EOS42 Statement on Block Producer Decision to Freeze 7 EOS Accounts

in eosio •  2 months ago
Related Articles:

https://steemit.com/eos/@eos42/eos911-an-initiative-to-help-the-victims-of-phishing-attacks-register-eos-or-similar-phishing-methods

https://steemit.com/eos/@eos42/we-re-working-to-save-up-to-1-million-eos-tokens-usd15m-from-registration-scams

Background

The EOS 911 initative is something that EOS42 have been actively involved with launching and assisting with over the last fortnight; details and background can be found here.

Arbitration Ruling

With the EOSIO mainnet now launched, any EOS accounts compromised by the registration process through phishing scams and the like are now capable of being unlocked. The EOS Core Arbitration Forum (ECAF) had a submission filed, and Block Producers were today expecting to receive a ruling to action - as will be the standard process going forwards.

The guidance today however was not a ruling, but complexity due to the mainnet launching so recently. With the EOSIO constitution not yet ratified by token holders, ECAF are not yet able to pass a ruling as a validated arbitrator.

Block Producers Debate A Complex Decision

Given the time sensitive nature of this case, Block Producers debated this difficult decision for over two hours today on a call. On the one hand we could protect token holders, on the other this on the surface appears a dramatic overstep of our role in the constitution and BP agreement, which is to be the executor only of arbitration decisions, not to also be judge and jury.

EOS42 certainly had this initial view, but as a global group we all worked through this complex situation. As we said on the call, our own conclusion is that if a ratified EOS constitution and arbitration was in place, then it would indeed be a fundamental overstep of Block Producers to do more than action arbitration decisions. However this is not currently the case, so the question was whether we would freeze the tokens on 7 accounts identified as already unlocking (meaning potential thieves could appropriate funds in under 24hrs), to subsequently enable ECAF when able to review and pass a ruling - and protect token holders to the best of our ability.

The Block Producers reviewed all evidence in full, which gives an indication that the legitimate owners have both proved their ownership and signalled their will for account suspension through EOS 911. This is not the Block Producers passing any judgement on the merits of the case.

Decision and Possible Future Decisions

The Block Producers eventually reached a unanimous consensus to freeze the following 7 EOS accounts:

ge2dmmrqgene
gu2timbsguge
ge4tsmzvgege
gezdonzygage
ha4tkobrgqge
ha4tamjtguge
gq4dkmzzhege

These will be passed to ECAF to rule on through full due process subsequently. The group also agreed that should further potentially compromised accounts be unlocked during this period before the constitution is ratified, we will consider these and whether to freeze.

The Need To Ratify The EOSIO Constitution

EOS42 believe this was the right result and in the spirit of EOSIO, which is to be a governed blockchain that has the capability to protect token holders and property. We also believe that this reveals an immediate need for a community voting solution to ratify the EOSIO constitution. We are discussing today with other block producers and influential community contributors who have in-house development capablities, to start work on providing this to enable ECAF to be able to provide rulings as soon as possible.

If anybody has any questions or concerns relating to today's decision please contact us, we are happy to address them. This article is intended to provide full transparency for the community.

Socials

Website
Twitter
Telegram
Instagram
Youtube
LinkedIn
Weibo
Bihu

2018-06-10 10.47.57.jpg
EOS42 is an EOS Block Producer Candidate based in London, UK

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Block Producers job is to be decided by block producers not by anyone else.. tokens holders job is to judge this job by voting not by complaining..

Once there are enough tools and awareness available to every token holders... block producers will have no options but to do whatever the community would approve.

I agree with what BPs did, because that's their decisions and till voting change them "if they were not elected".. i believe they will keep trying to do things that will eventually be generally approved by the community..

this is not centralization, but because there were no proper election yet.. BPs are still close to each others and the decisions can get easy consensus.. which i don't believe it would be as easy in the future

  • BPs do not have any say in account freezings.
  • there is no voted & elected arbitrage committee

This is a non-issue, everything you described is subject to stakeholder decision, NOT BP decision.

·

We agree that under normal circumstances once the EOSIO constitution is ratified by token holders, and we have ECAF as the enabled arbitration service, Block Producers should and will not have any say in such matters - we will just execute such orders.

If we as BP's do nothing, it is total abdication which goes back to "code is law" with all its limitations as we see with Ethereum for example. Our decision to act to enable arbitration to take place on the case is the BP's attempting to follow governance to the best degree possible. There is no good answer, only least bad.

We all take this very seriously, and the BP's have already filed yesterday an arbitration case with ECAF against ourselves (submitted by Rick Schlesinger of EOS New York on our collective behalf).

·
·

BPs are here to run the network, and act on orders as per stakeholders votings. not to do some shady backyard deals

·
·
·

For example, let's say you accidentally got your private key compromised, and you want to freeze your account immediately, but there's no arbitration forum established yet. Would you have to get votes from the whole community?

