After reading some articles and comments concerning the events during the recent Bitcoin Cash network upgrade I decided to write down my thoughts on it.
I always refer to miners as the guardians of the system. They are the ones incentivised to do what is good for users. To protect them. They have long term investments that need to be paid back with the rewards they get from mining blocks. If something happens that crashes the price they are less likely to make a profit. The miners provide security. They check all transactions against the rules making sure nobody messes with the system. If someone does, they invalidate such a transaction or such a block. A coin that has good security attracts users which has a positive effect on price and therefor on the profitability of its guardians.
So can all miners be considered guardians? I would say the answer is no. Some mining companies do not mine with their hardware themselves. They rent their "security forces" out to the highest bidder or just shop around to make an easy buck. Or they are the ones that rent that hash power to just make a quick buck. No long term investment needed. They don't have to really care for the well-being of the blockchain they mine on. If they work together with or are in fact coin traders they in fact have reason to mess with the chain rather than guard it. Accumulate some coins, enter into some nice short positions on a number of exchanges and mess with a chain. Add some well place social media identities to start posting panic inducing content, dump your accumulated coins on the market and if you are lucky the price tanks and you make a great profit on the exchanges where you had those leveraged short positions. You return the rented hash rate, move one. and Bob’s your uncle. It of course is all a bit more complicated than that, but you can see how miners are not always the watchful guardians that they were meant to be.
Are Pirates a Problem?
Well not really. The system was never designed with the requirement of all miners being honest and good. The requirement is that most miners are honest. Satoshi was no fool. He/She/It knew that people will always try to find loopholes, find ways to break something. Requiring 100% of the participants to be honest and well behaving is ignoring human nature and would thus be foolish. In the Bitcoin system honest miners collectively can make sure that the dishonest miner does not get a chance to do damage to the system and its users. They do so by choosing which chain they extend. They have great power that way and with great power comes great responsibility and abuse of your power would shift your position from guardian to pirate. The well being of the entire system and its users should always be the first priority of any miner as the game is designed in a way that such a strategy is most profitable for most miners. The actual behaviour of miners over the past 10 years has proven the game works.
November Upgrade History
We all remember the events of the last Bitcoin Cash network upgrade, November 15th 2018m where a well funded miner and his associates decided to present a competing upgrade plan after a lot of noise, lies, threats and other drama, split the network in two while intentionally creating as much chaos and confusion as possible in the process. It had a detrimental effect on the Bitcoin Cash project and on the entire cryptocurrency market. I am not sure how to characterise this miner and the companies closely associated with him so I will not. It also is not that relevant to this article. Fact is that the November network upgrade will not easily be forgotten and the massive amount of lies and misinformation that has spread before and after that upgrade are still affecting things today.
This week the Bitcoin Cash network upgraded again. No drama preceded it besides the normal drama that seems to always be present in decentralised blockchain projects. No one objected to the proposed changes and no alternative plans were presented last minute. In fact most people were super excited about Bitcoin Cash activating Schnorr signatures well before the BTC network while its Core developers had been promoting that chain for many years. Still, the events during last November’s upgrade made everybody a bit tense also. A few attempts were seen where parties tried to spread fear uncertainty and doubt in the community. There even was an anonymous miner that started mining with the words Satoshi Nakamoto in his or her coinbase message. But people kept their cool and both community and price stayed in optimistic spirit.
An Under-Appreciated Upgrade Feature.
While everybody focused on Schnorr signatures there was another change taking place. It is not well understood by most users but very important for some others. It makes it possible for coins accidentally sent to SegWit addresses to be moved to another address. This was was no longer possible as a unwanted side effect of a soft fork change added in the November upgrade.
Imagine sending your coins to an address. Your sending wallet sees no problem with it and accepts the address as valid. Just after you hit send you realise you did not use a BCH address. Instead you had opened your BTC wallet by mistake and copied an address from there. Bitcoin Cash transactions sent to the network can not be undone. All the nodes quickly have your order to transfer the coins and very likely your transaction will be included in a block soon. As still many exchanges and wallets have not implemented CashAddr address format, this situation actually happens more often than you think.
