The past couple of months have been full of hard lessons for everyone in the cryptocurrency space. Bugs in the DAO code lead to hard forks of ETH which lead to Replay Attacks and now a market battle between Ethereum and Ethereum Classic.
In the process the DAO hacker has managed to indirectly harm everyone from ETH holders to anyone doing business with Coinbase, one of many potential victims of the Replay Attack.
If the problems with Ethereum weren’t enough, there are now reports that $72 million worth of Bitcoin may have been stolen from Bitfinex.
Even steemit.com was hacked. The difference is that Steem responded quickly, decisively, and with long-lasting technological solutions rather than one-time patches that do nothing to prevent future issues.
All of this is Preventable
For over 3 years I have been working to design and build next generation blockchain technologies. Steem is the product of many hard lessons in usability, scalability, and security. Most of the lessons learned are not available on any other platform.
Preventing Replay Attacks
Way back in November 2013 I introduced the concept of Transactions as Proof of Stake also known as TaPoS.
The idea behind TaPoS is that each time a transaction is signed it should reference a recent block ID. By referencing a recent block ID the signer is also certifying their opinion on the state of the blockchain and the pre-condition for the validity of the transaction.
Over the long term this means that every stake holder is directly certifying / checkpointing the blockchain and creates a measure of consensus that is even harder to forge than redoing all of the Proof of Work on bitcoin and “migrating” the transactions.
Preventing Rebirth of Forks
Assuming a blockchain will never have to hard fork is denying reality. Bugs will happen, new features will be needed, and lack of adaptability to market conditions will eventually kill any company, product, or cryptocurrency.
The decision to hard fork should be baked into the consensus process prior to any fork occurring. If consensus is reached that a fork should occur, then all nodes that do not have the code for the fork should shutdown by consensus.
Stated another way, the only way to “revive” a fork such as Ethereum Classic would be to implement a true fork and require everyone to update their code.
Ethereum Classic is an example of a Fork that should never have existed. If the Ethereum blockchain had a true consensus process in place for deciding when to fork and when to die then the entire market could rest assured they are on the right fork.
Instead decisions about which fork to adopt are handled outside of blockchain consensus and therefore chaotic in nature. Failure to provide a governance structure will lead to market chaos, uncertainty, and situations like Ethereum Classic.
Recovering from Hacks
Attempting to prevent hacks is a nobel, but futile effort. Hacks are instant, and permanent. Even with advanced multi-sig accounts, such as those supposedly used by Bitfinex, are unable to prevent the instantaneous loss of millions of dollars of cryptocurrency.
The problem is that you do not know you have been hacked until it is too late to fix it or recover. Hackers can slowly gather keys over time and then wait until the perfect moment to strike.
The strength of a system is not measured by how thick and impenetrable the skin is, but by its ability to heal quickly after being cut. Bitcoin, Ethereum, and most other blockchains have no system in place for healing.
Every Steem account is associated with a recovery account. The recovery account can be any other user on the system who knows you by some means other than your public key. In the event that your account is stolen, the recovery account combined with your old public key has the ability to restore the account to its rightful owner.
This is not just multi-sig. Multi-sig is a fixed set of signers who must cosign a transaction. The Steem recovery process considers any key used in the past 30 days to be one party to the recovery. An attacker can change the owner keys as much as they want, it will not prevent the recovery.
Your recovery account has no power over your account without one of your recent keys and it is not needed until after you are hacked. This is very different from any multi-sig solution currently on the market.
There are only two people who can recover an account, the attacker or the legitimate owner. So long as the recovery agent does full KYC prior to recovering the account no hacker will attempt to recover. In fact, there is no reason for the hacker to attempt recovery because they are already in control of the "current keys" which means they get the account by default after 30 days.
Time locked Funds
The key to security is time. It is impossible to know that your keys have been compromised until someone else signs something with them. By the time they sign, it is too late.
Imagine if there was a 24 hour delay during which your transfer could be recovered with the help of your recovery agent. With such a system in place a hacker would have to divulge the hack by using your keys, but would be powerless to prevent you from recovering your account and canceling the transfer.
