The unbearable lightness of being a Blockchain witness
What does it mean to be a Witness on a blockchain?
The TL;DR summary:
Steem Soft Fork 22.2 was a contentious code change which (at worst) could have given rise to a complicated civil law suit;
Steem Hard Fork 23 was an illegal act which could give rise to civil law suits and criminal investigations started either by authorities on their own, or prompted by victims who had their assets stolen.
The end of this post contains direct links to the exact blocks on the Steem blockchain, every one of these links is also recorded in archive.today. Blockchains may be forever, but only as long as someone runs the code. And running blockchain code is not risk free.
This is exactly the correct take. A chain is its maintainers' responsibility, not their property. And that responsibility can be taken away at a moment's notice. https://t.co/R8aT4ttufK
— vitalik.eth (@VitalikButerin) May 19, 2020
What does Vitalik's tweet mean for witnesses/nodes etc. on any blockchain?
Running the code for a blockchain, once the system is successful and relied upon by hundreds or thousands of people, is not to be taken lightly. All over crypto we hear the glib phrase "code is law" bandied about. The implication being that if a majority of the guardians of a blockchain chose to run a certain piece of code, whatever happens next is "law".
Whilst that may be technically true, it also lies at the heart of the 51% attack vulnerability which the entire blockchain idea suffers from. Once a blockchain is decentralised enough and big enough, this vulnerability is meant to decrease.
It is clear (and acknowledged by CZ at Binance) the purchase of Steemit Inc by Justin Sun led directly to a 51% attack and the takeover of Steem with the collusion of three exchanges (Poloniex, Huobi and Binnance).
It can't be overlooked, however, that the 51% attack in which Justin Sun took control of the top witness spots followed actions taken by the old Steem Witnesses to temporarily freeze the voting rights of a Ninja mined stake of Steemh: the 22.2 Soft Fork.
That action was controversial at the time, but a majority of Steem witnesses did approve it. This comment from top witness @steempress was typical at the time:
We support this conditioned on it being a temporary limitation made until it has been made clear by the new ownership of Steemit Inc how the stake will be used, and where sufficient guarantees has been made to ensure that it will be used as promised.
This was a top dissenting position (in the minority) deciding not to run the code by @timmcliff:
I do support the overall mission that the top witnesses and community/stakeholders are trying to achieve: Finding a way for Steem to progress in a way where the security of our governance and blockchain is not under the constant threat of a single stakeholder.
I however am not running the changes on my witness node. My post along with my explanation can be found here.
Reading through the discussion on that post now, one can appreciate even those witnesses who chose to run the code were almost all reluctant to do so and deeply concerned to stress the temporary nature of the freeze on the rights of certain assets. Again and again the contentious history and provenance of the Ninja mined stake which Steemit Inc held and Justin Sun acquired, was stressed.
There is no evidence that 22.2 was a grab for cash in any way
When we examine the Steem witnesses Hard Fork 23 from May 20th, we have a totally different fact pattern.
- Key human witnesses dropped out and refused to run it;
- A clear warning was issued by @apshamilton that running the code would be illegal no matter where you are;
- The code was run, real assets were permanently stripped from their rightful owners and there was no indication this was a temporary act;
- public statements made clear this was final and in retribution for perceived wrongs.
From the witnesses statement prior to the fork:
III. Seize some user accounts that participated in criminal activities by actively contributing to the threat against the Steem blockchain and/or to the theft of STEEM holders' assets.
Sieze is a very final word and the unfounded allegation of "criminal activities" compounds that seizure. The allegations are false, but even if they were true, this would not give witnesses and Justin Sun any justification to run this thieving code. After the fork witnesses stuck with their assertions.
According to an extreme reading of "code is law", once Justin Sun had control of the Steem blockchain via the witnesses he could rewrite the code and his code became the law.
Back in the real world, however, just because you can make the computers do something, doesn't mean you should.
Ample evidence this was a theft
As @apshamilton has clearly demonstrated, every way you look at it, Justin Sun and his Steem Witnesses carried out a very public heist. And they would have made off with the loot if it hadn't been for "you meddling kids" in the form of whoever also held the keys for the account they chose to receive the stolen funds, they mysterious @community321.
Which brings us back to what Vitalik wrote:
This is exactly the correct take. A chain is its maintainers' responsibility, not their property. And that responsibility can be taken away at a moment's notice.
Hive is now a $100m market cap system, it has risen as high as $320m. That would make it a pretty large public company yet it has a very loose internal structure, employs no lawyers and doesn't have an address in the real world. Back in the days of Steem, there was always a feeling that Steemit Inc was out there, checking legals and being a responsible steward.
That's gone now. Hive is not owned by anyone except for all of us. The Witnesses own no more of Hive than their own stakes would determine yet they do carry a far larger legal responsibility. Of course they are rewarded for this with block rewards but they would do well to acknowledge the responsibility they have and the supremacy of sovereign laws over them.
To break this down simply: if the witnesses take action and run code that breaks laws and directly impacts users, those users can go to law enforcement in their homelands.
This isn't to say blockchains can't work, but it is very unwise to commit to being a witness without at least being aware of the legal responsibilities one is taking on, even if you aren't signing a contract with everyone using the blockchain.
This is a young industry, if code enacts a fundamental crime like theft, anyone who ran that code and tries to tell a judge in a real court "code is law" is going to be face some very serious consequences.
Some background on the specifics of the HF23 #SteemHeist
A very public heist
These are the undisputed details of the #SteemHeist.
Hive was born on March 20th at 14:00 UTC. The blockchain and community called Hive did not exist prior to that. Much of Hive's initial state was derived from the blockchain and community called Steem.
On May 20th at exactly 14:00 the witnesses in charge of the Steem blockchain implemented Hard Fork 23 and which removed around 23.6M Steem, valued at US$7 million at the time of HF23. Moments later the funds stolen by the code written into HF23 were transferred out of the control of the Steem Witnesses. That happened in block 43,536,278 on Steem.
In the opinion of a qualified lawyer, with a deep understanding of crypto, blockchains and Steem in particular, this was a premeditated and advertised act of theft carried out by those who ran the Steem HF23 code and aided by those who voted for witnesses who announced they would run this code.
10 minutes before the theft, in a specific transaction in Block 43,536,084, whoever had control of the account @community321 changed the keys.
Just 2m48s after the HF23 theft in block 43,536,278, two transactions were performed by @community321:
- community321 transfer 23,627,501 STEEM to bittrex These are funds stolen by the Steem witnesses using HF23 May 20th 2020 - please return them to their original owners prior to the fork :)
- community321 transfer 427 SBD to bittrex These are funds stolen by the Steem witnesses using HF23 May 20th 2020 - please return them to their original owners prior to the fork :)