This was avoidable and not all pow chains have this problem. I mean this with the best intentions, but please consider adding Komodo ‘a Delayed Proof of Work, which notarized to BTC network, effectively inheriting its security. It only costs a few hundred bucks a year, if that. Several projects are using it and have since never been successfully 51% attacked. The devs are standing by to assist with implementation if you want a proven and inexpensive solution. Best wishes! dPow Security Explained : Komodo Platform
1 Like
We should definitely lock the malicious attacker’s fund.
It only makes sense to reimburse the exchanges for this.
2 Likes
This is what chain locks is meant to achieve.
1 Like
Utilizing the attacker’s locked funds would certainly be the better choice. Whether it’s protocol related or in real life, both options pose “moral” delimma. But in IMO whoever committed the “wrong” should suffer the consequence(s) of their action. Sure, it might create precedence on how blockchain works and If the purist would argue that the attacker is entitled to his/her fund, would that mean any crimes committed within the blockchain space “who follow the protocol” can walk away unpunished? Then that’s the same system as what the “centralized” and/or traditional way.
An attack to the network is also an attack to its community. And the community has the power to decide what action(s) should be taken even if it creates an “unwanted” or unusual precedence.
1 Like
The attackers’ illegal actions caused the exchange to lose money. I agree that it is justice to return the coins to the exchange.
3 Likes
I would like to see Binance file a report with their local authorities and see the outcome of that investigation before giving back this FIRO.
What would stop exchanges from double spending themselves and then claiming it was a third party, hoping to be reimbursed. There is huge financial incentive to this.
Let’s say Binance carried this attack out themselves. If the coins were anonymized, there would be no real expectation of them getting reimbursed…
6 Likes
Also, this is why they do KYC, so they can take legal action against the owners of the account. It’s really not our responsibility to make up for their lackluster KYC program or fraud detection systems
1 Like
I completely agree with this logic. If it is clear that those money are stolen and we know from whom, it is moral to give them back to the victim.
2 Likes
use it to reimburse exchanges, its the right thing to do in my opinion.
Impressed by the team’s prompt and professional response to this incident, and particularly by their extensive knowledge of how it fits contextually with the history of crypto and similar incidents.
Crypto is fundamentally a technical effort to automate problems that are historically messy and social.
Crypto is also an empirically iterating software solution. We aren’t out of the woods yet.
A quirk about crypto: it reveals many things in our tech future that are more like our past. For example, for all the advances in tech security, ultimate failsafes remain oldschool (just as ultimate private key generation comes from rolling dice or flipping coins).
Money and consensus remain social phenomena. Crypto is an improving technical tool for their achievement, but it is not purely technical. In cases of theft, the modern solution is the same as the ancient solution: identify the victim and restore what was taken, to the greatest extent it is possible.
8 Likes
I’d vote to give it back to Binance, as I think it’s the right thing to do. It’s their users funds after all.
1 Like
Hi everybody!
I bought my Firos a week ago.
I bought bitcoin, then exchange BTC to Firo.
After getting binance alert about suspending before rebranding, I decide to withdraw my funds from binance.
Then occurs 51% attack. My coins were mined in orphaned block that was reversed.
Transaction will never confirm.
So according to official information blockchain reversed as it was on 18 January.
On 18 of January my fresh-bought zcoins were on binance wallet.
If blockchain reversed to 18 Jan, so my coins should be still on binance wallet, where coins were before attack and before withdraw.
Where my coins and how to get them?
1 Like
I voted for A give to the exchanges bc if Binance delists us we are stuffed. It means relying on Huobi and Bittrex and no-name exchanges to supply liquidity - its a slow spiral into the shit coin abyss from there. But I want to state I’m not a CZ fan and think Binance should take some blame in this considering the customer had 3 KYCd accounts (If I’m reading this right). I mean WTF Binance, criminal whales can get multiple accounts while little fish need to swim the hoops to get 1? Feel free to quote me when you next chat with that prick. Cheers.
2 Likes
I personnally vote for the option A. Whe should use the funds from the attackers to returning them to the exchanges.
But which amount should we return?
If I understood the situation correctly, the exchange is missing coins only because they let the attacker withdraw BTC/ETH/USDT. Should we endorse the reponsability of this? Is it our responsibility to pay for something that is somehow their responsibility?
We need also to consider that by the past, they were always supportive to us. Tell them to eat a loss is to me not an option.
To me, the best solution is to give them back some of the attacker’s coins, but not all. Determine an appropriate amount covering user losses, part of exchange losses. Since most of Firo missing are the attacker’s one, this should help to cover it
This could be the opportunity to rectify our supply in burning all additionnal coin and send them the rest.
1 Like
So as of now the motif of the attacker is still remain to be a question mark for us? We won’t be at this ease should he decided to move the coin with Lelantus and spread it to some addresses to disable tracking, and we will only have two choices; let Binance and Indodax users loose their fund or we (or/and Binance) will cover the loses by distribute it to them gradually. I mean, that’s a valid possibility right?
I believe the funds should be returned. In the moment we intervened. There is no such option “B” or “C”. The true nature of the blockchain is that not entity can control over our funds. In the moment we did intervene it we sort of broke it down but I agree this was the best action to be taken place in this situation. In my opinion there is no more other options. if we decided to keep it, then we are not to different from the hacker basically we’ll be just switching from theft to thefts. While personally I’m not to happy with Binance lately. Yes, they’ve been “supporting to us” but they’ve been doing in under their own terms such the previous hack we had. Yes they did agree on giving the coins back, but they’ve decided to do it in three payments instead, We are still waiting for them to totally support the rebranding to FIRO instead of XCZ, They’ve been massively staking and paying costumers peanuts while also collecting high fees on transactions. But again despite all of that, the right thing here to do is just to give back the coins to them since we have the funds.
2 Likes
Nope the funds are totally locked down. While this is controversial we wanted to allow community to weigh in on what to do, rather than not to have this option at all. Mining pools and exchanges were all informed on this prior to them rolling out.
4 Likes
The right thing to do would be reimbursing Binance. However, it has to be made clear that it is not the project’s fault nor it is Binance’s fault, it is just an unfortunate situation due to the POW consensus. Not happy about the tweet that CZ had tweeted out, it was just a finger pointing tweet without any remorse or attempt to salvage the situation.
However, Firo aka Zcoin has been from day 1, an honest project and has never compromised any values to overstep the community and it has always been community driven. We should do the right thing, and make sure chainlocks will make sure this does not happen ever again.
2 Likes
Hi Folks. I’m always reading that forum and mine XZC.
Never wrote something here. but current situation force me to write something.
- Ofcource, developers should break all the rules what they did at the start of the project and refund the coins to the Binance because all of us afraid of the delisting. In that case nobody can be sure that your coins are in safety.
- Why some people says that coins were stolen? As was described above everything was made according to the rules of blockchain and Binance risk management. No rule was violated.
And one more. Around a year ago I lost my private key because my HDD died. If developers are going to refund coins to Binance, also, please refund my 1000+ XZC on my lost wallet.
3 Likes
Crime should never pay, I am all for confiscation of funds due to their malicious actions and of course any lost funds should be returned to the exchange.
BUT, Who ever this was clearly withdrew more than 2 BTC from Binance so must have gone through KYC. This should not be the end of the matter, maybe use some of those funds to pay the legal fee’s to prosecute the attacker?