|
After 7,000 BTC were stolen from Binance's hot wallet by hackers, Binance CEO Zhao Changpeng said in a live Q&A yesterday that the team was considering the suggestion of Jeremy Rubin, co-founder of the MIT digital currency project, to recover some funds through block reorganization. However, he soon announced that he would not adopt the block reorganization method, but it still caused great controversy in the Bitcoin community. He himself explained the matter again on Twitter last night, saying that Binance had no intention of reorganizing the blocks and it was impossible to do so.
As discussed in the screenshot below, Adam believes that reorganization will not happen, while Ari says that reorganization is only possible if incentives are in place. So can block reorganization be implemented?
A simple model
Let’s assume a very simple model where 100% of the hashrate is willing to help Binance. This is also the easiest model to analyze. We assume that Binance has established a relationship with each mining pool (unlikely in reality), agrees on compensation for each miner (possible for some miners), and reaches consensus. We assume for the moment that no one disagrees (highly unlikely in reality), and that no one will set up an alternative mining pool to mine the longer chain.
First, let’s look at what a reasonable amount to compensate miners would be. If a miner has 10% of the network hashrate, and the reorg begins 100 blocks after the attack, that miner would need to give up 10 blocks of rewards, or 125 BTC in block rewards plus fees. You might think that in the reorged chain, they would receive about 10% of the block rewards, so this would offset, but this is not the case. They could have earned 10% of the block rewards by mining the original chain during this time, which means they would lose 125 BTC by helping Binance. Therefore, they need to be compensated. In this model, assuming 0.5 BTC in transaction fees per block, the total compensation would be 130 BTC.
This is not full compensation, there is also a risk premium. If no one but this miner chooses Binance's reorg chain, then they have wasted computing power that could have been put into the original chain. If the miner's efforts are unsuccessful, Binance will have to agree to either compensate for this risk or be responsible for this part of the wasted computing power. This is actually a large part of the compensation, but this article will ignore it for now.
So if Binance starts trying to reorganize 100 blocks after the hack, they would essentially need to pay at least 1300 BTC to recover 7000 BTC, netting 5700 BTC. From Binance’s perspective, you could consider this an ideal situation since they would be able to recover most of their funds.
What are the consequences of a situation like this? The most obvious is that something like this would prove that Bitcoin is centralized, because if Binance can force a 100 block reorganization, then any sufficiently large entity can do the same. There will be many attempts at double spending, and anyone transacting during those 100 blocks will be affected. In fact, it is possible that an attacker could steal funds from exchanges in the form of double spends that could be even larger than the original 7,000 BTC! Everyone transacting on the Bitcoin network would be severely disrupted, as everyone would likely have to confirm their transactions 3-6 times.
In other words, exchanges, merchants, and users will all be in a mess. Worse, they must bear the risk and consequences of double spending. Therefore, block reorganization is extremely unlikely because in this case almost everyone is right.
A more controversial choice
That's the fork. Since there are 100 blocks to reorganize, meaning the original chain is 100 blocks ahead, a fork with 55% of the hashrate would take an average of 1000 blocks (about 2 weeks in this case) to become the longest chain. The variance (variability) in this is also quite high, with variances of 500 or 1500 blocks being quite common in this case. Even with 99% of the hashrate, it would take 101 blocks (about 20 hours) to become the long chain.
But this assumes that every miner stays the same all the time. In fact, in this case, both sides want to attract miners from the other side. The original chain has the advantage because it has a 100-block lead at the beginning.
On the side of the original chain are exchanges, merchants, and users who don't want a 100+ block reorganization to happen. They are all likely to compensate the miners on the original chain. They can do this fairly easily: make a transaction on the original chain and set a relatively high transaction fee. If the transaction fee on the original chain is high enough, many miners will want to switch sides. It is worth pointing out that there is one specific user on the original chain, and that is the attacker. They are also willing to subsidize the miners on the original chain, after all, they don't want to lose everything.
The competitor of the original chain is Binance. They must defeat these exchanges, merchants, users and even attackers to get a longer chain. The hacker got 7,000 Bitcoin from Binance, so they are willing to spend at most this much to subsidize the miners on the original chain. Binance's expenses will include 1,300 BTC + the money the hacker is willing to subsidize + the expenses of exchanges/merchants/users. Obviously, from an economic point of view, such a fork is also meaningless for Binance.
in conclusion
The actual situation is certainly more complicated, after all, there are still a large number of offline mining equipment, but all of these are very easy to analyze. In general, the block reorganization is not worth the loss for Binance.
Just like lawyers benefit in a long-running lawsuit, the only ones who benefit in a block reorganization are miners. Money flows from the disputed transaction (Binance or the hacker) to the miners. Deep down, this is the design goal of the Bitcoin protocol, that it is very expensive to change a transaction.
This is why even after a massive theft, people don’t try to reorganize. Reorganizations cost the hacker money, but hurt everyone else. |
