Giving $650mm in USD to a random company is still infinitely safer than doing so with crypto. If a regulated bank claims they got hacked and lost that amount, there are a slew of federal and state laws and agencies in place to investigate it. With crypto, it could very well be in the wallet of the CEO or IT guy and no one would know.
That's all well and good when the thieves are in the US or a country that will extradite them. What happens when the thieves are operating out of a country without an extradition treaty?
In the regular financial world you can at least reverse the transaction. With crypto, is there anything you can do?
You can't always reverse the transaction in regular financial world. It is typically possible if all parties involved act in good faith, and often possible in other cases too, if you act fast, or the bad faith actor is less than competent. However, this is not always the case.
Imagine the following scenario: bank A sends $100M to bank B, which then sends it to bank C. By "reversing" the A->B transaction, all you're doing is making bank B on the hook for the $100M. Bank B will obviously not be very happy about this, and if you try to force it through some legal means, this will effectively amount to stealing $100M from bank B and its customers.
Reversing erroneous transactions is a useful feature of regular financial system, and lack of it in blockchains often poses huge and avoidable practical problems. At the same time, this in no way should be seen as panacea for restoring stolen money, neither in real financial systems, nor in blockchain.
Reversing erroneous transactions is a useful feature of regular financial system.
Yes. A friend of mine is a branch manager for a major bank. She's one of the people who has to deal with unhappy customers victimized by scams. Recently, she had a customer who wanted to send a significant amount of money to a country in Southeast Asia. That's not unusual for a California bank. Then the customer showed up at the branch in tears.
It turned out the customer was being victimized by a "relative in trouble" scam. Fortunately, the receiving bank had flagged the account at their end as suspicious,
and hadn't yet let the recipient withdraw the funds. This allowed the transaction to be clawed back. It took phone calls, messages, management signoffs, and work by people in multiple banks to unwind the transaction, but the money was back in the customer's account in the US in a week.
Reversing a fraud transaction in the banking system is a rare event, and not easy, but it is often possible for a few days after the event.
I'd imagine "customer suddenly initiates an international wire transfer for a large amount, with no previous history of doing so" is a pretty reliable signal.
I've certainly had banks call me and explain the nature of wires, in an attempt to prevent me from financially foot-gunning.
Yes, there are flaws in the real world financial system as well.
Yet, we’ve heard of more of these scams in years of crypto than in decades and centuries of banking.
And no one has still provided an explanation of why crypto is better than the established working system other than “it’s decentralized” except as we find repeatedly, it’s not decentralized.
I wouldn't go with "centuries" of banking on that one. Truth to tell the early days of banking, which is most of the 19th century for the US, were replete with exactly the kinds of frauds and cons that crypto is now replete with. Which is what has led to the regulation and supervision that crypto is in de facto rebellion against.
Of course, the best way to find out why something is not done a certain way, is to try doing it that way.
It's not really goalpost shifting - thieves in countries without extradition treaties and with justice systems that don't care are a serious ongoing problem with the existing banking system, and those transactions are not in general reversable. Hell, someone managed to steal a substantial sum of money from Bangladesh's central bank and almost none of it could be recovered. The only reason they didn't manage to rob all 1 billion dollars of the central bank's reserves was a random false positiver in some AML check.
Yes. How else do you police criminals? It's an absurd question anyway, they can and do, while there are methods people use to try and evade them. There's nothing about Crypto that changes that. It's just another system.
So your argument is that cash is also used by criminals so cash should be banned. Do you realise how ridiculous that sounds now apply the same logic to crypto.
Isn't the obvious solution to also reverse the transfer from Bank B to Bank C? If multi-hop transfers are treated as irreversible, then it creates an incentive for fraudulent sellers to collect all payments through multiple hops. If instead fraudulent transactions may be reversed at the first payment processor, the payment processor then has a financial incentive to make sure that they only pass through valid transactions.
