The Steem Takeover and the Coming Proof-of-Stake Crisis

Published at: March 6, 2020

The Steem blockchain reportedly experienced a troubling episode recently, whereby the blockchain’s entire governance system was disturbed. Tron founder Justin Sun, new owner of the Steemit social network based on the Steem token, appears to have successfully executed a takeover of Steem by leveraging not only tokens directly controlled, but also tokens held on several major exchanges, in order to vote out the previous delegates (Steem uses a delegated proof-of-stake system) and install new ones. This means that customers of these exchanges likely had their funds used without their consent in this blockchain power struggle.

While it was an unfortunate episode and certainly fascinating to watch play out, the Steem takeover may have just outlined a critical vulnerability in all proof-of-stake cryptocurrencies — exchanges.

What this means for proof-of-stake

What does this mean for proof-of-stake consensus models? In short: they may be more vulnerable than advertised. Proof-of-stake distributes power to holders of the currency, with ownership over more tokens equaling more control over the network. This essentially makes a well-distributed coin supply a necessary component of its security model, with fewer parties owning a significant portion of the supply and no single party able to control and attack the network without massive expense. However, this model assumes holders are using their tokens as they were intended to be used — that is, without trusting third parties with their funds. Unfortunately, this does not always happen, especially with one case in particular: exchanges.

Related: The History and Evolution of Proof-of-Stake

Centralized exchanges tend to control the private keys to large chunks of various cryptocurrencies, often consisting of the largest holder addresses. This means that the practical cost to attack a proof-of-stake network is actually quite a bit lower with the right connections. A malicious actor now has to acquire a relatively smaller portion of the coin supply in order to attack the network if they can either leverage relationships with large (and undoubtedly, morally unscrupulous) exchanges, or exert coercive force against them, either criminal or from a state actor.

Related: Centralized Cryptocurrency Exchanges, Explained

This actually makes factors such as speed, usability and economic use cases vital to the base security of the network. The primary present-day use case for cryptocurrency remains speculative, encouraging the average user to keep their funds on exchanges in order to more easily profit from trading opportunities. This can be compounded by a difficult user experience turning users off from staking on their own, particularly as more and more exchanges now offer staking for users. Few use cases for the coin outside of trading as well as slower transaction speeds in getting coins on and off of exchanges further compound this issue.

Proof-of-work has its own problems

Now, while this raises plenty of concerns as to the viability of purely proof-of-stake consensus models, that isn’t to say that proof-of-work escapes unscathed as the paragon of decentralized security.

Mining, both in the actual control over hashrate and in the production of mining equipment, is notoriously centralized in China among a few large players. An in-depth discussion on potential proof-of-work vulnerabilities is a topic for another day, but suffice to say that a hostile actor could theoretically add to the currently-held hashrate by compromising via force or collusion the hashrate of any of the large mining pools located in China.

Related: The Dangers of Mining Pools: Centralization and Security Issues

This is very similar to the threat posed by centralized exchanges with proof-of-stake, with both cases involving a system which may be decentralized on paper, but in practice congregates control over the network in the hands of a few large players.

What’s the solution? 

So, how can we fix this problem? In short: it’s difficult and complicated, and to solve it would mean to solidly win in the one area which justifies cryptocurrency’s entire existence. However, there are a few things we can do.

First is to employ hybrid systems mixing elements of proof-of-work and proof-of-stake to reduce the likelihood that a central actor can compromise one of these systems and attack the network as a whole. One key example of such is Dash (DASH). It uses proof-of-work mining combined with a technology called ChainLocks, which leverages collateralized nodes called masternodes to lock-in the blockchain and prevent chain reorganizations in the event that a single miner manages to control over half the network’s hashpower. This is compounded by Dash’s instant transaction settlement functionality, which allows traders to more easily move funds on and off exchanges (reducing the risk of exchanges spinning up a plurality of masternodes using customer funds), as well as the project’s focus on use for payments rather than speculation. However, because masternodes require holding 1,000 units of Dash, smaller holders may pool their funds into staking services on exchanges and similar platforms, exacerbating the centralization of funds onto trusted platforms. Further, even with projects that get it right in both security model and non-speculative usefulness, exchanges will always factor heavily in the crypto economy, and no solution will be comprehensive before relatively decentralized exchange platforms that are both easy to use and address liquidity issues are developed.

Steem’s troubles have woken the crypto world up to the inherent vulnerabilities of proof-of-stake based systems in a world where centralized exchanges control large amounts of funds. Ultimately, this problem will take many steps to fix, including using hybrid security models, increasing non-speculative use cases, and decentralizing exchanges, which will take some time to get right. In the meantime, remember: Not your keys, not your crypto.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Joël Valenzuela is a veteran independent journalist and podcaster, living unbanked off of cryptocurrency since 2016. He previously worked for the Dash decentralized autonomous organization, and now primarily writes and podcasts for the Digital Cash Network on the LBRY decentralized content platform.

Tags
Blockchain
Bitcoin
Cryptocurrency Exchange
Cryptocurrencies
Mining
Proof-Of-Stake
Security
Proof-Of-Work
Steem
Related Posts
Pioneering hardware wallet brings enhanced staking to cold storage
Twelve months ago, the total value of cryptocurrency locked in staking programs was barely more than $1 billion. Today, there is $58 billion locked in decentralized finance, or DeFi. The adoption of DeFi has been a sea change that’s helped push the crypto industry into the mainstream, but it’s hardly the only one. Mainstream institutions including MicroStrategy and Tesla have poured billions of dollars into Bitcoin — and some have been buying the dip — while nonfungible tokens have evolved from CryptoKitties and CypherPunks to an artistic medium pulling in millions in bids for a new generation of digital artists …
Technology / June 8, 2021
Gaming Industry Use of Blockchain May Lead to Mass Adoption
Blockchain technology has recently become a phenomenon in various areas of the economy, driving innovation, fostering growth and bringing added value. Among the most noteworthy of these sectors is the gaming industry. Gaming is a use case that drives true adoption of blockchain technology by taking the incentive for the user from pure speculation to transactions on a blockchain platform. This drives innovation in development as well as consumer adoption. The first true blockchain gaming application was Cryptokitties. While the platform itself is a technology demonstrator for collectible items, it quickly rose to prominence as the application representing the majority …
Adoption / July 26, 2020
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020
Bitcoin analysts map out the key bull and bear cases for BTC’s price action
Research has detailed Bitcoin’s recent record-low volatility and while traders expect an eventual price breakout, the Oct. 26 BTC price move to $21,000 is not yet being interpreted as confirmation that $20,000 has now become support. In a recent “The Week On-chain Newsletter,” Glassnode analysts mapped out a bull case and a bear case for BTC. According to the report, the bear case includes limited on-chain transaction activity, stagnant non-zero address growth and reduced miner profits present a strong Bitcoin sell-off risk but data also shows that long-term hodlers are more determined than ever to weather the current bear market. …
Blockchain / Oct. 26, 2022
What is a 51% attack and how to detect it?
Despite being underpinned by blockchain technology that promises security, immutability, and complete transparency, many cryptocurrencies like Bitcoin SV (BSV), Litecoin (LTC) and Ethereum Classic (ETC) have been subject to 51% attacks several times in the past. While there are many mechanisms by which malicious entities can and have exploited blockchains, a 51% attack, or a majority attack as it is also called, occurs when a group of miners or an entity controls more than 50% of the blockchain’s hashing power and then assumes control over it. Arguably the most expensive and tedious method to compromise a blockchain, 51% of attacks …
Blockchain / Nov. 12, 2022