·
·
·
·

I'd be out of luck. no one said that EOS is meant for inexperienced at the beginning. there is nothing in place or working that's making it different from any other blockchain

·
·
·
·
·

I respect your position and agree without the arbitration forum up and running, we're missing a critically important key for this system to function properly, but I'd also so we do have something different in place from other blockchains in that we can temporarily prevent these funds from moving around until the forum is set up and a ruling is made. That's technically something we're capable of doing as BPs to protect that property which is inline with the spirit of the "law" of this blockchain, even if all the tools to do it aren't in place yet, and we'd prefer not to do anything at all until those tools are in place.

Once the arbitration forum is in place, any attempt to do something like this in the future would be clearly fraudulent and the BPs participating would be voted out. As it stands now, I think it shows the BPs do actually care about protecting property and creating time for the arbitration system to exist and respond. To tell a victim of theft or fraud that the provable evidence they provided is irrelevant because a bureaucratic system isn't in place yet is a hard pill to swallow. If the token holders want us to take that hard stance, we can and will, but it's a tough one considering we have tools in place for a short delay while things get organized for a proper ruling.

Edit: Relates to this discussion: Let's Make the EOS Constitution an Actual Contract

Congratulations @eos42! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

To support your work, I also upvoted your post!

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

I don't know what to say. I bought one of the 7 accounts yesterday through a trade on bitrated.com. I had no idea that the account was involved in a scam.

Am I now going to loose all my funds?

I have the documentation to proove that it was a legitimate purchase in good faith. I really don't understand. I'm crying right now. This is a ton of money from me. I thought the blockchain is immutable. I'm confused and sad. I need your help.

·

I acted in good faith, I did my due diligence and did not loose my privte keys to a scam. Now I have to bear the costs for it?

How should I know that the funds were involved in a scam? How is this fair?

·
·

which account? and which user on bitrated?

·
·

It's not fair at all, and it's not how a supposedly decentralized organization should work. The only other type of entity that would have the unilateral power to freeze a users account is a centralized exchange. This sort of action could not be approved in the way that this was by a decentralized organization. It's therefore accurate to conclude, by definition, that the EOS blockchain is not at all decentralized.

If you don't get to keep your tokens, then people are better off keeping their money in a bank rather than holding EOS tokens.

·

Why would you ever buy an account instead of buying the tokens directly? How long have you been in cryptocurrency? Buying someone's private key should never done, IMO. How can that ever be in good faith?

·
·

So, are you or any of the BP legitimate enough to judge if the buyer is in good faith or not. The buyer of the compromised account must act as an acknowledged/aware/experienced user (and will not be defended) while those who initially sent the money to that account will be protected by EOS good lords? Why?

·
·
·

All of this is still being determined in real time. We don't even have an agreement on the constitution as a contract right now. When it comes to buying stolen property (if that's what this turns out to be) is that a buyer beware situation? Ideally, the criminals are the ones who should make a victim whole, but those who buy their merchandise play a role in enabling them to get away with it, right?

There are no good lords here. Just people working to try and improve the world through better governance and better technology. Lots of people are working really hard and this chain is brand new with a lot of things which weren't quite done when it was handed off to the block producer candidates. We're doing the best we can with what we have. I'm excited that we even have a chance to work towards fixing things like this. That's more than most blockchains can say.

·
·
·
·

How can you call this better governance with a straight face? The centralized governance model demonstrated by EOS BPs is not an innovation. Centralized governance is the world standard, and it's what blockchain ecosystems should be moving away from. EOS pulled this decision straight out the Ethereum DAO fork playbook. If you think EOS freezing user accounts is any different than hard forking to return stolen funds, then please explain.

EOS didn't have a hard deadline that it had to launch the mainnet by. If EOS launched before it's governance was completely implemented, that sounds like negligence.

I am completely appalled at the way this was handled. And at the arrogance you personally demonstrate by questioning @anahita from a moral high ground. No BP that voted to approve this freeze deserves to keep their position.

·
·

I did not buy somebody's private keys. The seller transferreed their account to my public key by updating the "owner" and "active" permission for the account. The whole transaction was done through cleos (command line eos) and is completely trustless.

You can see it here on the EOS blockchain: https://explorer.eoseco.com/transactions/04f63754b34f29a4f4b71f378fc648bede0b960b06c80e271ae63d76fa65878a

I have been in the crypto space long enough in order to understand public-private key cryptography and how to verify a transaction that was published on a blockchain. On every other blockchain I know, if a transaction is mined it is valid.

As I said, I made the transaction in good faith. I validated everything I could validate. I did not expose my private keys to any rouge software or compromised website. I did my due diligence.

How should I possibly know that the account was from a phishing scam?

·
·
·

I’ve attached a screenshot of the contract I made with the seller on bitrated.com.

