Reversible transactions may be the answer to rampant cybertheft

Reversible transactions may be the answer to rampant cybertheft
Image Credits: Kaili Wang/Stanford

This year has not been easy on crypto firms. BAYC Phishing, the Poly Network attack, the Harmony Bridge compromise, and the Ronin theft. For most major blockchain firms, it feels like it’s a matter of time before cybercrime catches up.

With $14 billion stolen in major hacks, Dan Boneh, Kaili and Qinchen Wang had a brilliant idea: what if Ethereum blockchain transactions could be frozen, or even reversed?

In their proposal, the three Stanford researchers map out ERC-20R and ERC-721R, new opt-in token standards that were designed to support reversing transactions “when there is sufficient evidence to merit it.”

Kaili Wang writes: “Now, you may be thinking: Reversible tokens? Doesn’t that just defeat the purpose of blockchain? Actually, no. It isn’t meant to replace ERC-20 tokens or make Ethereum reversible – it simply allows short time windows post-transaction for thefts to be contested and possibly restored.”

In their modern vision, exchanges, and even individuals, are no longer that vulnerable. They have the power to reclaim what’s theirs within three days of the forceful transaction. She continues: “Note that a transaction is only freezable for a short amount of time (say, 3 days) before it becomes irreversible. For most of their lifetime, ERC-20R funds are irreversible.”

Ms. Wang also notes that reversals must be “approved by a decentralized quorum of judges,” and include a trial phase where “both sides can then present evidence to the decentralized set of judges” that can either reverse or reject the freeze on the disputed asset.

ERC-20R and ERC-721R are also traceable, since the entire freeze takes place on-chain in a single transaction.

Fungible tokens, however, are not that easy to freeze, as threat actors can easily split the funds among dozens of accounts, run them through an anonymous crypto mixer, or exchange them for other digital assets.

That’s why the three researchers also came up with an algorithm that provides a “default freezing process for tracing and locking stolen funds” that would ensure that enough funds in the scammer’s account are frozen to cover the stolen amount.

If you see something out of place or would like to contribute to this story, check out our Ethics and Policy section.