Editors Note: This article comes fromBabbitt InformationEditors Note: This article comes from
Babbitt Information
Babbitt Information
For this reason, Binance had to suspend coin withdrawals for a week to investigate potential security risks in the internal system. This shows that Binance still does not know exactly where the vulnerability occurred and how the hacker succeeded.
technical analysis
At the same time, Binance announced that it will use the security fund SAFU to be fully responsible for user losses. [2]
secondary title
technical analysis
Many blockchain security teams have expressed their analysis views. It is believed that the hackers have patiently infiltrated Binance this time and have already broken into Binances system.
The stolen bitcoins all came from Binance’s hot wallet. There are hundreds of coins left in the hot wallet that have not been transferred, indicating that the hacker has not stolen the private key of the hot wallet.
However, hackers bypassed various verification factors to withdraw coins without triggering any security alerts.
Since the current mainstream digital currency exchanges are all centralized systems, that is to say, once the digital assets of all users are transferred to the exchange account, they are essentially out of the users own control and become assets managed by the exchange. Among all assets, Bitcoin is the most important and needs to be kept carefully.
The usual safekeeping strategy is to put most of the bitcoins in cold wallets, that is, offline wallets, as reserves that are difficult to access. A person or group with a high level of authority is in charge of the private key, and a strict approval process is set up for transfer of funds, such as assets used to replenish hot wallets.
The hot wallet is an online wallet that accepts user deposits and responds to user withdrawals. Regularly or irregularly transfer the excess bitcoins in the hot wallet to the cold wallet for freezing.
Users usually set different security levels and policies according to the amount of coins withdrawn, and correspond to the corresponding review and approval process. In order to protect the private key of the hot wallet, a separate, high-security-level signing machine is usually set up. The transfer transactions that have been reviewed and approved by the online system are sent to the signing machine. After signing, the signing machine returns the signed transaction to the online System, the system broadcasts the transaction to the Bitcoin network to complete the transfer of coins.
The weakness of this process is that it may not be able to distinguish between the normal withdrawal and transfer transactions of normal users and the withdrawal and transfer transactions initiated by hackers after hacking into the system, so that it can be issued without thinking, and the coins in the hot wallet will be transferred to the hackers designation. in the address.
The highly simplified security architecture of this centralized system is roughly as follows:
Extranet (Internet)<--(Security Line 1)--Frontend Machine (FE) <--(Security Line 2)--Data and Service Cluster<--(Security Line 3)--Signature Machine
In the second layer of defense, you need to pay attention to various injections and infiltrations, leaking secret data stored on the server, such as API keys, user passwords, etc.
The third layer of defense is specially designed for the blockchain system, mainly to further protect the security of the private key. Here, the exposure of the signature machine should be minimized, the network should be isolated, and even manual operation should be introduced to fully isolate the private key and the network.
In this Binance theft incident, hackers successfully broke through the first two lines of defense, cheated the third line of defense, and successfully stole the coins.
secondary title
Another setback
Later, a speech by Binance founder CZ (Changpeng Zhao) on twitter caused a more heated topic than this theft: deep reorganization of the Bitcoin blockchain.
CZ said this: After discussing with various parties, including Jeremy Rubin, _prestwich, bcmakes, hasufl, JihanWu (Wu Jihan, the founder of Bitmain), we decided [not] to seek a solution to reorganize the blockchain. Consider the following:
The benefits are: 1. We can revenge the hackers and transfer the coins to the miners; 2. Deter the hackers from getting too far; 3. Explore how the Bitcoin network can deal with such problems.
The disadvantages are: 1. We may destroy the trustworthiness of Bitcoin; 2. We may cause a split in the Bitcoin network and community, which will cause more damage than $40 million; 3. Hackers have shown our Certain weaknesses in system design and confusing user experience issues that were previously unknown to us; 4. Although expensive for us, this was a lesson and we have a responsibility to protect users funds. [3]
What CZ didnt expect was that he put this idea (CZ later clarified that the idea started with Jeremy Rubin, not his own idea) into action (began to discuss the feasibility), which would trigger heated discussions in the community. Even Vitalik Buterin, the founder of Ethereum, and Jimmy Song, the core developer of Bitcoin, came out to express their opposition.
