Firo 51% attack post mortem and vote on attackers' funds

Would also like to address some misunderstanding of the situation.

Attacker bought Firo.
Withdrew it to his own address.
Deposited it into Binance.

He then sold this FIRO to other users of Binance.
Remember for every sell there is a buyer.

The attacker withdrew his BTC/USDT/ETH proceeds. Note Binance requires 20 confirmations for deposits of Firo to be recognized and I believe 40 confirmations for proceeds of such deposits to be withdrawn. All these are prudent confirmation times.

Up to this point, nothing wrong has happened. Someone sold Firo using three different KYCed accounts. They all withdrew within limits. Those accounts now had no more money in them.

Now the attacker reveals his longer chain and reverses all his deposit transactions. 300+ blocks worth which is more than a day.

The Firo that was meant to have already been sold to other users now disappears from Binance’s Firo wallet who was holding it on behalf of them. Both users and Binance are the victims here.

It’s easy to retrospectively say, oh Binance should have known about the fake KYC. Well KYC might be legit and purchased and it’s impossible to tell. Many people are willing to sell identities to anonymous people for some money. If you go after them (who are likely ppl with not much money), how do you find the true perpetrator?

Binance SAFU fund afaik are used to address hacks of Binance. This wasn’t really a hack of Binance, this was an attack on a chain. Attacker didn’t circumvent any of Binance’s systems. Just because Binance can ‘afford’ it, I think isn’t the right way to look at it.

However I do agree with @ekatonchiro that Binance should pursue with their own investigation to the fullest extent possible.

The other thing is that people say that attacker did nothing illegal. I would beg to differ.

The 51% attack alone may or may not be illegal. Depends on jurisdiction and may need to be challenged in courts. Are 51% Attacks Illegal? - Restis Law Firm, P.C.

However using it to knowingly defraud an exchange with fake KYC definitely is. You deposited an asset in, you sold it and then took back the asset that you sold. You did this with malicious intent with fake identities. These are clear crimes regardless of how you did it.

The Ethereum DAO hack was different. The DAO had a provision in its terms and conditions that actually said code is law and superseded all else. This meant that the attacker was exercising a feature of the code. This is not the case here which wasn’t just ‘using the code’.

Crimes are defined by their intent and actions. If you do a 51% attack, take over the network and do a double spend but no one is hurt, there is arguably no crime. If you do a 51% attack, but use fake identities to get back an asset you sold, then I would say it’s a crime.

Don’t confuse the 51% attack with what he did on the exchange.

I am biased as hell since I lost a lot of FIRO that I was saving for a long time in a block that got orphaned and my transaction is now unconfirmed. Therefore, I am for a maximum reimbursement to the exchanges.

However I have a question that I would like to ask. Knowing that you will have a serious attention increase and coverage by the biggest crypto exchange, therefore making you an attractive target for any sort of abuse, why did the dev team waited with securing the blockchain with chain locks? I do not care for privacy if the chain is not safe. What were theses 5k+ Master Nodes for if they did not prevent from double spending? In my opinion this is an irresponsible action that resulted in serious loss of this coins’ credibility, real shame. Not to mention many Firo owners, including myself, wondering how much of their lost money will be graciously returned by Binance.

As everybody can see, you withdrew your comment and then tried to make it look as though somebody else did…What’s your motivation for coming to this forum and arguing in bad faith and making up lies? Everybody else is trying to be constructive.

The attacker didn’t play by the rules. He stole funds from binance and its users, I’m pretty sure there are rules against that. If he thinks he has a case he should file a lawsuit, if you believe in his case, you should fund it.

The team has been given a mandate from the community that enabled them to thwart these types of attacks in the early days of lelantus, its well established for anybody who cares to look in the forum.

So based on the vote , lock hacker fund and use it for reimburse exchange voted.

But if the developer itself can’t do it what the point of this vote lol?

Code changes can be done. We just want to make sure it’s what the community wants rather than a unilateral decision.

I’m supporting freezing the attackers funds and using to reimburse the crime victims… Aka the exchange.

Lol I knew someone was going to come up with something stupid like that so I took a SS of it. Screenshot by Lightshot <-- This is what you call “muffling” someone. Then, when I called him out on it, he removed the “flag” or whatever. BTW, I deleted that because IDK if you know this or not, new users are not allowed to “edit” posts. So I deleted it, and added my comment about being the 1st Option 3 voter.

And FYI, the hacker did EVERYTHING by the rules. Period. There is absolutely NOTHING you can say that will change that. Re-orgs are literally a feature built into the protocol. The longest chain is the real chain. Thats how it works. If your funds end up in a chain that is attacked, then it’s YOUR fault for trusting that it was secure, which clearly it’s not. The attacker played by the rules and won, fair and square. Deal with it.