If the hacker managed to compromise both you and your recovery agent, then the recovery agent would go to their recovery agent first, then recover you. This process could continue indefinitely so long as everyone could recover within the allotted time. The probability of a hacker compromising all of those accounts at the same time is vanishingly small.
All of these things require time with the ability to cancel. Without time delay hacks are impossible to detect until after they irreversible. Banks have known this for a long time. They implement daily withdraw limits, 24 to 72 hour pending periods, etc.
The vast majority of cryptocurrency wealth needs to be locked behind similar protections. The only funds that should exist as liquid “cash” are those which are needed immediately and which the holder of said funds can afford to lose.
Steem Solves these Problems
95% of all Steem value is subject to time release, all accounts can be recovered so long as you have any owner key used in the past 30 days and the signature of your recovery agent. All transactions implement TaPoS which prevents replay, and the decision to hard fork is built into the consensus protocol itself. Any nodes that don’t know the details of the hard-fork will automatically shutdown at the consensus defined time.
If Bitcoin and Ethereum implemented these features then Coinbase wouldn’t be suffering from Replay, Bitfinex would be able to recover their funds, and either Ethereum or Ethereum Classic would not exist.
These features make everyone more secure, and isn’t that the whole point of Cryptocurrencies in the first place? What good is a cryptocurrency that is statistically less secure than the funds in your bank? It is time for a change.
Crypto currencies are supposed to offers us two things: security and freedom. security by using decentrelised blockchains and freedom by offering us instant payment all over the world. If we lose these advantages then the hole point of crypto is nonsense. Bitcoin and Etherum would have been more stable and secure if they followed to implement the features given above. Steem did it the right way and this is why I believe in the Steem technology.
Thank you for your time sharing this @dantheman
I think the bank analogy makes more sense when applied to the exchanges, not the Bitcon protocol itself. It's up to these services to implement the sort of security features Steem uses, and make sure they use cold storage which can't be accessed through hacking them. The hard fork issue is a direct fault of the protocol, however.
That's why Steemit is brilliant. It places the safe bank-like protocols within the cryptocurrency, so that an exchange may not even be needed.
I believe in Steem, and I think Crypto is something more then money, it is the new type of social organization:
https://steemit.com/blockchain/@soomrack/bitcoin-blockchain-steem-middlesociety-and-math-management
nice post, @dantheman
upvote done
Steem Power is one of the safest places to be right now and it's time to invest some marketing effort into showing that. Too much effort goes into attracting bloggers and not enough to promote Steem Power. Now that Bitcoin is going down and probably will keep being suppressed by 100,000+ Bitcoins, it's only a matter of showing traders where the safe place is.
Why do you say that? What's so safe about being unable to protect your value? (Honest question not an attack)
Yeah but it is completely illiquid, the same as buying a house. It may be safe (unless the market crashes), but will take a year to sell.
But if you could get an immediate loan based on the amount of SP you have, that would change things :)
Same goes for Steem Dollars (SBD) !!!
All I'm seeing is the value of my steem power going down everyday and I need to buy 10x more steem power before I can cash out over a period of years, safe as houses my fat arse.
Your steem power might stop going down if you don't use the FLAG to down vote people's post for dumb reasons. If it is plagiarism, or posting stuff that should be NSFW without a warning so it is in your fast in the list of posts I could see a FLAG which essentially REPORT this post... yet my reputation dropped from 7 to 5 this morning and I went to see apparently it is because you decided to flag one of my old posts that was neither offensive, violent, NSFW, was original, etc.
So is your goal for me to reciprocate and those that I know or are you interested in REMOVING your flag? I don't mind you flagging me because there is reason. Disagreement is not a reason to USE the flag, thus the reason it is nowhere NEAR the rest of the voting mechanism.
If you are using that for DISAGREE then that is likely why your steem power and reputation go down. People are not going to up vote someone who does that.
https://steemit.com/steemit/@dwinblood/not-a-ponzi-scheme-seems-like-a-new-paradigm-up-votes-regardless-of-topic-help-us-all
You apparently just flagged that...