Screenshot from 2018-06-18 17-58-12.png

·
·
·
·

Why did you trust an account that joined almost that same day? https://www.bitrated.com/johnystives

·
·
·

Why buy an account and not the tokens in the account? In the 5+ years I've been in cryptocurrency, I've never heard of someone transferring account ownership (instead of the tokens in the account) unless something shady is going on. Though you didn't technically buy a private key (thank you for clarifying) the result was the same: ownership of an account (which we're learning now may have been stolen) was transferred to you. I would have certainly asked why there was a hurry to sell instead of waiting for the tokens to be unstaked and transferrable. Did you get market rate or something below market rate? Was it too good to be true?

·
·
·
·

And I indeed asked why there was a hurry to sell and the answer was that he needed to liquidate the funds and did not want to wait for 3 more days before the tokens are unstaked, plus wait until exchanges open up for trade. It made sense to me. As I have been in situations before where I needed shorterm liquidity. There could be a variety or reasons why he has this need.

The deal was for 30% below market rate (4 BTC for 3490 EOS), which you could argue is too good to be true. But you could also argue that it is an appropriate rate for facilitating a rather large chunk of liqudity to someone who is in need for that liqudity. Especially for a volatile asset that at the moment of the transfer is illiquid / cannot be traded. I have seen far wider spreads in the crypto market.

And there's a myrid of questions that result from that argumet. Why did the original holder of the account get scammed in the first place? Did he maybe trust somebody who was not to be trusted? Did he trust something that was "too good to be true"? Where is the line between too good to be true and a fair deal? Who is now to take the loss? The first person who got scammed or the second person who got scammed? Who is to decide? Who decides what a scam is?

I can only repeat that I did my due diligence in order to make sure that the transfer itself was completely trustless, that I didn't expose my private keys and that I followed the rules and regulations known to me at the time of the transfer. I had an escrow in place and I learned all the relevant technicalities of a completely new blockchain in order to be able to verify the transaction myself.

Why is buying an account trustlessly any different than buying tokens trustlessly? The result is exactly the same: The funds can now be spent by a new set of private keys. And if account transfer is always shady, then why is it baked into the very fabric of the EOS blockchain? I don't know any other blockchain where an account transfer can be done trustlessly. I don't know any other blockchain that even has accounts that can be linked to public-private key pairs and transferred between them with one command line prompt.

This is all new territory. We are all learning. I just don't see what I did wrong that now warrants for me to get punished by loosing all my funds.

How would you feel if you made a transaction in good faith and then wake up in the morning and all your funds are frozen by a third party that was not involved in the transaction?

·
·
·
·
·

what is the account name of the seller?

·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·
·

if you buy a stolen car, should you be allowed to keep it? You bought stolen goods trying to get a bargain. You lost

·
·
·
·
·

A transfer of stolen tokens (as far as I understand) could have been reversed if a valid arbitration order demanded it. In this case, a transfer of account is a little more tricky to deal with. Have you contacted https://eoscorearbitration.io/ ?

30% below market does sound too good to be true, but I've fallen for that trap before. It happened to me in May of 2013, the only time I did a trade with out an escrow because I didn't care about Ripple. I got scammed because it was too good to be true. I learned an important lesson that day.

I do feel bad for you, I really do. I also think we all have to be careful as a community not to create markets for stolen property. If we don't know it's stolen property, should the original property holder be held accountable for that? Is it all on them for not securing their property correctly? Maybe. I guess that's up to the arbitrators to decide.

·
·
·
·
·
·

Yes I did write ECAF last night. Thank you for pointing me again to a forum that is working on a constructive solution.

I did use an escrow and it performed its purpose in allowing me to trustlessly verify that the account transfer was indeed published on the blockchain before sending my BTC. But how can an escrow protect me if it's simply impossible for me to know if the funds are stolen or not?

The issue with "not creating markets for stolen goods" is how do you know a good is stolen? And who decides what "stolen" is? Is giving your private keys to somebody mean that the other person stole your goods or did you give it to them?

If we create a precedent were somebody acting in good faith, who can not possibly know that the tokens he is purchasing are stolen, gets punished. Then how can we possibly ever know that the tokens that we purchase in any future transaction don't turn out to be stolen and taken away from us after the fact? Doesn't that completely and irreversibly undermine the very reason why we have blockchains in the first place?

Didn't we create blockchains so that we don't have to rely on third parties to validate every single transaction, but can trust what is published on the distributed ledger?

·
·
·
·
·
·
·

Sorry, I missed responding to your comment here.

if it's simply impossible for me to know if the funds are stolen or not?

It is not impossible. Do you do KYC on the seller? Considering you were getting a 30% discount and buying an account in an unusual way (and if you had seen the latest EOS news about many hacked accounts out there), then maybe you can take some responsibility for this?

how do you know a good is stolen?

