How the Steem Saga Exposes the Dangers of Staking Pools

How the Steem Saga Exposes the Dangers of Staking Pools

Justin Sun played by the rules of the system, maybe the problem lies within the system itself?

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

Over the last few days, the centralization versus decentralization row has erupted in earnest. In case you missed it, the activities of Tron founder Justin Sun following his takeover of blogging site Steemit have been pivotal to the controversies.

Let’s briefly recap. Earlier in February, it emerged that Sun was further expanding his crypto-empire with the acquisition of Steemit, which runs on the Steem blockchain. Steem was developed by Daniel Larimer, who also introduced the delegated proof-of-stake governance model, or dPoS, to the blockchain sphere. Larimer later went on to build EOS, which also runs on dPoS.

Related: Steemit Managing Director on Partnership With Tron — Exclusive

The clash came about due to a conflict between Sun and the Steem “witnesses” — nodes elected by token holders to act as block producers. The entity Steemit Inc., which operates the blogging site, holds a large quantity of STEEM network tokens, which it had previously never used to participate in voting. Once Sun took over the company, the witnesses moved to implement a soft fork that would have effectively frozen the Steemit tokens and ensured they couldn’t be used to influence the network in the future.

Don’t play a player

Evidently, Justin Sun leveraged his significant weight in the crypto community to persuade exchanges, including Binance, Huobi and Poloniex, to vote against the soft fork that would have diminished his voting power. Not only that, but the vote also ousted the existing set of witnesses in favor of a new set, replacing 20 out of 21 witnesses. All the newcomers had accounts that were created in the days immediately preceding the vote.

Related: Steem Community Stands Its Ground Amid Tron Takeover

At the time of writing, the issue appears to be ongoing, with the Steem community attempting to pool their voting weight as a means of replacing Sun’s stooges with the original witnesses. Nevertheless, Sun’s actions led to cries of foul play from those who believed that before this, Steem (and even Steemit) was a decentralized, democratic system. 

But, to be fair to Justin Sun, he didn’t actually do anything wrong. He played the witnesses at their own game, using the rules of the system. What happened is simply an out-in-the-open play of the same scenario that many have long speculated is happening behind the scenes in EOS.

Challenges with collusion resistance

The issues with EOS are illustrative of the flaws inherent to the delegated proof-of-stake governance model, flaws that were highlighted in a recent report from Binance Research. The report assesses the practical effectiveness of the EOS governance model against three goals that decentralization is supposed to achieve: collusion resistance, fault tolerance and attack resistance.

Of these three, the most fundamental failures are around collusion resistance. The more revenue that block producers earn from producing blocks, the more influential they become over the network as a whole. By pooling that influence in votes, they can begin to exert dominance over the network.

Combine this with tokens stored on exchanges, where the exchanges also wield similar clout in the votes, and it’s evident that the control of the network rests in the hands of a small number of very powerful voters.

Related: The Steem Takeover and the Coming Proof-of-Stake Crisis

Aggregating power in crypto

Many would say that the exchanges shouldn’t use their influence in this way. In fact, it’s being used as an argument against Justin Sun’s recent actions regarding Steem, leading to both Binance and Huobi withdrawing their votes.

However, the case highlights the voting power that token holders are giving to exchanges. But the entire crypto community is also — inadvertently or otherwise — encouraging the aggregation of power through the use of staking pools.

Staking your tokens via a pool is essentially the same as putting them into an exchange, for voting purposes. As the saying goes, “not your keys, not your crypto.” Once users start putting their tokens into staking pools, they’re handing over their dPoS voting rights to the staking pool owner. This means that the exchanges and staking pools can easily control who is producing blocks in any dPoS blockchain. 

Now, having seen that control being exerted over Steem, token holders may think twice about leaving their holdings on exchanges or putting them into staking pools. After all, if the tokens are in a private wallet, or staked under one’s own name, the voting rights remain intact.

DPoS is an unnecessary complication

There’s already a sound solution that works as good as dPoS. The merits of classical PoS have been proven in the case of long-running PoS blockchains such as Nxt. The added complexity of voting rounds introduced by dPoS does not increase security in any meaningful way and may increase risks of collusion and centralization.

The rights and wrongs of the Steem and Justin Sun saga are likely to be debated for some time to come. Either way, Sun is unlikely to relinquish his voting rights conveyed by the Steemit tokens, given that the community has already moved against him. 

