The Binance Hack Exposes Bitcoin's Reorg Problem

The Binance Hack Exposes Bitcoin's Reorg Problem

. 9 min read

On May 7th, 2019, Binance announced that they had discovered a “large scale security breach” and a “large number of user API keys, 2FA codes, and potentially other info” was compromised. The hackers were able to withdraw 7000 BTC in one transaction.

The total amount of BTC represented 4% of Binance’s total Bitcoin holdings. In the wake of the hack, the exchange announced that they would use the SAFU fund to cover the loss in full and that no user funds would be affected. They also disabled deposits and withdrawals for a week to conduct a security review.

This is the second time that hackers have been able to steal BTC from Binance. In July 2018, the company announced that 7000 BTC had been moved off the exchange and hackers took over customer API’s, dumping huge amounts of Syscoin. In response Binance created the SAFU fund where it keeps 10% of its profits to shore up any security breaches like the one that happened today.

The interesting part of this whole story though is that shortly after the hack, CZ suggested on a livestream that Binance would try and reorg the Bitcoin network to try and recover the funds. Twitter user Jeremy Rubin first suggested that CZ reveal the private keys for the hacked coins or a subset of them to under the theft. Another option would be to “sign batches of txns with the old utxos paying miners with different locktimes to make it a permanent reward to unwind this hack.”

What this means is that Binance would release the private keys of the wallet that contained the 7000 BTC to the public, the miners would then split off from mining the main Bitcoin chain and mine a new chain where the hack did not take place. A split such as this could be considered a “benevolent” 51% attack.

For the reorg to be successful, the hash power of the new chain must be greater than the old chain, but this isn’t the only issue. When the new chain splits, it starts 1 block behind the old chain. Thus, it’s not enough for the new chain to have marginally more hash power, rather, it must be able to sustain the attack long enough to overtake the old chain.

In Binance’s case, they would have to go back more than 1 block. At the time of writing this article, 102 confirmations have already taken place. If Binance wanted to reorg from that block, they would have to overtake the old chain from that block. Current block rewards are 12.5 BTC, and Binance would need to pay the same or more to the miners to incentivize them to reorg. With 75% of the total Bitcoin hash power, it would take them just over 100 blocks to catch up to where the old chain started and another 100+ blocks to overtake the new chain. How fast they catch up is entirely dependent on how much of the total hash power they can lure to the new chain. If they were only able to garner 55%, it would take well over 1000 blocks to catch up, a useless venture.

Binance isn’t the first exchange to explore block reorgs in response to a hack. In 2016 Bitfinex was hacked for more than 120,000 BTC worth $70 million at the time. They considered a block reorg as well, as the stolen Bitcoin could have funded almost a month miner’s fees at the time. It would have been entirely possible for Bitfinex to recoup the funds.

In a free market system, actors are supposed to maximize their returns and reduce the amount of risk they take on. It’s a balancing act, if an actor deviates too far, by taking on too much risk or too little reward, then their actions no longer are worthwhile to continue. For a Binance block reorg, independent miners must choose whether to support the exchange and potentially lose out on mining rewards, or they refuse to take on the risk and continue to mine the established chain.

Incentives provided for by Binance could convince a majority of miners to transfer their hash power to the new chain if the reward was larger, but in doing so they risk two things. First, their endeavour to overtake the old chain might fail, with the costs mounting beyond the amount stolen from the exchange. The hacked coins can only be retrieved if and only if the the new chain overtakes. Once the costs of obtaining the coins no longer is economical, rising operational expenses would force the miners to revert to the old chain, thus forfeiting all potential rewards they might have earned. A risky venture in itself, Binance loses nothing by revealing the private keys of the hacked wallets. If the miners overtake, they payout a portion of the funds to the miners and are returned their coins. Conversely if the miners fail to overtake, then the private keys are useless and will persist as a proof of ownership of the hacked wallet.

The greater risk lies within the narrative created by pursuing this course of action. Once there is a break and the miners drop off to recover Binance’s funds, the veil of immutability is broken. The backlash against CZ after his announcement on Twitter was fast and furious. Hodl boys crawled out of their dens spewing vitriolic messages of heresy. How could you subvert Bitcoin? Don’t you know that this puts the whole of the crypto community at risk? You are not a true believer CZ, get in line!

Much fanfare is giving to BItcoin as it is the oldest public blockchain with over decade of uninterrupted use. Other than a few hiccups, the network has functioned as advertised since Day One. People across the world trust it to hold and transfer enormous sums of wealth. As BItcoin is the top crypto coin, it is the most robust store of wealth. All other altcoins must prove themselves as a long term store of value. Immense trust is laid with Bitcoin as a result.

