No... Hive Witnesses Can't Steal Your Money.

in LeoFinance11 months ago


An argument I hear a lot in the context of Hive/DPOS security is that the top 20 witnesses can and have steal money from users on the network. I would just like to begin by saying this argument is patently absurd for multiple reasons, and I'll be doing a deep dive on why this is the case, even though it seems feasible in theory (if that theory ignores key components of how the technology actually works in practice).

Main argument: 20 consensus witnesses control the chain (only 16 required to agree), and thus it would be easy for 16 of them to collude to steal from whoever they wanted.

In theory, this is how Hive works. However, it ignores the fact that witnesses are elected by stakeholders. This false theory ignores that fact, and instead opts to assume that the 16 bad-acting witnesses are acting inside a little theory bubble where they can somehow fork the chain and "steal everyone's money". This false theory assumes that the witnesses don't need permission once they've been elected and they can do whatever they want without any consequences.

First of all, most witnesses are not anonymous. Last time I checked, stealing is a crime. To assume that 16 would blatantly and openly steal even though their identities are known is... a pretty extreme notion. That alone is enough to prevent this entire thing from happening. But there are so so so so many other reasons why it can't happen.


Walk me through it.

People who think that witnesses can steal or modify the chain in any way they see fit do not understand this technology. If you asked them to walk you through the process of how this theft would be accomplished, they'd give you a generic answer and wouldn't be able to say exactly how it was done, because again it is impossible to do.

They'd say something like...

16 witnesses would modify the chain and siphon money into their wallet from other wallets (or print money out of thin air).

Uh, yeah... then what.

UHHHHHH, they'd sent the Hive to an exchange and cash USD out to their bank account.


That makes ZERO sense. Every exchange (including decentralized exchanges) that wants to move Hive around is running a node. So in this magical scenario the exchange operator has upgraded their node with a malicious hardfork that stole money or printed it out of thin air, just so the witnesses could dump all the Hive onto the exchange and cash out? Yeah, that's sounding pretty dumb already.

You know what's more likely?

The witnesses fork the code and print a bunch of tokens, and nobody follows that fork and all those witnesses get immediately voted out in like a day. No one loses any money, and the hostile hardfork just vanishes because there are no nodes that are even running that code in the first place. That is the most likely scenario, which is why nobody in their right mind would ever ever ever do it. A witness would lose all their reputation forever for zero gain. No, not just one witness, 16 of the top 20 witnesses... all at the same time. That's the toughest of tough sells. Not going to happen.


Justin Sun & the Hostile Takeover.

The super ironic thing is that the Steem >> Hive transition and hostile takeover is these naysayers use it to "prove" their point, when in reality it does the exact opposite.

Well, they stole Steemit Inc's money; so they can steal anyone's.

Again, absurdist nonsense!

Do people not remember the hostile takeover? A vulture capitalist bad actor bought a ninjamine under the table that was promised to be used for development of the platform... then they used that premine to inflict the most damage that can possibly done to a decentralized system: centralize it with 20 sock-puppet witnesses all running on the same box.


And even though Justin Sun was the worst actor of all worst actors, even then it was very very hard to actually get community support to take away his power. Don't you guys remember how pissed everyone was at everyone during that time? It was like herding cats, everyone had their opinion, and many of those opinions were idealist nonsense whose conclusion was, "This shouldn't of happened." Yeah, no shit it shouldn't of happened, but it did happen.

So even in the scenario where you'd actually want the network to take someone's funds away, it was very difficult, and the naysayer pop in to and act like anyone could have their money stolen from them because Steemit-Inc had their premine taken away (that wasn't even acquired fairly to begin with).

If Hive has another hostile takeover like that, it will even be harder to justify moving to another chain, because another hostile takeover means all the coins were bought off the exchanges. There is no more premine to exploit, and that was a big big justification for doing what we did. "That money is for development." So we moved it to the dev fund, which I also didn't agree with but it seems to be working fine so far.

Trying to use the hostile takeover as evidence that witnesses can steal funds is like punching someone holding a gun and then saying you got shot because gun laws aren't strict enough. You just look like a fool. If someone builds a digital nation under the premise of peace and abundance, and then some dick starts a war with them just to prove that they aren't peaceful... that's just not valid logic on any spectrum.


Thanks for the free money, bitch!

What we need to understand is WHO loses money if block-producers pulled off a move like this. In every case, the threat-vectors are the LIQUIDITY POOLS. You don't lose any money unless you traded real coins for fake coins.

