Question for someone who understands BTC better than I:
This seems to be the first case where a massive number of BTC were seized by police. Since BTC is a consensus algorithm, what would happen if 51% of BTC users wanted to take those BTC away from the FBI and give them to someone else (or perhaps nobody, just remove them from existence and deflate the BTC) how feasible would that be?
Above all other things, BTC is an autonomous zero trust system: You don't trust that something else is right, you verify it. (you might argue that the software is trusted: but you can verify that too, if you have the interest and resources)
Practically everything that Bitcoin does is a pure mathematical function. So long as everyone applies the same rules they will also come to the same conclusion about what the state of the system is— autonomy and consensus are not incompatible.
Unfortunately, there is _one_ thing that can't be decided autonomously with consensus in a distributed environment of mutual distrust: Transaction ordering. There are a bunch of superficial reasons why this must be so, but it can also be understood from the perspective of relativity: The apparent order of events depends on your frame of reference. Without a single privileged point of observation ordering can be ambiguous.
Ordering is important because the order decides which of any repeated spends of a coin is the correct one. Bitcoin uses a special kind of election to decide ordering, since consensus order cannot be achieved autonomously like everything else. Instead of voting by number of people or by number of computers— which is easily compromised by sibyl attackers— it votes using energy: The network selects the history that has the most sum-total energy spent crunching on it.
Because the energy is spent confirming the whole of the history, going back and reordering old parts becomes very costly the further back you go... and participants who don't go along with such an effort have an inherent advantage, since they're not losing the sum total of work after that point. And even then— all they can do is reorder the history, they couldn't reassign coins without having ever owned them.
The people spending energy to validate transactions have their rational incentives largely aligned with the rest of the system by virtue of the fact that if they spend energy on a losing version of history, that energy is lost forever and any income they would receive from subsidy (the initial minting of coins) or transaction fees is lost forever. Their income is generally maximized by mining on the single chain with the best odds of surviving, and this makes the system converge.
So could some quorum of Bitcoin users seize back the coins? If by quorum you mean all surviving users after the change, yes: If all the users want to change the software can be rewritten arbitrarily. But it would sort of moot the system if they did. Could a simple majority do it? No way. Bitcoin isn't that kind of consensus.
As the other comments have pointed out, that's not really how bitcoin works.
> Since BTC is a consensus algorithm
BTC is not a consensus algorithm where everybody votes on which reality to accept and majority rules. BTC is a consensus algorithm where everybody proves which reality is most suitable by providing valid blocks that include proofs-of-work. If you'll allow me to gloss over a ton of details: In order for a block to be considered valid the transactions in it must include signatures from the owners of the funds they spend.
So, to take bitcoins away from the FBI you would need to compile a new version of the bitcoin client that specifically blacklisted the transactions which gave the FBI money and caused them to become unspendable, you would then need most of the network to switch to that new version.
> 51% of BTC users
Minor nitpick: BTC users have no power. Miners are the ones who create the blockchain and verify its integrity, they're the ones you would have to get onboard.
However, miners tend to be rational and have a vested interest in bitcoin. They understand that currency is above all based on trust. If you cannot trust a currency to be accepted, then it doesn't matter what fancy gold or mathematics underlies that currency, it is worthless to you.
Taking bitcoin away from anybody on the basis of some political squabble would be one of the worst things miners could do to undermine the trust users place in bitcoin.
>how feasible would that be?
In short, it is hardly imaginable. It is vastly more likely that a vulnerability is found in bitcoin and they become worthless overnight.
You're basically talking about inserting a fraudulent transaction into the blockchain. Even if 99% of nodes included that transaction, the remaining 1% of nodes would still reject it and build off the longest chain without it. This is different than a double spend where if 51% of the network starts building off an alternate chain, it will eventually surpass the 49% chain in length and then the 49% will switch over and the transaction will be canon.
That said, there's nothing stopping any number of miners (51%, 1%, it doesn't matter) from forking the Bitcoin protocol and declaring that the transaction is, in fact, valid. This is equivalent to creating a whole separate currency with the Bitcoin wallets as a starting point. It would just slowly diverge from Bitcoin.
I just don't see that kind of thing happening. People think Bitcoin is software, but it's really just a contract between people. And it only has value to the extent that people stick to the rules. The reason things went so smoothly during the 0.7/0.8 fork is that everyone just wanted to stick with the spirit of the contract, and it was pretty clear that that meant reverting to the 0.7 chain and fixing the incompatibility.