So by most the choice and most voted, there was the most win win solution for longterm

If binance keep decide to freeze customer fund, others exchange will mostly follow binance decision, which roksjsoahdiajdjaidis look not good for community.

And maybi people who fund.get freezed will make a post their story and prevent people to get into firo

Imagine indodax follow binance to freeze their customer fund, whole indodax market which is biggest indonesian exchange market will gone and its not pretty good news.

Worst scenario was delist on several exchange and lose market.

But the decision depends on community itself

Use it to reimburse binance

@zqj0754 thank you for agreeing on my stance

@ feixia xiao thanks for cross-posting my contribution to other Firo discussion platforms

@reuben assuring Binance pursues their duty to have the criminals investigated and hopefully prosecuted is and remains of primary importance. I truly believe that that while the technology behind many bitcoin-derived projects is unstoppable, it needs to seamlessly integrate (over time of course) with the pre-existing world context. This includes that a financial service provider which has its funds stolen entertains a professional and diligent course of action in collaboration with the authorities and the judicial system; as you rightfully say, @reuben, if now time is of the essence given not only the extent, but also the nature of the damage done by the attackers to Binance and its users then let us help them all by releasing the money in that direction, but once again, let us at least put in place a legal control in the form of a traditional (an enforceable by law) contract that when/if Binance should (even over a couple of years if the law is slow) pay back Firo for an amount equal to what they were able to secure back. Helping them now right away is truly the most kind thing to do, but it does not have to necessarily mean that we should now create the chance for Binance to get both the money from the attackers’ frozen wallet and (part of) the funds that they might be able to secure back. If that happens then at the end of the day is the exchange which has pulled the best stunt of all at the end of the aftermath of this terrible 51% attack, by (for now only virtually/nominally) gaining and the double spent Firos and their funds back.
The dev Team has worked really hard for years and now even harder to patch this. In my eyes you are blockchain heroes from a technical point of view and honest to the core, patient and gentle with all the members of the community, old and new, polite and unpolite ones.
Use this which has happened also in your favour please, when you do that you do a favour to us all as a community, and therefore pay Binance back at the beginning or pay Binance back at the end - when does not matter - put put in place a legal control when passing over the money which will guarantee the Firo team gets its share (back) when the due investigation and prosecution is done.
Like you had the swiftyness to freeze the attackers’ funds and not let them go away with doubled money, please do not let Binace do that now or at a late point in time neither. Once again, even though Binance has only been kind to us so far, we all fear that now they have been touched where it hurts (the wallet) they will de-list us and as we all feel it Binance keeps basically the project at gunpoint.
We are in the process of voting, and in the provisional numbers I see as well as in the comments that come with those numbers, makes me deduce the generosity and the kindness of this community has a higher motivator and a more noble drive than just the fear of being delisted. I am not sure for how long the poll will remain open, but I don’t the winning option change to neither B) or C) lets then go as a community for A) but please let us do it in a way that if not now then later we do not let ANYONE get away (directly=attackers or indirectly=Binance) with the gains of this terrible attack.

p.s. out of curiosity and concern: how can it be that we assume the KYC of accounts being able to pipe out millions out of Binance are all fake?!? Is KYC really such a joke?? Why do people have to do that? So that Binance can put a tick on the regulators checklist?
If Binance had been professional they should have checked out the shit out of their top-tier KYCed customers a long time ago for being truthful and complete, and regularly checked that information ever since every year at leas for being up to date. Not professional at all if the best they can let us assume is that “the KYC was fake”.
I’d have preferred a ballsy press release where they said “We have your KYC, and we might not know where you are now, but we know who you are”.

I’ve been following with xzc/firo since 2016, through all the peaks and valleys. For the past 4 years, as we konw the team worked hard but I still hope Reuben and the team could spend more time on marketing and the community future.

I really liked your posts as it shows a lot of thought and effort. There’s one thing that needs to be clarified:

Attacker bought FIRO, and then sold FIRO and got BTC/ETH/USDT proceeds. Everything is legal here. The attacker does have a legal right to the BTC/ETH/USDT.

What isn’t legal is when he reversed the transaction and got the FIRO he sold back but this doesn’t mean the previous transactions were invalid. If I bought a knife from the store and then used it to rob someone, the crime is only the robbing, you can’t say that he stole the knife too.

So I totally agree that Binance does have real causes of action against the perpetrator however the remedy is not the BTC/ETH/USDT proceeds. It’s from the loss suffered from the FIRO that was wrongfully taken/reversed. Binance cannot ask for the BTC/ETH/USDT back, their remedy is to be made whole for the loss suffered whatever form that comes in.