Recovering BCH Sent to a SegWit Address
As Bitcoin Cash is a branch of the original Bitcoin chain you can recover those coins sent to a BTC wallet if you have the private keys. You import the private key into a Bitcoin Cash wallet and there you go. Your coins are in your control again. A bit of a hassle the first time you try it but after that it really is not that difficult. In most cases that is. The exception is when the address is a SegWit address. In that case if you use the private keys to set up a BCH wallet it gives a different address because Bitcoin Cash does not know SegWit. Coins sent to a SegWit address are "anyone can spend" coins on the Bitcoin Cash chain. This means that if the public key is known anyone can grab those coins. That is, any miner can grab those coins. Because nodes have a rule to not relay "anyone can spend" transactions you will need to send your transaction directly to a miner using some other means such as email or a messaging app. They can then include it manually into a block they mine. Until November 2018, BTC.com had a service to help people recover these coins. As it was no longer possible after the upgrade, however, this service was stopped.
Bigger Problem Than Expected
During the weeks and months after the upgrade it became apparent that the problem of users sending coins to SegWit addresses was not negligible. Developers always try to avoid situations where coins would be forever stuck by mistake or any other situation that would cause users to lose money. In January 2018 a new address format was introduced in Bitcoin Cash. It is known by the name Cashaddr and is designed to minimize the chance of these accidents happening. Unfortunately many parties in the industry have failed to implement this much needed change and so the two formats are still used in Bitcoin Cash today. Everybody would like to see the new Cashaddr format being used industry wide so less and less people would make those mistakes but in a decentralised system it is up to the businesses to act in a way that keeps their customers safe. The problem of coins sent to SegWit addresses no longer being spendable still remained. That was a problem discussed by protocol developers.
New Bitcoin Cash Developer to the Rescue
One new developer decided he would do the work and so he proposed a fix. With the help of some others he got it reviewed and finalised in time for the feature freeze date. And thus it got included in the May network upgrade. For six months, users who made that mistake could do nothing but look helplessly at their coins using a blockchain explorer. But their coins would become spendable again the minute the upgrade activated.
Million+ Dollar Bounty
During those six months a substantial number of coins were sent to SegWit addresses and, including the BCH that were already in such addresses, it represented a large dollar value. Now remember that if the public key of such an address is known, any miner can move those coins. Just a wallet address is not enough as it is a hash of the public key. The public key is however revealed when a transaction is sent from an address. That is not a problem normally as it is called the "public" key for a reason. So in this case if the address had been used for BTC and a transaction had been sent from that address, the public key had been revealed. When doing a search on the blockchain for such addresses it is possible to discover BCH stuck in a SegWit address and see its corresponding public key. All these coins were just waiting around for any miner to move them into another wallet. A big bounty worth over 1 Million USD. Ready for the first miner to mine them after the May 15th upgrade.
Pirates and Guardians
Now you wonder, would any miner grab those coins? History teaches us that over the first 15 months of its existence the Bitcoin Cash miners that are self identified were never seen to grab large amounts of these transactions for themselves. BTC.com ran a service helping users recover them and maybe some other miners helped users or exchanges they had direct dealings with. I did read an article months ago (unfortunately I can not find it anymore) where a researcher had discovered some incidents where large numbers of these coins were taken by miners prior to November 2018. Every time it happened it was an anonymous miner that could not be linked to any earlier miners or blocks mined who came to mine these transactions and disappeared after. It leads me to think that not only are most miners incentivised to do what is in users interest but there also could be some real legal problem with grabbing those coins. Someone could decide to make a case that those coins are still owned by someone even if they left them in a place that has no lock on the door. Taking them could still be seen as theft. Although this has not been tested in court, most people would likely agree that taking those coins would be ethically questionable just like walking into someone’s home and taking valuables would be at least questionable even if the door was left wide open. This alone would likely be a reason for companies that have many millions of dollars invested into their operations to not take the risk. At least not openly. The incentives still lead to behaving like honest guardians.
On friday morning I read the article written by someone claiming to be part of the Bitcoin Cash development community while also describing how he attacked the network by exploiting a 9 month old bug causing miners to mine empty blocks. After describing how he deliberately exploited a bug in one implementations code to make that implementation look bad hoping that miners and users would in the future run a different implementation he accuses miners from doing something terrible. They have according to him, misbehaved and not acted as the guardians they are supposed to be. What is it he is talking about? What happened?
Let’s leave the bug that was apparently exploited by this writer for what it is for now and fast forward to the moment when the problem was fixed and miners were again including transactions into blocks. Shortly after things returned to normal, a block was mined by an anonymous miner – one that had never before been seen to mine blocks. When looking closely at his block one could see that he came for one reason and one reason alone. The coins accidentally sent to SegWit addresses by unfortunate users. He did not come to secure the network or to validate transactions for network users. He came for the bounty that had been created by the fact those coins could not be moved by anyone for 6 months. Not a guardian, definitely a Pirate. And very easily recognisable as such.
