Reversible transactions spark centralization controversy: Circle offers a "get out of jail free" card, will the market buy it?

Original: Odaily Odaily Daily

Author: jk

Research on Reversible Transactions of Circle

Circle CEO Heath Tarbert recently told the Financial Times that the company is researching mechanisms that can roll back transactions in the case of fraud and hacking while still maintaining settlement finality. He pointed out: “We are thinking about… whether it is possible to have transaction reversibility, but at the same time we also want to maintain settlement finality.”

In simple terms, if you have been scammed or hacked, theoretically, you can get your money back.

This reversible transaction mechanism will not be implemented directly on the Arc blockchain being developed by Circle, but will be achieved by adding a “reverse payment” layer on top, similar to how credit card refunds work. Arc is an enterprise-level blockchain designed by Circle for financial institutions, expected to be fully launched by the end of 2025.

Tarbert also specifically mentioned that there are some advantages of the traditional financial system that the current crypto world lacks. Some developers feel that there should be “some degree of fraud reversal function” when everyone agrees. In other words, Circle wants USDC to resemble traditional financial products more closely, so that banks and large institutions feel more secure using it.

However, this proposal has sparked intense controversy within the crypto community. Critics are concerned that it may lead to the centralization of the DeFi ecosystem: if Circle can arbitrarily revoke transactions, doesn't it become the “central bank” of the crypto world?

Existing intervention mechanisms of stablecoin issuers

In fact, stablecoin issuers have always had the ability to freeze accounts. Tether and Circle, as the two major stablecoin issuers, have established relatively mature freezing mechanisms to deal with hacking attacks and illegal activities.

Tether's Active Intervention Model

According to the document, Tether has built-in “blacklist” and “backdoor” mechanisms in the USDT smart contract, allowing it to freeze specific addresses, suspend the USDT transfer function for those addresses, and further execute operations for destruction and reissuance. This mechanism enables USDT to have the ability to “correct wallet-level errors” in extreme situations.

In September 2020, when the KuCoin exchange was hacked, Tether urgently froze approximately $35 million worth of USDT to prevent further transfers. In the August 2021 hack of the Poly Network cross-chain bridge, Tether immediately froze about 33 million USDT in the hacker's address. As of September 2024, Tether claims to have cooperated with 180 global institutions to freeze at least 1,850 wallets suspected of illegal activities, collectively assisting in the recovery of approximately $1.86 billion in assets.

Circle's Cautious Compliance Path

In contrast, Circle follows a compliance route. The USDC contract also has a blacklist function to prevent the movement of tokens from specific addresses, but Circle typically only freezes addresses upon receiving valid law enforcement or court orders. Circle clearly states in its terms of service that once USDC completes an on-chain transfer, the transaction is irreversible, and Circle has no unilateral right to revoke it.

This difference is quite obvious in practical applications. When users encounter scams and transfer USDC to a scammer's address, Circle typically does not proactively freeze the scammer's address for individuals unless law enforcement intervenes. This stands in sharp contrast to Tether's willingness to assist users in certain technically feasible scenarios.

After the U.S. sanctioned the privacy tool Tornado Cash in August 2022, Circle proactively froze approximately $75,000 worth of USDC on the sanctioned Ethereum addresses to comply with the sanctions. In September 2023, at the request of Argentine authorities, Circle froze two Solana addresses associated with the fraudulent “LIBRA” altcoin team, totaling about 57 million USDC.

These cases indicate that Circle is generally conservative, but will act decisively when there are clear compliance requirements. Tether, on the other hand, is more proactive and willing to cooperate with users and law enforcement. The governance styles of the two companies are indeed quite different.

The Evolution of Ethereum Transaction Reversibility Proposals

Ethereum, as the largest smart contract platform, has long been the subject of discussions around transaction reversibility. From the DAO incident in 2016 to various proposals in recent years, this topic has always been a concern for the entire community.

EIP-779: Historical Records of DAO Hard Forks

EIP-779 does not propose new functionality but rather serves as a record and explanation of the hard fork operation taken in response to the 2016 The DAO hack incident. At that time, the hacker exploited a vulnerability in the DAO contract to siphon off approximately 3.6 million ETH. After intense debate, the community opted for a hard fork solution, resulting in an “irregular state change” in the blockchain's history.

