Original | Odaily Planet Daily ( @OdailyChina )

Author｜jk

Circle's Reversible Transactions Research

Circle CEO Heath Tarbert recently told the Financial Times that the company is exploring mechanisms to revert transactions in the event of fraud or hacking while still maintaining settlement finality. He stated, "We're thinking about…whether it's possible to have reversibility, but at the same time we want to maintain settlement finality."

Simply put, if you get scammed or hacked, you can theoretically get your money back.

This reversible transaction mechanism won’t be implemented directly on Circle’s Arc blockchain, which is currently under development. Instead, it will be implemented by adding a “reverse payment” layer on top, similar to how credit card chargebacks work. Arc is Circle’s enterprise-grade blockchain designed for financial institutions and is expected to be fully launched by the end of 2025.

Tarbert also noted that traditional financial systems offer advantages that are lacking in the current crypto world, and some developers believe that, with universal agreement, some degree of fraud prevention and reversal functionality is necessary. Simply put, Circle aims to make USDC more like a traditional financial product, so that banks and large institutions can use it with confidence.

However, the proposal has sparked heated debate in the crypto community, with critics worried that it could lead to the centralization of the DeFi ecosystem: if Circle could arbitrarily reverse transactions, wouldn't it become the "central bank" of the crypto world?

Existing intervention mechanisms for stablecoin issuers

In fact, stablecoin issuers have always had the ability to freeze accounts. Tether and Circle, the two major stablecoin issuers, have established relatively mature freezing mechanisms to deal with hacker attacks and illegal activities.

Tether’s Active Intervention Model

According to documentation, Tether has built a "blacklist" and "backdoor" mechanism into the USDT smart contract, enabling it to freeze specific addresses, suspend USDT withdrawals from those addresses, and further execute destruction and re-issuance operations. This mechanism enables USDT to "correct wallet-level errors" in extreme circumstances.

When the KuCoin exchange was hacked in September 2020, Tether urgently froze approximately $35 million in USDT to prevent further transfers. Following the August 2021 hack of the Poly Network cross-chain bridge, Tether immediately froze approximately 33 million USDT from the hacker's address. As of September 2024, Tether claimed to have cooperated with 180 institutions worldwide to freeze at least 1,850 wallets suspected of illegal activity, assisting in the recovery of approximately $1.86 billion in assets.

Circle's cautious compliance approach

In contrast, Circle takes a compliance-focused approach. The USDC contract also features a blacklist feature to block token transfers from specific addresses, but Circle typically only freezes addresses upon receipt of a valid law enforcement or court order. Circle's terms of service clearly state that once a USDC transfer is completed on-chain, the transaction is irreversible and Circle has no right to unilaterally reverse it.

This discrepancy is quite noticeable in practice. When a user transfers USDC to a scammer's address, Circle typically won't proactively freeze the scammer's address unless law enforcement intervenes. This stands in stark contrast to Tether's willingness to assist users in certain technically feasible scenarios.

After the United States sanctioned the privacy tool Tornado Cash in August 2022, Circle proactively froze approximately $75,000 worth of USDC held on the sanctioned Ethereum addresses in compliance with the sanctions. In September 2023, at the request of Argentinian authorities, Circle froze approximately 57 million USDC in two Solana addresses belonging to the allegedly fraudulent "LIBRA" altcoin team.

These cases demonstrate that Circle, while generally conservative, takes decisive action when faced with clear compliance requirements. Tether, on the other hand, is more proactive, willing to cooperate with users and law enforcement. The two companies' governance styles are indeed quite different.

The Evolution of Ethereum’s Transaction Reversibility Proposal

As the largest smart contract platform, Ethereum has long been the subject of discussions surrounding transaction reversibility. From the DAO incident in 2016 to various proposals in recent years, this topic has always been a source of concern for the entire community.

EIP-779: The History of the DAO Hard Fork

EIP-779 doesn't propose a new feature, but rather documents and explains the hard fork action taken in response to The DAO hack in 2016. At the time, hackers exploited a vulnerability in the DAO contract to transfer approximately 3.6 million ETH. After intense debate, the community opted for a hard fork, creating an "irregular state change" in blockchain history.