So in this magical scenario say that the top 20 witnesses stole all my money, and other prominent members of the community as well. The hardfork that was used to implement this theft is an invalid chain. Nobody in the community is actually going to follow this chain, it's a rug-pull cash out by the top 20 and they plan on being fugitives or whatever, living on the island they bought with the money.


This fake chain is also known as an airdrop.

Everyone that didn't have Hive stolen from them is going to get airdropped with the new fake tokens. Any exchange that upgrades their node to accept the fake tokens as real tokens? Well, we have to assume that everyone would just dump it and that no one is buying it. So it would crash to zero quite quickly. Let's say the pair on the exchange was HIVE/BTC and HIVE/USDT. Anyone that traded BTC or USDT for the fake HIVE is the person that lost money. Even though I had all my coins stolen... I didn't lose any money because the network is going to revert back to the real chain where my coins are safe.

So we can see that this is an obvious liquidity issue. If witnesses create a malicious hardfork and dump the tokens, the question we have to ask is: who's buying those tokens? That's the person that loses money, not the ones that actually had coins taken from their accounts (because that entire hardfork is totally invalid and no one is going to accept it as valid except for the magic exchange that somehow got tricked into updating malicious code despite everyone telling them not to).

Layer 0

It is silly to think that "code is law".
Community is law.

Decentralization can't take place without consensus, and consensus can not take place without a vast network of servers that all agree on the current state of the database they are tracking. Code is only law when a community decides that altering the code is more damaging than not. Community controls everything and makes all the law. That's how law is defined in the first place.


You can make the exact same argument to say that the Bitcoin network will steal all your money.

What's to stop a few gigantic mining pools from 51% attacking the network and double-spending money? If you receive Bitcoin on a double-spent block that gets orphaned your money is gone forever. We can use this exact same logic of 16 witnesses control the entire chain to 7 Bitcoin mining pools control the entire chain. It's the same damn thing.

The big advantage with Bitcoin is that the chance of rolling back even 3 blocks is crazy low; low enough that all exchanges only require a block height of 3 before you're allowed to access and cash out your money. Even a malignant entity with 60% of all Bitcoin hashpower in the world wouldn't be able to roll back even 10 blocks. 10 blocks is only 100 minutes (on average), so if you're Bitcoin has been sitting in your wallet for a day or more it is essentially impossible for your money to be chopped off an orphaned fork. Rolling back 144 blocks is impossible even if someone had 90% of all Bitcoin hashpower, and even if they could do it, it would be more profitable to just play nice and take the block rewards and not try to double-spend in the first place.

In order to double-spend, the receiver of the money has to give you something.

Like if someone gives me 1 BTC to buy my car... they can't just 51% attack the network, orphan the Bitcoin they gave me, and then steal my car. I know who this person is. The car has paperwork and exists in a system where I can sue that person for theft. The only way to actually double spend Bitcoin is to trade the Bitcoin for another crypto that can more easily be shuffled around anonymously. You can't buy a house or a car or anything with your identity attached to it using double spent coins.



Hopefully this post makes sense. The idea that witnesses can just do whatever they want is absurd, and is akin to saying that Bitcoin mining pools can do whatever they want. They can't. Mining pools, just like witnesses, will have all their delegations and support pulled if they try to attack the network. The stake holders of these chains will not allow the operators to just blatantly steal without any consequences. Those who claim theft is technically possible do not understand the technology, communities, or the politics that govern them. Thank you for listening to my TED Talk.

Posted Using LeoFinance Beta


Just try to get 16 witnesses to agree on anything. It is damn near impossible.

So to think that something like you pose would be agreed to is absurd. It will not happen.

If it did, those against it could fork, and remove those witnesses from the new airdrop.

Either way, there is protection in place.

So even in the scenario where you'd actually want the network to take someone's funds away, it was very difficult, and the naysayer pop in to and act like anyone could have their money stolen from them because Steemit-Inc had their premine taken away (that wasn't even acquired fairly to begin with).

Actually nobody took away the premine from Steemit. As far as I know, Sun still owns all that STEEM unless he sold it.

It is true he didnt get any Hive dropped to him but that is not stealing when he never had it in the first place. When people fork they can choose to drop to whomever they want. The Witness could have forked Steem and given themselves all the new Hive and nothing for the rest of us. It wouldnt have been smart but if that was their choice, nothing we could do about it.

Cant steal something from me that I dont have (or never had).

Posted Using LeoFinance Beta

Just try to get 16 witnesses to agree on anything. It is damn near impossible.

Just hijack the nodes. If they all run the same code, one exploit fits all.

You can't just hijack a node, you need the private keys of 16 of the top 20 to do anything. Even if you hack all of the top witnesses you only need 6 to do a recovery of their keys to invalidate any malicious fork. It's not as simple as you are making it out to be.

