In mid-May, BitcoinCash went through a scheduled hardfork that was delayed due to a malicious attack on the network. The attacker found an exploit on the blockchain that allowed the individual to misappropriate funds. This led to a collaboration ofBitcoin Cash miners to reverse the attacked blocks to return the funds to the rightful owner.
Bitcoin ABC, the main development team for Bitcoin Cash, developed and deployed a patch for its nodes within four hours of the initial attack. The confusion arose when the general public's inability to distinguish an attacker reorganizing the blockchain versus the miners performing the function.
Another recent discussion arose on the Bitcoin blockchain when the CEO of Binance, CZ, inquired about 'rolling back' the Bitcoin blockchain to retrieve the funds that were stolen from Binance. The amount stolen at the time was close to 7,000 BTC estimated at $40M, the idea here is to get enough miners to agree to roll back the BTC blockchain to recover the stolen funds. Although technically possible, the amount of hashing power to accomplish this is quite large, however just the very idea of it resulted in major backlash by the crypto community. This calls into question the 'immutability' of any given blockchain when miners can collude to 'roll back' any blockchain.
A hardfork of the well known Ethereum cryptocurrency was the result of the DAO attack that resulted in the Ethereum Classic blockchain which contains the original compromised Ether on the blockchain, falling align with the ideology that a blockchain should never be rolled back for any reason. The more dominant blockchain of the two, known as Ethereum, has the compromised funds recovered.
Nonetheless, the ability to make these changes on the blockchain is by design. The malleability is a feature and not a glitch of any of the cryptocurrencies in that if the community decides the best thing to do is to 'roll back' a particular blockchain, the ability is there to do so. If a bad actor wanted to perform the same thing on their own, it would be nearly impossible to carry out, which is the point.
Coinbase chimed in with their analysis of the situation with an in depth technical breakdown. The incident consisted of approximately 3,655 BCH or about $1.4M at the time of the attack. The attacker had moved the coins into a segwit address which most of the coins were promptly returned to the original senders.
From their blog:
"We find it remarkable that BTC.top derived the technical solution to recover BCH funds mistakenly lost by users, choosing to send the coins to their intended recipients rather than claiming the funds for themselves."
The Bitcoin Cash network did not undergo a 51% attack, miners were preventing an attacker from completely compromising coins. BTC.top is one of the major Bitcoin Cash mining pools that stepped in and prevent such a scenario with roughly 10% of the hashrate. Although this is a good thing in general, not everyone agrees in that this could be a slippery slope.