Was going to buy something off Silk Road and pussied out and forgot about it. Probably had around 10 BTCs? My emails show Bitme and VirWox. No clue on private key but I know transaction ids. Any chance as to how I can access those funds? I’m so retarded. Is it game over if I don’t know my Private Key or can they be traced by looking at my transaction Ids?? And somehow bring the dot together. Been through multiple laptops in between so not stored in hardware. I could try to search but how many digits are they usually for that time period? Like do they start with some number or letter? What’s the length size? I wonder if I can search for a string using python by getting my email API and search for the string that fits the mold. I’m done if I wrote it on some post it’s.
Ultimate glossary of crypto currency terms, acronyms and abbreviations
🔥Not your keys, not your coins : Why you should not use Paypal for Bitcoin
Today, PayPal announced that they will be launching a cryptocurrency digital wallet for buying, selling and storing Bitcoin, Ethereum, Bitcoin Cash and Litecoin. This confirms rumors which circulated earlier this year, and it is seen as a significant milestone by many in the community. A milestone it may be, but it will impact millions of daily users who have, until now, never considered getting into cryptocurrency. For them, PayPal will be the leading authority in a space that it has long sought to discredit. Over 221 Billion dollars were transacted in Q2 of 2020 using Paypal. That represents a rise of 10% in volume in just six months. PayPal is growing and dominating online payments as well as other services such as credit and insurance. It has a long-established reputation of occasionally freezing user funds and censoring payments that conflict with its outlook but the payments giant continues to hold relevance where Bitcoin should have long overtaken it. Perhaps this news marks the beginning of a transition? Is PayPal’s announcement good news for Bitcoin? Until very recently, PayPal was anti-crypto. Writing in 2018, ex-CEO Bill Harris called Bitcoin “the greatest scam ever”, so what’s changed? This sudden turnaround is encouraging, especially as private companies like Microstrategy and Square make grandiose announcements about their own crypto diversification. Should the community embrace them with open arms? After all, this is the start of mass adoption we’ve all been waiting for, right? When a household brand like PayPal starts selling Bitcoin, it’s probably not because they want to spur healthy adoption. In the press release announcing their new cryptocurrency service, PayPal sends out mixed messages. On one hand, the service will be entirely custodial, meaning users will not have the key to their own coins, while on the other they intend to “provide account holders with educational content to help them understand the cryptocurrency ecosystem”. The idea that anyone informed about bitcoin would agree to not holding their private keys might indicate that this educational content will overlook the fundamental rule of “Not your keys; not your coins”. If millions of newcomers are onboarded to Bitcoin by PayPal, there could be a very serious information gap that jeopardizes their experience and undermines key principles of cryptocurrency. This statement from their FAQ is, in practical terms, false: “You own the Cryptocurrency you buy on PayPal but will not be provided with a private key.” No-one should consider money held entirely by a third party as owned by them. Time after time, exchanges have lost user funds, often leaving them with no recourse. A benefit for some will be a promise of greater regulation, where funds can be insured and new users may feel more comfortable than dealing with cryptocurrency exchanges directly, but they will be restricted from actually utilizing their coins. The only reasons to own Bitcoin which cannot be used, would be to invest for the long term, which is incredibly reckless to do when your funds are held by a third party, or speculate on its price, which again, would be introducing the masses to financial mechanisms they do not understand. Is PayPal positioned to be a cryptocurrency leader? As it steps into the forefront, PayPal will be closely watched by companies, institutions, and consumers. While they can boast of “digital payments expertise”, they have historically taken an aggressive stance against users who bought cryptocurrency on exchanges, citing their acceptable use policy, forbidding transactions which “involve currency exchanges or check cashing businesses”. The fact that this clause remains in their policy suggests that they intend to limit users to use only their platform for cryptocurrency, stifling competition and preventing users from ever withdrawing their cryptocurrency to the safety of a wallet they control the keys to. That said, there is something to be said for PayPal’s statement that they will “enable cryptocurrency as a funding source for digital commerce at its 26 million merchants”. Currently, the options for cryptocurrency funding are in their infancy, and Bitcoin loans could see future growth. There is only one thing about PayPal’s announcement that long-term hodlers will be celebrating today: the pump in price. Long-term, if PayPal proceeds without consulting the community and letting their users control their own keys, it offers no value to the space. The greatest risk is that the clout they carry in traditional electronic payments will be interpreted as expertise in crypto. This would threaten the expert advice so carefully crafted by our community, which could be drowned out by the misinformed masses that PayPal brings to the space. For now, no-one can tell how it will turn out, but there are big concerns to address before informed users will turn to PayPal. Welcome PayPal’s initiative with open arms, but by no means look to them for leadership. At best, this announcement indicates that they may fear sinking into irrelevance. *Do not use PayPal for Bitcoin; there are many other places to buy crypto which will let you keep ownership of your coins. * PayPal is conceding to Bitcoin, and the many other aspirational, educational projects within the community should be highlighted to prevent newcomers from falling into a trap of trusting one of Bitcoin’s greatest long-term adversaries. Source : https://blog.trezor.io/why-you-should-not-use-paypal-for-bitcoin-f6e2d436ca96
Usually, bull markets attract a lot of new investors - although speculators should be the right word here - and as usual, a lot of them are going to be crushed a way or another. First, before putting a single dollar, euro or whatever in the market, you should read a lot to know exactly what you're looking for. Are you here for the tech and/or the cypherpunk ethos ? Great, there's lot of resources out there (my links are cleaned but as always, do your due diligence) :
The Bitcoin Whitepaper, the one and only : bitcoin.org/bitcoin.pdf Since I'm linking to bitcoin.org, friendly reminder to avoid bitcoin.com, owned by a former supporter now con-artist Roger Ver.
Andreas Antonopoulos website : https://aantonop.com Andreas is one of best guys able to educate on bitcoin and its properties, for free, which helps.
Jameson Lopp website : lopp.net Jameson is a member of Bitcoin Core, cypherpunk, also able to educate a lot. His website is full of free resources and other links. You'll have a lot to read.
Hal Finney : he's unfortunately dead but I would advise to read about Hal Finney, the first to receive bitcoin Satoshi. A great cryptographer, the inventor of the first reusable PoW and one of the first bitcoin supporters. You'll be able to find his messages on this old forum Bitcoin Talk, by the way you'll be able to find the first chats about bitcoin on this forum bitcointalk.org
Monero website : getmonero.org Yep, I know it's gonna be controversial to post an altcoin link but personally, I think that Monero (aka XMR) is the only other coin with a big cypherpunk community, decentralized, and able to help newcomers with a great sense of responsibility, since the ethos here is to save privacy.
What Bitcoin Did : of course, Peter is controversial but I love him and I find his former blog and his podcasts very needed because he doesn't oversell himself. Pete knows that he's not a tech guy (like many of us) and just wants to spread the word, I think he does a good job with this.
Now, you've read and you want to put some skin in the game. Several exchanges are acceptable, a lot of aren't, be careful and assume that none really are (know that I won't post any ref links) :
to me, the best, although it's UI is quite old : Kraken €/$/pound/swiss franc on-off ramp
Coinbase and Coinbase Pro Difficult not to mention Coinbase, although I can't stand Brian Armstrong and the way they are doing their best to support scams currently. You should rather use Coinbase Pro if you have to since the fees are much lower.
Binance Binance came later than the previous ones but has managed to take most of the market. Now, you should remember what I said about being careful.
Huobi The biggest chinese exchange and they work closely with chinese official. Again, careful.