Even if the FIRO is returned, Binance can still claim for losses they suffered. This can be damage to reputation, legal costs and whatever they want to claim subject to proof and it being accepted by the court. But this isn’t the same as seizing the BTC/ETH/USDT which also requires law enforcement.

On top of the civil claim, there’s also criminal liability on the attacker who has clearly performed a crime when defrauding the exchange. This has other penalties and also restitution but if Binance has been made whole, this is of course taken into account. Again this doesn’t really involve the BTC/ETH/USDT here. There’s no Binance windfall.

What we want to do is ensure Binance pursues it as far as possible to prosecute the perpetrators and give perhaps further insight as to how their KYC procedures will be improved (which will be good for them and the entire exchange). KYC requirements evolve according to the circumstances and given the rise in price of BTC and these incidents, it is likely that these should be relooked into though whether that’s something for us to pursue is a separate question.

The freedom of an individual in any enlightened society (including coin based) should extend only so far as not to curtail the freedoms of others within that society; lest they wish to live outside said society or face its judgement. If, however, an individual still chooses to use their freedom to commit actions deemed against the common good (insert “crime/code” here), all the other individuals may likewise choose to use their freedom to eject or otherwise penalize the offending party. For those saying “deal with it”, “deal with that”!

Like similarly alluded to above: If you see someone freely choosing to kick your mum in the teeth in Firotown, you and all of us Firo onlookers can freely choose to intervene or respect the attacker’s freedom to do so unchallenged. Even better, we can currently still “undo” the attack altogether, without retaliatory escalation, despite not being our “fault”! That feels like an advancement in society to me rather than some attempt at conventional centralized control of the masses. I do not think this sets a precedent to suddenly start seizing control of assets on a whim or undermining ownership of keys! There is always some consensus/compromise needed to make any system function. Maintaining the attacker’s individual freedom on this occasion through inaction would ultimately negatively impact the majority (not least of all your mum).

Just because a protocol version doesn’t currently specifically negate a crime, doesn’t make that crime acceptable! Blindly following protocol in the name of immutable decentralized freedom and blockchain integrity without perspective is at best ultimately self-defeating! The concept of what is acceptable in a society of humans has evolved over centuries. Almost all forms of modern governance agree on the most serious of base crimes but they all made amendments along the way to specify what was allowable or not. Whilst I am a strong proponent of the core ideals of blockchain, privacy, choice and freedom, the protocol defining what is allowable has and will undoubtedly continue to evolve over time as each “weakness” or “loophole” is plugged and further “definitions” of what is acceptable are made.

In the meantime, I would think the “spirit of the law” over “letter of the law” is valid until the aspirations of future blockchain governance and implementations are fully realized. If I have understood correctly, locking(burning) the attacker’s funds, “minting” replacements and replacing exchanges’ lost funds, effectively restores balance as if the attack had never occurred. Even the attacker still has his proceeds from the sale of original coins leaving him where he started value-wise (unless Binance gets him but that’s on them).

Irrespective of delisting concerns, I would like to think choosing to make reparations to the exchanges on this occasion naturally feels like both the moral and most beneficial option to most in the Firo society and beyond, thereby still maintaining a decentralized majority consensus…if only in principle for now. Not because it’s our fault (which it isn’t) or fear of Binance but because we can and no one ends up out of pocket; not even the theif! They’ll just have to get more inventive to screw over a society(coin) that resists in future. The fact we could have chosen not to (if indeed this is a community and majority choice) is also enough to retain the distributed sovereignty over any exchange’s potential influences and does not yet equate to centralized control…

…IMO!

Btw the community meeting is now, if anyone has any questions please feel free to drop by to the voice channel. https://discord.gg/D6VEdcsQ

Of course we should vote for not locking attackers’ wallets.
Everything what happened were in open blockchain and that is fully fault of Binance. They made such situation possible

@reuben Thank you for the extensive and detailed clarification. Now I’m 100% convinced that unlocking the attackers’ funds in favour of Binance (and thus also in favour of the Binance users who got duped by the attackers) is the right thing to do.

Also, I am confident that you and the team can find an agreement that is (more than) acceptable.

I hope the majority of the Firo community will have your back. You have my support, and the support of my nodes. Gospeed Firo team!

Ekatonchiro out.

Hello. Long term investor here although I rarely speak up or get involved.

I think some people are confusing the concept of decentralization when they say unlocking the attacker funds is decentralized and reimbursing exchanges is centralized. This is not what decentralization means.
Let’s get back to the basics. Decentralization means:
1: decisions are taken by many people, not a single entity.
2: there’s not a single point of failure.

