Could CZ have rolled back BTC?

Earlier in May 2019, there was 7,074 BTC worth approx USD$41 million was stolen from Binance.

At the time, the founder of Binance, CZ, made an off-the-cuff remark during a Periscope livestream about rolling back the Bitcoin blockchain to revert the hack:

He later tried to save face and changed his tune, but the fact of the matter is that when 41 million bucks is at stake, all bets are off. I hypothesize it would have been doable to get 4x pools to work together to undo the transaction, even playing catch-up to the tune of 12 hours.

So I’m writing this article, thanks to Peter McCormack, who has it out for ETH for some reason:

Now I’m more of a BTC fan than an ETH fan, but I’m also a realist. Despite the fact I vehemently disagree that ETH rolled back the DAO fork, I’m also aware that this could have potentially happened with BTC (in a number of ways).

So what I’m going to look at is miner collusion and how this would have been possible.

So what would happen if somebody tried to pay off 51% of the network to roll back a transaction?

This isn’t something many people like to talk about, but the math does certainly seem to add up to me to make it viable for CZ / Binance to have paid off some mining pools.

You see, Miners aren’t there to be shining examples of altruism. They’re there to make a profit. They’re not a charity. It costs a metric shitload in electricity every day to run those Bitcoin ASIC miners.

If you’re hypothetically making $100 a day on one network, but then another network is able to offer a sustained significant increase in profits for several days (Say, $200 a day), you would likely take it. If you’re a miner and your base-costs to make that $100 a day are, say, $80 (Power, property rental, employees etc), then you’re profiting $20. If you can mine something else and get $200 a day, then your profit has shot up exponentially from $20 to $120 a day!

Of course if you look at it from a philosophical perspective, “people” would notice which pools were working together on this recreation of the blockchain because they would suddenly stop earning blocks on the mainchain. They would quite probably receive some backlash, but let’s just look at the technicals here.

At the time, 4x pools had approx 59–60% of the network. Unfortuantely I didn’t take a screenshot, but, if you go back and look at the coinbase rewards at the time you can verify this.

So let’s look at it, mainnet with a 12hr headstart. Difficulty had just changed on the 4th of May, 4 days prior, and didn’t change until the 18th of May.

NOTE: Bitcoin hashrate sat around 51 EH/s, being worth approx USD$5,900 at the time (Depending when you looked at it).

How would this all play out?

Well we’d need 4x mining pools to collude, presumably VPN to each other, and start to mine the chain from the block before the 7000 BTC was stolen from Binance.

The main chain would probably be averaging 16 minute blocks now, not 10 minute blocks, and the rollback chain would be averaging 14 minute blocks. The rollback chain also has to catch up approx 72 blocks.

Now also keep in mind that the 4x colluding pools are now also guaranteed the 12.5 BTC per-block, plus the 0.9 -> 1.1 BTC per-block in fees, without having to share them with the other 40% of the network.

So to catch up on approx 72 blocks, it would take a fair bit of time, but seeing as the rollback chain colluders would be producing blocks faster than the mainchain.

Funds stolen at block 575013, so if the rollback miners start from block 575012, while the mainchain is at 575084, let’s work this out:

575012 (14 min blocks) vs 575084 (16 min blocks), is a 2 minute per-block difference.

This means around block 575596, the rollback chain would have overtaken the mainchain. 584 blocks, mining them at 14 minutes per-block (roughly), comes in a little under 6 days.

6 days worth of mining collusion and they’re now the chain with the most work, orphaning off the 41 million dollar transaction completely.

Is it financially worth all the hassle though?

Well, 12.5 BTC per-block, over 584 blocks, is 7300 BTC. Add in the tx-fees of approx 0.9 ->1.1 BTC per-block at the time (1 BTC average) and we’re looking around 7984 BTC.

Now let’s also say that CZ / Binance divided half of that 7074 stolen BTC with the miners (So Binance is now up 20 million bucks), and they’re sitting at 11,521 BTC after 6 days between those 4x pools with ~60% of the hashrate.

That 11,521 BTC is worth approx USD$68 million, split between those 4x colluding pools.

How does this compare vs not rolling back the chain?

Those 4x pools with the majority hashrate would be competing for the main block rewards + mining fees (Which is what actually played out).

Let’s presume they still get 60% of those additional 512 blocks, plus 60% of those original 72 blocks that were mined. That’s approx 350 blocks they would have mined, so 4375 BTC in block rewards, and another ~350 in tx-fees, bringing what they actually received to around 4,725 BTC worth around USD$28 million.

Let’s just repeat that again, for 6 days worth of mining:

68 million vs 28 million

And in doing-so, you ensure that hackers get nothing!

So ask yourself this:

If you and 3x other pools were set to make $28 million (not including your operating / power costs) over 6 days, but you were instead offered $68 million, which would you choose?

Especially if you look at your profit margins, where miners were running around a 2:1 ratio (ballpark) for cost vs profit. That means those miners would have hit the jackpot, making somewhere around a month and a half to two months profit in just 6 days.

Now, because they’re simply re-broadcasting the transactions from the mainchain to their own private chain, there’s nothing stopping them from continuing to receive those tx-fees as they mine their private rollback chain, before re-announcing it to the rest of the world around block 575596.

Seems totally doable to me?

For a bonus USD$40 million, would you do it? Do you think for 40 million over 6 days, somebody else might do it?

This is the importance of having a diverse and decentralized mining distribution. Then, it’s not just 4 pools you would need to get to collude, collaborate and work together, but potentially significantly more entities.

So 4x pools to work together for 6x days to undo a $41 million transaction, worth $68 million to the colluding miners, whereas the Ethereum DAO hack was worth approx USD$50 million in ETH.

Seem close enough?

I write interesting things about cryptocurrency, especially DigiByte