Binance was hacked on May 7th, 2019 for 7000 BTC. Soon after we saw this tweet from Jeremy Rubin:
This apparently led Binance to consider a reorg attempt which, according to the CEO of Binance, Changpeng Zhao (aka cz), was scuttled after some consultation with a few people:
In this article, I’m going to go over the incentives behind a possible chain reorg. In a sense, I already calculated how much it would cost Binance to attempt a reorg in this tweetstorm. A more full discussion of the consequences are what I seek to put here.
A Disagreement
In this tweet, you can see Ari Paul and Adam Back come to a bit of a disagreement:
Essentially, Adam is saying reorgs like this won’t happen, Ari is arguing that the incentives are such that a reorg is possible. Who’s right? Well, that’s where we need to do some game theory analysis. Let’s begin with the most basic scenario:
A Simplistic Model
Let’s assume a very simple model where 100% of the hash power helps Binance.
This is the easiest scenario to analyze. We suppose that Binance gets in contact with every mining pool (unlikely), come to an agreement on how much to compensate each miner (likely for some, but unlikely for others), and get a consensus. We assume for the moment that no one disagrees (highly unlikely) and that no one would set up an alternate pool to mine the much longer chain.
First, let’s examine what a fair amount to compensate the miner would be. If a miner has 10% of the network hashing power and the reorg started 100 blocks after the attack, the miner would be giving up 10 blocks worth of rewards, or 125 BTC along with fees. You might be thinking that in the reorg chain, they would be getting roughly 10% of the block rewards, so this would cancel out, but that’s not true. They could be mining the original chain for 10% of the block rewards during that time, which means they would be losing 125 BTC by helping Binance. Thus, they would need to be compensated for the block reward and fees for the blocks they already mined in the original chain by Binance. For the sake of this scenario, let’s say each block has 0.5 BTC fees per block, or 130 BTC total.
That’s not all! There’s also the risk premium in case anything goes wrong. If nobody goes with Binance’s reorg chain other than this miner, that’s wasted hash power that they could have put into the original chain. Binance would have to agree to either compensate that risk or be on the hook for the hash power wasted if their effort does not succeed. This would be a significant part of the compensation, but for the sake of keeping this article short, let’s ignore for now.
So if Binance starts trying to reorg 100 blocks after the theft, they would essentially have to pay 1300 BTC to recover 7000 BTC, netting them 5700 BTC. You can consider this to be the ideal scenario from Binance’s perspective as they recover a large chunk of the money.
What are the consequences of a scenario like this? The most obvious is that such a thing would prove Bitcoin to be centralized, since if Binance can force a 100 block reorg, any sufficiently powerful entity could do the same thing. There would be many double-spend attempts and anyone that transacted in those 100 blocks after the theft would have to go through the massive headache of figuring out what happened. In fact, it’s possible there would be thefts from exchanges in the form of double-spends at a scale larger than the original 7000 BTC amount! There would be significant disruption for everyone who is transacting on the Bitcoin network as nobody would take 3–6 confirmations going forward given what Binance would have been able to do.
In other words, exchanges, merchants, users would all have at a minimum, giant headaches to deal with and much worse, have to deal with a lot more pain in the form of possible double-spends and so on. And we haven’t even gotten to what the thief would do!
Thus, this scenario is highly unlikely as all the people that would experience pain in this scenario would put up some resistance.
A More Contentious Alternative
This would be a contentious fork and a race to be the longer chain. Overtaking with 55% of the hash power for a 100 block reorg means that it would take on average 1000 blocks (~2 weeks in this scenario). The variance on that is also fairly high, with 500 blocks and 1500 blocks being fairly common in that scenario. Even at 99%, it would take 101 blocks (~20 hours) to overtake.
But that’s assuming everyone stays on the same side the whole time. In a scenario like this, both sides are going to want to lure miners from the other side. The original chain has the advantage because of the 100 block lead it has at the start.
On the side of the original chain are exchanges, merchants, users that don’t want a 100+ block reorg. They would all likely compensate miners on the original chain. They could do this fairly easily: spend a UTXO valid only on the original chain with a high fee. If the fees on the original chain get high enough, many miners will be tempted to switch.
One particular user on the original chain needs to be pointed out, and that’s the thief. They likely will make similar transactions (UTXOs from the theft transaction are perfect for this) to compensate miners with high fees on the original chain.
On the other side is Binance. They would have to combat all the exchanges, merchants and users, not to mention the thief, to get a longer chain.
The thief has 7000 BTC from Binance, so they are incentivized to spend up to that amount. Binance would have to spend 1300 BTC + whatever the thief is willing to spend + whatever the exchanges/merchants/users are willing to spend. This is clearly a losing battle. Unless the desire to punish the thief is worth at least 1300 BTC (or 13 BTC * number of confirmations in the theft tx), this scenario doesn’t work for Binance.
Conclusion
There are more complicated scenarios, especially with all the offline mining equipment out there, but all of them are pretty easy to analyze. The thief can incentivize miners, so it’s a losing battle for Binance, where they’ll have to pay for each block reorganized plus whatever they lost in the theft.
Much like how a prolonged lawsuit really only benefits the lawyers, the only people that benefit in a reorg scenario are the miners. The money flows from the disputed transaction (Binance or the thief) to the miners. At a deep level, this is what the Bitcoin protocol was designed to be, very expensive to change.
There’s a reason people don’t go around trying to reorg, even in the aftermath of large thefts. A reorg doesn’t just hurt the thief, but it also hurts everyone else. There’s a huge collective incentive to not change history.
Comments are closed