The hard fork did not technically roll back the block history, but rather modified the balance status of specific accounts, deducting the ETH stolen by hackers from the “Child DAO” contract and transferring it to a refund contract, allowing original DAO investors to proportionately withdraw ETH. This move was implemented in July 2016, directly restoring the victims' funds, but it also led to a split in the community, with some members who insisted on “code is law” refusing to acknowledge the modification, continuing to use the non-forked chain, which formed today’s ETC.

EIP-156: Commonly Encountered Stuck Accounts Ethereum Recovery

EIP-156 was proposed by Vitalik Buterin in 2016, aiming to provide a mechanism for recovering certain types of lost ETH. The background is that early users lost ETH due to wallet software defects or operational errors, resulting in ETH being stuck in addresses without control. The proposal envisions introducing a proof mechanism: if a user can provide mathematical proof that a certain amount of ETH is lost by them and meets specific conditions, they can initiate a withdrawal request to transfer that ETH to a new address.

However, EIP-156 has remained in the proposal discussion stage and has not been incorporated into any Ethereum upgrades. After the Parity wallet incident in 2017-2018, some proposed expanding EIP-156 to address Parity locks, but it was found that the proposal only applies to addresses without contract code and is ineffective for cases like Parity, which has contracts but is self-destructed.

EIP-867: Controversy over Standardized Recovery Process

EIP-867 is a “Meta EIP” proposed in early 2018, officially known as the “Standardized Ethereum Recovery Proposal”. It does not itself execute specific recovery operations, but rather defines a template and process for any future proposals requesting the recovery of lost funds to follow. Its intention is to provide a framework for such proposals, specifying what information must be included in a recovery request and what objective criteria must be met.

EIP-867 ignited a community debate after being submitted on Github. The then EIP editor Yoichi Hirai refused to merge it into a draft on the grounds that it “does not align with Ethereum's philosophy”, and subsequently resigned from his editorial position due to concerns that pushing it forward might violate Japanese laws. The opposing camp argues that “code is law”, and frequent fund recoveries would undermine Ethereum's credibility as an immutable ledger. Many have openly stated that if 867 is allowed to pass, they will switch their support to the Ethereum Classic chain.

Supporters of the camp emphasize flexibility, believing that restoration should be allowed at discretion when the ownership of funds is very clear and the impact on others is minimal. However, in the end, EIP-867 became a touchstone of community will, and the majority chose to defend the cornerstone of “immutability,” leading to the proposal being shelved.

EIP-999: Failure Attempt to Unfreeze Parity Multisig Wallet

EIP-999 is a proposal submitted by the Parity team in April 2018, attempting to address the substantial funds frozen due to a major vulnerability in the Parity multi-signature wallet discovered in November 2017. The vulnerability caused the Parity multi-signature library contract to be accidentally self-destructed, resulting in approximately 513,774 ETH being frozen and unable to be transferred. EIP-999 proposes to restore the self-destructed library contract code at the Ethereum protocol layer, thus unlocking all affected wallets.

To evaluate community opinions, Parity initiated a week-long coin vote on April 17, 2018. The results were close, but opposition had a slight edge: about 55% of the voting power chose “do not implement,” 39.4% supported EIP-999, and another 5.6% expressed neutrality. Due to lack of majority support, EIP-999 was ultimately not included in the subsequent Ethereum upgrade.

Opponents argue that although a complete rollback is not involved, modifying the contract code still violates immutability, and this move clearly favors Parity and its investors' own interests. A deeper reason for opposition lies in the principle issue: some believe that the Parity multi-signature wallet, as an autonomous contract, operates entirely according to code, and now reversing its state is equivalent to artificially intervening in a chain state that should not be altered.

Exploring Reversible Token Standards: ERC-20 R and ERC-721 R

ERC-20 R and ERC-721 R are new token standard concepts proposed by Stanford University blockchain researchers in September 2022, where “R” stands for Reversible. These standards aim to extend the currently most widely used ERC-20 (token) and ERC-721 (NFT) standards by introducing freezeable and revocable mechanisms for token transfers.

After a transfer based on ERC-20 R occurs, there will be a short dispute window period during which, if the sender claims the transaction is incorrect or has been hacked, they can submit a request to freeze the assets involved in the transaction. A group of decentralized arbitration “judges” will adjudicate the evidence and decide whether to execute the transaction rollback.

This proposal has caused a huge stir in Crypto Twitter and among developers. Supporters believe that, in the context of $7.8 billion in crypto thefts in 2020 and $14 billion in 2021, the completely irreversible transaction model has become a barrier to mainstream adoption, and introducing a reversible mechanism could significantly reduce losses caused by hackers.