Bittrex Once at the top, now somewhere in the limbs.
A lot of new comers came recently like btse, ftx, feel free to try them while always keeping in mind that once your money is on exchanges, it's not yours anymore.
This was for centralized exchanges aka CEX. Talking about custodial, you'll need wallets to store your (bit)coins. Always try to use non-custodial wallets, which means wallets that give you your private keys. This way, if the software goes down, you can always retreive your money. Now, I won't link to all the existing wallets but will advise you to buy hardware wallets (trezor or ledger but there are others) or to create (on off-gap computers) paper wallets you're able to store safely (against all risks, not only robbery but housefire). You also could use your memory with brain wallets but, my gosh, I wouldn't trust myself. For Bitcoin (or even Litecoin), Electrum software can do a good job (but save your keys). AGAIN, DON'T KEEP YOUR SAVINGS ON AN EXCHANGE Now, about trading : it's been repeated and repeated but don't chase pumps and altcoins. Yep, it's probably the fastest way to make money. It's also the fastest to lose it. I won't lie : I made good money during the 2017-bullrun and I took profits but I also forgot to sell some shitcoins thinking it would keep going up, now I'm still holding these bags (although I don't really care). I know that a lot forgot to take profits. Take profits, always take profits, whatever your strategy is. Don't fall for people trying to sell you their bags, for ICOs trying to sell you a product which isn't released yet and obviously, don't fall for people asking for your private key. Also, know that there's two endgames : accumulating bitcoin or fiat. I'm rather in the first team but whatever your strategy is, take profits. (Yes, I know, some will say accumulating ethereum or something else). It's true that a lot of ethereum holders made a lot of money during the last bullrun (ethereum helped me make money too) but I'm really biased in favor of bitcoin (and monero). So, pick your coin but again, do your due diligence. A lot of people here or there will talk about the best tech, the fact that bitcoin is old and slow. I would need another post to go further on this point but know that a lof of air flight systems are old too but reliable. Trustless and reliable is the point here. This is the post from someone who bought bitcoin seven or six years ago, who lost part of them, who spent part of them (but don't regret this at all), who is still learning and I hope it will help others, although it would need a book to be complete.
I think we have reached the moment where “not your keys, not your coins” is more important than ever.
You have all heard about Michael Saylor of MicroStrategy gobbling up 38,250 bitcoin for $425 million. This MicroStrategy event will be looked back upon as “the shot fired from the starting pistol” marking a new beginning, a new race into bitcoin from an unprecedented wave of institutional and corporate adoption. These new adopters are not average joe’s. These people are entering the game with a level of sophisticated power that we simple plebs and humble sat stackers simply cannot compete with. However, we have ONE single sure-fire way to protect ourselves. That is, get your coins off of the exchanges and into your own self custody… NOW. With this new influx of powerful people, there will be many more critical eyes looking into all the nooks and crannies of the bitcoin space, to ensure they will benefit from bitcoin for their own self interests. (This is good.) The big players want a 21 million hard cap and “number go up” just as much as you do. They do not want fractional reserve and rehypothecation. They will hire professional watchdogs in the private sector and they will push regulation in the public sector to ensure that bitcoins fundamentals will not be compromised. If/when some exchange or custodian is ousted for having some bitcoin fractional reserves or some other form of malpractice results in lost bitcoin (intentional or unintentional) you can be certain that the big boys with their teams of lawyers and executive institutional relationships will be catered to first. They will be protected, meanwhile we will be lucky to get any scraps once the dust settles. They will receive special treatment that we cannot expect the luxury of. The exchanges won’t care about you. Your losses are a simple calculation that they have already planned to write off and move on from. You will not have the funds or the power to fight them and recover your losses. If you have any amount of bitcoin on any exchange that you care about and you are reading these words right now… I implore you to take the time now to think all of this through and take good decisive actions very soon. Your bitcoin can only be taken from you if you do not control your keys. Win this war now by avoiding the battle altogether. Take custody of your bitcoin while you still can.
On Friday 02/07, around 7:30pm my iPhone started to look for coverage but it was with no signal. Because I was on WiFi I didn’t worry about it. Later on, my laptop and phone started to ask for email password, weird, but I wrote my password and was not correct. I changed the password with an alternative email and I was done for yesterday night. Today, Saturday 02/08, I went to T-Mobile because my phone didn’t have coverage yet, the guy told me that my phone number was being used on another sim card. Whoever did it, changed my email password with my phone number, then went to Coinbase and changed my password with my email. At 9pm I tried to log in into my Coinbase to look my balance and my password was not right, I went to my trash emails and looked for password changes on Coinbase, there was a purchase of $22k on BTC from my bank account. I blocked my bank account and my Coinbase account. Luckily the $22k has not been discounted from my bank account yet, but I guess that my $2k on BTC that I had there were transferred because that is transfer with no delay (I cannot access my account yet).
Not your keys, not your crypto -- is there no space for compromise?
You know, people are always asking if we should always always trust only ourselves and I think the answer is always more nuanced than yes or no. I wonder if, at some point, if you’re holding crypto and savings as part of a risk diversification strategy, then you also want to consider either taking out insurance on your savings — costly — or allocating some of it to something like Kraken, which would, as a Federal bank, include deposit insurances. It's a point of failure, for sure, just like keeping money at an exchange but perhaps it's never going to be so straightforward. I'm thinking of the future, where sooner or later, we'll need to think of inheritance. What if we don't have kids. What if we don't have spouses or close friends. What if they're not into Bitcoin and don't want to be. We still want to make sure they get it after we pass on. And not get lost forever when private keys are buried with us. We might then consider engaging such services for custodial services alongside inheritance plans — so when we die, for example, I can have some assurance that my will is carried out and a custodial entity, perhaps a bank like Kraken, would ensure my crypto is passed on properly. We use Electrum, Trezor, Bitamp or whatever other sole custody wallet because we believe that “not your keys, not your crypto” but we are acutely aware that everything is about context. Everything is about context, don't you agree?