This hard fork didn't technically roll back block history. Instead, it modified the balances of specific accounts, deducting the ETH stolen by the hacker from the "Child DAO" contract and transferring it to a refund contract, allowing original DAO investors to withdraw their proportionate ETH. This move, implemented in July 2016, directly restored the victims' funds, but it also caused a split in the community. Some members, adhering to the principle of "code is law," refused to recognize the change and continued to use the unforked chain, resulting in the ETC community we know today.

EIP-156: Ether Recovery for Commonly Stuck Accounts

Proposed by Vitalik Buterin in 2016, EIP-156 aims to provide a mechanism for recovering certain types of lost ETH. This stems from the fact that some users, due to wallet software bugs or operational errors, have left their ETH stuck in uncontrolled addresses. The proposal envisions introducing a proof mechanism: if a user can mathematically prove that a certain amount of ETH was lost and meets certain conditions, they can initiate a withdrawal request to transfer the lost ETH to a new address.

However, EIP-156 has remained at the proposal discussion stage and has not been incorporated into any Ethereum upgrades. Following the Parity Wallet incident in 2017-2018, some proposed extending EIP-156 to address Parity lockout, but it was found that the proposal only applied to addresses without contract code, rendering it ineffective in situations like Parity, where a contract existed but self-destructed.

EIP-867: The controversy over standardized recovery processes

EIP-867, a "Meta EIP" proposed in early 2018, stands for "Standardized Ethereum Recovery Proposal." It doesn't perform specific recovery operations itself, but rather defines a template and process for future proposals requesting the recovery of lost funds. Its primary purpose is to provide a framework for such proposals, specifying the required information and objective criteria for recovery requests.

After EIP-867 was submitted to Github, it sparked a heated debate within the community. Yoichi Hirai, then-EIP editor, refused to merge it into a draft, citing its inconsistency with Ethereum's philosophy . He subsequently resigned from his position, fearing that continuing to move forward could violate Japanese law. Opponents argued that "code is law" and that frequent fund recovery would undermine Ethereum's credibility as an immutable ledger. Many expressed their willingness to switch their support to Ethereum Classic if EIP-867 were passed.

The supporters emphasized flexibility, arguing that restoration should be allowed when the ownership of funds is clear and the impact on others is minimal. Ultimately, however, EIP-867 became a litmus test for community will, with the majority choosing to defend the cornerstone of immutability, and the proposal fell through.

EIP-999: Failed attempt to unfreeze Parity multi-sig wallet

EIP-999, a proposal submitted by the Parity team in April 2018, seeks to address the massive amount of funds frozen due to a major vulnerability in Parity's multisig wallet in November 2017. This vulnerability caused the Parity multisig library contract to accidentally self-destruct, freezing approximately 513,774 ETH and preventing transfers. EIP-999 proposes restoring the self-destructing library contract code at the Ethereum protocol level, thereby unlocking all affected wallets.

To gauge community opinion, Parity launched a week-long coin vote on April 17, 2018. The results were close, but with a slight majority against: approximately 55% of the vote chose "no implementation," 39.4% supported EIP-999, and 5.6% remained neutral. Due to a lack of majority support, EIP-999 was ultimately not included in subsequent Ethereum upgrades.

Opponents argue that while this wouldn't involve a full rollback, modifying the contract code would still violate immutability and clearly favor the interests of Parity and its investors. A deeper objection stems from a matter of principle: some argue that the Parity multisig library, as an autonomous contract, operates entirely according to code, and reversing its state would amount to human intervention in an on-chain state that shouldn't be altered.

ERC-20 R and ERC-721 R: Exploring Reversible Token Standards

ERC-20 R and ERC-721 R are new token standards proposed by Stanford University blockchain researchers in September 2022. The "R" stands for reversible. These standards seek to expand upon the currently popular ERC-20 (token) and ERC-721 (NFT) standards by introducing mechanisms for freezing and revocable token transfers.

After an ERC-20 R-based transfer occurs, there is a brief dispute window during which the sender, claiming the transaction was an error or hacked, can submit a request to freeze the assets involved. A decentralized panel of "judges" will review the evidence and decide whether to roll back the transaction.

This proposal caused an uproar on Crypto Twitter and in the developer community. Supporters believe that with $7.8 billion in crypto thefts in 2020 and $14 billion in 2021, completely irreversible transaction models have become a barrier to mainstream adoption, and introducing a reversible mechanism can significantly reduce the losses caused by hackers.