BTW - check this out.. I made it for people like you:
https://steemit.com/steemit/@dwinblood/siren-song-for-the-down-voter-if-you-think-the-down-vote-flag-is-a-solution-i-made-this-for-you
I'll await for your reply for a bit, and I would like to see the flag removed. If it is going to stay there I'd like to know why.
I use the flag as if it were a downvote like you get in real sites. The reason the value of my steam power is going down (note: I'm talking dollar value not the amount of power, that goes up) is because this site is a scam, an obvious scam and I shall continue to downvote all articles I find encouraging people to invest money here. I am shocked how deeply in denial some people get about this, the devs are taking .most of the money out of the system and everything is rigged so that people that make a fuss about it don't get heard. I read your rather patronising article but you missed my point entirely, like I said it's not the amount of steam power that goes down, it's the value and the time it takes to power down will mean it is worthless to me and will be in two years time. WAKE UP!
Was at nesting limit so had to respond to same thing. The site is only a scam for people that refuse to open their eyes and see the difference. If you continue to try to use it like you would a "real site" then yeah you're going to have a problem. Turns out I don't care about your down vote it didn't actually do anything to me, they had updated the codebase and I hadn't refreshed the page. I did not go from 7 to 5 due to your flag. It was a kneejerk reaction and I started looking at who down voted me. It turns out I went from 7 to 56. The reputation system protects people from people like you. If people don't like how you are talking, and such they won't stop you, but you're obstinate view of reality at least won't impact them much. So carry on.
If the site owners are running off with the money people are investing (they are BTW), it's a scam. Changing my attitude ain't going to stop it. Kinda funny that you imply that I am the deluded one. One hell of a lot of people besides me see this for what it is why can't you see the obvious? The voting system is rigged, the devs are taking 80% of the money people are investing, there is no source of income apart from that, site rules are deceptive and vague authors get about one tenth of the payout they were expecting etc, etc etc, so how is this not a scam?
This is a good point. The one exchange that hasn't really had problems is BTC-E, which is also the oldest. And that is because they automatically freeze an account for 2 days when you attempt to change passwords or emails. And that has been sufficient time for people discover they've been compromised and contact support to retrieve their accounts. I don't know why other exchanges don't follow the same practice when it is clearly so protective and beneficial.
2FA is safe too, if I'm not mistaken.
One thing I've never understood is this...
I learned about the hack from others, and immediately took action, and changed my keys.
My old key (even if it was not compromised) is no longer needed by me.
My worry is that the hacker, now has 30 days to use my old key to recover my account without me constantly realizing it.
My guess is that if it happens, I could also use my new key to recover the account again?
So for 30 days, I have to sit here, wondering if the hacker is going to use the recovery method to recover my old key, so they could xfer funds.
Dan? Any advice? Thanks.
I think this part is the important part: "and the signature of your recovery agent"
So my recovery agent is currently the @steem account itself?
He would have to pass our ID checks which means he would have to hack your reddit or facebook account. If he did do that, then we would up the level of KYC on your account. Posting a quality introduce yourself post with photos is a good way to help secure your account.
The Ethereum Classic mess was entirely avoidable. It was driven by FUD and greed.
I hope this post gets out to the crypto world. While I'm not an expert on the matter, the solutions Steem has employed do seem logical.
These hacks, exploits and chaos needs to stop, or cyptocurrency will never be adopted by the mainstream.
Yep the Ethereum clasic could have been prevented. I blame complacency as well as greed. Steem solves a lot of these issues.
Is this "reversible transactions" thing turned on for everyone, or is it strictly opt-in? And does that go the full 30 days? How deeply will that recurse? Rewinding an entire subtree of transactions sounds rather expensive... Not to mention it screws over anyone who received the stolen funds as payment.
I think you misunderstood the nature of the solution.
Any transaction that was reversible would not show up in someones account until it could be spent. Thus, payment is never "received" until it is irreversible. Both parties know "payment is on the way".
I read every word, and agree 100%
An upvote for the whale!!!
