Compared to the adverse effects of restructuring Bitcoin, the loss of 300 million yuan is not a problem at all.

On May 7, after the currency was stolen 7,000 bitcoins, the CEO of Changan Zhao Changpeng announced that it would use the SAFU Fund to fully compensate users for losses.

The positive measures and transparent treatment of the currency security have won unanimous praise from the outside world.

As the world's largest cryptocurrency exchange, the safe bitterness of Bitcoin has once again pushed the security of centralized exchanges to the topic center.

As for the hacking of the exchange, everyone seems to be eccentric, and this time, compared to the event itself, it seems that another issue is more concerned, that is, whether it should be used to recover lost bitcoin.

Zhao Changpeng also said that everyone is more concerned about whether to use the reorganization to recover losses than the heat of the incident itself. This is a bit reversed.

In fact, some of the funds were restored through block reorganization. This initiative was proposed by Jeremy Rubin, co-founder of the MIT Digital Money Program. Although Zhao Changpeng has made it clear that block reorganization will not be used to restore funds, it should not be blocked. The topic of restructuring is still causing huge controversy.

Restructuring means that, after a hacker attack, directly contact the miners who packaged the latest block, and encourage the miners to reorganize the block by funds, thereby erasing the block where the hacker is located from the bitcoin history network.

One view is that reorganization is impossible. Blockstream co-founder Adam Back posted a tweet saying that Bitcoin reorganization will not happen. He believes that any bitcoin field, miners or developers will not consider restructuring. Think of the $473 million loss that Mt. Gox suffered in 2014. In 2016, Bitfinex was attacked, resulting in a loss of $72 million, and the loss of $40 million in 2019, and so on.

However, Ari Paul, co-founder of the encrypted hedge fund BlockTower Capital, disagreed with this view, arguing that it is possible to mobilize the reorganization.

So is it feasible to recover stolen funds through block reorganization?

What is the reorganization of the incentives in place?

At present, the hacker's transaction is included in the block height 575013, and the subsequent blocks are added at this base height.

So far, the block containing the currency hacker money transaction has reached the height of 575,364 blocks.

This means that if you want to recover this money, you must reorganize 351 blocks. Given the huge cost that needs to be paid, basically, we can say that this 7000BTC transaction is difficult to recover.

However, if the response is timely and in a short time after being stolen, is it technically feasible to recover the bitcoin stolen by the hacker through restructuring?

That is to say, in the short period of time, the miners dug out a fork chain and they will have the opportunity to recover the stolen bitcoin losses. This new forked chain eliminates the original transaction containing stolen Bitcoin and its subsequent transactions. As long as the computing power exceeds 51%, it can exceed the original chain at a certain point in time. Once the height wins, all the bits. The coin client will participate in the reorganization.

In the blockchain network, it is not special to reorganize to another fork chain by competing for power. In fact, it is a common method of competition among miners.

However, in the competition, the miners who failed because of the lack of computing power, the losses are heavy, which means that all the coins dug up before are worthless.

According to Bitcoin's longest chain principle, the node always believes that the longest chain is an effective blockchain, so only miners who mine on the longest chain can get an economic reward.

Because of this, for economic reasons, miners always prefer mining on the longest chain, rather than competing power to mine on another new chain.

Because for miners, the cost of competing power to split the original chain is very high.

However, for the currency piracy incident, a possible solution given by netizens is that they can subsidize the miners on the fork chain (they call them “bribery” miners), which is the former Ari Paul. The “incentive reorganization” mentioned can recover the stolen funds when it is prepared and fast.

How to motivate miners?

So, what should be done to mobilize the reorganization in place?

Here, the reorganization of the incentives means that by giving the miners the benefits, the miners are encouraged to dig up a new chain, thus discarding the main chain of hackers who turn away from Bitcoin.

Specifically, once the funds are found to have been stolen by hackers, they should respond quickly and do the following two things:

1. Create a new Bitcoin wallet, transfer some of the funds from the stolen wallet, and publish the transaction on the website. 2, announce the private key of this new bitcoin wallet

It should be noted that the bitcoin in the stolen wallet has long been taken away by the hacker, so the deal has no value at this time. Only when the new forked chain exceeds the power of the original chain and becomes the longest chain, the bitcoin in the stolen wallet will be rolled back to take effect.

