In an effort to stop several thefts, seven accounts on the EOS blockchain were frozen on June 17.
At face value, many will see this move by the 21 block producers (BPs) in charge of validating transactions on the newly live blockchain as a success in stopping malicious actors from bilking several users out of more than $20,000 in EOS. But others are concerned that such a decision will have far-reaching implications – and not just for EOS, but many other blockchains as well.
But first, it's helpful to understand what happened last weekend.
As the migration from the ethereum blockchain to EOS's own blockchain took place, EOS holders had to register their new EOS wallet addresses. In the mayhem during the transition, some users were duped by fraudsters into handing over their private keys.
Within the cryptocurrency space, that typically means a user's crypto is gone forever, in the case of the EOS blockchain migration, the fraudsters weren't able to immediately sell the tokens and run off with them. Within the EOS rules, all but 10 of users' EOS tokens were staked when the blockchain went live. To withdraw tokens, users had to unstake their coins, which would then start a 72-hour waiting process.
While many EOS holders reported fraud, only seven disputed accounts had moved to unstake, the first step toward selling. Their cases were among the many before the EOSIO Core Arbitration Forum (ECAF), which is supposed to rule on disputes between users. But ECAF didn't rule, arguing that it didn't yet have jurisdiction.
So less than 24 hours before the stolen tokens were available to be sold, the BPs acted (unanimously), freezing those accounts until ECAF could make a valid ruling, in order to protect those who rightfully purchased tokens during the nearly year-long initial coin offering (ICO) the blockchain's creator, Block.one, executed.
While the BPs move to prevent theft appears defensible, still, some are speaking out against the decision.
The argument revolves around the fact that the rules governing the EOS blockchain – what stakeholders are calling its "constitution" – haven't been decided on and made official yet.
And even setting aside the larger legal questions about such a document's legitimacy before a court, BPs are currently left in this authoritarian grey area until the constitution is ratified by users.
As such, those on EOS are debating whether the proper course of action was taken, and those off EOS are convinced this shows that EOS' delegated proof-of-stake mechanism – which was used to create a faster, more scalable blockchain – is prone to centralized control and, in turn, potential censorship.
Like a military in a weak nation-state, the action illustrated the fact that BPs have the real power over EOS with or without a governance process.
As Dean Eigenmann put it in a Medium post:
"The entire model of EOS seems like an oligarchy veiled in a democracy that can be easily corrupted through various means."
And others went so far as to claim the systems' rules are a bad idea either way since it could eventually endanger other blockchains.
Backing up, when Block.one released the code for the EOS blockchain, the EOS tokens on the ethereum blockchain were locked up in a smart contract – gone forever.
Naturally, this confused some users, and where confusion and crypto meet, the opportunities to steal assets abound.
While most of the world's EOS holders were just watching and waiting to see if EOS would ever manifest as a public blockchain, a small subset of holders were panicking over the fact that one website or another had tricked them into losing control of their tokens on EOS.
A few user groups then put together a site called EOS911 to help those that had been duped.
The theory was that if a user could prove they controlled the private key that had held the EOS when it resided on ethereum, then that proved they should own the EOS on the new public blockchain, or mainnet.
While more accounts then these seven have been identified as being hacked by phishing websites and other malicious actors, the other accounts private keys haven't yet moved to unstake the tokens they controlled, and as such, those accounts have not been frozen.
And while many see this move as in line with EOS's mission to be a more user-friendly blockchain, some question whether or not solving a few people's immediate problems creates a long-term threat to EOS and even other blockchains.
As such, even EOS BPs aren't necessarily in agreement with the steps taken.
While the decision was unanimous, EOS New York, one of the top BPs explained that it supported the temporary freeze reluctantly.
The group called on the EOSIO Core Arbitration Forum (ECAF), a group put in charge of handling disputes on the blockchain once the constitution is ratified, to make a full ruling by June 19 or they would reneg their support of the freeze, releasing the tokens to be withdrawn. Late on June 18, ECAF issued a statement affirming the emergency ruling, so EOS New York continues to support the freeze.
Still, in a statement from EOS New York, the group said it would not support such an extraordinary action again short of a threat to the full protocol.
"We are encountering these problems on a daily basis and we do not have the tools in place to properly address them."
Most BPs have remained publicly silent of the decision, however.
While the group that will arbitrate disputes, ECAF, already exists, according to interim ECAF administrator Moti Tabulo, the arbitrators had no jurisdiction, explaining that "this was due to a lack of mechanisms on the blockchain that ensure that EOS users agree to the EOS Constitution and binding arbitration."
Still, EOS Tribe, a standby BP (not one of the 21 validating BPs but a party that could eventually, and wants to be, one of those) voiced its support for the freeze on Medium.
"Some were hesitant to take any actions to avoid any risks or liabilities to themselves," Steve Floyd wrote on behalf of the group. "... If we were elected we would not hesitate to take right actions to protect token holders' accounts and go through great lengths to convince other BPs."
EOS Amsterdam, another standby block producer, voiced similar support.
Not everyone agreed though. Going by the name of Kev, one of the co-founders of EOS Go, the group that has been sharing information about the protocol, wrote a reply to EOS Amsterdam's statement on his organization's forum:
"What stands out about this case, is it's the first time we've had a group with the power to act unilaterally, which they went ahead and did. ECAF said 'we don't have the power to act' and BPs said 'well we do, so we're going to.'"
And this signals perhaps an important aspect of the EOS system – that ECAF will have power when and if the community grants it power, but the BPs will have power as long as EOS exists, whether there are rules or not.
The downward spiral
For many crypto enthusiasts this control could be off-putting since the centralized power structures are generally shunned, but Emin Gun Sirer, a professor at Cornell and himself a consensus protocol designer, said that might be the least of everyone's worries.
He told CoinDesk, "The fact that EOS transactions are subject to 'arbitration' based on an unclear document of zero legal force means that EOS transactions lack finality."
Continuing, Sirer said, if BPs can roll back misbegotten tokens to their original holders then that creates a dangerous situation for everyone in crypto.
Imagine an attacker manages to steal one EOS from a legitimate user, and that attacker immediately moves it onto an exchange and trades it for some bitcoin. Then the attacker withdraws that bitcoin from the exchange. Later, EOS discovers the theft, the aggrieved holder proves their case and EOS rolls back the trade. Now the exchange is out both one EOS and part of a bitcoin.
So either the exchange eats that loss or it imposes it on the innocent user who had previously owned the partial bitcoin because the attacker is gone.
Now imagine the attacker stole not one EOS token but thousands, and imagine that after the attacker traded many more times, EOS BPs rolled back the transaction. The exchange, or whoever was deemed liable, would then be out significant amounts of money.
This is why it's apt for Sirer to describe the mechanism as a potential "contagion," as he did in a recent tweet thread.
Expanding upon that statement, Sirer told CoinDesk:
"The root cause of the problem is that all cryptocurrencies except EOS are bearer instruments with degree settlement periods, and EOS looks like a cryptocurrency. But it is not a bearer instrument, and it has infinite settlement time.
In this recent instance, there's no such danger because ill-gotten EOS never left the genesis block wallets, but in the future EOS enthusiasts envision, where millions of transactions are running across EOS every hour, the token holders and/or the BPs might not catch these thefts so quickly. Or even beyond that, arbitration might take much too long.
As such, Sirer concluded, "Exchanges have been taken in by EOS's crypto-API and treat it as equivalent to others. They will get a wake-up call when the governance model kicks in and reverts transactions."
Broken padlock photo via Shutterstock