Seriously, good post.
"The decision to hard fork should be baked into the consensus process prior to any fork occurring. If consensus is reached that a fork should occur, then all nodes that do not have the code for the fork should shutdown by consensus."
I dont even have anywhere near your experience in this field and wondered why this was allowed to happen. It simply had to be considered, but why was the threat dismissed?
Thanks for the post, and helping all of us understand that steemit is much more than just a crypto-reddit publishing platform.
Seriously good stuff.
One of the best articles I have read on this subject. Very well worded, and I totally agree with you @dantheman It is absolutely time for a change!
Thank you for this insight. As someone who loves efficiency and transformation, I often miss this simple, somewhat conservative, viewpoint.
This, I think, is one of the main reasons many of my friends have never joined the cryptocurrency bandwagon. They see huge price volatility, scary headlines about hackers and thieves, and they just move on. Steemit could change this (it got my wife into crypto after 3 years of me failing to do so). The innovations you and your team are consistently putting out are amazing. I've never been a fan of an altcoin until I found Steem. Please keep up the great work.
I am like your wife @lukestokes many of my friends tried to convince me but steemit finally did it . I am still in crypto currency "baby shoes " but slowly I get it! Get as much steempower as possible and be patient .
Thanks for the confidence re-instilled. I'm going to start buying steem instead of just earning it.
Ah man. This is why i love steem, devs are active, informative, and always on top form to make steem and steemit a better place for every one.
I like the fact that you humble enough to say that a hack is inevitable and the true test is how you recover or at least I'm paraphrasing.
It's getting really old having "security" as a primary marketing tool for various coin schemes, markets, etc when in reality we see massive security breaches on a regular basis. Blockchain is the real deal, IMO, but until we can get the middleman (off blockchain exchanges, etc.) out of it, we have a real image problem. Because truthfully you can park your money in a US bank and it will be safer in the current climate and I'm a Bitcoin enthusiast.
I wish i could change my Username
Good Read
TL;DR: Steemit has made crypto secure for the average user without the average user needing to know anything about making crypto secure. Steemit FTW!
I think this is a problem inherent to exchanges containing a central authority in general. This is why I am a proponent of experiments such as bitsquare which try to provide a secure solution in which users can exchange currencies without worrying about a Mt.Gox or Bitfinex situation.
I definitely agree with your statement that if Bitcoin and Ethereum implemented the features that Steemit has put into place, but having an exchange be decentralized itself would also be a huge step in preventing hacks. If there was a feature on steemit.com that allowed users to convert STEEM to bitcoin securely that would be awesome, and since everything is open source there is nothing stopping developers from creating a secure STEEM exchange that is decentralized as well. :)
~ Np
Should have put it in Steem or SBD hahaha
The speed and professionalism in response to the steemit hack was awesome.
One thing that needs to be emphasized more I think, is the level of involvement you and everyone at Steemit Inc. is weighting in. You get down to everyone's level, read their posts/comments, respond to their posts/comments and inform the entire community directly through posts like this one. All on Steemit.com, the center of this ecosystem.
Who else has that?
It is the cornerstone of Steem and Steemit. We don't need to convince anyone that Steem is bulletproof. Look at the charts. Steem has been affected but by the bubble created not directly by the events.
Keep on the awesome work and we'll rise to the moon!
I would like to option to put a time release lock on some of my SBD and/or STEEM. Like for example 30 days. This way I would feel more secure holding large amounts of SBD on steemit. Only the SBD that is not in time lock can be stolen. Would that be a feature you would add in the future?
Yes, we are planning on adding such a feature.
Dan, I don't believe you covered the real basis of what's going on with Eth vs Etc. The existence of the two chains created a prisoner's dilemma with misaligned economic incentives for different parties, which then turned into a rough consensus attack.
Scroll down to the 2nd half of my post here where I talk about that more (right under the bitcoin fib level chart):
https://steemit.com/blockchain/@r0achtheunsavory/the-r0ach-report-vol-2-bitcoin-happenings-and-ethereum-rough-consensus-attack
Is this feature available yet?
