$1.5 billion stolen: Why can’t Ethereum “roll back” to recover losses?

Author: timbeiko.eth Source: X, @TimBeiko Translation: Shan Ouba, Golden Finance

After the Bybit hack, cryptocurrency commentators are once again asking why Ethereum can't "roll back" the chain to reverse the attack.

While experienced ecosystem participants are almost unanimous in their view that this is not feasible, it is worth analyzing why this seemingly reasonable proposal is not feasible for less technically knowledgeable observers. If you are one of them, you can think of this as an "ELI5" version of the explanation to help you understand why this is impossible.

"Rollback" Concept

The concept of blockchain "rollback" originated from an early event on the Bitcoin blockchain. In 2010, less than two years after Bitcoin went live, a bug in the client software led to 184 billion bitcoins being minted in block 74638.

To fix this, Satoshi Nakamoto released a software patch that invalidated these transactions. This was equivalent to "rolling back" the chain to block 74637. In less than a day, the new chain had accumulated enough proof of work to become the official chain, and all rolled-back user transactions were included in the new chain. It is important to note that at the time, Bitcoin mining was 10 billion times less difficult than it is today, and the BTC/USD price was about $0.07.

In short, the peculiarity of this event was that there was an obvious bug in the protocol itself that led to the problematic transactions, and due to the large transaction amounts, they were easily identified. Moreover, at the time, Bitcoin's adoption was low, making it relatively easy to distribute new clients and quickly mine new chain segments.

Ethereum and TheDAO

A seemingly similar crisis occurred in Ethereum’s early history, which often leads to misunderstandings about the feasibility of rollbacks. In 2016, a popular Ethereum application - TheDAO - controlled about 15% of all ETH. Unfortunately, a hacker discovered a vulnerability in the application’s code that allowed them to steal all of these funds. The difference between this and the Bitcoin incident is that the Ethereum protocol itself was not the problem, but the application built on Ethereum.

Fortunately, the developers of TheDAO implemented a safety mechanism where the application would freeze withdrawals for a month before the withdrawals were completed. This provided a unique opportunity to fix the vulnerability: the application’s code could be changed to prevent the funds from ending up in the hands of the hacker.

Since the application itself could not do this, the developers had to make changes directly in the blockchain’s history. This is called an “abnormal state change” because the “state” of the application was changed by manually updating the database, rather than through a valid Ethereum transaction.

To roughly compare it to the Bitcoin vulnerability, it is similar to setting the balance of the address that received 184 billion BTC to 0 instead of re-mining the chain that excluded those transactions.

The upgrade caused controversy within the Ethereum community, and the community actually split over it. Some miners refused to run the software patch and continued to mine on the chain where the hack occurred, which later became Ethereum Classic. The Ethereum chain, as it is now called, is the one that applied the software upgrade.

Again, this incident was unique. The stolen funds from TheDAO were frozen for a month, giving the community time to coordinate and implement the software upgrade. Another important advantage of the funds being frozen is that the hacker cannot continue to move the funds. If the hacker can move funds around at will, then “freezing” them becomes a cat-and-mouse game, because the protocol is open source and any changes that could freeze the funds would have to be broadcast to the hacker, giving them enough time to move the funds elsewhere. This brings us to the Bybit incident.

Why can’t we roll back Ethereum?

Earlier this week, 401,346 ETH (about $1.4 billion) was stolen from the Bybit exchange. The theft was caused by the custodian of the funds signing a misleading transaction in a compromised multi-signature interface.

The root cause of this hack is more complicated than TheDAO and the Bitcoin overflow vulnerability. There is nothing wrong with the Ethereum protocol itself, or even the multi-signature application used by Bybit. The problem is a compromised interface that makes transactions appear to do one thing, but actually do something else.

From the perspective of the Ethereum protocol, there is no way to distinguish this transaction from other legitimate transactions on the network. There is no violation of the protocol rules, and the stolen funds can be isolated by patching the problem, as in the case of the Bitcoin vulnerability.

In addition, the hacker immediately began to move funds. Unlike the DAO incident, where the community had a month to perform a "surgical" intervention, here the hacker immediately began to move funds on the chain.

Even if we can solve the cat-and-mouse game mentioned above, the Ethereum ecosystem today is very different from that in 2016. DeFi and bridging to other chains mean that any stolen funds can easily be intertwined with various applications. For example, stolen funds can be exchanged on a decentralized exchange, the resulting tokens can be used as collateral in a DeFi protocol, and the loaned assets can be transferred to a completely independent chain through a bridge.

This highly interconnected state means that any abnormal state change, even if it is socially acceptable, will have a chain reaction that is almost uncontrollable.

This would be even worse if a “full rollback” were done, even a partial rollback of the historical chain. Any completed transactions, many of which may involve transactions outside of Ethereum (e.g. sales on exchanges, redemptions of real-world assets, etc.), would be undone, with no way to recover the off-chain portion.

Summary

So while Bitcoin was once able to “roll back” its blockchain 15 years ago, today, the situation today makes such a rollback infeasible due to the interconnected nature of Ethereum and the settlement of on-chain and off-chain economic transactions.

Technically, it is still possible for non-normal state changes to be made while funds are frozen and quarantined. The last time such a change was proposed in 2018 to address a vulnerability in the Parity multi-signature wallet that resulted in the freezing of approximately 500,000 ETH (see EIP-999), a proposal that was strongly opposed by the community, in part due to the controversy brought about by TheDAO.