However, true advocates of decentralization should consider removing their dPoS tokens from centralized exchanges and staking pools, thus ensuring that they own their votes and their voices are heard.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Lior Yaffe is co-founder and director of Jelurida, and has 20+ years of experience in design, development, and deployment of enterprise applications for large organizations. Lior has his B.A. in computer science from the Technion in Haifa, Israel. Before establishing Jelurida (the company powering Nxt, Ardor and Ignis), he led the development and product management of a leading mainframe integration product at Software AG.


Zur Quelle
[/ihc-hide-content]

Justin Sun played by the rules of the system, maybe the problem lies within the system itself?

Mt. Gox Vulnerability Covered Up by Founder McCaleb, Lawsuit Alleges

Mt. Gox Vulnerability Covered Up by Founder McCaleb, Lawsuit Alleges

Jed McCaleb’s misrepresentation of Mt. Gox played a part in keeping users on the platform until bankruptcy

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

The latest in the long trail of events since the 2014 shutdown of the then-largest — but now defunct — cryptocurrency exchange Mt. Gox is a lawsuit that two former traders on the exchange brought against founder Jed McCaleb. The traders, Joseph Jones and Peter Steinmetz, allege McCaleb of fraudulently and negligently misrepresenting Mt. Gox to “induce” traders to use the exchange. The duo, who filed the lawsuit on May 19 in a court in California, allege that McCaleb was aware of “serious security risks” in the architecture of Mt. Gox back in late 2010 to early 2011, but neither followed-up to fix the issues nor disclosed the vulnerabilities to the public.

Was McCaleb aware of Mt. Gox’s security flaws?

The lawsuit from Jones and Steinmetz builds on the previous findings published in a Daily Beast report, that suggests that Mt. Gox had security flaws from its early days. The lawsuit claims that in or before January 2011 — when the Mt. Gox account was compromised, leading to the unauthorized sale of thousands of users’ Bitcoins (BTC) — McCaleb was informed about the security flaws and was aware that more than 80,000 Bitcoin had already gone missing. 

Not long after, another breach, termed the “dictionary attack” — i.e., an attempt to gain unauthorized access to an account or computer system by trying several different passwords until one is correct — occurred, which involved at least two Mt. Gox accounts. McCaleb failed to take any action to fix the security issues, but instead sold the majority of his interest in Mt. Gox to the eventual CEO of the exchange Mark Karpeles, the lawsuit claims. Karpeles signed the sales and purchase agreement around February 2011. In a recent interview with Cointelegraph, Karpeles confirmed his belief that the security flaw in Mt Gox through which the attackers gained access was part of the original architecture of the platform:

“Mt. Gox was hacked prior to being transferred on from what ordinarily was made by the Mt. Gox creator McCaleb. I have not been able to review everything myself because right now the lawyer holds the files but based on what they could find on the blockchain, as for the stolen bitcoins, are basically analyzed from the different court documents that will be made available. I’m 99 percent sure that the hacking came from what originally was made by McCaleb, the original creator of Mt. Gox.”

Related: ‘CoinLab Is a Big Stopping Block’: Mark Karpeles Talks Mt. Gox Creditor Claims and Life After Trial

The following email on April 28, 2011, obtained by The Daily Beast, suggests that McCaleb, who co-founded both Ripple and Stellar and currently serves as Stellar’s chief technology officer, knew about the missing 80,000 Bitcoin but did not disclose the information to the public:

Email1

Data obtained from Bitcoin.com shows that the price of bitcoin was, on average, $1.90, as of April 28, 2011.

Bitcoin Price on April 28, 2011

Bitcoin Price on April 28, 2011

Source: charts.bitcoin.com

Indeed, as McCaleb wrote, Mt. Gox appeared to have made enough money to cover the loss of 80,000 Bitcoins, given that McCaleb came back around December 2011 to request an earnout worth $263,431 from Karpeles, in accordance with the sale agreement between the two. The supporting documents filed with the lawsuit include a purported email conversation between McCaleb and Karpeles:

email2

Misrepresentations made by McCaleb?

