoint.

4 Likes

I support the exchanges and innocent return. For Firo’s future.

4 Likes

Great… more power to exchanges for the fear of delisting. Kind of the same as being supportive to banks recieving bailouts. Always starts with a favor for a favor and before you know it, you can remove “de” from the word decentralisation and we are back where we started.

The more you deviate from the path you decided to follow, the harder it is to find your way back.

4 Likes

I agree with this simplification.

Though this goes against the ethos of cryptocurrency at the end of the day we as a community decide what is acceptable and what is not. Now, this person has acted maliciously at the expense of the project, the community and the exchanges that we form a symbiotic relationship with. I vote for reimbursing the exchanges as this is the ethical thing to do, as well as restore confidence in the project.

Moving forward I think there should be a set of guidelines listed on the Firo website, which details the communities expectations.

3 Likes

It is an easy decision for me, return to the victim which in this case are the exchanges.

4 Likes

I like the direct democracy approach where we put decisions to a vote. I think we really only have one choice and that is to make Binance whole again. A potential de-listing would be catastrophic.

I do wonder what Binance will do with this huge amount of FIRO they receive? Will it simply provide liquidity so users are easily able to buy FIRO, this would be positive or will they sell it for USDC?

Any ideas?

2 Likes

No, they owe customers money. The funds lost are effectively customer’s funds held on binance.

2 Likes

You have yourself commented on there supposedly being MTP implementations on FPGAs. That whole community have an exceptionally shitty reputation. In hindsight, that being out should have escalated this significantly as this is historically what several of those groups love to do.

The low threshold for instantsend comes from network propagation issues something that would otherwise defeat its own purpose.

I understand the rationale behind the delay but when you add the factors that popped up after it was initially decided upon as a course of action, the inflation bug and MTP on hardware, not getting something out was leaving the project exposed.

2 Likes

So they are just passing the buck on this? That is not a credible exchange.