In an analogous situation, suppose I go to a physical store and buy a TV, only to find that it doesn't turn on. I have the right to return it to the same store that I bought it from, and to receive a full refund. Nobody at that store manufactured or designed the TV, so why should they take the financial hit for a broken TV? Except that without that financial incentive, the store has little reason to bargain with their suppliers about defective merchandise, and the supplier has little incentive to fix a defective product.
> If instead fraudulent transactions may be reversed at the first payment processor, the payment processor then has a financial incentive to make sure that they only pass through valid transactions.
Yes, but it's only one of the incentives they're facing. Another one is to provide useful and convenient service to its customers.
Try to think more about the example I provided. The account in bank A is victim's, while accounts in banks B and C are owned by the fraudster. The transfer from A to B is fraudulent, but the transfer from B to C is perfectly legitimate as far as B bank knows: the name on the destination account in bank C might even be exactly the same as in bank B, so why would bank B have any suspicions? At best, it could reject incoming transfer from bank A if it had suspicions (which, by the way, why would it have?). Would you want to be a customer of a bank that can just reject incoming transfers, so that you have trouble getting paid?
Finally, consider that bank C might then allow the fraudster to withdraw the proceeds in cash. Bank C might be foreign, and B communicates with it through SWIFT, and might simply refuse reversing the transaction, or again might already have sent the funds to bank D in yet another country. The point is that you cannot treat regular financial transactions as reversible either. They might be reversible sometimes, especially if everyone involved acts in good faith, but there is no guarantee.
> In an analogous situation, suppose I go to a physical store and buy a TV, only to find that it doesn't turn on. I have the right to return it to the same store that I bought it from, and to receive a full refund.
That's not really an analogous situation. Here's what would be closer: imagine you order a specialty TV online from China. The retailer A orders a company B that manages it warehouse to pack it on a truck of company C that specializes in LTL, which then ships it to company D which coalesces LTL freight into packed containers, then puts on containers owned by a shipping company E, which ships them across the Pacific to port authority F, then we have a shipping company in G in states, another truck company H to ship it to train yard H that gets it to LTL company I's warehouse, which then is passed on to courier company J, an independent subcontractor K of which finally gets it to your front door. Then your TV doesn't work, and you want to return it.
Will you try to unravel the chain back the same way it arrived? Are you going to find the subcontractor K, and have him ship it back to courier company J, to send it back to the LTL company K etc? No, you'll go straight for the original retailer. Similarly, with financial fraud, you'd need to go straight for the fraudster.
> Isn't the obvious solution to also reverse the transfer from Bank B to Bank C? If multi-hop transfers are treated as irreversible, then it creates an incentive for fraudulent sellers to collect all payments through multiple hops.
Well ... some kinds of transferring wealth are legally harder to reverse after the first transfer.
In the United States, an old-fashioned way of moving money between people, the "check", has behavior specified in Uniform Commercial Code Article 3, Negotiable Instruments.
Article 3 is worth a read; it has filled in a lot of gaps for me about the bare-minimum legal requirements associated with activities like writing a check, post-dating a check, negotiating a check, stopping payment, etc. (In practice banks may do more than the minimum for customer service but it's interesting to understand the basics).
One of my favorite parts is the "holder in due course" rule ("§ 3-202. NEGOTIATION SUBJECT TO RESCISSION.")
If a check gets endorsed a couple of times and a new person takes it in good faith, then that new person is a holder in due course. Some remarkable things happen: even if the check has gotten a stop payment or has otherwise been dishonored, a holder in due course now has the right to the money promised by the check.
I wondered why the law would set up such a convoluted way of making certain payments irreversible. My dad explained:
"""[A] a widely accepted legal framework for negotiable instruments was critical to trade in the era before electronic payments. The problem is convenience - how can a buyer safely pay for goods or services without carrying around a lot of cash? The holder in due course rule basically lets the buyer's bank rely on the form of the negotiable instrument (including a genuine signature) without risking a claim for wrongful payment based on other facts about the sale it can't know."""
So -- can someone take advantage of this behavior to turn a dubiously valid check into an irreversibly one, and get the money?