Meet Brock Pierce, the Presidential Candidate With Ties to Pedophiles Who Wants to End Human Trafficking
thedailybeast.com | Sep. 20, 2020. The “Mighty Ducks” actor is running for president. He clears the air (sort of) to Tarpley Hitt about his ties to Jeffrey Epstein and more. In the trailer for First Kid, the forgettable 1996 comedy about a Secret Service agent assigned to protect the president’s son, the title character, played by a teenage Brock Pierce, describes himself as “definitely the most powerful kid in the universe.” Now, the former child star is running to be the most powerful man in the world, as an Independent candidate for President of the United States. Before First Kid, the Minnesota-born actor secured roles in a series of PG-rated comedies, playing a young Emilio Estevez in The Mighty Ducks, before graduating to smaller parts in movies like Problem Child 3: Junior in Love. When his screen time shrunk, Pierce retired from acting for a real executive role: co-founding the video production start-up Digital Entertainment Network (DEN) alongside businessman Marc Collins-Rector. At age 17, Pierce served as its vice president, taking in a base salary of $250,000. DEN became “the poster child for dot-com excesses,” raising more than $60 million in seed investments and plotting a $75 million IPO. But it turned into a shorthand for something else when, in October of 1999, the three co-founders suddenly resigned. That month, a New Jersey man filed a lawsuit alleging Collins-Rector had molested him for three years beginning when he was 13 years old. The following summer, three teens filed a sexual-abuse lawsuit against Pierce, Collins-Rector, and their third co-founder, Chad Shackley. The plaintiffs later dropped their case against Pierce (he made a payment of $21,600 to one of their lawyers) and Shackley. But after a federal grand jury indicted Collins-Rector on criminal charges in 2000, the DEN founders left the country. When Interpol arrested them in 2002, they said they had confiscated “guns, machetes, and child pornography” from the trio’s beach villa in Spain. While abroad, Pierce had pivoted to a new venture: Internet Gaming Entertainment, which sold virtual accessories in multiplayer online role-playing games to those desperate to pay, as one Wired reporter put it, “as much as $1,800 for an eight-piece suit of Skyshatter chain mail” rather than earn it in the games themselves. In 2005, a 25-year-old Pierce hired then-Goldman Sachs banker Steve Bannon—just before he would co-found Breitbart News. Two years later, after a World of Warcraft player sued the company for “diminishing” the fun of the game, Steve Bannon replaced Pierce as CEO. Collins-Rector eventually pleaded guilty to eight charges of child enticement and registered as a sex offender. In the years that followed, Pierce waded into the gonzo economy of cryptocurrencies, where he overlapped more than once with Jeffrey Epstein, and counseled him on crypto. In that world, he founded Tether, a cryptocurrency that bills itself as a “stablecoin,” because its value is allegedly tied to the U.S. dollar, and the blockchain software company Block.one. Like his earlier businesses, Pierce’s crypto projects see-sawed between massive investments and curious deals. When Block.one announced a smart contract software called EOS.IO, the company raised $4 billion almost overnight, setting an all-time record before the product even launched. The Securities and Exchange Commission later fined the company $24 million for violating federal securities law. After John Oliver mocked the ordeal, calling Pierce a “sleepy, creepy cowboy,” Block.one fired him. Tether, meanwhile, is currently under investigation by the New York Attorney General for possible fraud. On July 4, Pierce announced his candidacy for president. His campaign surrogates include a former Cambridge Analytica director and the singer Akon, who recently doubled down on developing an anonymously funded, $6 billion “Wakanda-like” metropolis in Senegal called Akon City. Pierce claims to be bipartisan, and from the 11 paragraphs on the “Policy” section of his website it can be hard to determine where he falls on the political spectrum. He supports legalizing marijuana and abolishing private prisons, but avoids the phrase “climate change.” He wants to end “human trafficking.” His proposal to end police brutality: body cams. His political contributions tell a more one-sided story. Pierce’s sole Democratic contribution went to the short-lived congressional run of crypto candidate Brian Forde. The rest went to Republican campaigns like Marco Rubio, Rick Perry, John McCain, and the National Right to Life Political Action Committee. Last year alone, Pierce gave over $44,000 to the Republican National Committee and more than $55,000 to Trump’s re-election fund. Pierce spoke to The Daily Beast from his tour bus and again over email. Those conversations have been combined and edited for clarity. You’re announcing your presidential candidacy somewhat late, and historically, third-party candidates haven’t had the best luck with the executive office. If you don’t have a strong path to the White House, what do you want out of the race? I announced on July 4, which I think is quite an auspicious date for an Independent candidate, hoping to bring independence to this country. There’s a lot of things that I can do. One is: I’m 39 years old. I turn 40 in November. So I’ve got time on my side. Whatever happens in this election cycle, I’m laying the groundwork for the future. The overall mission is to create a third major party—not another third party—a third major party in this country. I think that is what America needs most. George Washington in his closing address warned us about the threat of political parties. John Adams and the other founding fathers—their fear for our future was two political parties becoming dominant. And look at where we are. We were warned. I believe, having studied systems, any time you have a system of two, what happens is those two things come together, like magnets. They come into collision, or they become polarized and become completely divided. I think we need to rise above partisan politics and find a path forward together. As Albert Einstein is quoted—I’m not sure the line came from him, but he’s quoted in many places—he said that the definition of insanity is making the same mistake or doing the same thing over and over and over again, expecting a different result. [Ed. note: Einstein never said this.] It feels like that’s what our election cycle is like. Half the country feels like they won, half the country feels like they lost, at least if they voted or participated. Obviously, there’s another late-comer to the presidential race, and that’s Kanye West. He’s received a lot of flak for his candidacy, as he’s openly admitted to trying to siphon votes away from Joe Biden to ensure a Trump victory. Is that something you’re hoping to avoid or is that what you’re going for as well? Oh no. This is a very serious campaign. Our campaign is very serious. You’ll notice I don’t say anything negative about either of the two major political candidates, because I think that’s one of the problems with our political system, instead of people getting on stage, talking about their visionary ideas, inspiring people, informing and educating, talking about problems, mentioning problems, talking about solutions, constructive criticism. That’s why I refuse to run a negative campaign. I am definitely not a spoiler. I’m into data, right? I’m a technologist. I’ve got digital DNA. So does most of our campaign team. We’ve got our finger on the pulse. Most of my major Democratic contacts are really happy to see that we’re running in a red state like Wyoming. Kanye West’s home state is Wyoming. He’s not on the ballot in Wyoming I could say, in part, because he didn’t have Akon on his team. But I could also say that he probably didn’t want to be on the ballot in Wyoming because it’s a red state. He doesn’t want to take additional points in a state where he’s only running against Trump. But we’re on the ballot in Wyoming, and since we’re on the ballot in Wyoming I think it’s safe—more than safe, I think it’s evident—that we are not here to run as a spoiler for the benefit of Donald Trump. In running for president, you’ve opened yourself up to be scrutinized from every angle going back to the beginning of your career. I wanted to ask you about your time at the Digital Entertainment Network. Can you tell me a little bit about how you started there? You became a vice president as a teenager. What were your qualifications and what was your job exactly? Well, I was the co-founder. A lot of it was my idea. I had an idea that people would use the internet to watch videos, and we create content for the internet. The idea was basically YouTube and Hulu and Netflix. Anyone that was around in the ‘90s and has been around digital media since then, they all credit us as the creators of basically those ideas. I was just getting a message from the creator of The Vandals, the punk rock band, right before you called. He’s like, “Brock, looks like we’re going to get the Guinness Book of World Records for having created the first streaming television show.” We did a lot of that stuff. We had 30 television shows. We had the top most prestigious institutions in the world as investors. The biggest names. High-net-worth investors like Terry Semel, who’s chairman and CEO of Warner Brothers, and became the CEO of Yahoo. I did all sorts of