Topic: Lost coins vulnerable to theft in the future? - page 3. (Read 579 times)

I think there are two options. First: they will never move, because even if some keys are vulnerable, other, fully random keys may be good enough to resist many attacks. Second: they will move somewhere by providing a valid signature. That second option could have many variants: they could move into OP_RETURN, they could move as a fee, and be burned in the coinbase transaction, they could be timelocked to the future, and taken later by miners, or they could be stolen once, and then the system will be safe again, after moving to the new address type. In case of the second option, if a lot of coins will be moved at once, then I think burning will reach consensus quicker than other ideas, so the chain where they will be burned, will be followed, and will stay the heaviest.

The only unacceptable thing is moving coins without providing any valid signature. All other cases are good enough, and it is possible to reach consensus, when coins will be not moved, or moved by valid transactions (then, that second option depends on the destination).

That's why I think if someone will suddenly move a lot of coins, then the consensus will quickly form around burning all of them, by providing valid signatures. In economical sense, other forks could be just cheaper and lose Proof of Work support from miners.

Why not? I read many posts saying that "burning is acceptable" or "locking by soft-fork is acceptable". I think reaching consensus on burning someone else's coins would be easier, than forming any consensus on stealing them, even if only once.

It will be very difficult to reach a consensus either way, as there are strongly held beliefs on both sides. I am very much of the opinion that it is better to let these coins be stolen than it is to do anything to lock them or make them otherwise unspendable. It is better to take the short term price hit from lost coins re-entering the market than it is to destroy a core principle of bitcoin and allow a small group of devs or a small subsection of the community start to decide what happens to coins which do not belong to them.

It is worth noting that not all vulnerable addresses will be hacked at once, but rather, it will happen gradually over months or even years. There are a multitude of reason in which coins which are not lost may not move for long periods of times. Perhaps the owner is in a different country to their wallet. Perhaps they are in prison. Perhaps the private keys are locked up in some kind of inheritance or trust. Perhaps there is a timelocked transaction waiting to be broadcast at a certain date. If we set a fixed date and lock all these coins, then we will absolutely be depriving some users of their coins against their will. At that point, bitcoin is no longer decentralized nor trustless.

If you are careless and fail to look after your private keys or move your coins in time, then they will be stolen. Far better that than the devs say "Since you are careless, we are going to take your coins away from you." You can't be your bank if someone else can unilaterally remove that privilege from you.

---

As I mentioned in another thread, I would only support locking coins if there was some way for the real owner to prove ownership and unlock them again, such as by providing a zero knowledge proof that they own the seed phrase which generated the relevant private keys. But this does not solve the problem of truly lost coins or early coins in P2PK addresses.

It is not possible to predict what the consensus is going to be because there hasn't been any serious discussion about this possibility yet and the various smaller discussions that have taken place among users have never reached any consensus. There are two sides and some say they shouldn't be locked or anything and another side says they should be burnt.

In my opinion if some day in the far away future we come to the conclusion that ECC is obsolete we should define a migration period after which any coins left in the old algorithm becomes unspendable.

If there was a vulnerability in ECDSA/Schnorr (maybe because of a quantum computer but it can be any other reason - lattice attacks, etc.) and there would be alternative - new safe locking scripts - and people would start moving their coins into them.
What do you think would happen to those UTXOs that don't move at all (lost coins/Satoshi’s coins/etc.)?

Do you think the consensus would be to let them be stolen OR to soft-fork them out (remove from circulation - e.g. “you have 10 years to move your UTXOs, otherwise they will become invalid”)?

The first option is better in my opinion but flooding the market with so many coins could be massively disruptive.
The second option would probably not be able to reach consensus but the effect on price would not be so disastrous.

Some people touched this in the following thread but I didn't want to continue there as this was a little bit off topic:
https://bitcointalksearch.org/topic/--5400954