Is it possible to assign the recovery account in the GUI?
I can't find the feature either. Could this be because we have already been hacked and a hacker has set themselves up as the recovery account?
I've written a post about it incase anyone has the answer https://steemit.com/steem/@cryptofunk/steemit-com-hack-and-recovery-account-settings
Steemit has done a very good job in identifying what need to improve in crypto technology. Bravo! Agreed with @liberosist that all these hacks and chaos got to end!
hi dan.
totally unrelated question, but you hope you will see it.
i just made a mistake sending out some SBD to a Steem adress at bitfinex.
do you know if it will just come back? or will it be lost?
When I read about the Bitfinex hack this morning, the first thing that came to my mind was how would Steemit deal with such an attack if it happened considering something like this already happened before. Your post clears a lot of the stuff up and shows that you guys have really learned a lot from the last time when something like this happened. I wrote an article about the hack earlier today
Kudos to you guys for this magnificent system!
Kudos to you guys.
Thanks to you, @dantheman, and all the Steem developers for creating the change that you wish to see in the cryptocurrency world (and beyond). Having followed BitShares from the beginning, I have seen all the innovation that is finally finding a larger audience through Steem, and it's exciting for me to witness this evolution of cryptocurrency towards mainstream adoption.
whether these events are causing prices to decline bitcoin ???
Thank you for the hint for the recovery account, I was not aware of this awesome feature of Steem.
Well done!
In other words, it's easy to have control over forks, recovery mechanisms and other protocol changes when you have a proof of stake system where you hold 2.5x as much stake as the next guy, only a handful of people are involved in actual decision making and the vast majority of the users only interact with the blockchain through your centralized interface.
Yes, the steem network technically does have the potential for truly decentralized decision making, but we're not there yet (whether we ever will remains to be seen).
And until we are there, please don't try to sell the lack of true decentralization as some magic advantage over real distributed community decision making.
Our interface is opensource and many clones will start appearing. Steem is getting increasingly decentralized over time and its protocol will become increasingly stable. Your concerns are all temporary situations that all new systems face. The goal is to mature into decentralization.
Yeah that makes sense and I look forward to seeing it happen. I'm just saying, as it becomes less centralized, decision making and responding to unexpected events will definitely get a lot trickier.
That is certainly true. The last platform I created, BitShares, matured to a level of decentralization that could entirely outvote me. I am happy about that. As the platform matured it became more and more difficult to make changes, the same will be true for Steem.
Yeah, what they said!
The forethought of design is impressive. The strategic cybersecurity cycle incorporates Prediction, Prevention, Detection, and Response. You are showcasing the Predictive skills necessary to empower more effective Prevention, faster Detection, and more efficient Response (recovery in this case).
I have been worrying about the design of Steem security controls for a few days. Cryptocurrencies, in fact all fiat currencies, are founded on trust. As we have seen lately, lack of proper security oversight and planning can cause a serious impact to trust, which creates a detrimental cascading effect.
So it is good to hear where your head is at and what you have done to mitigate the risks. Well done sir!
Oh, and on a side note, I think you inadvertently answered my main question about Steemit security I had posted here: https://steemit.com/steemit/@mrosenquist/crytpocurrency-is-a-target-for-hackers-is-steemit-ready
So thanks for that!
Golden words: "It is time for a change." In recent years, much has been hacked. But for some reason no one wants to learn from the mistakes of others - only their.
//Update: I was wrong. It's working fine. For details please check https://github.com/steemit/steem/issues/244 .
--- Original Post ---
I noticed that with current client implementation the
ref_block_numin transactions are usually far away from where it should be "recent", so usually little effect to prevent from replay attacks. for exampleget_block 3815965 ... "transactions": [ {"ref_block_num": 14875,...}, {"ref_block_num": 14876,...}, {"ref_block_num": 14875,...}, {"ref_block_num": 14693,...}, {"ref_block_num": 14864,...}, {"ref_block_num": 14874,...}, {"ref_block_num": 14874,...}, {"ref_block_num": 14876,...}, {"ref_block_num": 14875,...}, {"ref_block_num": 14874,...}, {"ref_block_num": 14472,...}, {"ref_block_num": 14876,...}, {"ref_block_num": 14876,...} ...Will fire an issue to github.