Posted Using LeoFinance Beta

Witness node servers hold their own keys and very likely also their source code. Just add your patch, recompile, reboot to fork.

Actually nobody took away the premine from Steemit. As far as I know, Sun still owns all that STEEM unless he sold it.

It depends on how you define it.
If you use WEB2 logic no money was stolen.
If you use WEB3 logic money was definitely stolen/taken.
It doesn't matter what the WEB2 branding is of this community's token.
Whether we call it Hive or Steem is semantics in WEB3.
Semantics in WEB3 is the law in WEB2.

I wouldn’t mind another takeover attempt. If any serious attempt happens, Hive will be trading at $100+. So, I welcome all efforts to gain more influence in Hive governance.

depending on swings. Elon and saylor purchased massive without push the price.

With HBD it would be possible to print over a longer timeframe.

Special if trading and market manipulations would work out.

In bull Hive into HBD and in Bear the other way.

On big scale it could print massive nobody would see it coming if split.

So it could be.

And last time a lot of drama happens. With xxx Million hiove extra in circulation, I could expect the drama comes to another level.

But yes that would need a smart attacker that hates hive and doesn't want to make money with it.

Like a competitor that wants to benefit.

Or a retard that wants to make hive a TRON token :D

Posted Using LeoFinance Beta

So in a nutshell, HIVE is decentralised enough to avoid such events from happening.

What we know for a fact is that they can reach consensus and run new code in an extreme situation, one can see it as a pro or a con, but we all know it is possible. Also a few whales can move the witnesses around at will to ensure those who agree are in top positions.

What you have listed is some very good reasons they will not, and why they don't. I think our witness group has a lot of integrity and financial motivation to NOT do anything to still funds or print them, but it doesn't do anyone any good to pretend that the DPOS can not be compromised.

I think it is fair to say it is secure enough.

Posted Using LeoFinance Beta

POW can be compromised as well, but people think the difference between POW and DPOS is vast.
I do not think so.

That's fair and I agree.

Knowledge heals it all. Many of those speculations are based on the standpoint of ignorance. Thanks for highlighting these issues and addressing them.

Posted Using LeoFinance Beta

Actually nobody took away the premine from Steemit. 😎😎😎

Where did the premine go?

Because calling them Hive coins instead of Steem coins makes all the difference?
Steem is the fake token in this case.

It is always a pleasure listening to your ted talk first off. A decentralized finance blockchain platform as this does not automatically make voted witnesses dictators or rogues that will steal funds and this article of yours clearly explains why .

Technically possible, practically impossible...

Got it.

I think to resolve this big "conspiracy" would be to increase the consensus witness from 16 to 25 since the chain is getting bigger and from looking at the witness node list there is an increase in their numbers.

I dont know how people thinks this is possible.

It will very complicated this happening.
As you said most part of 20 top witnesses are not anonymous and they are main stakeholders in the chain continuing to work normally, because if they did something like that, the chain would continue to exist and they would end up losing all the votes that make them top 20.

Posted Using LeoFinance Beta

@edicted please is there a class or platform that has a well detailed tutoring for newbies? Please indicate to my notice because So many of us would love to be linked there. As there is a whole lot to learn, ask and understand here on peakd thank you🙂!.

@bruno-kema maybe you can help him???

It's an interesting thing to think about and I think you are correct. If anyone actually tried to steal, they would get called out for it and it's not like anyone has all the hive power so you need to convince so many other people. It just seems unlikely that they will all agree because half will take sides based on their factions.

Posted Using LeoFinance Beta

Makes a lot of sense. I feel that in the near future, this post will be referenced when someone comes up with this talk in a mainstream space. Bookmarked*

What are your thoughts about the possibility of having HBD savings give out 20% APR?

Posted Using LeoFinance Beta

Until it takes 5000 votes, rather than, 50 to control who the witnesses are we are kidding ourselves that the chain is safe.
Even better would be 50,000.

More isn't always better. Are the 50 in charge bad actors? Will they become corrupted? What happens if they become corrupted. That's the interesting thing about DPOS. When people at the top exploit the system, the only way they can actually make money is by selling the token, and that creates an ecosystem that balances itself because the people selling are losing influence over the network.

To say that the network is controlled by 50 is simply not true.

What happens if those 50 decide to fuck around and find out? What happens when someone creates a fork that nullifies all their stake and moves on without them. Is it worth it to remove those 50 from the ecosystem at this time? I think not. But assuming that it never will be and they'll control everything forever is just false.