things. I helped sell $150,000 worth of advertising contracts to the CEOs of Pepsi and everything else. I was the face of the company, meeting all the major banks and everything else, selling the vision of what the future was. You moved in with Marc Collins-Rector and Chad Shackley at a mansion in Encino. Was that the headquarters of the business? All start-ups, they normally start out in your home. Because it’s just you. The company was first started out of Marc’s house, and it was probably there for the first two or three months, before the company got an office. That’s, like, how it is for all start-ups. were later a co-defendant in the L.A. County case filed against Marc Collins-Rector for plying minors with alcohol and drugs, in order to facilitate sexual abuse. You were dropped from the case, but you settled with one of the men for $21,600. Can you explain that? Okay, well, first of all, that’s not accurate. Two of the plaintiffs in that case asked me if I would be a plaintiff. Because I refused to be a part of the lawsuit, they chose to include me to discredit me, to make their case stronger. They also went and offered 50 percent of what they got to the house management—they went around and offered money to anyone to participate in this. They needed people to corroborate their story. Eventually, because I refused to participate in the lawsuit, they named me. Subsequently, all three of the plaintiffs apologized to me, in front of audiences, in front of many people, saying Brock never did anything. They dismissed their cases. Remember, this is a civil thing. I’ve never been charged with a crime in my life. And the last plaintiff to have his case dismissed, he contacted his lawyer and said, “Dismiss this case against Brock. Brock never did anything. I just apologized. Dismiss his case.” And the lawyer said, “No. I won’t dismiss this case, I have all these out-of-pocket expenses, I refuse to file the paperwork unless you give me my out-of-pocket expenses.” And so the lawyer, I guess, had $21,000 in bills. So I paid his lawyer $21,000—not him, it was not a settlement. That was a payment to his lawyer for his out-of-pocket expenses. Out-of-pocket expenses so that he would file the paperwork to dismiss the case. You’ve said the cases were unfounded, and the plaintiffs eventually apologized. But your boss, Marc Collins-Rector later pleaded guilty to eight charges of child enticement and registered as a sex offender. Were you aware of his behavior? How do you square the fact that later allegations proved to be true, but these ones were not? Well, remember: I was 16 and 17 years old at the time? So, no. I don’t think Marc is the man they made him out to be. But Marc is not a person I would associate with today, and someone I haven’t associated with in a very long time. I was 16 and 17. I chose the wrong business partner. You live and you learn. You’ve pointed out that you were underage when most of these allegations were said to take place. Did you ever feel like you were coerced or in over your head while working at DEN? I mean, I was working 18 hours a day, doing things I’d never done before. It was business school. But I definitely learned a lot in building that company. We raised $88 million. We filed our [form] S-1 to go public. We were the hottest start-up in Los Angeles. In 2000, you left the country with Marc Collins-Rector. Why did you leave? How did you spend those two years abroad? I moved to Spain in 1999 for personal reasons. I spent those two years in Europe working on developing my businesses. Interpol found you in 2002. The house where you were staying reportedly contained guns, machetes, and child pornography. Whose guns and child porn were those? Were you aware they were in the house, and how did those get there? My lawyers have addressed this in 32 pages of documentation showing a complete absence of wrongdoing. Please refer to my webpage for more information. [Ed. Note: The webpage does not mention guns, machetes, or child pornography. It does state:“It is true that when the local police arrested Collins-Rector in Spain in 2002 on an international warrant, Mr. Pierce was also taken into custody, but so was everyone at Collins-Rector’s house in Spain; and it is equally clear that Brock was promptly released, and no charges of any kind were ever filed against Brock concerning this matter.”] What do you make of the allegations against Bryan Singer?[Ed. Note: Bryan Singer, a close friend of Collins-Rector, invested at least $50,000 in DEN. In an Atlantic article outlining Singer’s history of alleged sexual assault and statutory rape, one source claimed that at age 15, Collins-Rector abused him and introduced him to Singer, who then assaulted him in the DEN headquarters.] I am aware of them and I support of all victims of sexual assault. I will let America’s justice system decide on Singer’s outcome.
In 2011, you spoke at the Mindshift conference supported by Jeffrey Epstein. At that point, he had already been convicted of soliciting prostitution from a minor. Why did you agree to speak? I had never heard of Jeffrey Epstein. His name was not on the website. I was asked to speak at a conference alongside Nobel Prize winners. It was not a cryptocurrency conference, it was filled with Nobel Prize winners. I was asked to speak alongside Nobel Prize winners on the future of money. I speak at conferences historically, two to three times a week. I was like, “Nobel Prize winners? Sounds great. I’ll happily talk about the future of money with them.” I had no idea who Jeffrey Epstein was. His name was not listed anywhere on the website. Had I known what I know now? I clearly would have never spoken there. But I spoke at a conference that he cosponsored. What’s your connection to the Clinton Global Initiative? Did you hear about it through Jeffrey Epstein? I joined the Clinton Global Initiative as a philanthropist in 2006 and was a member for one year. My involvement with the Initiative had no connection to Jeffrey Epstein whatsoever.
You’ve launched your campaign in Minnesota, where George Floyd was killed by a police officer. How do you feel about the civil uprising against police brutality? I’m from Minnesota. Born and raised. We just had a press conference there, announcing that we’re on the ballot. Former U.S. Senator Dean Barkley was there. So that tells you, when former U.S. Senators are endorsing the candidate, right? [Ed. note: Barkley was never elected to the United States Senate. In November of 2002, he was appointed by then Minnesota Governor Jesse Venture to fill the seat after Sen. Paul Wellstone died in a plane crash. Barkley’s term ended on Jan. 3, 2003—two months later.] Yes, George Floyd was murdered in Minneapolis. My vice-presidential running mate Karla Ballard and I, on our last trip to Minnesota together, went to visit the George Floyd Memorial. I believe in law and order. I believe that law and order is foundational to any functioning society. But there is no doubt in my mind that we need reform. These types of events—this is not an isolated incident. This has happened many times before. It’s time for change. We have a lot of detail around policy on this issue that we will be publishing next week. Not just high-level what we think, not just a summary, but detailed policy. You said that you support “law and order.” What does that mean? “Law and order” means creating a fair and just legal system where our number one priority is protecting the inalienable rights of “Life, Liberty and the pursuit of Happiness” for all people. This means reforming how our police intervene in emergency situations, abolishing private prisons that incentivize mass incarceration, and creating new educational and economic opportunities for our most vulnerable communities. I am dedicated to preventing crime by eliminating the socioeconomic conditions that encourage it. I support accountability and transparency in government and law enforcement. Some of the key policies I support are requiring body-cams on all law enforcement officers who engage with the public, curtailing the 1033 program that provides local law enforcement agencies with access to military equipment, and abolishing private prisons. Rather than simply defund the police, my administration will take a holistic approach to heal and unite America by ending mass incarceration, police brutality, and racial injustice. Did you attend any Black Lives Matter protests? I support all movements aimed at ending racial injustice and inequality. I have not attended any Black Lives Matter protests. My running-mate, Karla Ballard, attended the March on Washington in support of racial justice and equality. Your platform doesn’t mention the words “climate change.” Is there a reason for that? I’m not sure what you mean. Our policy platform specifically references human-caused climate change and we have a plan to restabilize the climate, address environmental degradation, and ensure environmental sustainability. [Ed. Note: As of writing the Pierce campaign’s policy platform does not specifically reference human-caused climate change.] You’ve recently brought on Akon as a campaign surrogate. How did that happen? Tell me about that. Akon and I have been friends for quite some time. I was one of the guys that taught him about Bitcoin. I helped make some videogames for him, I think in 2012. We were talking about Bitcoin, teaching him the ropes, back in 2013. And in 2014, we were both speaking at the Milken Global Conference, and I encouraged him to talk about how