Guardians or Attackers
What happened next is what the writer of the article and self proclaimed attacker of the Bitcoin Cash network is crying foul about. Some time after the block was mined BTC.top built blocks that orphaned this Pirates block. The writer claims to have proof that indicates that not only BTC.top but also BTC.com manually invalidated the block of the pirate and is claiming this is evidence of collusion and therefore the so much feared and written about 51% attack. I find this a very curious position. In light of the fact that every half decent miner could and likely would have been aware of the larger than a million USD Bounty on the network that would become mineable the minute the upgrade activated it is likely that at least one of them had a plan to help those unfortunate users and rescue those coins from the pirates that were very likely to show up. Would you not do the same? If you saw your neighbours door was unlocked would you not see if you could secure their belongings? Or would you just go to bed and turn off your lights? If you saw someone leaving the house with the neighbours valuables in his hands? What would you do? Shrug and move on or see if there was something you could do. I would say that the miners who decided to tackle the pirate did what any guardian would do. Not stand by watching how more than a million dollars get stolen by one of their own.
Now the writer/attacker also claims that this is the same as rolling back chains because of hacks or the same as censoring transactions. Keep in mind that these transactions were not normal transactions. No normal user could claim those coins. Only a miner could. The bounty was known to be on the blockchain and an anonymous miner came to claim it. If that is behaviour that is seen as acceptable and just normal behaviour for miners I would say that orphaning such a block would also be normal. If miners are allowed to claim coins this way than we would have to expect other miners to fight for the prize. If one claims it a larger miner would naturally orphan it to try and claim it himself. If there was no issue with this behaviour then it would be very much expected for miners to collude to grab that prize. You would expect it from profit seeking miners. A more than a million dollar bounty would be worth it. This is not what happened. Guardians stepped in when a pirate miner appeared to abuse his position of power to steal peoples coins. In my view they did what they are supposed to do, fight of dishonest miners. Honest miners will extend the chain most beneficial to the users of the network. They are incentivised to do so. The benefit from creating value and fighting off those that try to take value away. I have only one thing to say to the miners that prevented the pirate miner from taking those coins: Thank you for looking out for the users who were totally dependant on miners to rescue those coins for them.
Article Writer - Trying to do good?
All during the article the writer wants us to believe that he attacked to help Bitcoin Cash. To make things better. He points the finger at miners and Bitcoin ABC developers. TLDR; Are you kidding me?
Developers also are or should be Guardians of the system. Their task is to provide software that helps keep the network safe and that allows for the network to grow and be as functional as possible to reach the goal of peer to peer digital Cash for the entire world. Any developer supporter or miner that ignores the needs and security of users of the system is not helping. Favouring development politics over network security is not something a guardian would do. Money is a social construct. The technical stuff facilitates it but the people are what makes it work. Those that intentionally harm users have no right to call themselves guardians or protectors. With friends like that who needs an enemy.
The code that had the bug was finalised before August 15th 2018. The writer/attacker claims to be really good at reviewing code and finding problems. He seem to have had all the tools set up to do it without too much effort. Yet he did not feel any need to spend some time on reviewing some Bitcoin ABC code back in July/August 2018. Code that was written to implement an OpCode that Bitcoin Unlimited had proposed and campaigned for 6 months before. Bitcoin ABC had at that time agreed to include it in the next upgrade and was honouring this agreement by doing all of the work needed to get it ready for the upgrade. Why did the writer not help review that upgrade feature at that time? Too busy politicking and complaining on forums perhaps? He writes about how miners should act, how developers should act and what code businesses should run. I have a hard time taking advice from someone who failed to review code before it was activated and who 9 months later deliberately triggers a bug which could have had huge effect on the market value and was designed to add fear to doing hard fork upgrades.
Guardian or Pirate
Let's go back to that bounty of coins stuck in SegWit addresses. Let’s assume for a minute there was at least 1 miner who knew that it was likely that some Pirate miner would try to steal those coins, to hunt for that bounty. A million plus dollars is a very tempting prise. Let's assume that in the 3 months after it was clear that those coins would become again spendable after the May 15th upgrade, that miner or those miners came up with a plan. Let's assume that they created some transactions that would send those coins to BCH addresses controlled by the same private key that controlled the BTC addresses. This would return control over the coins to those that were the key holders of the BTC address that was mistakenly used. Now let’s go to the day of the upgrade. First priority is to activate the fork and see Schnorr working without issue and he chain keeps working as expected. Only after that would you add the rescue transaction to the mempool to mine it hopefully before a pirate comes along. Then something happens. Things stop functioning. Try a few things. Empty the mempool because maybe……..