Basically, Bitcoin is rules. You can change the rules, but that's not changing Bitcoin it's just creating something new. In programming terms, Bitcoin is immutable. You can create a modified copy of it but you cant change it.
The only thing consensus can do is use hashing power to vote on using a chain made of blocks which is has already been determined to be mathematically consistent by enormous amounts of hashing power OR to roll back that chain and continue it from an old spot.
The only way to pull that money back from the US Gov would be to roll back all transactions and block creation up to the point they took control of those bitcoins. But doing so would be catastrophic- so you would never get miners to agree on that.
The "51%" bit doesn't matter. Even if you have 99.99% of the mining power of the entire network you can't steal anyone's bitcoins, you can only reverse transactions. This is because bitcoins are secured by public key cryptography.
However, what certainly can happen, is that the community can come together and say that any bitcoins sent to the FBI's address are considered worthless. If nearly all Bitcoin users install such a patch (even if "nearly all" includes exactly zero miners), then those bitcoins will become worthless, since the value of a bitcoin is backed by nothing more than community consensus. In practice, however, such measures have been debated and universally rejected in other circumstances, because they would lead to political issues (who controls the blacklist? What stops the blacklist operators from using it to delete the funds of tax evaders, drug users, Wikileaks or whoever happens to be politically unpopular at the time?) that, once "resolved", would basically lead us right back to where the mainstream financial system stands today.
There is nothing magical about the 51% number. If 51% were to chose to give the BTC away (taking it from the FBI), first of all it would require these 51% to download and run new Bitcoin software that recognizes this BTC gift. Then you would end up with a network split, a chain fork, where 49% would not recognize the gift, and 51% would recognize it.
If some vendors or exchanges happen to be in the 49%, then whoever received the BTC gift would NOT be able to send the BTC to these vendors or exchanges.
You are confusing (1) a majority attack (mining blocks following the existing rules) that has a certainty of success with more than 50% of the mining power, with (2) a majority of users trying to change existing rules (in which case you need consensus = 100%).
It's technically possible, but debates surrounding how and when to do this have been circulating for years. So far, the general consensus is that it would cause a lot of distrust in the system. Technically, +50% of BTC mining capacity could choose to ignore transactions, double spend coins, or even bring the network down. For a while, a shared mining pool got close to the 50% mark, but users deliberately moved away from it to bring it's share down.
A way that would work: decide (by coding it into the clients and protocol) that future transactions from the seized address are not honoured by the network, and any chains that contain such a transaction are ignored.
I am no expert, but if I had to put the pieces together, I'd say... Bitcoin is not just a consensus algorithm, but a public key cryptography system.
Bitcoin clients obtain consensus on what transactions have occurred by building a blockchain where basically, the longest chain that meets the requirements set by the difficulty and other hardcoded client demands is the "winning" blockchain.
So, start with 51% of mining power, which is the first requirement.
Next, pick the transaction to erase and count up the number of blocks that are "on top" of that. Each block represents some realized investment from the continued expense of hash-power. Those will have to go as well; if we wanted to erase a transaction, it's best to have made up our minds as soon as possible to do it, since the longer that passes, the harder it will be to convince everyone who's minted a block since then to part with it. But we started with already having convinced more than 50% of everyone, so let's ignore that difficulty. Still, in reality it's just that much harder every day.
If the "hot wallet" private keys are not in our hands, we can't just "give" the seized bitcoins to someone else. They are currently protected with a cryptographic signature that says "these are mine, spend them to the FBI." With DPR's hot-wallet keys, either stolen from the FBI or obtained from a backup owned by DPR, having erased the transaction we can now spend them somewhere else.
But now we've also erased all of the _other_ transactions that have happened since then. We will want to read those out of the now defunct chain and put them back into new blocks as soon as possible, too.
(Won't we? Fortunately we don't all have to agree about the validity of those transactions, as long as 51% haven't also conspired to block some of them, we still have the signatures and they can be re-broadcasted to the network and again eventually make it into the winning chain. But for a window of time, there's now a chance that those coins are spent another way too.)
Only, that newly continuing chain shows that those timestamped blocks from before the seizure were the last to be generated. Now we're far behind target, of generating 2016 blocks every two weeks. In fact more than 10 days have passed and we have the appearance that no valid blocks have been generated in that time.
