Firo 51% attack post mortem and vote on attackers' funds

I support the confiscation of funds for evil and use them to make up for the losses of the exchange.

You witness a robbery and are able to recover a bag of money while you’re looking at the victim! Do you:

1. Return it to the victim
2. Give it back to the thief
3. Burn it

Easy vote for me. The money was stolen and should be returned to it’s victims. It’s really the innocent users of Binance that ultimately lose out if it’s not returned, as well as the Firo project. Binance has been very good to Firo, starting with a free listing on the exchange, highest liquidity, partnering in recovery of an inflation bug, doing multiple community events for exposure, charity events, and more…

It’s the right thing to do, please return the double spend ill gotten gains to Binance users where they belong. Chainlocks will go a long way to prevent this issue from happening again.

-K

Elsewhere in the forum I have said that although I prize decentralization very much that we should keep the spork to switch off lelantus in it’s first months of activation - reasoning that the would be attempts to hack.
For similar reasons I fully support using the locked funds to reimburse Binance and others. This is the moral choice.

I really like your simplification. It’s clear that they money belong to the exchanges, and it’s the moral thing to do to give it back.

I would like to echo this that Binance has been exemplary in handling matters with us and with the recovery of the inflation bug were very cooperative. A lot of details were shared with us as well on the attack and there was never ‘reimburse or we delist’. It was more of a ‘management may seek compensation’.

Indodax similarly were one of the first exchanges to support us and also the rebrand. Remember, reimbursing Binance might automatically reimburse Indodax too since Binance users might have withdrawn to Indodax.

Time is of the essence here as we want trading to resume asap.

I’d say go for the confiscation. However, this to a very large extent goes against every ethos in blockchain and will cause loss in other ways, particularly in being taken seriously as a privacy protocol. I support it from the moral pow particularly since this was likely someone playing with hardware gaining an unreasonable “hidden” advantage.

The inflation bug introduced an on chain blacklist, something that really shouldn’t happen adding this to the mix and the only right move forward is a swap to get rid of the blacklist and this.

A development team should not have a blacklist regardless of why it may be necessary as a temporary fix for anything other than an emergency bugfix.

This is not an emergency bugfix, it’s sloppy work in not rolling out chainlocks along with the rest of the Dash code ports. That aspect of this is not currently being owned by the team other than comments about irony and I find that disappointing.

Frankly the inept handling of this on the part of the attacker makes one wonder if this was meant as an enrichment attack or if it was meant to put the discussion on FIRO being a credible blockchain/“privacy blockchain” forever to rest. There are other players in the space who will gain from this as this series of actions/reactions seems too predictable for this to have been coincidental.

Chain locks were not rolled out yet as we wanted to get Lelantus out first. LLMQ masternodes was quite a huge upgrade and we were behind on Lelantus. MTP hashrate as you know wasn’t rentable on nicehash and MRR only had a little.

The decision was to roll out Lelantus first, then chainlocks as you know too many moving parts mean more things go wrong. At the time of attack chainlocks was already being tested on our public testnet.

There is a reason why no other masternode coin despite Dash has implemented chainlocks afaik and some even have broken LLMQ implementations that don’t PoSe ban. It isn’t trivial work.

Remember that our masternode implementation doesn’t have their implementation of sporks, governance, superblocks and other aspects that were deliberately left out. This had to be stripped carefully. As we did not have sporks, we also had to implement our own method of transitioning from the old masternode lists to the new deterministic masternode system.

Our devs also have concerns on the reliability of instant send given their low quorum threshold. It should work the vast majority of the time but what happens if it doesn’t or conflicts with a chainlock block? What we did wasn’t a simple port and while on retrospect it might have seen prudent to launch Lelantus with chainlocks, we didn’t think a difference of a few weeks would have made the difference and it was prudent from an engineering standpoint.

I support the exchanges and innocent return. For Firo’s future.

Great… more power to exchanges for the fear of delisting. Kind of the same as being supportive to banks recieving bailouts. Always starts with a favor for a favor and before you know it, you can remove “de” from the word decentralisation and we are back where we started.

The more you deviate from the path you decided to follow, the harder it is to find your way back.

I agree with this simplification.

Though this goes against the ethos of cryptocurrency at the end of the day we as a community decide what is acceptable and what is not. Now, this person has acted maliciously at the expense of the project, the community and the exchanges that we form a symbiotic relationship with. I vote for reimbursing the exchanges as this is the ethical thing to do, as well as restore confidence in the project.

Moving forward I think there should be a set of guidelines listed on the Firo website, which details the communities expectations.

It is an easy decision for me, return to the victim which in this case are the exchanges.

I like the direct democracy approach where we put decisions to a vote. I think we really only have one choice and that is to make Binance whole again. A potential de-listing would be catastrophic.

I do wonder what Binance will do with this huge amount of FIRO they receive? Will it simply provide liquidity so users are easily able to buy FIRO, this would be positive or will they sell it for USDC?

Any ideas?

No, they owe customers money. The funds lost are effectively customer’s funds held on binance.

You have yourself commented on there supposedly being MTP implementations on FPGAs. That whole community have an exceptionally shitty reputation. In hindsight, that being out should have escalated this significantly as this is historically what several of those groups love to do.

The low threshold for instantsend comes from network propagation issues something that would otherwise defeat its own purpose.

I understand the rationale behind the delay but when you add the factors that popped up after it was initially decided upon as a course of action, the inflation bug and MTP on hardware, not getting something out was leaving the project exposed.

So they are just passing the buck on this? That is not a credible exchange.

This was avoidable and not all pow chains have this problem. I mean this with the best intentions, but please consider adding Komodo ‘a Delayed Proof of Work, which notarized to BTC network, effectively inheriting its security. It only costs a few hundred bucks a year, if that. Several projects are using it and have since never been successfully 51% attacked. The devs are standing by to assist with implementation if you want a proven and inexpensive solution. Best wishes! dPow Security Explained : Komodo Platform

We should definitely lock the malicious attacker’s fund.
It only makes sense to reimburse the exchanges for this.