“The immutability of blockchain transactions is both a blessing and a curse”. This is how Kaili Wang starts her blog post introducing her and other Stanford researchers’ paper on reversible transactions on Ethereum. 

Indeed, Kaili Wang, Dan Boneh and Qinchen Wang have recently created opt-in token specifications that are siblings to ERC-20 and ERC-721 and permit reversing transactions. They called these token standards ERC-20R and ERC-721R, respectively. The new standards provide limited post-transaction time periods for thefts to be evidenced and transactions reversed, provided there is sufficient proof justifying it.

The difficulty of tracing stolen funds on the blockchain

Cryptocurrencies rarely just sit still when they are stolen. The money might be distributed among numerous accounts, or converted into another digital currency. If it passes through a lot of accounts, the hacker might be connected to at least some of them. However, other accounts could be owned by business owners who accepted payment in exchange for a legitimate service.

An algorithm to reverse transactions on Ethereum

The Stanford researchers have provided a default freezing process for tracing and locking stolen funds. Their algorithm ensures that:

1. Enough assets will be frozen to cover the theft amount. (burned assets are subtracted from the returned amount),
2. An account’s funds will only be frozen if there’s a direct flow of transactions from the theft, and
3. The algorithm runs in reasonable runtime complexity with respect to the transaction graph.

For tracking down and storing away stolen money, the initiative has established a default freezing procedure. Such method guarantees that amounts sufficient to cover the theft will be frozen. An account’s funds will only be frozen if there is a straight flow of transactions from the theft.

The algorithm at work

Imagine that an assailant defrauds a victim of money. Under the envisaged system, what would occur is as follows:

The victim asks to have the stolen money frozen. The victim submits a request for a freeze to a governance contract together with the pertinent supporting documentation and some stake. The disputed transaction must have occurred recently (there is a fixed reversible time period).

Judges grant or deny requests to freeze. A decentralized quorum of judges decides whether or not to freeze the assets. This phase of thought should last no longer than a day or two. The victim loses their stake if judges reject the request. The governance contract will call for a freeze on the ERC-20R/ERC-721R contract if judges agree to the request.

Execute freeze. For NFTs, it simply blocks the NFT from being transferred. For ERC-20R, it will trace down the stolen funds and disallow those funds to be transferred. The account owner can still transact with others if their balance stays above the frozen amount.

Trial. The decentralized panel of judges will then examine the evidence from both parties. When the judges have made their judgment, the governance contract is then told to call the “reverse” or “rejectReverse” functions on the impacted ERC-20R or ERC-721R contract. The freeze on the disputed assets is lifted if “rejectReverse” is called. The trial might last a while—possibly a few weeks.

Reversal, if granted. The victim receives the frozen assets when the reverse function is used.

A decentralized judiciary system

The system appoints a panel of judges that will decide whether to reverse a challenged transaction after reviewing the relevant information. It includes a sizable pool of readily available judges who will get payment for their services. When a freeze request is made, a quorum of x judges is chosen at random. The initial freeze request is decided by this group of judges, and they also determine whether to accept or deny the reversal request later on. Because the panel of judges is only made public after they have all cast their votes, a party that wants to bribe a judge won’t, in fact, know who to bribe.

Conclusion

This innovative system is very much still a work in progress. However, the interest of the initiative is obvious. It attempts to respond to a problem detected in the use of cryptocurrencies. It will help to combat fraud and crimes committed on the blockchain and, more importantly, it will give tools to try to trace and recover stolen digital assets.