So I guess you have already known the heist happening in Coincheck, an exchange from Japan (yes, the same country where Mt.Gox resided). It is now touted as the biggest heist in the history of men with half billion NEM worth around US$400 million stolen. The event happened on 26th of January 2018. Despite the heist took around 8 hours with several batches of NEM transfer, none of the Coincheck safeguard noticed until their wallet was dried up by the hacker.
Now the hacker controls about 5% of the total supply.
NEM is built by using a modified version of Proof-of-Stake consensus called Proof-of-Importance (PoI). The idea of PoI is to calculate the activities of the account with a trust called Eigentrust++ (I don’t know what it means, yet). In PoI, you will need to move your coins, get importance score, then stake the coins to get profit. Now, similar to PoS, the more coins you have, the higher chance you will be rewarded.
What can you do with 5% of the total supply?
NEM community has various responses. Some demanded that NEM Foundation (the group of the founders and developers) takes action by blacklisting every account having relationship with the hacker’s accounts, but some of them opposed the idea, saying that blacklisting will harm innocent people (imagine that the hacker sends you 1 NEM to your account and therefore yours will be blacklisted, too). The blacklisting is said to be done by an automatic tagging provided by NEM Foundation, and they will collaborate with exchanges to monitor the tags so that the hacker cannot cashout the stolen coins.
If I’m the hacker, I might want to get involved in PoI. The 5% I have will surely make a huge impact in the staking system. Here is the list of the hacker’s accounts:
By looking at the NEM Rich List, at least 3 of the accounts above get into top 15 positions (each cointains 100 million NEMs). If the hacker combines her coins into an account, hers will be in the 4th position of the rich list. Surely, her chance of winning most of the stakes are high.
Does it mean that the consensus scheme in NEM is ruined?
Maybe. If she decides to do so. But I guess in order to get a maximum profit, she will leave the system as it is. She might want to find a way to cashout the half billion dollar, either now or later. Waiting a little bit longer, be patient, and hope that NEM value will double or triple in a year or two.
If the hacker decides to get involved in NEM staking, the foundation might want to take action by gathering coins, at least putting the large sum of coins they have into several accounts to at least match what the hacker has. Or the developers can modify their system to simply ignore the stakes made by the blacklisted accounts as if these coins do not exist. The big guys are the ones who can save the system by using their wealth.
Let us sit back and see what’s coming next. Things are getting more interesting from now on.