We've got some serious catching up to do.
Now we've got a situation where the next difficulty retarget is going to push the difficulty _down_ for the first time in a LONG time, because the two week target has been missed by a longshot. We've either got to find substantial _extra_ hashpower that was not there before (that's probably well over 100% of the network) or otherwise basically convince pretty much everyone to set their clocks back at the same time.
Or we can just let the difficulty plummet. That's another hard sell either way.
(Disclaimer. Links to politically motivated Libertarian magazine website, since I knew it would be easy to find there. Interested parties may conduct corroborating research on their own time.)
>The forfeiture complaint is considerably more blunt about the feds' position that the entire Silk Road enterprise is inherently criminal
What a bunch of horseshit on part of the feds, while the market was overwhelmingly populated with drugs I know for a fact that there were sellers who only sold things like laptops, flash drives pre-loaded with anonymity software, and DVDs of tails and such.
Yes, that's part of their plan though. Not only will they be able to enrich themselves from unilaterally seizing the assets of Silk Road, but they are also deterring others from selling products on questionable marketplaces. It's quite insidious.
Their argument is as such: You shouldn't have been selling legitimate products on Silk Road to begin with, since Silk Road is an illegitimate storefront.
I don't think it's a direct quote, I couldn't find it - but I'm assuming he's speaking of the fact that the feds are treating all transactions as criminal.
Couldn't someone open up a suit against the feds to claim their stolen BTC if this was the case? Sure, they'd need a whole lot of evidence, but like you said, there were some 'legit' sellers.
I bet "the feds" will happily return the money of any seller that is willing to provide them the complete records of their customers, as it would probably give them a whole bunch of real-world identities that they could then use to start figuring out who everyone is.
> What if some of those Bitcoins are yours, not Ulbrichts? What if Silk Road is holding some of your Bitcoins as part of some transaction? Why, all you have to do is show up and make a claim for them — in a case in which the government is saying that all or substantially all of the transactions through Silk Road are federal crimes. Bring a toothbrush.
Seems to answer the question of 'what happens to all the bitcoins' pretty readily. Interesting discussion of forfeiture law and "in rem" suits at the bottom, worth reading.
You can't just say depositing money on a site is a crime, there were plenty of non-illegal things bought and sold at the Silk Road. Plus evidence of intending to one day maybe buy something illegal is not evidence of having bought something illegal.
Tangentially related, in the cases where the USG seized offshore gambling sites, they returned deposits to the players, even though playing there was ostensibly illegal.
Granted offshore gambling is a little murkier than buying heroin in terms of legality, but see paragraph #1. Having funds at/on TSR is not a crime.
Additionally, plenty of things for sale on the Silk Road are legal in many jurisdictions. Maybe I live in Spain and I was on there to buy cannabis seeds.
This is such a flimsy argument that I don't get why anyone bothers. I suppose heavy-arms dealers should keep a pack of Twinkies with them at every sale. Somehow it reminds me if the old myth that a cop has to tell you they're a cop if you ask.
I agree it is a flimsy argument. I'm sure arms dealers do have plausibly deniable cover stories and legitimate or sympathetic transactions occurring as well. The funnier thing is we can't call this the Twinkie defense, because that is already taken.
It still doesn't answer the question as to whether they will enter back in circulation. Will the feds just sit on them, or auction them off? This will impact the exchange rate.
In general the Feds "forfeiture" all the assets they ever get their grimy paws on. The armored vehicles, machine guns, and posh LEO facilities aren't going to buy themselves.
So, if the Feds have the wallet(s), the BTC will be back in circulation, eventually. If they don't, the BTC probably won't appear until the actual SR proprietor has access to a computer again.
What would be really hilarious, would be if whoever has the wallet(s) waits until the currently accused is sentenced before spending again.
Has it been confirmed that the Feds are in possession of the wallet(s)? In that case Ulbricht is well and truly boned. If they don't have this data, then this filing is just the first round in the very long game that will determine how much jail time Ulbricht or any other alleged SR operator will serve, and how much money they will have left over afterward. In any case, those SR customers who had BTC stored there are out of luck.
This seems to be the first case where a massive number of BTC were seized by police. Since BTC is a consensus algorithm, what would happen if 51% of BTC users wanted to take those BTC away from the FBI and give them to someone else (or perhaps nobody, just remove them from existence and deflate the BTC) how feasible would that be?