In order to restructure, it needs to be returned to the block with the height of 575011 containing the stolen transaction. At this time, knowing the private key of the reward fund address, the miner has the motivation to package the transaction into a new block with a height of 575012. After it takes effect, the reward funds are transferred to their wallet, and the transaction is packaged into a new block to take effect.

It can be said that the disclosure of the private key is equivalent to giving the miner additional benefits.

As long as the value of the bitcoin in the reward address is always greater than the mining income after the high block of 557011, there is always an economic incentive for the miner to provide more computing power and eventually exceed the original chain.

Note that if every miner does not take all the benefits, but leaves enough funds for the next bale miner, it can significantly increase the probability that the bifurcation chain will replace the original chain.

With sufficient economic incentives and appropriate distribution mechanisms, each miner can join at any time and gain economic incentives to quickly form a forked chain alliance.

In the end, when the height of the new chain wins, the longest chain is generated at this time. After the reorganization, in the new longest chain, the money can get the stolen funds left, while the miners participating in the new chain get more bitcoin than normal mining.

Of course, for mines that do not participate in the fork, the losses will be large.

Is reorganization really feasible?

If the currency is to be restructured, how much does it theoretically have to subsidize the miners?

Bitcoin core developer Jimmy Song used the mathematical model to settle the account and concluded that the reorganization is not feasible in the real world.

1. After the coin is stolen, the minimum cost is 58:12.5 BTC = 725 BTC according to the number of blocks added after the stolen transaction as of the time (assuming each miner is in the new chain) Get roughly the same transaction fee, and 100% of miners use this option)

2. If 75% of the miners also use reorganization, then an average of 116 blocks are needed to surpass the current chain. At this time, the currency security needs to compensate about 1450 (116*12.5=1,450) BTCs for the mine work as a reward; similarly, if 60% of the miners agreed to restructure, and an average of 290 blocks are required to surpass the current chain. At this time, the currency needs to compensate about 3,625 (290*12.5=3625) BTCs for the mine work; if 55% of the miners agree to restructure, the average It takes 580 blocks to go beyond the current chain, and the currency security needs to compensate about 7250 BTCs.

3. In reality, 7,000 BTCs are lost. Therefore, at least 55% of the computing power (miners) is required to agree that restructuring is economically feasible. If the number of reorganized blocks exceeds 58, the required computing power is at least 60%; if the number of reorganized blocks is 116, at least 65% of the computing power is required; correspondingly, 174 blocks need at least 70% The calculation power, 232 blocks need at least 75% of the power. Assuming all miners agree to reorganization, the cost will increase rapidly.

4, but for these miners, there are also risk costs, because if this will greatly increase the waste of hash calculations, and these calculations can be effectively used to mine the longer longer chain.

5. Therefore, the currency security also needs to compensate the miner's risk premium, which means that action must be taken before the block 232 is generated. If the reorganization is successful, the money in the hands of the hacker will be given to the miners, and the money will not be recovered.

6, the currency security will be subject to the dual pressure of time and risk, because after the stolen transaction, each new block added, on the new chain side means that at least 12.5 BTC cost to catch up with each other, and the reality In order to quickly coordinate with the existing mining pool (restructuring) is not an easy task. It may take more than a day to reach an agreement alone, which means that you need to pay 144 block costs.

What effect will it have after restructuring?

Even if the block reorganization succeeds, what bad effects will it have?

The most direct impact is that if the currency security is forced to reorganize and recover the stolen Bitcoin, then any other person or organization can follow suit, and there may be more double-flower attacks in the future, which may be much larger than 7,000 BTCs.

What is even worse is that it cannot be falsified as an important feature of Bitcoin. It can be said that its existence is meaningful. Once the reorganization is successful, it will make everyone think that Bitcoin is centralized, not only contrary to the design of Bitcoin by Nakamoto. The initial heart also makes it lose the meaning of its existence.

This will subvert people's perceptions of bitcoin and blockchain. By then, the public, especially the mainstream traditional financial giants, may lose interest in Bitcoin and bring cryptocurrencies back to the dark ages.