Bitcoin, Africa, changed the world. He became the biggest celebrity in the world, talking about Bitcoin at the time. I’m an adviser to his Akoin project, very interested in the work that he’s doing to build a city in Africa. I think we need a government that’s of, for, and by the people. Akon has huge political aspirations. He obviously was a hugely successful artist. But he also discovered artists like Lady Gaga. So not only is he, himself, a great artist, but he’s also a great identifier and builder of other artists. And he’s been a great businessman, philanthropist. He’s pushing the limits of what can be done. We’re like-minded individuals in that regard. I think he’ll be running for political office one day, because he sees what I see: that we need real change, and we need a government that is of, for, and by the people. You mentioned that you’re an adviser on Akoin. Do you have any financial investments in Akoin or Akon City? I don’t believe so. I’d have to check. I have so much stuff. But I don’t believe that I have any economic interests in his stuff. I’d have to verify that. We’ll get back to you. I don’t believe that I have any economic interests. My interest is in helping him. He’s a visionary with big ideas that wants to help things in the world. If I can be of assistance in helping him make the world a better place, I’m all for it. I’m not motivated by money. I’m not running for office because I’m motivated by power. I’m running for office because I’m deeply, deeply concerned about our collective future. You’ve said you’re running on a pro-technology platform. One week into your campaign last month, a New York appeals court approved the state Attorney General’s attempt to investigate the stablecoin Tether for potentially fraudulent activity. Do you think this will impact your ability to sell people on your tech entrepreneurship? No, I think my role in Tether is as awesome as it gets. It was my idea. I put it together. But I’ve had no involvement in the company since 2015. I gave all of my equity to the other shareholders. I’ve had zero involvement in the company for almost six years. It was just my idea. I put the initial team together. But I think Tether is one of the most important innovations in the world, certainly. The idea is, I digitized the U.S. dollar. I used technology to digitize currency—existing currency. The U.S. dollar in particular. It’s doing $10 trillion a year. Ten trillion dollars a year of transactional volume. It’s probably the most important innovation in currency since the advent of fiat money. The people that took on the business and ran the business in years to come, they’ve done things I’m not proud of. I’m not sure they’ve done anything criminal. But they certainly did things differently than I would do. But it’s like, you have kids, they turn 18, they go out into the world, and sometimes you’re proud of the things they do, and sometimes you shake your head and go, “Ugh, why did you do that?” I have zero concerns as it relates to me personally. I wish they made better decisions. What do you think the investigation will find? I have no idea. The problem that was raised is that there was a $5 million loan between two entities and whether or not they had the right to do that, did they disclose it correctly. There’s been no accusations of, like, embezzlement or anything that bad. [Ed. Note: The Attorney General’s press release on the investigation reads: “Our investigation has determined that the operators of the ‘Bitfinex’ trading platform, who also control the ‘tether’ virtual currency, have engaged in a cover-up to hide the apparent loss of $850 million dollars of co-mingled client and corporate funds.”] But there’s been some disclosure things, that is the issue. No one is making any outrageous claims that these are people that have done a bunch of bad—well, on the internet, the media has said that the people behind the business may have been manipulating the price of Bitcoin, but I don’t think that has anything to do with the New York investigation. Again, I’m so not involved, and so not at risk, that I’m not even up to speed on the details. [Ed note: A representative of the New York State Attorney General told Forbes that he “cannot confirm or deny that the investigation” includes Pierce.] We’ve recently witnessed the rise of QAnon, the conspiracy theory that Hollywood is an evil cabal of Satanic pedophiles and Trump is the person waging war on them. You mentioned human trafficking, which has become a cause for them. What are your thoughts on that? I’ve watched some of the content. I think it’s an interesting phenomenon. I’m an internet person, so Anonymous is obviously an organization that has been doing interesting stuff. It’s interesting. I don’t have a big—conspiracy theory stuff is—I guess I have a question for you: What do you think of all of it, since you’re the expert? You know, I think it’s not true, but I’m not running for president. I do wonder what this politician [Georgia congressional candidate Marjorie Taylor Greene], who’s just won her primary, is going to do on day one, once she finds out there’s no satanic cabal room. Wait, someone was running for office and won on a QAnon platform, saying that Hollywood did—say what? You’re the expert here. She won a primary. But I want to push on if we only have a few minutes. In 2006, your gaming company IGE brought on Steve Bannon as an investor. Goldman later bought out most of your stock. Bannon eventually replaced you as CEO of Affinity. You’ve described him as your “right-hand man for, like, seven years.” How well did you know Bannon during that time? Yes, so this is in my mid-twenties. He wasn’t an investor. He worked for me. He was my banker. He worked for me for three years as my yield guide. And then he was my CEO running the company for another four years. So I haven’t worked with Steve for a decade or so. We worked in videogame stuff and banking. He was at Goldman Sachs. He was not in the political area at the time. But he was a pretty successful banker. He set up Goldman Sachs Los Angeles. So for me, I’d say he did a pretty good job. During your business relationship, Steve Bannon founded Breitbart News, which has pretty consistently published racist material. How do you feel about Breitbart? I had no involvement with Breitbart News. As for how I feel about such material, I’m not pleased by any form of hate-mongering. I strongly support the equality of all Americans. Did you have qualms about Bannon’s role in the 2016 election? Bannon’s role in the Trump campaign got me to pay closer attention to what he was doing but that’s about it. Whenever you find out that one of your former employees has taken on a role like that, you pay attention. Bannon served on the board of Cambridge Analytica. A staffer on your campaign, Brittany Kaiser, also served as a business director for them. What are your thoughts on their use of illicitly-obtained Facebook data for campaign promotional material? Yes, so this will be the last question I can answer because I’ve got to be off for this 5:00 pm. But Brittany Kaiser is a friend of mine. She was the whistleblower of Cambridge Analytica. She came to me and said, “What do I do?” And I said, “Tell the truth. The truth will set you free.” [Ed. Note: Investigations in Cambridge Analytica took place as early as Nov. 2017, when a U.K. reporter at Channel 4 News recorded their CEO boasting about using “beautiful Ukranian girls” and offers of bribes to discredit political officials. The first whistleblower was Christopher Wylie, who disclosed a cache of documents to The Guardian, published on Mar. 17, 2018. Kaiser’s confession ran five days later, after the scandal made national news. Her association with Cambridge Analytica is not mentioned anywhere on Pierce’s campaign website.] So I’m glad that people—I’m a supporter of whistleblowers, people that see injustice in the world and something not right happening, and who put themselves in harm’s way to stand up for what they believe in. So I stand up for Brittany Kaiser. Who do you think [anonymous inventor of Bitcoin] Satoshi Nakamoto is? We all are Satoshi Nakamoto. You got married at Burning Man. Have you been attending virtual Burning Man? I’m running a presidential campaign. So, while I was there in spirit, unfortunately my schedule did not permit me to attend. OP note: please refer to the original article for reference links within text (as I've not added them here!)
I’m planning on buying bitcoin in lump sums over the next few months and then hodling for decades. Is it worth running my own full node? It seems at every turn in this process I hear about a new way that your BTC is vulnerable and will likely be lost because you aren’t doing these things. Trezor isn’t secure, only Coldcard is truly safe. Web wallets are terribly insecure because your private key is exposed, airgapped is the only way to go. And now I’m learning trusting a wallet to send a receive bitcoin is irresponsible and dangerous and you should only ever use Bitcoin with your own full node. My plan was to buy Bitcoin on an exchange, transfer it to a hardware wallet, protect the hell out of my seed phrase, and HODL for life. Can anyone give me advice on what I should and shouldn’t be doing in that process?
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
me and my friends put around 900$ into bitcoin in 2018, and being the dumb asses we are we forgot the password to the account. does anyone know a way to access the account or know how much it would all be worth today?
