From the Bitcoin CVE-2018-17144 incident in August that happened to Firo, we have made good progress in recovering a substantial amount (6 figures FIRO) from the amount sent to exchanges. As it isn’t 100% final but may happen soonish, I wanted to ensure the community has a chance to weigh in.
In short, a bug from the CVE allowed a rogue miner to create additional coins on 14 August 2020 and while mostly mitigated, some still hit the exchanges before we could lock it. This was fully disclosed and made public on our blog immediately when discovered and the market has already absorbed and priced this in.
In the disclosure we also mentioned that we were requesting for the additional coins to be burnt from the supply. The exchange returning to us the funds has mentioned that they do not care if we burn it or not but we did inform them we intended to burn it.
Total forged amount: 384,400.82
Forged amount identified as being sent to Exchanges: 161,664.24
Other unaccounted: 49,466.72
Total locked in code: 173,269.86
Figures are rounded up to 2 decimal points.
What should we do with the recovered funds?
Destroy it, they shouldn’t have existed
Dedicate it to the general dev fund
Dedicate it to a community fund to be used for CCS proposals
Use it as inventory to provide liquidity on exchanges
I have a very strong opinion on this. The funds should not have existed and therefore we should destroy them by sending it to a burner address.
This sends a very strong message that we take our total supply seriously and that the team did not benefit in anyway from the exploit.
While the funds could have been used for development or other worthy causes, I think we need to think of the bigger picture and restore confidence that we are here to stay and not here to enrich the development team.
This in my opinion would lead to greater trust in our project rather than any short term benefit the funds would give us and would also prevent these funds from exerting any negative pressure on the market.
Any other option raises doubts and I rather make do with the funds we already have then benefit from a hack.
What we do here sets a very important precedent as well for the future of Firo.
If there is an opportunity to be seized here, it is the opportunity to publicly and openly make the choice to burn them as if it were no choice at all.
There is a popular fiction in crypto that software can solve all problems. But the greatest problems in cryptocurrency (as in money and politics) are social, not technical.
The hack itself is a technical problem with a clear technical solution, and Firo has taken admirable steps to address this already. The last step is perhaps the most important.
Burning the coins will restore trust and confidence in the firo team/project and avoid any unnecessary deflationary deleveraging. This will be a new chapter for firo with the much anticipated Lelantus in the corner. Privacy is here to stay and this year will be a flawless one with so much hard lessons learned. It is just a matter of time until all the efforts, the halving, the rebranding, and Lelantus reflect the true value of firo! All it takes is just to believe in your goals…
It was not suppose to exist the first place so it make sense to burn it. It doesn’t belong to anyone to be used.
Even if the community were to say to use it for funding development, It would leave a bad taste in the project. Bugs do exist in tech (in general) but how the team handles it will dictates the name, trust and future of the project.
Anyone who knows this project and its team is well aware that ethics play a large part in all the decisions they make. It is not surprising therefore to see that it attracts community members who share their values. The strong consensus that the hacked coins should be burned is entirely logical and fair as they should never have existed in the first place.
More confirmation, If any were necessary, that you are in the right place if you want to use a currency which is managed transparently and which has a trustworthy team and community overseeing its development
I agree that the coins should be burned. It is on brand with the honesty and transparency of the team. They didn’t exist in the first place to be used and protecting the integrity of the system for the long term outweighs the short term benefits.
This project is by far the most ethical and honest I’ve seen in crypto. I voted for burn as well because I think that’s the better decision but overall it’s not an easy decision and I have a few more thoughts to share…
While I understand how people can think this, it’s factually untrue that the development team is here to enrich themselves with Firo. The facts are that the team is paid in Firo, and many cuts and adjustments have been made by the team over the past couple years to ensure that development can continue. As well, there’s an upper limit cap to ensure dev funding doesn’t go beyond a modest value. I believe Reuben & team have done an excellent job of balancing the budget, minimizing the impact of the exploit, innovating, and leading Firo. I hope that instills trust in the team for folks learning about Firo, the team is not all talk, they put thoughtful action behind it… always.
Development, Exchange, and Marketing requests don’t come cheap. The other point that I want to share among the community is that when the development team has extra funding, more can be accomplished until there’s a community groundswell of viral support for Firo’s amazing tech. We all win when we can do more… and for those reasons it was a hard choice for me between Burn and Invest. My hope is that with the burn, price rebounds some on the news and that gap can be made up with the existing dev funding, burning is better for short term holders and price as well.
Firo is a groundbreaking project for the people that I believe the world will need very soon. I’m looking forward to it being around and healthy for a long time to come.
I’m confused. I am strongly for the destruction and burn and hope the community will agree with me. Not sure how you read my post.
The point is to let the community decide on this as it belongs to the community not the core team or myself.
If I made a unilateral decision and didn’t involve the community, even if I think it’s the right thing to do, some would say I didn’t let the community weigh in.
It’s definitely something to burn, it shouldn’t have existed in the first place. I’m glad you brought it up for discussion as it high lights the importance having a few things we all can agree on lol.
