Recently, the digital currency exchange MintPal was successfully attacked. VeriCoin was the target, and nearly 30% of all the VeriCoin in existence were stolen. In a time of quick decisions, the VeriCoin developers came in contact with MintPal and decided to hardfork their blockchain to…
Patrick Nosker, one of the developers for VeriCoin, sat down with CCN to talk about the decision and the discussions that are taking place because of it.
[divider] CCN [/divider]
When you all first found out MintPal was attacked, what was your initial response?
Well, there are three things you can do then.
Option One: You can do nothing, which means the guy who stole the coins can get 30 percent of all the VeriCoins. He can do whatever he wants with it, which includes staking it and having a 51 percent attack.
Option two: You can take that information and hope that he doesn’t send it before you can patch the wallet code to block any transactions coming from his address; shrinking the market cap by 8 million coins. It would leave MintPal without those coins, and they would have to reimburse their users. That was an option we took really seriously actually. Another thing you can do as part of that option is add in the code to allow the developers to mine the coin back and send them to MintPal.
That’s trivial though because it would’ve taken a lot of time to do. I suspect that if we took the time to do that, the hackers would have already sent the coin out and sold it. But that was an option, and that’s an option that Libertycoin took when they blocked the developer’s hidden premine. It had been done before, and it had worked, but we didn’t know if it would work for VeriCoin. It would have taken a few days to research how to do it effectively with the Proof-of-Stake system we have.
The third option was to go back on the blockchain to a point before the transaction and send the coins out from the same inputs quickly to a new address before they could be sent out again by the hacker if he has private keys. So that’s the option we took.
On the hardfork.
It’s really unfortunate. Hardforking the blockchain is something that no one wants to do, and no one has done for a reason like this before. We’re the first coin to do this, which is kind of weird in some ways but also kind of awesome in others. We did it because we really care about people that have the coin, but the main reason is that we didn’t want people to attack the coin at their leisure in the future.
Some people accused us of dealing at MintPal, but it’s not like that. If we don’t do this, we’re going to get attacked possibly someday, then it’s no good, and no one will ever use it again. If we hardfork and people don’t like it, then the coin’s dead anyway. The worst option was to do nothing because it guarantees VeriCoin dies.
People are worried that this might set precedent for other coins to respond the same. An example would be if Bitcoin did this when Mt.Gox happened.
Bitcoin has forked two times, significantly. One was in 2010 when someone was able to mint billions of Bitcoins. They had to go back 100 transactions and reset the chain. Thankfully, the network was really small then, and all the developers had to do was get to the big pools and tell them to update their codes. Bitcoin was really small, and no one cared about it, so it didn’t get much attention.
The second event was where Bitcoin was updating from, I believe, 0.7 to 0.8. People didn’t like the 0.8 change, so some people didn’t move over. Basically, they were competing on two parallel chains for a long time. Eventually, the developers decided to revert back to 0.7.
When people say we’re abusing our power, that’s fine; they can say what they want to. I don’t think of it that way, because we were going out of our way to prevent the coin from dying off. Most of the people who are critical of this are people that don’t own it and are people that want another coin to succeed. They attack every coin and right now it’s a good opportunity to attack VeriCoin.
The hardfork was a success, and MintPal released an update in an announcement on July 14 stating that the VeriCoin people hold on MintPal will be unaffected.
“As we previously announced, the VRC developers have worked tirelessly to perform something never before done by a cryptocurrency and rollback the blockchain in order to reverse the two malicious transactions. This was not done out of a desire to save MintPal, but rather a desire to save your coins. Once the updated wallet has been distributed, and the new fork is active we will re-open our VRC wallet to facilitate withdrawals.”
Victims of the VeriCoin attack are encouraged to keep their funds in cold storage next time, instead of in a vulnerable hot wallet.
Diclosure: I was a VeriCoin victim in this attack on MintPal.
Last modified: January 25, 2020 10:02 PM UTC