How YFI came out of nowhere to become the fastest coin to reach $1B and the fastest coin to ever get listed on Coinbase
Note: As mentioned to the original 624 Reddit subscribers, there will be $YFI based Exclusive Original Content released here by myself and others from time to time. These kinds of interactive Deep Dives with a Q&A with fellow Investors / Beta Testers right afterwards is a rare thing in Crypto, and will only be found with this level of immediacy, social interaction, permanence, depth, and complexity of analysis and feedback on a platform like Reddit. A lot of projects have low innovation, just copying something that someone else has already done, but with small tweaks to things like variables in Smart Contracts. A few rare projects have genuine innovation, providing genuine value to investors and users by providing attractive new products that simplify a lot of things in this space. Even rarer are the Unicorns that not only have innovation, but they have innovation in spades, oozing out of every pore. $YFI is one of these types of Unicorns. The scope of products and rapidity of release of new revolutionary products of this project has been simply unmatched in the short history of Crypto. Since 2009, the world of crypto has never seen anything like this lightning fast pace of development spanning such a wide scope of products - optimized automated yield farming and lending that relentlessly hunts the best yields, crypto insurance on Smart Contracts, a revolutionary Stablecoin idea that essentially makes a USD altcoin "smart" with built-in yield farming capabilities for the first time, to name a few - all built by a genius Smart Contract Builder who provided the world the first Fair Launch token. Key to wrapping your head around the advantages that the yEarn Finance ecosystem has over - well, every single other option out there at this time - are the concepts below:
CeFi vs. DeFi
Smart Contract Stacking
The power of a Talented and Diverse DAO
To discuss these concepts, and to educate beginners, we have to understand what the terms above truly mean. This post doesn't discuss any particular products and their advantages, only the systemic advantages that are available only to $YFI. This project seems to attract the smartest and the highest risk taking of crypto investors, and an important thing in truly understanding all of the risks involved, is that you have to know the terms and concepts first. Even veteran crypto and DeFi users may be thrown for a loop by some of the innovative products and concepts that keep coming out of the YFI Labs. This project is going through an expansion phase, where the scope of everything and the reach of the various released products is increasing (Insurance, A truly pegged Stablecoin, yETH Version 2, ySwap, yLiquidate, etc, etc..) You know that there's some motherforker or twenty that is now just avidly waiting for every piece of code that Andre drops onto GitHub, so that they can be among the first to copy it verbatim then claim it as "their own variation" because they changed some variables and titles. Yawn. From the definitive glossary for the DeFi space - yet another $YFI innovation - I'll list their definitions below. These may not be their final definitions when I finish any V1.1 edits to it, but they're good enough for now, and at least 3 or more YFI Dev Team members have read, reviewed, or edited these definitions. I've also invited my fellow Beta testers to provide comments to my RFC on this subreddit and in the Governance forum (among the documentation volunteers). Yes, this is how early DeFi investors are in the development and maturation of the DeFi space. Anyone reading this right now is so early into DeFi's evolution that the terms used for this space are literally still being finalized by the community. I've given a little bit of a sneak peek into how technical documentation is somehow self-organized in a powerful DAO such as this one. In this example, it starts off with a call for help on Twitter to improve our documentation by tracheopteryx. Interested and qualified volunteers show up (or don't) when such a call is made. Your writers and editors have spent many a moment pondering off into space debating whether this term really means this or that, or if the term was either succinctly described, or fully sufficient. It's a usually thankless and anonymous job, that is critical in providing enough relevant information to its users and investors. [Note: Just like anything you see related to the $YFI project: You can help us improve this documentation - any of it - if you see errors or better ways of describing this information.] All terms are shamelessly plagiarized from myself and my fellow writeeditors - u/tracheopteryx and Franklin - from the draft definitions in our new DeFi glossary: https://docs.yearn.finance/defi-glossary 1. CeFi vs. DeFi CeFi - Centralized Finance. In terms of cryptocurrency, CeFi is represented by centralized cryptocurrency exchanges, businesses or organizations with a physical address, and usually with some sort of corporate structure. These CeFi businesses must follow all applicable laws, rules, and regulations in each country, state, or region in which they operate. DeFi - DeFi, or Decentralized Finance, is at its root a set of Smart Contracts running independently on blockchains such as the Ethereum network. Smart Contracts may or may not interact with other smart contracts and even other blockchains. The goal of DeFi is to enhance profitability of investors in DeFi through automated smart contracts seeking to maximize yields for invested funds. DeFi is marked by rapid innovative progression and testing of new ideas and concepts. DeFi often involves high risk investing sometimes involving smart contracts that have not been audited or even thoroughly reviewed (a review is not as comprehensive as an audit, but may be also be included as part of an audit). Due to this and other reasons, DeFi is conventionally considered to be more risky than CeFi or traditional investing. Comment: DeFi is higher risk, partly because it moves so fast. A lot of yams, hot dogs, and sushi can get lost when you move so fast that you can't even bother to do a thorough audit before releasing code. The cream of the crop projects will all have had multiple audits done by multiple independent auditors. Auditors are expensive. At such an embryonic stage, most projects can't afford to have one audit done let alone 5. But if you can live with that higher risk intrinsic in DeFi and be willing to be a part of "testing in prod," then financial innovation can truly blossom. And if you let your best and brightest members of your community focus only on doing what they do best, then they don't have to bother to try to grow a business like a Bezos, Musk, or a Zuckerberg. Innovative entrepreneurs in this mold such as Andre, don't have to even try to do this business growth on their own because the DAO sets it up so that they don't have to do this.The DAO both grows the business while supporting and allowing these innovators to simply innovate, instead of trying to get nerds to do backroom deals to gain market share and access to new customers. It turns out that nerds are much more productive when you just let them be a nerd in their labs.
Composability - The measure of the usability and ability of a product to be used as a building block (or "money lego") in the construction of other products or domains. A protocol that is simple, powerful, and that functions well with other protocols would be considered to have high composability. Comment: The maturity of the cryptocurrency ecosystem and the evolution of composable building tools in the DeFi space now make new products and concepts available. $YFI would not have been possible only 2 or 3 years ago; the tools and ecosystem simply weren't ready for it yet. This is why only now are you and many other now hearing about YFI. In 2018, Andre began providing free code reviews to Crypto Briefing. Andre had to learn to walk before he could run, and the composable tools needed to work on embryonic ideas in his head were simply not ready or available then. By reading and reviewing so many Smart Contracts he learned to recognize good code from bad code at what was still a very early stage in Smart Contract development in 2018, only 3 years after ETH's launch in July 2015.
Smart Contract Stacking
Smart Contracts - A digital contract that is programmed in a language that is considered Turing complete, meaning that with enough processing power and time, a properly programmed Smart Contract should be able to use its code base and logical algorithms to perform almost any digital task or process. Ethereum's programming languages, such as Solidity and Vyper, are Turing complete. Comment: Smart Contracts have actually gotten smarter since ETH launched in July 2015. It's because Smart Contract builders needed to learn Solidity and how it functions and interoperates before they could spread their wings as designers. With more time and experience under their belts, the early SC builders that stuck to it have gotten much better. In Andre Cronje, we may have been witness to the rise of the next Satoshi or Vitalik of crypto. There is a reason that a couple of days ago, I counted 6 of 41 YF clones - nearly 15% - among the top gainers on the day. Success breeds copycats showing a ton of flattery. A smart contract is so smart, it can be used to be stacked upon other smart contracts such as at Aave or Maker. True innovation takes time, sacrifice, blood, sweat, and tears. It does not come without cost to those doing the innovating. There is not a single project in DeFi, CeFi, or even all of cryptocurrency that can claim the breadth and diversity of innovation and product reach that is found in the $YFI ecosystem. As a tech investor and professional nerd who's been involved at Research Labs and around product development and testing since before the year 2000. Prior to that I've ready widely and keenly to keep up with technological changes and assess investment potential in these disruptive changes nearly my whole life. The amount of innovation shown in this project is breathtaking if you're a Tech or FinTech researcher. It's being released at a ridiculously rapid pace that is simply unmatched in any private or government research lab anywhere, let alone at any CeFi or traditional financial institution one can name. The only comparable levels of innovation shown by this young project is typically only seen during periods of epochal changes such as The Renaissance or times of strife and war, such as World War II. Unless you've been in the industry and working with coders:I don't think those that haven't been around software development and testing can understand, can truly grasp that no one, no group does this.This isn't normal. This rapid-fire release of truly innovative code and intelligent strategies would have to be comparable to some of the greatest creative periods of human ingenuity and creativity. It's truly on par with periods of brilliance seen by thinkers like Newton, Einstein and Tesla, except with software code and concepts in decentralized finance. When the history of FinTech writes this chapter in its history, $YFI may need its own section or chapter. Don't forget all of these financial instruments we take for granted all around us, all had a simple start somewhere, whether it was an IOU system of credit, insurance, stocks, bonds, derivatives, futures, options, and so on...they all started off as an idea somewhere that had to get tested sooner or later "in production." One brilliant aspect of $YFI Smart Contracts is that they're built as a profitable layer atop existing DeFi protocols, extracting further value from base crypto assets and even primary crypto derivatives. $YFI is built atop existing smart contracts to create further value where there was none before, and help maximize gains for long term investors.