I'm pretty happy with the things as they are.
I will be greatly disappointed if bonds aren't in this hardfork, I think we have been kneecapped long enough.

Forking away from bad actors is our trump card, provided it doesn't get played too often.
Not much chance of that with the current makeup of the body politic.
Our crowd is too small to divide over superficialities, imo.
Doing so would be bad for everybody.

If those 50 decided to fork the code, there would be very little that could be done about it.
I'd prefer that number to be 5000 to preclude even the thought of a takeover, but, at this point, the chances of a forkening happening at all are small.

'We are a happy family.'
Joey Ramone

Dpos is safu.

That's all i have to say, special hive.

Risk is not onchain, its in the market losing money :D

Posted Using LeoFinance Beta

This is the first time, when I read about safu. I had to search for its meaning. If anyone is wondering what safu means, then it is Secure Asset Fund for Users.

haha :) yeah, that's the result if a degen like me comments :D


Haha. 😂


Scientists just discovered a cow-like plant.
They’re calling it a BO-VINE.

Credit: reddit
@urun, I sent you an $LOLZ on behalf of @xplosive
Use the !LOL or !LOLZ command to share a joke and an $LOLZ. (1/4)

That's very well explained, only one thing is not clear for me

The witnesses fork the code and print a bunch of tokens, and nobody follows that fork and all those witnesses get immediately voted out in like a day

How does one decide whether to follow a fork or not? I thought the longest fork always wins, as it is in other blockchains

Yes, fork-choice rules decide (protocol internal) which fork is the right one. "Fork" in this context means "version" or "branch" of a coherent decision tree. In the backend, there is nothing like a one-dimensional chain but rather a tree. Within Bitcoin, there are many alternative branches but only one is considered (within the protocol) as the canonical chain.

The decision for the "right" fork or branch (within the tree that is generated under one particular set of rules aka protocol) is based on a binary criterion that is not only decided by the longest chain but by the heaviest AND longest chain. In other words: the right chain within the set of protocol rules is always the longest chain with the most weight. Weight is entropy or energy and both can be translated into information (or state, so it is decidable).

But social legitimacy doesn't have to follow the protocol internal rules. And here comes the other meaning of "fork". Physics binds you to the rules within a protocol BUT physics does not bind you to the protocol. You can always pack your things and move to YOUR fork of choice even though it was not considered as the correct chain under the previous set of rules. A better word for this would be community-fork. So, not every fork is a blockchain. A fork becomes a blockchain when it gets implemented into a new set of rules.

Thanks for this clarification, I see things a bit differently now. It just occurred to me that "the longest chain" probably makes no sense in Hive, because each node can produce as many blocks as they want. Then "the heaviest", I guess will be the wealthiest. And our safety is guaranteed by the fact that the wealthiest do not need to steal our money, as they have more consistent ways to profit

Main argument: 20 consensus witnesses control the chain (only 16 required to agree), and thus it would be easy for 16 of them to collude to steal from whoever they wanted.

Small correction, it is 17 required for a hardfork.

Posted Using LeoFinance Beta

yes i was definitely somewhat guessing there
thanks for the correction

Your content has been voted as a part of Encouragement program. Keep up the good work!

Use Ecency daily to boost your growth on platform!

Support Ecency
Vote for new Proposal
Delegate HP and earn more


Sent 0.1 PGM tokens to @edicted

remaining commands 1

Buy and stake 10 PGM token to send 0.1 PGM per day,
100 PGM token to send 0.1 PGM three times per day
500 to send and receive 0.1 PGM five times per day
1000 to send and receive 0.1 PGM ten times per day

Discord image.png

Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP

Get votes from @ pgm-curator by paying in PGM, here is a guide

Create a HIVE account with PGM from our discord server, here is a guide

I'm a bot, if you want a hand ask @ zottone444

Great Post!



You have received a 1UP from @luizeba!

The following @oneup-cartel family members will soon upvote your post:
@leo-curator, @vyb-curator, @pob-curator, @pal-curator
And they will bring !PIZZA 🍕

Learn more about our delegation service to earn daily rewards. Join the family on Discord.

"This shouldn't of happened."

Understatement of the century?

Anyway, I really don't see what those against the current system hope to accomplish?

Over at bitcoin myk which i know is going to prove many of you wrong.

LOL, there is zere volume on BTCMYK, and no one even wants to pay 1/100th of a cent for it.


You keep going around saying BTCMYK is better than anything but it is nothing but a meme coin that no one wants.

I wouldn't be caught dead holding your shit coin, the fact you go around pretending it is the solution to anything when it isn't even good enough to be called a meme coin is pathetic.