Reversible transactions could mitigate crypto theft — Researchers
Stanford University researchers have come up with a prototype for “reversible transactions” on Ethereum, arguing it could be a solution to reduce the impact of crypto theft.
In a Sept. 25 tweet, Stanford University blockchain researcher Kaili Wang shared a run down of the Ethereum-based reversible token idea, noting that at this stage it is not a finished concept but more of a “proposal to provoke discussion and even better solutions from the blockchain community,” noting:
“The major hacks we’ve seen are undeniably thefts with strong evidence. If there was a way to reverse those thefts under such circumstances, our ecosystem would be much safer. Our proposal allows reversals only if approved by a decentralized quorum of judges.”
The proposal was put together by blockchain researchers from Stanford, including Wang, Dan Boneh, Qinchen Wang, and it outlines “opt-in token standards that are siblings to ERC-20 and ERC-721” dubbed ERC-20R and ERC-721R.
Billions in crypto stolen. If we can’t stop the thefts, can we reduce the harmful effects?
Over recent months, a couple other @Stanford researchers and I drew out and prototyped ERC-20R/721R to support reversible transactions on #Ethereum.
See post & :https://t.co/38Hs0F9goU
— kaili.eth (@kaili_jenner) September 24, 2022
However, Wang clarified that the prototype was not to replace ERC-20 tokens or make Ethereum reversible, explaining that it is an opt-in standard that “simply allows a short time window post-transaction for thefts to be contested and possibly restored.”
Under the proposed token standards, if someone has their funds stolen, they can submit a freeze request on the assets to a governance contract. This will then be followed up by a decentralized court of judges that need to quickly vote “within a day or two at most” to approve or reject the request.
Both sides of the transaction would also be able to provide evidence to the judges so that they have enough information, in theory, to come to a fair decision.
For NFTs, the process would be relatively straightforward as the judges just need to see “who currently owns the NFT, and freeze that account.”
However, the proposal admits that freezing fungible tokens is much more complicated, as the thief can split the funds among dozens of accounts, run them through an anonymity mixer or exchange them in other digital assets.
To counter this, the researchers have come up with an algorithm that provides a “default freezing process for tracing and locking stolen funds.”
They note that it ensures that enough funds in the thief’s account will be frozen to cover the stolen amount, and the funds will only be frozen if “there’s a direct flow of transactions from the theft.”
Gonna mass-address other comments:
- If you think this is an incomplete solution, you’re entirely correct. Our paper provides some pieces of the puzzle (focuses on the mechanics), but we mention many open questions surrounding decentralized gov. That space needs work.— kaili.eth (@kaili_jenner) September 25, 2022
Wang’s Twitter post generated a lot of discussion, with a mixed bag of people asking further questions, supporting the idea, refuting it or putting forward ideas of their own.
Prominent Ether (ETH) bull and podcaster Anthony Sassano wasn’t a fan of the proposal, tweeting to his 224,300 followers that “I’m all for people coming up with new ideas and putting them out into the ether but I’m not here for TradFi 2.0. Thanks but no thanks”
I’m all for people coming up with new ideas and putting them out into the ether but I’m not here for TradFi 2.0
Thanks but no thanks https://t.co/pdSIB5Ib05
— sassal.eth (@sassal0x) September 25, 2022
Discussing the idea further with people in the comments, Sassano explained that he thinks that reversal control and consumer protections should be placed on the “higher layers” such as exchanges, and companies rather than the base layer (blockchain or tokens), adding:
“Doing it at the ERC20/721 level would basically be doing it at the “base layer” which I don’t think is right. End-user protections can be put in place at higher levels such as the front-ends.”