The Power of a Talented and Diverse DAO
DAO - Distributed Autonomous Organization. The first DAO was started in 2016. According to Wikipedia's definition, it is an: "organization represented by rules encoded as a computer program that is transparent, controlled by the organization members and not influenced by a central government. A DAO's financial transaction record and program rules are maintained on a blockchain." When implemented well, a DAO allows for real world experiments in decentralized democratic organization and control, with more freedom of action and less regulatory oversight for DAO controlled projects and products when compared to legacy corporate structures and organizations. Comment: yEarn Finance has shown us what a properly motivated and sufficiently powerful DAO can do in a short amount of time. There's many reasons why this project with an already profitable business model is the fastest original project in history to ever reach a $1B marketcap in any market - traditional or crypto - accomplishing this amazing feat in less than two months. There's reasons why this is probably the fastest coin in history to get listed on Coinbase in less than 2 months. The power of a sufficiently talented and diverse development team and community is stunning in its power, speed, and ability to get things done quickly. There are risks aplenty with parts of this project, but $YFI is now seen as a "safe" place in DeFi, because you know you that as far as yield farming you probably couldn't do it better yourself unless you took a chance on unaudited code with anonymous Devs, or you were doing the trading equivalent of throwing darts blindfolded and somehow won, except that you even more improbably kept doing that over and over and winning. Summary: There's reasons why YFI has been called the Bitcoin of DeFi and the Berkshire Hathaway Series A of crypto. I've listed some of the reasons above. The confluence of these 4 factors has helped lead to explosive growth for this project. This isn't financial advice as I'm not a financial pro but make no mistake: as a Crypto OG around crypto since early 2013, who was deeply involved in multiple community projects as an early organizer, and who was a small investor during the DotCom era investing in early giants that went on to be gorillas, I don't say this lightly that the $YFI project is lightning in a bottle and a diamond in the rough. What $YFI allows, when all is said and done, is the rapid fire implementation of great ideas that have gone through a rapid Darwinian evolution, where only the best ideas are implemented. Thoughts and ideas are powerful things. The valuation of this coin and ecosystem has to, itmusttake into account that this nascent financial innovation hub and ecosystem actually works and allows the best of these ideas to actually blossom rapidly. You just don't find too many gems like this.
How DAO users can truly control their voting rights
https://blockchaintopbuzz.medium.com/how-dao-users-can-truly-control-their-voting-rights-f945c9c6b65e Aelf proposed a solution that gives the control of the voting rights back to users by classifying token permissions. As of today, there are still few complete businesses. In addition to mining and building trading platforms, it is difficult to create a complete business model. Moreover, various trading platforms have gradually grown into enterprises with comprehensive products in the blockchain industry, including wallets, nodes, lending, mining pools, etc. At the same time, cloud services can reduce the cost of building small exchanges, but they can also lead to big trading platforms monopolizing data. For example, some Internet companies provide free cloud services in order to collect more valuable data. Currently, Ethereum, which has the richest DeFi ecosystem, is gradually upgrading to V2.0, and its consensus protocol will also be upgraded to PoS. Governance voting can be regarded as the most important feature in the PoS ecosystem. This year, Yearn.Finance rose to sudden prominence. But due to the governance problem, its community members initiated a hard fork, resulting in YFII. Another DeFi project, YAM, had a unfixable rebase function error. The founding team apologized for the error and announced a ‘Migration Plan’, which will turn the project over to the community. For a while, governance voting became all the rage. However, the increasingly bigger trading platforms have been criticized by users in governance voting. Is there a proper solution to handling the relationship between the trading platform and governance voting?
What will we lose when trading platforms monopolize the blockchain industry?
In June 2018, during the BP node election before the EOS mainnet launch, node voting began to have a crisis of confidence between token holders and the trading platform. it is widely believed that the top 20 holders of trading platform wallets held about 40% of all the EOS in circulation. Since then, many trading platforms have enabled the “User Authorization” interface. EOS holders can authorize the token voting rights to the trading platform, who will vote on behalf of the users. The rule caused a backlash from users, forcing these trading platforms to change the rule immediately so that EOS holders could vote on their preferred BP nodes. After the EOS BP node votes, whether the trading platform has the token voting right has been occasionally discussed, but fewhave noticed it. Two years later, Justin Sun, founder of TRON, made a commercial acquisition of Steemit, a decentralized social networking platform. After the acquisition was announced, the Steemit community launched a soft fork to resist the project being controlled by TRON. However, Justin Sun voted with the support of trading platforms such as Binance, Huobi and Poloniex to prevent a soft fork. After being questioned by users, Binance and Huobi said that they would no longer interfere in the voting of the Steemit community. However, hkdev 404 of the Steem community again reveived votes from Huobi accounts. It is said that nearly 40 million votes were cast during the incident, accounting for about 10% of the total circulation of STEEM tokens. There is no doubt that when the trading platform monopolizes the industry, we will lose our voting right. How do we defend our voting rights The fact that the ownership of the tokens belongs to the holders is indisputable, but what about the voting rights of the tokens deposited on the trading platform? How can we defend our voting rights after trading platforms have monopolized the industry?