Emotional: Vitalik showed his own experience and told how he used the community influence and appeal of the founder of Ethereum to mobilize the community to hard fork Ethereum during the Ethereum DAO hacking incident and recovered the Ethereum stolen by the hackers. However, it caused the Ethereum community to split forever into ETH (Ethereum) and ETC (Ethereum Classic). More importantly, this incident and the way it was handled dealt a huge blow to the credibility of the Ethereum blockchain, making many Humans no longer see it as a durable, irreversible, reliable store of value. [4]
If the sum of all possible losses is higher than the compensation given by Binance, rational and selfish miners will not help Binance, but will continue to mine the original chain. The compensation that Binance can give is capped, and the upper limit is the more than 7,000 coins it has stolen; while the loss of miners will increase with the passage of time and the extension of the original chain without a cap, and once there is a promise to support Binance The temporary change of miners will further increase the losses of miners who continue to support Binance. When the compensation cost that the joint miners need to pay exceeds the benefits that can be reaped, which is more than 7,000 coins, it does not make any economic sense to do this. [5]
Many people said that it was shocking that CZ just considered the possibility of a deep restructuring. Some netizens replied to CZ, pointing out sharply that perhaps it would be more appropriate to change decide not to recognize that it is impossible.
Afterwards, CZ tweeted that it is impossible to do this, and the Bitcoin ledger is the most tamper-proof ledger on this Odaily.
thriving
The truth is that since the No. 7 Binance theft incident, Bitcoin has been rising all the way. From about US$5,800 at the beginning of the incident to about US$6,300 as of this writing, the cumulative increase has risen by 8.6%! [6]
Figure: coinmarketcap
text
There was neither a sharp drop in Bitcoin security due to public panic, nor a sharp drop in the market due to hackers selling. It was completely beyond the expectations of some analysts who shouted in the currency media, and of course it also bankrupted some conspiracy theories that rumored that Binance was short.
text
Bitcoin’s ability to absorb this black swan event without changing its face not only shows that the masses have been able to correctly distinguish between the security of Bitcoin and the security of exchanges, but also further strengthens the public’s awareness of the “safety” of Bitcoin: Even such a rich, powerful and political leader in the currency circle like CZ, even for legitimate and moral reasons such as recovering stolen money, cant reverse the Bitcoin by artificially manipulating the Bitcoin blockchain. currency ledger, so as to seek recovery and compensation for its own interests.
All technologies in human history, including centralized Internet technology, are under the control of human power and will, and all belong to humanity. Therefore, these technologies have enhanced the productivity of all mankind, and at the same time enhanced the Matthew effect. According to statistics from the World Bank, since the 19th century, income inequality and the gap between rich and poor have continued to increase worldwide. Why? Friends who have read the 996 Economics [7] I wrote before can understand that power means rent, and rent can absorb surplus value and transfer most of the jointly created wealth to the owner of power By. [8]
This kind of security of Bitcoin is (more strictly speaking, it is likely to be) the first invention in human history that can override someones will to power and is not subject to arbitrary manipulation by power. The security of super power also indicates that the technology of Bitcoin is higher than humanity and closer to heaven.
To say what is the difference between Bitcoin and other altcoins, other blockchain projects, classical centralized Internet technology, and the legal currency system, the biggest difference is the relationship with peoples will to power. Bitcoin > will to power > other technologies and systems.
Figure: coinmarketcap
Looking at the top ten cryptocurrencies by market capitalization, Bitcoin stands out and continues to rise. Bitfinex, which used to have USDT, was accused by the Attorney General of New York State of the United States (refer to the previous article The teaching chain has something to say | The New York State Attorney General accused the reserve funds of being embezzled, and the stable currency USDT will collapse? [9] Solution: USDT depegged to the US dollar Impossible Triangle with Financial Policy”[10]), followed by the theft of Binance, and even the recent Sino-US trade war negotiations hindered the stock market fell back to a few months ago, these shocking events have caused other currencies and asset prices to hesitate It did not move forward or even retreated sharply, but it did not cause Bitcoin to panic and fall, but instead climbed against the trend. This can only illustrate one problem, the market is rediscovering an important feature of Bitcoin - anti-fragility.