However, opposition is also evident: many are drawn to the proposed "decentralized judge" mechanism, believing it runs counter to DeFi's principle of trustlessness. Critics worry that human involvement will introduce censorship and regulatory intervention, and that governments could exploit it to reverse transactions, eroding blockchain's censorship-resistant nature.

In those years, the blockchain's "regret medicine" incident

By sorting out major events related to "rollback" in the history of blockchain development, we can have a clearer understanding of the application and impact of this mechanism in practice.

2016: The DAO Incident and Ethereum Fork

The DAO incident of June and July 2016 was arguably the first case in blockchain history where a hack was deliberately "undone." After hackers stole approximately 3.6 million ETH from the DAO contract, the Ethereum community voted to implement a hard fork in July, transferring the stolen ETH to a refund contract and restoring it to investors. This move split the community, with opponents remaining on the unrolled chain, forming Ethereum Classic and laying the foundation for subsequent caution about reversibility.

2017: A Double Whammy for Parity Wallet

In July 2017, the Parity multi-signature wallet was hacked for the first time, with hackers exploiting a vulnerability to steal approximately 150,000 ETH. After the vulnerability was patched, another incident occurred in November: a developer error caused the Parity multi-signature contract to self-destruct, freezing approximately 513,000 ETH. This incident directly led to the creation of recovery proposals such as EIP-999, but none of them ultimately gained community support.

2018: EOS’s Arbitration Experiment and Failure

Within a week of the EOS mainnet's launch in June 2018, its arbitration body, ECAF, froze a total of 34 accounts twice. This on-chain arbitration received mixed reactions from the community, ultimately weakening the system. This experience demonstrates the backlash against highly centralized governance, damaging EOS's reputation and demonstrating the decentralized community's inherent aversion to excessive human intervention.

2022: Successful Stop-Loss on BNB Chain

In October 2022, hackers exploited a vulnerability in the Bitcoin Token (BSC) cross-chain bridge to mint approximately 2 million BNB (worth nearly $5.7 billion). Upon discovering the anomaly, the Binance team immediately coordinated with BNB Chain validators to urgently pause the blockchain. Within days, they released a hard fork upgrade that patched the vulnerability and froze the majority of the remaining BNB held in the hacker's address. According to Binance, approximately $100 million in funds were transferred off-chain, and the vast majority of the remaining funds are now under control.

This incident demonstrates that on a blockchain controlled by a small number of trusted entities, consensus can be quickly reached to execute a rollback or freeze, even for large amounts of money. However, this has also drawn criticism from the decentralized camp, who argue that BNB Chain is more like a database that can be tampered with at will and lacks the censorship resistance expected of a public blockchain.

Successful Cases of Stablecoin Freezes

When chain-level rollbacks are impossible, the freezing mechanism of stablecoins becomes a crucial tool for fund recovery. Following the KuCoin exchange hack in September 2020, a coordinated response led to Tether freezing approximately 35 million USDT, and various projects upgrading their contracts to freeze the stolen tokens, recovering over half of the assets. In the massive August 2021 hack of the Poly Network cross-chain bridge, Tether quickly froze 33 million USDT. While other on-chain assets could not be frozen, the hackers ultimately returned all their funds, in part due to the difficulty in liquidating the stablecoins.

Conclusion: Finding a balance between immutability and user protection

Circle's exploration of reversible transactions reflects a fundamental tension: how to maintain the core value of blockchain immutability while providing necessary protection mechanisms for users. From the perspective of technological development, there is indeed a tension between complete irreversibility and the complex needs of the real world.

Current solutions are layered: the underlying blockchain remains immutable, but various "soft reversibility" options are provided at the application, token, and governance layers. Stablecoin freezing mechanisms, delayed confirmations in multi-sig wallets, and arbitration interfaces for smart contracts all achieve a degree of risk control without modifying on-chain history.

If implemented, Circle's proposal would represent a move closer to traditional financial standards for the stablecoin sector. However, its success depends not only on technical implementation but also on its acceptance by the crypto community. Historically, any proposal attempting to routinely roll back transactions has met with strong resistance. It remains to be seen whether Circle can strike the delicate balance between protecting users and maintaining trust in decentralized systems.