Yeah! Totally! There's a guy named Robert Triffin who is, like, famous for buying dodgy checks at below their value, cashing them, and suing to get his money when the payor refuses to pay up. I don't have firsthand info about this, I just read news articles, but I think he gets a decent ROI. (See e.g. http://appellatelaw-nj.com/the-first-triffin-case-of-2011/
P.S. Some of my other favorite things about this instrument in the UCC:
* a signature is any mark you intend to be your signature (§ 3-401);
* a check can be written with almost any text and in almost any format on whatever you want (§ 3-104);
* checks can go stale six months after the datestamp but banks can choose to honor them anyway (§ 4-404);
* writing a future date on a check doesn't legally prevent it from being cashed unless you also tell your bank about the postdating in the same way you would make a stop payment order ( § 3-113, § 4-401 )
* If you have a dispute with someone about how much money they owe you for a service, and they give you a check, you can cash the check and write "without prejudice" to indicate that you aren't agreeing that this is the correct amount owed but you do want their money (§1-308). UNLESS the payor has written on the check "a conspicuous statement to the effect that the instrument was tendered as full satisfaction of the claim" (§ 3-311), in which case cashing that check discharges your claim. Which all frankly seems like a mess.
Even if that is desired and wouldn't spark a philosophical debate about wether centralized entities should get involved at all, there is a much deeper problem.
Every transaction that is occurring now on the chain will be invalidated.
That means you can't even reverse a single transaction you will have to reverse one transaction and ALL other transactions that happened after the one you want to reverse.
If that happens too often why would I want to to transact on a chain that is under constant threat to be forked off?
You're thinking too narrowly about the types of "hard forks" that are possible and what the space of all possible regulations could be. For example, one possible idea (with a lot of downsides! this is just an example, not a proposal), is that the US government could just promulgate a "US super-key" that allowed it to sign any transaction and have it be considered valid, and require users running blockchain software in relation to financial applications to respect those transactions. This would be a bad proposal for a number of reasons, but it's possible, because blockchains and the code that enforce them are inherently a social construct, an agreement made between all participants.
But the answer to "why would I want to to transact on a chain that is under constant threat to be forked off" is even simpler: It's because, in this hypothetical, the regulatory environment you operate in gives you no other choice. Unless you and everybody you transact with has the ability to boycott or subvert the regular financial system entirely (e.g. you're doing entirely black market transactions), then you'd have to fall in line if a government that was crucial to your operations or your downstream supplier's operations required it.
Anyone could start a cryptocurrency today with such a key and give it to the FBI, and if people thought that made them safer, they could buy that currency and use it.
You wouldn't have to reverse all the transactions. You could trivially create a fork (which has to be longer, and therefore have more transactions available) that includes every transaction but one from the blockchain. Well, that is you can create that fork as trivially as you can create any other fork.
Sure maybe. But that only really works if few (if not all) entities have control over the consensus mechanism.
On a regular PoW blockchain you will have to recalculate all the hashes according to the difficulty which will up to the miners.
But even if you could, it's an absolute technical nightmare.
To build an analogy that somehow fits. If you have git repo and you find out that a particular commit that you want to undo, what do you do?
- Rebase all changes to an earlier commit, remove the faulty commit and recalculate all commit hashes that follow it.
or?
- Create a new commit that reverts the old commit.
In reality you opt for option 2 99.99% of the time. The only reason you would ever want to remove a commit from history is if you accidentally exposed information to an audience that is not supposed to see it.
When you first responded to chippiewillie you talked about how forking would produce a reversal of all the transactions. That's not true, but it is what you identified as a "much deeper problem"
My apologies, I used “reverse” and “invalidate” synonymously.
Nevertheless on a public blockchain all transactions would be invalidated and that indeed is a problem.
Because everyone who received coins would have to wait again for n confirmations in order to be sure they got their money. In theory nobody should be able to add a double spend transaction to the pool but I wouldn’t bet on it.
That’s what I mean with technical nightmare.
