Skip to navigationSkip to content
PRIVATE KEY

Bitcoin can turn back the clock to undo catastrophic hacks—but should it?

Should crypto exchanges undo hacks?
Reuters/Darrin Zammit Lupi
Funds are SAFU.
  • Matthew De Silva
By Matthew De Silva

Tech reporter

Published This article is more than 2 years old.

Hackers stole more than $40 million of bitcoin from Binance, a popular cryptocurrency exchange, the company said Tuesday. The burglars “used a variety of techniques, including phishing, viruses and other attacks” to pilfer 7,000 bitcoins. Each coin currently trades for $5,900.

Binance promised to cover the losses using an emergency reserve, its Secure Asset Fund for Users, commonly referred to as “SAFU,” and the exchange is conducting a one-week review of its security standards. In the meantime, the exchange has disabled deposits and withdrawals, but trading itself will continue. “We beg for your understanding in this difficult situation,” Changpeng Zhao, Binance’s CEO, wrote in a blog post.

Massive heists are common in the digital currency universe, but Binance’s initial reaction to the theft was to consider a novel solution, which drew condemnation from many in the crypto community. At the suggestion of developers, including Jeremy Rubin, a programmer who has contributed to bitcoin’s open-source development, Binance briefly considered asking bitcoin miners—the people who confirm the network’s transactions—to roll back the theft.

If miners reached a consensus, they could have adopted a new version of bitcoin, effectively erasing the theft from history. Because miners are responsible for processing transactions, they—and not the owners of bitcoin—are in control and can show their support for a new (or revised) network by dedicating their computing power to processing transactions for it. Theoretically, rolling back the transactions could have made Binance whole. In fact, it may have been possible to accomplish this without affecting others who placed trades during the same time frame.

However, a contingent of the bitcoin community argued that undoing the theft would have called into question the network’s immutability, the notion that all bitcoin transactions are final. When a person submits a transaction to the network, they expect that the transfer is definite and reliable. That’s what has made bitcoin (somewhat) viable as a currency.

This concept of “immutability” isn’t what it seems though, because the maintainers of a crypto network can rewrite history—they just need to convince enough people that the new chain is recognized as the legitimate version. But getting other people on board with their version of events can be difficult. If there are holdouts, then a cryptocurrency can split in two. That’s similar to what happened to ethereum, the second largest cryptocurrency network, in 2016. The network split into ethereum classic (the original blockchain) and ethereum (really, the new ethereum). Today, ethereum classic is essentially worthless—its associated tokens are worth just $630 million, compared to $17.9 billion for ether, the native currency of the legitimate network. To be clear, when a network splits, users end up with coins on both networks. It’s almost like copying a Word Document, and making changes to one version.

Splitting networks, especially large ones, is a highly contentious event. There are huge amounts of money on the line, and splits require large-scale coordination from miners across the world. These are decisions that can’t be taken lightly, so Binance decided to eat the loss rather than risk damaging bitcoin’s price and reputation.

Although Binance decided not to pursue the difficult task of rolling back the hack, the last 48 hours have once again demonstrated that exchanges—no matter what precautions they take—are vulnerable. Without Binance’s reserve, its users may have been forced to eat the losses themselves.

What’s bizarre about this situation is while there is a way to fix it, the Binance hack seemingly wasn’t large to warrant corrective action. At some point, though, a hack affecting thousands of users will probably occur. The bitcoin community would be smart to establish a process for dealing with a catastrophic exchange hack before it happens again, Rubin noted on Twitter.

With  government-backed currencies like the US dollar, there are ways for financial institutions and the nation to address hacks and theft. Accounts covered by the Federal Deposit Insurance Corporation, for example, are insured up to $250,000, in case a bank or savings association fails. Cryptocurrencies lack that assurance, but block reorganizations—the ability to rewrite history—could offer a unique solution to improve faith in bitcoin.

🔑🔑🔑

WHAT YOU NEED TO KNOW—AND WHY

Facebook’s crypto initiative is called “Project Libra.” The company behind the social network has engaged with “dozens of financial firms and online merchants” about its highly-secretive crypto project, according to the Wall Street Journal. It appears Facebook may try to reduce fees—often 2% to 3%—charged by banks, payments processors, and payments networks, such as MasterCard. Users may also be rewarded with crypto tokens for watching ads on the site. In December, Bloomberg reported that Facebook was developing a “stablecoin”—a cryptocurrency with a standardized price—for transfers on WhatsApp. As information trickles out, the company has reportedly hired Christian Catalini, a professor of technological innovation, entrepreneurship, and strategic management at MIT.

Takeaway: Facebook’s drive into payments is obvious, but its strategy is opaque as ever. As Facebook contends with a declining user base and PR nightmares, including security lapses, a pivot to financial services could give the company new life.  ➡️

Please send news, tips, and reorganization proposals to privatekey@qz.com. Today’s Private Key was written by Matthew De Silva, and edited by Oliver Staley. The young man knows the rules but the old man knows the exceptions.

📬 Need to Know: Davos

A daily dispatch from the annual meeting of the World Economic Forum.

By providing your email, you agree to the Quartz Privacy Policy.