For example let’s imagine Reuben and Firo team were a hardcore “code is law” type of people and they decided to unlock the attacker funds even though (in this hypothetical case) the vast majority of the community would prefer to keep them locked. Would that be a very decentralized thing to do? I don’t think so.

But they didn’t act that way. They are exposing the situation to the hole community for debate and decision making. And I have to say I’m impressed by how neutral the entire situation has been presented. I’ve been following the attack from the very beginning through the chats and the forum, and I had no idea which was Reuben preferred option until I saw his vote in the poll results.

So I think presenting the situation to the community in a neutral way and take the decision between everyone is the most decentralized way to manage this situation. You really cannot go any more dencentralized than that. And then of course go with whatever most people choose, even if you don’t like it.

You could actually make the argument that in this case, the single point of failure has been the hash rate, and the Firo team + hole community is coming together to try and sort that out to the best of their abilities. This is the power of decentralization.
I have to say I’m really happy with the way all this situation is being handled and it makes me feel good and confident about my investment. Keep up the good work Firo team.

One more thing I wanna say. I think detecting fake KYC accounts is much more difficult than some people believe. Guys, when the account is created and the KYC is passed, it is done by the real person… so he can take selfies, videos, etc. Then some time after, the legit owner of the acount (who is probably broke and don’t have much to lose) goes and sell his Binance account to some anonymous entity. How can you detect this without totally destroying privacy for all users? (like not allowing VPNs etc). This is almost impossible.
So I agree with Reuben when he says Binance didn’t do anything wrong in this specific case.

Anyway… I voted to reimburse exchanges. Not because I’m afraid of delisting, but because I think it’s the right thing to do.

Before Binance (and any other exchanges involved) receive any frozen funds they should agree to do everything they can to resolve the situation, and reimburse their clients that may have lost funds as part of the attack (collateral damage), and attempt to find the perpetrators of the attack - to show that these kinds of actions will not be tolerated.

The intent behind Satoshi’s vision of block chain technology was to create a peer-to-peer electronic cash system not requiring a financial institution or trusted setup.
He did not intend it to be a way for attackers to defraud people by performing double-spends.
He actually spends a lot of time showing calculations proving that attackers would not be able to take over the blockchain unless they had more than half of the processing power, and also have bad dishonest intentions.
Let’s face it - double spending is fraud - whether it’s on a block chain - or in real life - basically - here’s my money - and - oh - here’s my money again … this is against the law in virtually every part of the world and should not be tolerated.

Blockchain technology needs to evolve if it’s going to be accepted in any serious way. Satoshi’s vision is a starting point, not an end result.
For those people who insist that “code is law” - they are entitled to their opinion - it’s obvious that there are some people who are biased towards that way of thinking - these may be people from competing projects, or other people with other agendas, trying to discredit Firo, or may be the attackers themselves trying to manipulate the vote in order to get profit out of their attack.

The people that think “code is law” - maybe it’s better if they just pick a different project to follow - since it seems that most people in the Firo community tend to put decency, fairness, honesty, and honour ahead of blind-faith in a “code is law” mentality - and the Firo community does not have any respect for scammers, thieves, or anyone who would attack a block chain or project in this way.
Technology should serve society - technology should not be used as an excuse to allow or justify bad people doing bad things. The Firo community believes that privacy should be a human right - and I would suggest that security should be included in that as well.

It’s obviously unfortunate that chain locks could not be implemented prior to this attack. The reasoning behind not rolling out too many changes at the same time makes sense - since too many things changing at the same time would create a harder time to resolve issues that occur - and the team did look at the potential risk and it was low at the time of the decision.

There have been - and will continue to be - growing pains in block chain development - but the evolution needs to aim for the best version of itself.
In this case is was necessary for the team to intervene because of some bad actors doing bad things. Some may think that - oh - that’s the way it works - and it’s only the exchanges that get hurt - well - that’s not true - there is collateral damage and other people have been hurt and everyone in the Firo community has been impacted and inconvenienced.

We have to give the team a lot of credit for reacting to this situation as quickly as they did - especially since they were able to freeze the Firo that was used in the attack.
Most projects that have had 51% attacks have not been able to retrieve any funds from the attack - and in that case we would not be having this vote since there would be no funds to repatriate to the victims (Exchanges and clients).

Firo is in an evolutionary state - and is developing some of the best privacy technology in the crypto space - there will be growing pains - but we need to evolve our thinking while the technology evolves and matures.

If you haven’t guessed by now - my vote is option 1 - Keep attackers’ funds locked and use it to reimburse exchanges.