You would have to make sure to properly identify all transactions. Possibly take down the system, exclude a single transaction. Make sure that the miner who will find the next block will include the right transactions. Make sure of that for the following block. I don’t see that happening with a large coordination effort, meaning: centralization.
And when you come to that conclusion you should probably take a step back and rethink “why are we doing all of thatch blockchain stuff when we need to rely on a central authority?”
> when you come to that conclusion you should probably take a step back and rethink “why are we doing all of thatch blockchain stuff when we need to rely on a central authority?”
I think blockchain is going to eventually die for that exact chain of reasoning.
Sure, why not? You could even automate it, using a SWIFT-like messaging pipeline that all mining companies have to subscribe to. Blockchains are fundamentally a social construct, and governments have the ability to regulate the individuals who are creating the blockchain. If there was enough political will for it, you could absolutely bolt a "reversal" mechanism onto any existing blockchain. Unless you're doing your mining operation entirely on the black market, you're going to rely on the government for enforcement of your colo rent agreements, your electricity agreements, etc, so there's lots of incentive to comply.
What you have when you're done with the process you've described is a centralized banking system managed by world governments, which is what we already have. It's not perfect, but it works, and lots of people are actively working on improving it in ways that don't involve the contradiction inherent in centralized decentralization.
Yes? That's the point of my comment? I'm confused about what you're saying. I'm trying to answer your question "And do that every time a hack occurs?". The answer is yes, it's completely feasible and within the powers of a government or inter-government treaty organization to do this every time a hack occurs, because they already do. I'm not trying to say that such a system is good, just that it's possible. There is nothing "special" about blockchains that exempts them from normal government regulation.
Ah, I misunderstood what you were saying. I thought you were advocating that we should do that, and I was wondering why that would be better than the status quo.
You'd have to be forking it once a week, because there is so much stealing going on. We'd probably end up with a weekly split. Imagine how crazy that is. And of course people would make false stealing claims. Maybe you are on vacation when they reverse something that takes your money, because you have a chance to weigh in.
Sounds like a non-sequitur. Theft of cryptocurrency being illegal does not mean that it is safe, and doesn't offer any evidence at all against the parent's post that it is "safer" to use banking systems than to use blockchain.
It's only an open question to people who haven't actually looked into it. Yeah, criminals get caught trying to move around stolen cryptocurrencies all the time.
I looked up the first six (#11-#6) projects on this list and I didn't see that in any of those cases the perpetrators have been caught nor the funds returned. I could be missing something though.
Plenty of crypto companies insure their deposits through third parties. Actually, Ronin users should have been able to insure their deposits with Nexus Mutual.
Sure. Google how many bank robbers got caught the past ten years. Do the same for BTC. Then look at what percent of BTC has been stolen. Look up what percent of USD has been stolen.
Conclusion? Far less effort spent on BTC cases and far less thefts resolved.
Unlike traditional banks with their burdensome regulations and gate-keepers, the permissionless, decentralized nature of the blockchain means that they can't get the money back.
The increased risk of total loss in the edge case is in exchange for a more efficient system with lower prices in the average case. Individual users should make an informed decision about the tradeoff.
This sounds like an argument for why companies should be allowed to sell unregulated drugs and use asbestos and lead paint.
Individual consumers, who we all know are extremely knowledgeable and informed on all topics interacting with their lives, should weigh the increased risk of total loss against generally lower prices. And then in the event they unluck into in the total loss case, they should just shrug their shoulders and accept that they were lucky.
Companies selling "unregulated drugs" could also mean people getting the covid vaccine in mid 2020 rather then waiting months and months for trials. People could have made that personal choice based on their own situation and risk factors. Also compare the regulation between "drugs" and "supplements" in the USA.
I find it hard to argue that "asbestos and lead paint" are the same kind of individual choice as a bank or unregulated drugs.
The difference is Starbucks have 6.5B in cash/cash equivalents, and there is no ways to convert SB gift card balances to cash. What is the hacker going to do with it, order 1B cups of coffee?