By doing due diligence. As they say "Buyer beware."

Is giving your private keys to somebody mean that the other person stole your goods or did you give it to them?

If you're referring to the original account that got hacked, my understanding is a fraudulent website was involved that lied about key creation. Yes, the original person should not have trusted a shady website, but I also think the real bad actor was the thief who was rewarded through a sale with you.

Knowing who you do business with matters. That's how we can create a society we all want to live in. If the point of blockchain is just immutability without any connection to improving human well being than what's the point? You can trust the cryptographic realities of a transfer, but not the human beings who are initiating the transfers to begin with. That takes human intuition and involvement and is the whole reason EOS governance makes sense.

I really am curious to see what happens in this case and if ECAF can do anything further to help you. I assume you filed a claim as well?

·
·
·
·
·

Sorry Bro. But EOS is a fucking scam. Just jump the ship as fast as you can. Now, we are building the censor-proof decentralized web of future by engineering the most crucial infrastructure and engines at https://orch.network You might want to have a look at our article at https://steemit.com/ico/@orch/mzufd-intergalactic-money-the-deep-impact-of-a-self-evolving-infinitely-scalable-general-purpose-realtime-unforkable-public-blockchain

·
·
·
·
·

this is from Bitrated.com

"Consumer Protection
Bitrated builds a layer of trust on top of blockchain technology to bring consumer protection and fraud prevention mechanisms to Bitcoin and other cryptocurrencies.

Our goal is to provide cryptocurrencies with tools that enable the market to self-regulate using user reputation, smart contracts and a voluntary (but binding) arbitration process."

Note that you're complaining about eos arb process but you bought your stolen account on another platform that also has an arb process...

·
·
·
·

It is my opinion that @anahita is far less at fault than the people who willingly gave up their private keys to a phishing site. Since the EOS foundation has demonstrated it employs a top-down centralized approach to governance, then real solution is for EOS to issue new tokens to the victims of the theft (considering they've been printing as many new tokens as they can sell on an ongoing basis for the last two years anyway).

If @anahita doesn't get to keep the tokens he/she purchased because a small council comprised on only 21 members privately voted to freeze the accounts of EOS accounts, then EOS cannot be considered decentralized, in any sense of the word - no matter how you try to twist it.

Any BPs that voted to privately approve this absurd request in blind faith deserve to get their BP status revoked asap. And this it what will eventually happen. The EOS network apparently launched prematurely, before the on-chain governance was in place, so now 21 elites centrally voted on an extremely important issue without seeking input from the vast majority of stakeholders.

If nothing else, the BPs who voted to approve freezing these accounts demonstrated extremely poor critical thinking skills, and in my opinion, cannot not be relied upon to represent the best interests of a decentralized ecosystem.

For what it's worth, I can no longer support the EOS vision for blockchain unless this decision is reversed.

Super. Let’s fast track the ractification of the constitution

Excellent! I applaud! The way this is being handled is nothing short of expert.

·

Thank you, appreciated!

·

Can you please tell me why you believe this situation was handled "expertly", as you say? If EOS were a bank or a corporate-own exchange, I would agree that this action was handled swiftly and competently.

But, EOS is not a bank. It's supposed to be a decentralized ecosystem. But from the evidence presented here, it appears a small group of 21 stakeholders centrally and privately decided to lock up other people's funds on what is supposed to be a decentralized blockchain. Supposedly stolen funds or not, this centralized decision could never happen on a network such as Bitcoin or many others because those networks are decentralized and no small group of actors have the power to take such as action.

Due to this demonstration of power, we can no longer objectively consider EOS to be a decentralized blockchain.

I would love to hear why anyone refutes what I'm saying.

BP's will certainly have to work hard for their blocks now this precedent has been set. They've potentially increased their workload by 1000x as EOS gets bigger. Oh dear! However, I agree with the freeze.

·

As soon as the community ratifies the constitution, we will have all of the rules and mechanics of a governed blockchain in place as originally envisaged - including the all important arbitration service.

Hopefully this will ensure the workload aside from running the network efficiently does not increase exponentially as we will be merely executing such cases without needing debates or interim measures like this.

Da dove iniziare ad usare la eos blockchain? Wallet?

I think there's a larger discussion to be had here regarding the EOS Constitution itself which, currently, isn't even a real contract. I hope we can start talking about that openly and work to fix it. Until we do, any action taken based on the constitution or the arbitration it references is kind of an empty gesture.

Thank you so much eos42. My account is on the list. If only the scammer would have voted for you with my tokens as well.

·

Thank you for your support. Protecting token holders and property is a fundamental responsibility of the community collectively. We hope to not be in this position for long, and for ECAF to be fully active.

EOS42 is a bitfinex sponsored block producer. Nothing credible about them at all.