After McCaleb handed over the reins of the exchange to Karpeles, Mt. Gox would go on to lose about 700,000 more Bitcoin to hacks and theft, all of which led to the eventual collapse of the exchange

As of the time Mt. Gox halted withdrawals on Feb. 7, 2014, Steinmetz owned 43,000 BTC and Jones had 1,900 BTC, as the lawsuit shows. Based on the lowest Bitcoin price of $654.35 on the day, Steinmetz holding was worth roughly $28,137,050, and Jones’ 1,900 BTC was worth about $1,243,265

Bitcoin price from Feb. 7, 2014 to Feb. 8, 2014

Bitcoin price from Feb. 7, 2014 to Feb. 8, 2014

Source: Coin360

Jones and Steinmetz claim that McCaleb reassured them about the security of the exchange, following the dictionary attack in 2011 An unknown amount of Bitcoin was missing due to this attack. In addition, the plaintiffs described themselves as experienced cryptocurrency traders and, as of the time of filing, they were still in pursuit of their lost Bitcoin. 

Alleged misrepresentations that the plaintiffs mentioned include McCaleb saying:

Timeline of Statements

These statements suggest that every issue of which McCaleb was aware was fixed and that no Bitcoin was stolen, a contradiction to findings that 80,000 Bitcoin was already missing. However, the purported misrepresentations above led users, especially the plaintiffs, to continue trading on Mt. Gox until the exchange ultimately sought bankruptcy protection in 2014, going by the following paragraphs in the lawsuit:

„Had plaintiffs known that the representations and omissions made by defendants were inaccurate, false and misleading, and designed to induce plaintiffs into utilizing the services provided by defendants, plaintiffs would not have selected Mt. Gox to do their bitcoin trading. As a direct, proximate and foreseeable result of defendants’ fraudulent misrepresentations and omissions, plaintiffs have suffered and will continue to suffer substantial damages in an amount to be proven at trial.”

A similar lawsuit filed against McCaleb by two different ex-users of Mt Gox last year showed email conversations with McCaleb that suggests that he was aware of the security flaws that had lead to Bitcoins going missing from the platform. The 2018 lawsuit, filed by Donald Raggio and his son Chris Raggio, claimed that McCaleb did not do enough to recover a total of 9,500 Bitcoins that were stolen from the pair’s accounts on Jan. 9, 2011.

Meanwhile, the struggles of Mt. Gox creditors to get their funds back is lingering. There had been hopes that creditors, of which there are approximately 24,000 people in total, might get paid before the end of 2019. However, the exit of the founder and coordinator of Mt. Gox Legal (MGL), Andy Pag, from the group has sprung new uncertainties. Pag, who decided to sell his stake in the group when he stepped down, said that the civil rehabilitation process of the failed exchange could take two additional years to reach a conclusion. Pag pointed at online legal issues including the recent petition from United States-based startup incubator CoinLab, which has issued a claim for $16 billion from Mt. Gox. It seems that the more the situation around Mt. Gox and its creditors develops, the more questions and accusations emerge.


Zur Quelle
[/ihc-hide-content]

Jed McCaleb’s misrepresentation of Mt. Gox played a part in keeping users on the platform until bankruptcy

How Crypto Incentives Work, Explained

How Crypto Incentives Work, Explained

Incentivization has played role in driving the crypto world forward. Let’s take a look at the common tools used to reward miners, validators and everyday users

[ihc-hide-content ihc_mb_type=“show“ ihc_mb_who=“reg“ ihc_mb_template=“1″ ]

3.

One could argue that PoS provides a double incentive.

Here, the onus changes to “staking,” where miners have a better chance of being chosen to add a block to the chain — and hence get rewarded — depending on how many coins they possess. As well as being motivated to invest in a platform and support a currency to increase their profitability, there are the rewards to think about on the horizon.

Although it has addressed some of the issues inherent in the PoW protocol — namely the extraordinary costs involved with mining, which can run into hundreds of thousands of dollars a day — it does deliver its own disadvantages. For example, PoS does run the risk of monopolization, where a few validators rich in coins end up receiving the lion’s share of the rewards.

All of this said, PoS does inoculate a platform against a so-called “51 percent attack” — as such an attack would likely devalue the digital currency which the validators themselves own. In a PoW scenario, miners can reap rewards even if they don’t own the asset involved. Again, it just goes to show that incentives in the crypto world can present themselves in many ways.


Zur Quelle
[/ihc-hide-content]

Incentivization has played role in driving the crypto world forward. Let’s take a look at the common tools used to reward miners, validators and everyday users