Yesterday, we reported that Syscoin’s blockchain was compromised and more than 1.2 Billion SYS was created in a single block. However, this was not what happened and we heard from Syscoin on what actually went down yesterday.
There was a major mess-up because the miners had not upgraded their clients to the latest version 3.0.6 which was a mandatory update, even after they were given enough time. The update was mandatory because it fixed a governance superblock fee calculation bug. The number of miners went down, and so did the difficulty levels.
Large output block values began appearing because majority of the existing miners had higher fee policies and smaller miners picked up the transactions. As a result, hundreds of transactions were bunched up in these blocks with higher output values.
When the Syscoin team observed these strange happenings, they updated the exchanges which resulted in Binance going down for a brief moment yesterday. Binance came back an hour later and reset the API keys once they determined exchanges were not under an attack.
About the 7,000 Bitcoins moved out of Binance, Syscoin has confirmed that it may not have anything to do with yesterday’s fiasco. It may have just been a large volume trader who moved their funds out of the exchange because there is no statement from Binance also.
To conclude, Syscoin’s blockchain was not hacked and is fully operational as per design.
Here’s the breakdown of events from Syscoin’s debrief:
1. Syscoin released their 3.0.6 Qt wallet 10 days ago; it was a mandatory update fixing a governance superblock fee calculation bug which meant that once a superblock that contained transaction fees was hit, it would not validate clients moved onto the 3.0.6 wallet (the hotfix) from 3.0.5 or whatever they were on.
2. Today saw a significant rise in the speculation of SYS and the price rose to all-time highs for Syscoin. Prior to the movements on Binance we noticed large buy walls across the other major exchanges and the community was also quick to pick this up and alert us. As we watched the action unfold we noticed another peculiar event which turned out to be unrelated: blocks that were being processed were not including transactions regularly. We also noticed masternodes were expiring, and network difficulty was dropping due to large asic-based miners not mining.
3. At approximately 1:00pm PST a superblock was created and Syscoin’s decentralized governance payouts were issued, causing some miner nodes to halt. This was an expected outcome for Masternodes/Miners/Clients that had not upgraded to 3.0.6. All network users were required to simply pull 3.0.6 tag from master branch, build and deploy as per the normal upgrade procedure, and weeks of notice had been given for this upgrade.
4. The majority of miners that were mining Bitcoin+Syscoin (merge-mined) that had upgraded have fee policies above the default kb / Sys fee rate of 10,000 satoshi per kb. We later realized the fee rate for these miners has been set to 0.001 Sys per kb — an order of magnitude higher than default. As a result, transactions seemed to not be processed and some equated it to an attack during the same time as a large price fluctuation.
5. Large block output values of 544 million SYS and 1.2 billion SYS begin to appear on the Syscoin block explorer. This was due to the fact that majority miners had higher fee policies and the smaller miner picked up transactions when it won a block. We saw hundred of transactions bunched up in these blocks with higher output values. The atypical thing about these blocks at this time were that someone was using the top address of 46 million Syscoin (we speculate that this was an exchange wallet) to send withdrawals of Syscoin. The transactions were chained as Syscoin allows up to 25 chained unconfirmed transactions to exist as per the limitancestorcount / limitdescendant rule (same as Bitcoin). This was a non-issue and also unrelated to activities of the price on exchanges, but obviously a chained transaction set of a 46 million Syscoin output could quickly add up to a large amount, possibly much larger than the existing supply which is was precisely happened in these blocks.
6. We recognized the large 46 million Syscoin used to send out funds and chained as unconfirmed transactions as suspicious activity and immediately requested a halt to trading on all exchanges to protect users. Bittrex and Poloniex immediately complied. Binance began to identify the issue. Normally these would be placed in cold wallets and in this case it seemed as though it was being used as a hot wallet. For precautionary reasons we told exchanges to halt as we felt if exchanges were under attack that we would mitigate the attacker from moving funds across exchanges to conceal traces of theft.
7. Binance reset API keys and resumed trading as did all other exchanges once we had identified that exchanges were not under attack.
8. Users reported that 7000 Bitcoin were moved out of Binance around the same time. We are unaware currently of a public statement about this linking it to the activities of Syscoin.
9. Some users in the community report that their Bitcoin balances in Binance were negatively affected during the price activities that saw Syscoin hit a price of 96 BTC/SYS. Binance is currently looking into it and will update these users under their individual tickets.
10. Syscoin Team identified that transactions were not being mined simply because of miner policy and miners not having upgraded to 3.0.6. The transactions were going through just were taking a little longer (1 hour, instead of 1 minute).
11. These events coincided with each other and were the cause of a dramatic 12 hours for the crypto-community. Binance have since released an update on the incident, which relates to API key misuse.