CryptoBobby, the cryptocurrency blogger, said sharply, "If Bitcoin becomes tamperable, it is equivalent to spit on your face."

In this regard, Bitcoin Standard author Saifedean Ammous expressed his opposition to this program bluntly on Twitter:

Bitcoin is not a junk coin controlled by five people, nor a central bank controlled by a bank oligarchy. These banks only think for themselves, and Democratic politicians want to be re-elected. Bitcoin is hard currency. There is no salvation and a return.

Michael Novogratz, founder of the famous billionaire Galaxy Digital, said, “In the blockchain field, forks or reorganizations are simply pagans. When Ethereum did this, it was a 5-month-old baby. Now the bit With a market capitalization of $100 billion, the currency is a qualified asset carrier."

Indeed, Bitcoin succeeded not only because it was the earliest cryptocurrency, but because it was truly decentralized. Individuals or a single organization cannot make any decisions for Bitcoin, which is the potential of Bitcoin.

Zhao Changpeng also said to the outside world through Twitter that "it will not roll back because it will have a negative impact on the credibility of the BTC network."

Zhao Changpeng announced on Twitter that he and @JeremyRubin, @_prestwich (former Storj founder), @bcmakes (lightning network company RADARION product manager), @hasufl (independent cryptocurrency researcher), @JihanWu (bit mainland co-founder Wu After the discussion, I decided not to adopt the reorganization plan.

He said that although the use of the reorganization plan will bring a series of benefits: 1. We can 'revenge' the hacker by transferring the cost to the miner; 2. Use this to shock the hacker attacks that may occur in the future; Explore how to deal with hacker attacks in Bitcoin networks.

However, the drawbacks are also obvious, which mainly include:

1. This may undermine the credibility of Bitcoin;

2. We may cause the Bitcoin network and the community to split, compared to the $40 million loss, which is simply not worthwhile;

3. The hacker did show some weaknesses, which was not obvious before;

4. Although this is a very expensive lesson for us, it is still a lesson. It is our responsibility to protect the safety of user funds.

Encrypted community response

Andreas M. Antonopoulos, author of "Proficient Bitcoin," said that the restructuring that was carried out in order to recover the losses of the exchange was like a government bailout implemented by poor bank management. Fortunately, unlike banks, it is difficult to achieve, and it is likely to fail and there will be no bailout. If you have a problem with security, you have to pay the price. (The original meaning of the currency is responsible for its own security problems)

Twitter WhalePanda says:

No one will reorganize the Bitcoin blockchain because of this. 1. Should not be reorganized, we are not Ethereum; 2. 7000 bitcoins are not too much for the currency (if their revenue is true); 3. Playing stupid games will only get stupid rewards.

According to the media's data, according to the profit of $78 million per quarter, the $41.2 million in assets lost by the currency will be able to earn back in about 47 days. For the currency, it is just a piece of cake. .

Pan Zhiyi, the founder of the coin-printing pool, issued a message on Weibo that it is theoretically feasible to restructure the money through reorganization. Technically, the impact of restructuring is more than the effect of soft forks (hard forks). It is much smaller.

Nodes are likely to be divergent, resulting in a hard fork in the whole network. The currency can take back 7,000 bitcoins on the reorganization chain. If the reorganization is successful, the large amount of bitcoin will be sent and received later, at least one day's confirmation number will pass.

Pan Zhiwei on Weibo on the coin reorganization statement screenshot


Coin Security finally decided not to consider using the block reorganization plan to recover funds, and said that the SAFU Fund was used to fully compensate users for losses.

For the currency, it is very wise to make such a decision.

Because if a block reorganization is taken, it is destined to be a battle that is not worth the candle.

Just as a protracted lawsuit is only beneficial to lawyers, the only benefit to the block reorganization plan is the miners, which are not economically rational choices.

In addition, there are many uncontrollable factors in the actual process of block reorganization. For example, there are still many offline mining equipments, and since the currency can encourage miners to dig a new chain, hackers can also obtain miners' support through economic incentives.

More importantly, it will also undermine the credibility of the decentralization of the Bitcoin community. After all, this is the original intention of the Bitcoin protocol.