You see what happened here? The attack lead to the special transactions aimed at returning coins to users to be removed from the mempool. Dear writer/developer/attacker, you caused that. Your actions prevented that transaction from being mined. Over a million dollar worth of BCH that would have been returned to users. Taken out of the miners mempool because of what you did. Please own that!
Cause and Effect
Fast forward through people scrambling to get the chain back to functioning normally while users started to get concerned. Add a lazy miner that forgot to upgrade mining a block on the old chain and a self proclaimed researcher calling that a chain split on twitter. Madness. Miners and developers with no choice but to keep focused on getting things to function like normal. No time to think about rescuing those SegWit coins. Success, the first blocks including transactions appeared. The exact moment the pirate had been patiently waiting for. He must have been well informed because he managed to upgrade as quick as other miners. And he must have had a fair bit of hash behind this effort. Or maybe he was just very lucky or maybe other miners for a moment dropped off while upgrading to the patched software. All in all he could likely not have done it without the help of the one who claims the moral high ground in his writing. All to make a point. To prove that people should have listened to him. Bitcoin ABC bad……. Upgrading the network bad……….His actions are not for the benefit of the millions of Bitcoin Cash users. He could have made his point by calling a meeting. By discussing things with arguments. He could have kept users safe by reviewing code before it went live on the network. He could even have made a point by responsibly disclosing it and writing about it afterwards. Instead his ego and spite drove him to a well planned and deliberate attack to show his power. By abusing that power that makes him a pirate and not a guardian in my books.
Bitcoin Cash Is Blessed With Miners Acting Like Guardians.
A majority of miners acted as honest miners and stopped the dishonest miner trying to abuse his power. This was not a normal transaction that was sent to the network. No normal user could have made this transaction. That power only lies in the hands of the miners. They were given this power and entrusted with the task of being guardians of the system and on Wednesday they showed me as a user they can be trusted with that power as they are prepared to take a stand against dishonest stealing miners. I as a user do not want mercenary zombi miners who dont give a ….. about users. I want them to be engaged and actively thinking about the best ways to guard the users against attacks. To prevent harm to users short term and long term.
Although I think miners should always be allowed to mine anonymously I do think that it is the task of other miners to keep an extra eye on them in case they did not come to secure the network but to harm its users. This system runs under adversarial conditions always and miners should not hesitate to do what they believe is best. The miner who first invalidated the pirate miners block had no guarantee other miners would do the same. He just tried to do the right thing risking his hash power. He put his money were his mouth is and decided to ge a guardian first. Others chose to do the same and in the end users were given back access to their coins.
Developers Crossing the Line
A software developer is claiming moral high ground after an attack that: cost miners money, could have very easily have lead to panic on the exchanges and price dropping fast, destroying value for many many innocent users, or cause the network to no longer process transactions despite blocks being mined. He actually almost caused a large number of users to loose their coins to an anonymous miner whose sole purpose was grabbing those coins that were sent to SegWit addresses by mistake. Bugs are inevitable and all developers know there is always a risk of exploits and most work very hard to prevent that from happening, as that is their task as guardians. Developers have power. The power to do good and keep me as a user and my coins safe, or they can use that power to serve their own purpose. In my books this developer crossed the line and should not be considered a friend of users of these systems. The fact that he could reverse his attack and knew it would not have a lasting technical effect, ignores the economic effect of his actions and ignores the unexpected side effect such action inevitably has. Like a doctor, the first rule of a Bitcoin (Cash) developer should always be: **DO NO HARM! **Going by the statement written by this developer and the effect his attack has I would say that he broke that rule! He could have made his point many other ways that would not have harmed users but he chose to become an attacker. Despite the fact that he sounds like a very competent developer and sounds like he is convinced he did the right thing, he is not a Guardian of the system and its users. He caused harm and if it had not been for many competent Developers, Miners and businesses who acted quickly and professionally, that harm could have been much larger.
Did The Pirate Leave Empty Handed?
Unfortunately when looking for stuck transactions, some were apparently missed, so after the pirate lost the big bounty it was later discovered that the pirate did manage to get away with at least some stuck transactions in one or more later blocks. I do hope that soon a system can be put in place that helps retrieve those coins quickly so a big bounty does not build. By scanning for these transactions regularly and sending them back to the rightful owner it would not become profitable for a bounty hunter to start mining for them. Events show miners are willing to help users. It would be great if developers would help miners create a way to do this. Maybe the writer/attacker could help with this and make up for what he did, adding value instead of attempting to take it away. But also, lets all push for CashAddr address format to be used by everyone so users will be less likely to make mistakes.