[xdarnold]

Under the presumption that it is true that ~750k BTC has been stolen, has anyone considered the possibility of orchestrating a 51% attack on the attacker(s)?

Gox probably has logs of withdrawal requests. It might be daunting but feasible to sift the tx-MAL withdrawals from legitimate ones, then work with major pools and exchanges to double-spend stolen coins back to Gox.

Gox could then be forced (by the same 51% majority) to pay legitimate requests for reimbursement by vendors or 3rd parties holding stolen coins they transacted for goods or services, given reasonable documentation. Leaving us with some but not unacceptable collateral damage.

[MichaelGG]

That really undermines Bitcoin overall.

Also, that makes it more attractive to act maliciously, as an exchange. Either you make off with your stolen BTC (win), or the community fixes things for you (not really a loss).

What would help is some equivalent of FDIC. A group of Bitcoin "banks" that handle your deposits, with some pro-BTC group guaranteeing your deposit up to 100 BTC or something. Getting the insurance would of course require all sorts of intense auditing and oversight. And somehow, someone's gotta pay for it all (perhaps the same group of Bitcoin companies pay in). But that's... very far removed from the current state of affairs.

[xdarnold]

100% agreed - this would certainly undermine the movement. The open question is whether it would do so more or less than the loss of half a billion dollars held by the community. I'm not sure what the answer is, but shouldn't every option be on the table?

[deweller]

You are assuming that the thieves stole the bitcoin and just put them into a wallet somewhere.

Consider this simplified example:

A Gox thief sold the bitcoin on another exchange. Then I unknowingly buy that very bitcoin from that exchange. Now the blockchain is rewritten and my bitcoin is gone even though I am innocent of any crime.

The MtGox situation is tragic. But when you start messing with the fungibility of bitcoin, you introduce new consequences that reach much further into the ecosystem.

[xdarnold]

I'm not making that assumption - rather the opposite, which is why I mentioned the possibility of reimbursing people later. But this isn't strictly necessary. Pragmatically, you could double spend the coins back to the original owners and then make decisions about downstream action independently. Investigation of what happened to the stolen coins might provide more clarity on the best course of action there.

[wmf]

Vigilante rewriting of the blockchain has been discussed before and it tends to get hung up on the issue of agreeing who's the thief and who's the victim.

[xdarnold]

It seems like there is a straightforward enough principle in this case to do so without much argument. Not that the method would be perfect. But isn't it preferable to the alternative?

[gliptic]

This would require you to discard all the blocks since the transactions started happening and re-mine them with those transactions excluded. This would be completely impossible unless you dedicated most of the mining equipment to this for months and asked those miners to part with their earned mining rewards until this rewritten chain caught up with the official one. Hardly likely.

[xdarnold]

I don't think this is what I'm suggesting at all. If a popular majority of miners agreed to accept transactions double spending the original coins, this would be tantamount to generating 750k new Bitcoin, not initially invalidating any blocks or other transactions.

With forensics on the initial theft, miners could then tree-traverse back up to blacklist future transactions on stolen coins. There are probably lots of ways to accomplish basically this. This would render all stolen btc dead in the water, hence the "force Gox to repay legitimate requests for reimbursement of those who transacted for stolen coins."

That second part, though, isn't crucial to the idea. The community could just double spend the coins to mitigate harm done without attempting to stop the stolen coins downstream.

[gliptic]

You can't double-spend the outputs unless you get rid of the blocks they were originally spent in, i.e. rewinding and re-mining all of them.

[xdarnold]

Why is this?

My understanding of the way the network operates is that a group with 51% of hashing power can essentially arbitrarily manipulate the blockchain going forward. Nothing could stop them from confirming otherwise invalid transactions (re-spending the original outputs) and mining those new transactions. After which, clients, only looking backwards to the first block a transaction resides in, wouldn't notice that the funds were originally double-spent.

[gliptic]

Only if they completely change how the protocol and the blockchain works so that you can somehow invalidate previously confirmed transactions. Then they need to make everyone upgrade all clients or suffer a hard fork. In the end, this would have to invalidate all the transactions that are dependent on the "evil" ones, reversing a boatload of transactions pretty much arbitrarily throughout the blockchain.

This means that if the purported thieves have transferred their coins to e.g. an exchange, potentially any of the transactions the exchange has made since then could be reversed, cascading from there.

[xdarnold]

I don't think I'm understanding your point. Why would they need to invalidate previously confirmed transaction?