However, opposing voices are also quite evident: many people are touched by the “decentralized judge” mechanism in the proposal, believing that it goes against the principle of trustlessness in DeFi. Critics worry that human involvement will introduce censorship and regulatory interference, and the government may use this mechanism to revoke transactions, undermining the censorship-resistant properties of blockchain.

Those years, the “regret medicine” incident in blockchain.

By reviewing the significant events related to “rollback” in the history of blockchain development, one can gain a clearer understanding of the application and impact of this mechanism in practice.

2016: The DAO Incident and Ethereum Fork

The DAO incident that occurred from June to July 2016 is regarded as the first case in blockchain history of artificially “reversing” the results of a hack. After hackers stole approximately 3.6 million ETH from the DAO contract, the Ethereum community voted to implement a hard fork in July, transferring the stolen ETH into a refund contract to restore it to investors. This move led to a split in the community, with the opponents remaining on the non-reverted chain, forming Ethereum Classic, and establishing a subsequent vigilance toward reversibility.

2017: The Double Blow of Parity Wallet

In July 2017, the Parity multi-signature wallet was hacked for the first time, with hackers exploiting a vulnerability to steal approximately 150,000 ETH. After the vulnerability was patched, another incident occurred in November: a developer's operational error led to the self-destruction of the Parity multi-signature library contract, freezing about 513,000 ETH. This event directly led to recovery proposals such as EIP-999, but ultimately none received community support.

2018: The Arbitration Experiment and Failure of EOS

Within a week of the EOS mainnet launch in June 2018, its arbitration agency ECAF froze a total of 34 accounts twice. The community had mixed opinions on this on-chain arbitration, and ultimately the arbitration system was weakened. This experience indicates that high-intensity centralized governance can provoke backlash, damaging EOS's reputation and proving the natural aversion of decentralized communities to excessive human intervention.

2022: The Successful Stop Loss of BNB Chain

In October 2022, hackers exploited a vulnerability in the BSC cross-chain bridge to mint approximately 2 million BNB (valued at nearly 5.7 billion USD) out of thin air. Upon discovering the anomaly, the Binance team immediately coordinated with BNB Chain validators to urgently suspend the blockchain, and subsequently released a hard fork upgrade within a few days, applying a patch to fix the vulnerability and freezing most of the untransferred BNB in the hacker's address. According to Binance, about 100 million USD worth of funds were transferred out of the chain by the hacker, while the vast majority of the remainder has been “brought under control”.

This incident proves that on a blockchain controlled by a small number of trusted entities, consensus can be quickly reached to execute rollbacks or freezes, even for large amounts. However, on the flip side, this has attracted criticism from the decentralized camp, which believes that BNB Chain resembles a database that can be arbitrarily intervened in, lacking the censorship resistance that a public chain should possess.

Successful Cases of Stablecoin Freezes

In situations where chain-level rollbacks are not possible, the freezing mechanism of stablecoins has become an important tool for fund recovery. After the KuCoin exchange was hacked in September 2020, various parties coordinated to respond, with Tether freezing approximately 35 million USDT. Projects upgraded their contracts to freeze the stolen tokens, recovering over half of the assets. In the massive hacking incident of the Poly Network cross-chain bridge in August 2021, Tether quickly froze 33 million USDT. Although other on-chain assets could not be frozen, the hacker ultimately chose to return all the funds, partly due to the difficulty in cashing out caused by the freezing of stablecoins.

Conclusion: Finding a balance between immutability and user protection

Circle's exploration of reversible transactions reflects a fundamental contradiction: how to provide users with the necessary protection mechanisms while maintaining the core value of blockchain immutability. From the perspective of technological development trends, there is indeed a tension between complete irreversibility and the complex demands of the real world.

The current solutions exhibit a layered characteristic: the underlying blockchain remains immutable, but various “soft reversible” options are provided at the application layer, token layer, and governance layer. The freezing mechanism of stablecoins, the delayed confirmation of multi-signature wallets, and the arbitration interfaces of smart contracts all achieve a certain level of risk control without modifying the on-chain history.

If Circle's proposal is ultimately implemented, it will represent a move towards traditional financial standards in the stablecoin sector. However, its success depends not only on technological implementation, but also on whether it can gain recognition from the crypto community. Historical experience shows that any proposal attempting to normalize transaction rollbacks will encounter strong resistance, and it remains to be seen whether Circle can find a delicate balance between protecting users and maintaining decentralized trust.