Precaution is better than cure. Somehow viruses do mutate. Anyway great work has been done on Steemit. Steem on!
you can see @dantheman https://steemit.com/bitfinex/@steemid24/bitfinex-hacker-giveaway-1000-btc-to-bitcointalk-user
you are right
No more hacking
Steem isn't Ethereum, it should be safe?
steem was perfect stable during last night. this is a great.
Fund recovery is definitely one of the weakest points of all cryptocurrencies. Let's hope that changes in the future with technologies like protocol-based account recovery.
All I can say is
Of all crypto top caps, Steem is best in problem managing this summer. It's the most advanced blockchain. It would be very interesting to know @dantheman opinion about Casper simulation from
Disclaimer: I am just a bot trying to be helpful.
@dantheman I really enjoy the level of insight and transparency you have given to Steemit. While I agree that time is definitely a huge mitigating factor when it comes to security, so is peer review and allowing others to fiddle with the source to see exactly what they can and can not do with it.
You're definitely in new and unprecedented territory with this platform and from what I've seen in my week or so here you guys are on point. When it comes down to it you managed to pull off a very impressive feat. As soon as I heard about the Steemit hack I though, "Here we go again another dead cryptocoin" but you guys fixed it with a quickness.
You managed to merge crypto, social media, and all but reinvented the proverbial wheel. The speed with which you have solved major problems that would have stopped many projects dead in their tracks long before they came to fruition truly is something to be proud of. Your hard work and the time you've put in to making this a platform built to last shows and I wish your project and team all the best in revolutionizing crypto-media as the new gold standard for social media platforms.
Kudos guys!
With all this mess around Ethereum people will lose again credibility in crypto . I was an Ethereum holder but with the latest news a big mess was created in my head and i didn't know what to believe.
I sold all my ETH and i invested in Steemit because looks more promising. Even if also Steemit got hacked i was very surprised how @dantheman and the team acted.. not like the Ethereum guys which now nobody knows on which boat are..
I was always taught that the only way to prevent a cyber-attack is to unplug the ethernet cable - It's not if, it's when. This article very clearly shows that steem not only understands that risk, but also has a recovery plan.
Thank You
long live steemit!
No matter how well you design it you can't prevent government intervention at the exchanges that can cause unforeseen problems. If the bitfinex hack was the result of government regulations requiring the funds to be kept the way they were for the exchange to operator the same thing can happen to any currency stored on such an exchange for trading.
I did not know the governments regulated cryptos.
The exchanges have to follow regulations to operate in various countries. In this case they had to change the method used to store coins to satisfy US regulations. They aren't regulating the crypto but how they do business.
Yes, it is time for a change!!! This is one of your best articles to date and I hope it goes viral.
This is a great and informative post. Much appreciated! How do we choose our security partner? Is this something that needs to be done prior to potentially getting hacked? Thanks for protecting us :-)
by default the account that created your account is your security partner. Most likely us. It will take some more work to make the UI accessible for setting other partners, but it is fully possible on the blockchain today.
Thanks for creating a best-in-class real world blockchain! These are incredibly innovative and practical solutions that seem far ahead of most blockchain solutions today. I think it's going to take many years for developers in other ecosystems to even understand how important these features are. Really excited about all the potential. BTW In terms of irreversibility the burden of risk for transfers of stolen funds would be placed on exchanges/bridges/gateways/merchants. For the most part I think that's fine because these institutions can create their own limits, but just wanted to know how you envision the reversibility of transferring hacked/stolen funds. Also I was wondering if it would make sense for users to be able to time-lock a portion of their own funds so they could only be able be transfer after a certain number of days. Hence users could have time and receive notification of a large transfer if a hacker/thief tries to move the money.
Those concepts are being thought through and will likely be deployed based upon lessons learned and solutions available.
Great thx!