After Binance’s 7,000 Bitcoin hack, their CEO, Changpeng Zhao, said they were considering the option of rolling back the hack by reorganizing the chain, but still recognized the “serious consequences”.
— CoinSpice (@CoinSpice) May 8, 2019
CZ said that the idea came from the community since “he did not know [they] could do that”. However, after floating this idea to the community during his AMA, CZ later said that they would not be pursuing the idea further and that, contrary to what was previously said, “it’s not possible”. One of the first individuals to suggest the rollback was Jeremy Ruff and his tweet eludes to heavily incentivizing miners to do the reorg by “reveal[ing] [the] private keys for the hacked coins (or a subset of them)” in order to “coordinate a reorg to undo the theft”.
It's not: rollback of any tx, nor is it reverting funds back to Binance.
— CZ Binance (@cz_binance) May 8, 2019
The discussion of the rollback quickly brought up comparisons to the Ethereum DAO hack and its corrections to mitigate the hack, even though the situations and exact reorg would be a little different. CZ claimed that this particular reorg would only distribute the hacked coins to miners and not reorg transaction data nor revert any funds to Binance.
Vigorous debate about benefits and consequences
No @cz_binance @binance you should NOT rollback the Bitcoin network. Deciding whether or not to destroy the credibility of the Bitcoin network should be a no-brainer. You run a centralized exchange, you got hacked. Clean up your own mess without affecting the entire crypto space
— Heidi (@blockchainchick) May 8, 2019
While the thought was only floated briefly, it set off a vigorous debate on twitter about what can/cannot and should/should not be done in the aftermath of a hack. CZ quickly recognized the benefits of the reorg and described them as 1) being able to get ‘revenge’ on the hackers, 2) deter future hacks, and 3) explore how Bitcoin would handle the situation. However, he also recognized the significant cons since they could 1) damage the credibility of the immutability of Bitcoin and 2) potentially cause a chain split, which “seems to out-weight $40m revenge“.
cons: 1 we may damage credibility of BTC, 2 we may cause a split in both the bitcoin network and community. Both of these damages seems to out-weight $40m revenge. 3 the hackers did demonstrate certain weak points in our design and user confusion, that was not obvious before.
— CZ Binance (@cz_binance) May 8, 2019
Overall, CZ owned up to the error saying that “it is a very expensive lesson”, it is their “responsibility to safe guard user funds”, and that they “should own up [to] it”, and “learn and improve”.
The debate surrounding the reorg issue does bring attention to how well a blockchain’s immutability can stand up to the urge to reorg the chain whenever it suits a certain individual’s wishes. Cryptocurrency is meant to be immutable, but 51% attacks and reorgs are still possible, especially when there is not significant decentralization among a coin’s miners and/or there is the possibility of collusion.
Dash’s ChainLocks could solve immutability problem
Dash is currently testing ChainLocks on testnet, which utilizes Long Living Masternode Quorums (LLMQs) to lock-in the first block published and reject all others at that height. This not only further mitigates 51% attacks without having to rely exclusively on hashing power, but it also helps mitigate attempted rollbacks. Even if there was collusion/incentivizing of miners and masternodes, they still would not have the power to rollback the Dash blockchain once ChainLocks is implemented since they cannot go back and change past block heights. This combined with the fact that Dash is one of the most decentralized coins helps provide assurance that the Dash blockchain can stay immutable and provide confidence to Dash users.