If Binance were to conduct a white hat attack, the miners would have to decide to support the new chain which has higher rewards or to act altruistically and remain mining the old chain. By joining Binance’s treasure hunt, they weaken the network as a whole, reducing the value of the network and potentially the price of BItcoin. If the public loses trust and begins to sell their holdings, the mining rewards also lose their value. At some point, the growing losses would eventually force the miners to halt mining and turn off their machines. Each miner would have to deeply reflect on the cost basis of supporting CZ’s plan, asking themselves, “Is the recovery of stolen funds worth the reputational risk to the network as a whole?”

All miners have significant Skin-in-the-Game. What used to be a recreational computing task has morphed into a billion dollar business in the creation of hyperspecialized ASIC miners designed for one task alone, to solve each block using the least amount of electricity as possible. Home mining rigs are uncommon nowadays as large scale facilities are built to take advantage of economies of scale and access to power generated at near-zero costs such as hydropower. Capital expenditure for modern facilities can surpass tens of millions of dollars to renovate unused data centers for mining purposes.

Thus, any decision to support a new chain must meet two criteria.

First, the reward for taking part in the treasure hunt must be significantly higher than continuing to mine the old chain. It is not enough to provide the same block rewards as the old chain. Current rewards are 12.5 BTC a block, if the treasure hunt was enacted, I would have to assume the incentives must be 50%+ or greater. Why would any miner split to mine a new chain if the reward was equal to the old chain. There must be a premium in addition to the normal block rewards to ensure any reputational price risk to the price of Bitcoin would be mitigated.

Second, the risk of transferring hash power to the new chain must be near or as close to zero as possible. The gross rewards must be accountable and subject to clear risk hedging. The problem though is that because the risk is in part reputational, there are outcomes at the extremes far worse than anyone could imagine. Taleb calls this type of risk antifragile or long tail risk. It’s the type of risk that we cannot account for in any model, as the unpredictability of outcomes surpasses any rational modes of analysis.

A forced chain split would create factions among the faithful like never seen before. The response to CZ’s post was beyond anything I typically see on Crypto Twitter. Everyone had an opinion on his plan, even myself when writing this article. It shouldn’t come as a surprise, most Bitcoiners beliefs in the network are borderline religious. To suggest disrupting the perceived order of the consensus mechanisms to pursue a free market solution is heresy. Many pitchforks were raised and a few bonfires set alight in the wake of CZ’s tweet highlight these deeply held biases.

In a true free market, altruism should be irrelevant in favor of profit maximization. If the reward provided by Binance is greater than the risk of losing out on block rewards plus the reduction in price per token, then miners should act rationally and switch to the treasure hunt chain. While the treasure and block rewards are quantifiable, price devaluation is an unknown. Typically, traders reduce their risk by hedging when they expect future market volatility. CME futures are the primary means of limiting exposure currently, however, options would provide significantly greater hedging. Unfortunately, a mature options market has not yet been created. If miners could hedge effectively, then it should be possible for them to conduct the treasure hunt.

Another aspect of why the treasure hunt is possible is because of the pools. There are hundreds of thousands of machines competing for mining rewards at any one time. If you were to buy a highly specialized ASIC and simply turn it on to mine solo, your chances of obtaining the block reward would be near zero. This is why most miners band together to form mining pools, which aggregate hash power and split block rewards evenly amongst the pool. The top 5 largest pools currently comprise 61.6% of the total hashpower on the Bitcoin network. Most, if not all of the pools have a good relationship with CZ I assume and in the apology tweet he mentioned Jihan Wu, former CEO of Bitmain, which runs Antpool.

CZ probably has enough political capital to lobby the mining pools to pursue a switch, especially if it meets the profit criteria laid out above. If the top 5 pools could be convinced to switch, I also would assume that other pools would do the same for fear of missing out on the reward. Obviously, there would be many who object to the switch and break off to join pools not aligned with the switch. But outside of the top 5 pools, CZ would only have to convince another 14% to switch chains.

Crypto Twitter’s response to the whole event is indicative though of how the most vocal portion of the crypto community would lead the charge against the benevolent attack. Exploring its ethical implications is interesting, but CZ caved in the end to pressure and most probably to the critics of his plan. Seeds for this call to actions have been planted though. After the next major hack, I would expect a growing chorus of affected voices start calling for rollback actions.