This year marks the 10th anniversary of Bitcoin. In the next 10 years, people will gradually begin to recognize Bitcoin again. The past decade has been a decade of participation by idealists and speculators, and the nature of Bitcoin has changed from a collectible to a speculative one. The next ten years will be a decade of Bitcoins transformation from a speculative attribute to a safe-haven value store. The specific performance will be that price correlation and typical investment products will deviate, as well as more serious long-term investment funds and institutional funds. field. (Refer to the previous article The teaching chain has something to say | Will Fidelity Group provide bitcoin trading services for institutional investors to open the next decade of bitcoin? [11])
secondary title
value consensus
The incident of USDT being accused and the theft of Binance seem to be black swan events that are unfavorable to the market, but the price of Bitcoin quickly absorbed the impact of the incident and instead rose rapidly, which shows that these two incidents strengthened The market consensus on Bitcoin.
This incident and the subsequent turmoil should further make everyone realize that the PoW (Proof-of-Work) consensus protocol of Bitcoin is unbreakable. The recently hyped PoS (Proof-of-Stake) and staking economy are cold water. If calling and mobilizing nodes is a kind of political power, except for PoW, there is no other agreement that can compete with this power, because reorganizing PoW must pay a physical and real price. When the price is greater than the benefits of its political purpose, political The motivation to mobilize will be dispelled. Other agreements are simply powerless to contend with political forces.
PoS is easy to reorganize at a small cost, and DPoS even drastically reduces the difficulty of political mobilization (another cost). There are many PoS verification nodes, and it needs to mobilize majority support and consume political energy. DPoS fixes the block producing nodes on a few super nodes, and politically only needs to get rid of them to do whatever they want.
Even if the computing power of PoW is concentrated in the hands of the mining pool, the control over the computing power of the mining pool is (to a certain extent) dispersed in the hands of the miners. I dont support it, and I can switch my mining machine to other mining pools at any time. And for mining pools, the price is the price. If Binance wants to recover the loss, it must compensate the mining pool to match its costs. Because the cost of PoW is physical, the entropy increase of thermal law is irreversible. So when Binance cannot force it violently, the only method of political mobilization is negotiation + bribery. Leaving aside the cost of negotiation, buying is a must. Economic interests are fundamental. When the cost of acquisition exceeds the loss to be recovered, this political action loses its economic sense.
The deep reorganization is different from the separation of BCH (hard fork) back then. Fork war miners dig new blocks without losing historical earnings. And deep restructuring means a net loss. The net loss to be borne by all participants. Who will compensate?
Another very important thing is time. Negotiation + bribery strategy, negotiation not only requires paying a political price, but more importantly, time. When the objects that need to be negotiated are sufficiently dispersed, the time will be very long. The Bitcoin blockchain does not care, it will not wait, it will only move forward steadily, the longer the time, the longer the main chain, the greater the value that needs to be given up, and the higher the price of buying. Soon, the costs of deep restructuring outweigh the benefits, making it economically moot. And any other consensus algorithm does not have this feature, which is the irreversible feature of economic cost.
After Satoshi Nakamoto, in the past ten years, there have been many smart people and luxurious teams inventing various consensus protocols, and promoting their excellent features that are much better than Bitcoin to the community. There is no doubt that from the point of view of surpassing Bitcoins value consensus, they have all failed, and will continue to fail.
References:
[1] https://www.blockchain.com/btc/tx/e8b406091959700dbffcff30a60b190133721e5c39e89bb5fe23c5a554ab05ea
[2] https://binance.zendesk.com/hc/en-us/articles/360028031711
[3] https://twitter.com/cz_binance
[4] https://bitcoinist.com/shocked-he-went-there-crypto-takes-sides-on-binances-alleged-bitcoin-reorg-plan/
[5] https://medium.com/@jimmysong/reorg-scenarios-binance-hack-edition-849fc7e7df07
[6] https://coinmarketcap.com/currencies/bitcoin/
[7] https://mp.weixin.qq.com/s/X-JxrE2O-t6gRuKeAijiIg
[8] https://en.wikipedia.org/wiki/Gini_coefficient
[9] https://mp.weixin.qq.com/s/gOiqw5NQoST7QFeYUgNJ1g
[10] https://mp.weixin.qq.com/s/_ER-hVxUnxX3uL2fn_RDoA
[11] https://mp.weixin.qq.com/s/EREf3yShsiksPpp7wpLScw
