What is missing from the whole debate is that either way, code is still law.
The Asshat knew about the privacy features but did not use them so it was to some extent and at some level ok with getting caught. It did not get to the level of being able to pull something like this off without also really knowing how trivial it really is to blacklist a public address. So whether remorse or arrogance led to the fizzle, it does not really matter.
So, you can make the argument that either way, code is law.
Should Binance commit publicly to really going after whoever pulled this off? "Hell, yes, a private agreement with a team is not really a suitable remedy for this kind of situation as it will leave the team open to all kinds of crap accusations they will be bound not to deal with.
Getting the funds back to the users is the only right thing to do. However, this can not come at the price of some semi toxic private agreement/commitment that leaves a cloud hanging over the project and the exchange. Not in my opinion.
I vote for leaving coins to attacker. Let me explain why.
Lets look here Tech
We can see “Privacy is about staying one step ahead. The team behind Firo is responsible for some of the most significant blockchain privacy protocols on record, and all that tech is distilled into Firo.”
If developers will refund coins to binance or keep blocked one of the wallet, that will mean that all the technology described above cost nothing. That will make very hard damage to the Firo blockchain
I don’t think it’s the same thing. Bailouts involve tax payer dollars (which you and I would pay for). This situation involves giving back what a thief took to the original owners.
It’s very hard to decide, but if we take our emotions away and think, we have the following picture :
Attacker mined his blocks not violating any consensus rules.
Actually, I think it was fault of Binance ( not enough confirmations) and Firo team ( only after the attack the team implemented defense, although they could have done it earlier).
Therefore, it is quite obvious to me that censorship / blacklisting / centralization / blocking of funds is unacceptable and will destroy the firo reputationally. No one will ever come to this project with serious money, realizing that developers can block anyone’s coins. Today you may have some motives, tomorrow others.
Code is law. The longest chain is true chain. What happened on blockchain can’t be changed manually when somebody wish. It’s a principle number 1.
As I said, the miner which presented the longest chain didn’t violate any consensus rules. So now its up to Binance to take legal actions against this miner in real world, but this event should not in any way affect the integrity of the Firo blockchain and, in general, the very fact of discussing the essence of the introduction of censorship is not appropriate. I strongly believe that no actions should be taken, no addresses or funds should be blacklisted/ blocked ( because it is a pure censorship and centralization, ) Firo team just need to implement ChainLocks. I give my vote against any centralization or censorship.
However, the starting rules of the game cannot be changed.
Binance should increase the number of withdrawal confirmation.
Developers should implement chainlock
Attacker should keep the coins
I vote for 3, that will be fair according to everyone. Because everyone who play with POW cryptocurrencies should know about the possibility of 51% attack
Again you guys keep confusing the concepts of decentralization, immutability and censorship. These 3 are different concepts.
A blockchain can be immutable and at the same time the project be centralized, while another different blockchain could be flexible in its consensus rules (not immutable) and be very decentralized at the same time. If you guys don’t understand this, it’s probably because you only know bitcoin and bitcoin is both immutable and decentralized, so you automatically associate both concepts in your mind. But these 2 concepts are different and they don’t have to go always together.
To understand this better, let’s imagine bitcoin suffers a terrible inflation bug and someone exploits this to create another 21 million coins from thin air. Now let’s imagine 99%+ of the entire community wants to reverse the chain to get rid for these coins and leave everything the way it was before the bug. However 3 huge mining pools that have 60% of the hash power decide having an immutable ledger is more important and they will not change anything. Now bitcoin keeps having an immutable ledger, but the project suddenly becomes centralized. Why? Because now suddenly the vast majority of the people involved in the project doesn’t want an immutable ledger anymore.
If there’s a community vote in which most people choose to reimburse exchanges. Then OK you can accuse Firo to not be an immutable ledger anymore. OK you could even make the argument that there’s being some censorship (although in this case it’s a 51% attacker and a thief the one being censored). But you can never, never accuse the project of being centralized. If you do, I’m sorry you’re just confusing the concepts.
Personally I love cryptocurrencies because they are extremely efficient, private, and decentralized. Immutability is generally a good thing but honestly for me immutability is not THAT important, at least not when it comes to hacks, bugs, and 51% attacks.
If once in a while decentralization and immutability goes one against the other, like it’s happening right now, for me decentralization is more important.
It is the privacy aspect of Firo that drew me in. That is where its value and utility lies. Sort out this attack (in my case vote for option 1) and anyone who gives a damn about privacy is going to be unfazed by this delay.
.
The fact that they didn’t use Lelantus should be very concerning to everyone.
Why I think it’s extremely unlikely this attacker did not know how to use Lelantus: (besides Google is a thing wtf)
The attacker
Has the wealth and/or knowledge and or access to obtain millions of dollars of FIRO (negative profit at this point in the attack)
Exchanges FIRO for now easily traceable crypto (slight loss or gain in profit of attack and now under investigation)
Obtains absurd amount of mining power to perform 51% attack (negatively impacting profit of attack)
Steals millions of dollars worth of FIRO with 51% attack (much more difficult to pull off than googling “how to use FIRO Lelantus”) (likely profitable for the first time of the attack)
Does NOTHING to secure profit, allows stolen FIRO to be frozen, places themselves on watch list of other exchanged cryptos
I find it extremely unlikely that someone with enough money and technical skills to perform a 51% attack was not smart enough to use a wallet with Lelantus.
I believe they intentionally allowed the coins to be frozen.
They started an investigation on themselves by performing a globally public attack and chose not to secure the BOUNTY of the attack and now have multiple other crypto’s to try and evade investigation on.
If the attacker chose to let the coins get frozen, I believe it’s because they believe that they will get to keep the FIRO legally, for example the coins being returned to Binance or some other party that may receive the FIRO.
If I am to believe it was someone simply trying to tarnish the name of FIRO, then I am to believe they hated FIRO so much that they would risk being UNDER INVESTIGATION and SPEND MONEY attacking FIRO with likely no profit. They chose not to further tarnish the name of FIRO by using Lelantus and keeping the stolen FIRO to fund their new life mission: evade investigation of and capture by authorities.
That’s extreme hate and unlikely.
If the attacker knew how to use Lenantus and FIRO was attacked for profit, the attacker is in a position to profit from the legal possession of the stolen FIRO.
Thinking out loud.
I’m an ignorant person. Please correct anything I mis stated.
I am very far from certain the Binance will be willing to pursue this. This may really be the main reason for the asshat in question to not have used lelantus.
Agree with you that attacker spent a lot of money to do that. And that is confusing why they did not use Lelantus. I am absolutely sure that which such skill and possibilities they knew about that. But I have another idea about the nature of such operation. You are saying about trying to tarnish the name of FIRO. But what if they just wanted to show the problems in exchange risk management and FIRO blockchain? I think that the reason was a trying to make FIRO better.
We should thank the attacker for that lesson. In the reality that is not so big losses for such promissing project as FIRO. That will make the FIRO much stronger in future.
I vote for 3
Switch on your brain and think without emotions.
Attackers deliberately left the possibility for the developers to lock the coins. Nobody knows the real reason of doing that
What is worth noting that after the attack and after we had disabled Lelantus, there were attempts to move it. The guy was determined enough to move it that he again turned on his hashpower to try make it happen.
In doing so he also exposed many trails to other addresses so it’s incredibly sloppy. I can’t reveal more but we’ve been making headway in identifying the attacker.
Remember a 51% attack is not rocket science compared to exploiting a cryptographic flaw.
The Code is the Law. We cannot interfere in work of the blockchain and decide the fate of someone’s addresses in the blockchain and its coins. There is no moral issue here. This is a problem purely for Binance and its relationship with its clients, as well as the miner who presented the longest chain.
Charlie Lee, creator of popular altcoin Litecoin, posted on his Twitter explaining: “By definition, a decentralized cryptocurrency must be susceptible to 51% attacks whether by hash rate, stake, and/or other permissionlessly-acquirable resources. If a crypto can’t be 51% attacked, it is permissioned and centralized.”
The reason why a decentralised system needs to be susceptible to a 51% attack is because Proof-of-Work (PoW) consensus algorithms have the inherent flaw for a 51% attack to occur. If they were completely protected against such an attack, they would be controlled and centralised.
I totally agree with him. Firo team just needs to make this project better and more secure, implement necessary solutions, but without discussed censorship.
I understand Binance’s situation, but any favors and exceptions will play a very cruel joke in the future. The Firo team and their decentralized project should not in any way solve the problem of financial relationships between some exchanges and their clients. They should never be in any truly decentralized project. There should only be cold calculation.