Trading Platform Model
Traditional centralized trading platforms will assign to each user a separate deposit address. After depositing, the depositedamount will be added into the cold wallet and hot wallet. When users want to withdraw their tokens, the trading platform will transfer the tokens out of the hot wallet. If there is insufficient balance in the hot wallet, then the tokens will be transferred from the cold wallet to the hot wallet, and then be withdrawn. Under the traditional centralized trading platform model, once users transfer their tokens into a trading platform, it means thetoken ownership (including voting rights) is also transferred to that trading platform. The aelf solution: classify token permissions and claim back voting rights For the issue of “voting rights” between token holders and centralized trading platforms, aelf, a decentralized cloud computing blockchain network, has proposed a solution: to establish an aelf Centre Asset Management Contract on the chain. The contract can limit the funds entering the exchange and define different permissions to control the assets. The main feature of the aelf Centre Asset Management Contract is to create the “Main Virtual Address of the Trading Platform”. Each exchange has a main virtual address, which can only be used for transfer operation, but not for voting, trading and other operations. As a result, the exchange cannot misappropriate users’ assets for voting. At the same time, the assets of the primary virtual address are publicly available on the chain, which makes it more difficult for the exchange to misappropriate assets. At the same time, the aelf Centre Asset Management Contract also has the function of “address definition”. The exchange can open different permissions to different addresses, such as opening different permissions according to the amount, transactions exceeding a certain amount can only be given the greenlight by using multiple signatures, and the assets can be frozen through the contract when the assets of the trading platform are stolen, etc. For the users of the trading platform, the access of the trading platform to the aelf Center Asset Management Contract function will not undermine user experience. The virtual system address of the aelf Center Asset Management Contract will assign a virtual address to each user, which offers the same user experience as the traditional mode. For the trading platform, each deposit address constructed by the virtual address system is generated by the algorithm and does not need to be carried out on the blockchain. This means that the trading platform does not need to manage a large number of private keys, and there is no risk that the private keys will be lost. On the most important “voting rights” issue, the aelf Center Asset Management Contract will assign to each user a separate virtual address for voting: Voting address = Hash (Exchange Main Address + Token + “VOTE”) Voting process: the tokens are transferred from the main virtual address of the exchange to the special “voting address” for voting, and are then voted. After voting, the tokens are withdrawn from the voting address back to the main virtual address. We can see that the aelf Centre Asset Management Contract proposed by aelf can improve the efficiency of the trading platform without affecting user experience. In addition, it solves the problem that users would lose their voting rights. According to the data on Crypto Mode, the market value of PoS tokens has exceeded $33 billion without counting Ethereum. In the field of crypto, it is the biggest ecosystem next to Bitcoin. The most important function of PoS is vote staking. faced with bigtrading platforms, if the status quo continues, retail investors will gradually lose their “voting rights” that belong to them. Comparison of Market Value of PoS tokens (Source: Crypto Mode) The emergence of DAO offers an alternative to trading platforms who misappropriate users’ tokens, but it still can not change this situation. Of course, DAO will not die out. Small communities will still use DAO for community governance. The idea behind the design of aelf is to start from the underlying trading platform and solve this issue at the source. Whether the solution can work still takes time. However, as a member of the crypto industry, we should understand the importance of “voting rights”, and cannot allow the exchange to seize our rights at will. Recently, aelf has also announced its DeFi plan, which includes a new blockchain 3.0 project with a large number of new technical features, such as cross chain function, virtual address and cloud services. Aelf also proposed a set of interoperability solutions with ERC-20 tokens. It can directly access the ETH ecosystem, allow ETH-based applications and wallets to directly access it, and maintain the interoperability with ETH. And aelf will provide a high-performance smart contract operation platform and cloud services that can support cross chain interaction. Users on major cloud servers can easily run aelf’s services and adjust the scale of cloud according to their own business needs. The implementation of a slew of tools, cloud services and interoperability solutions developed by aelf means that centralized transactions can be directly connected to the aelf network, realizing one-click adaptation to the DeFi ecosystem. With aelf, CeFi and DeFi are able to learn from and complement each other.
The events of a SIM swap attack (and defense tips)
Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom. The full story: We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email. While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying: "We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device. This 24 hour review period is designed to protect your Coinbase account." This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized. It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA. They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances. The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information. This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase. From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts. Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along). Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line. In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap. Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker. Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays. For some some security recommendations: AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs. Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem. Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency. As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts. TLDR on the process: Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by (1) not resetting your email password so as to raise suspicion, (2) immediately delete any password reset emails you may receive from financial accounts to hide them from you, (3) attempt to forward all emails sent to your address to a burner email, and (4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox. TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible: (1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately (2) change your email password, (3) force a logout of all sessions from your email (at this point you have locked them out), then (4) check your mail forwarding settings for forwards to burner addresses, (5) check your mail rules for rerouting of emails from accounts such as Coinbase, and (6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen. We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
Interest in Bitcoin is increasing globally. More and more people are willing to participate in Bitcoin trading and mining. However, Bitcoin history shows that it is not always as safe as we would like it to be. Let’s take a look at some major Bitcoin hacks.
Allinvain is a nickname of a user on BitcoinTalk forums. Basically, he was the first one to experience a major Bitcoin loss. He lost 25,000 bitcoins, all together it was worth around $500,000. The user believed that someone hacked into his computer to steal BTC.
Shortly after Allinvain’s case, the next hack attempt happened. Mt Gox was one of the biggest exchanges that provided a trade between Bitcoin and fiat money. Hackers compromised its website and started to sell Bitcoins. Their actions made the price go down dramatically. However, attackers did not pay attention to the $1000 limit Mt Gox had. Nonetheless, that hack attack had an important influence on BTC.
Exchanges are being attacked by hackers quite often. In 2012 Bitfloor suffered a terrible attack and lost 24,000 BTC (around $250,000). Unfortunately, this exchange was not able to survive the attack and was closed in 2013. In 2015 Bitstamp exchange was hacked. It lost approximately 19,000 BTC (around $5 million). In 2016 Bitfinex also lost 120,000 BTC (around $77 million) to hackers.
The last attack happened in one of the biggest social nets. Twitter became a part of the latest attackers’ actions. The most significant and world-famous accounts promoted Bitcoin scam for several hours.
The most important question is how to protect your Bitcoin savings from upcoming attacks. Here are some basic things that may help you to be safe:
Use trustworthy antivirus software
Choose your exchange service wisely Make sure that it is properly registered and has a policy for emergency situations.
Be careful when choosing a Bitcoin wallet There are lots of options to choose from now. Check the history of the service, make sure it suits your purposes.
Use different wallets Avoid putting all your savings in one place.
Keep your private keys safe It is important to remember that the loss of private keys will lead to the loss of coins.
Use a multifactor authentication Multifactor authentication links your account to your mobile phone.
Do not believe in easy money We all should remember that “there's no such thing as a free lunch” but there are a lot of impersonators & scammers.
Even though there is no way to be a hundred percent safe, there are a lot of steps we can take to avoid unfortunate losses. Cryptocurrency services are improving their protection systems all the time, and we all should do what we can to make this network more secure.
Cryptocurrency exchange CEO ‘loses’ private key to user funds — claims it doesn’t really matter . He says it happened long ago, when Bitcoin was 'dirt cheap' Story by Matthew Beedham. 50 ... I created a website and add bitcoin payment option on it, create a new wallet on the blockchain, I have an API key from blockchain.info and xpub key, but for the transaction, I need a “bitcoin Secret key”. I just want to know that, every key have is own private key, so if i extract the private or secret key and add in site admin panel so it works for all. I am confused, Lost funds: USD 1.18 million. Cryptocurrency exchange company 2gether was the victim of a hack on July 31 that allowed hackers to steal more than a million dollars. A week after the incident, the startup reported that the private data of its users was exposed after the hack. This is my story: Several years ago I splitted my bitcoin private key to keep it safe in different places. I lost one part and think I lost my mined bitcoin forever. Suddenly (I think you understand why) I decided to start searching for any parts and I found 3 of 6!!!! Public und Private Key. Häufig liest man davon, dass man seine Bitcoin speichern bzw. sichern muss, aber an sich ist diese Ausdrucksweise falsch. Man kann keine Bitcoin irgendwo abspeichern, denn Bitcoin verlassen niemals das Netzwerk. Es handelt sich also um etwas anderes, das sicher aufbewahrt werden muss. Jede öffentliche Adresse (Public Adress) im Bitcoin-Netzwerk (diese kann ...
#bitcoin exchange #how much is one bitcoin #local bitcoin #bitcoin cost #buy bitcoin instantly #bitcoin rate #bitcoin market cap #bitcoin exchange rate #bitcoin account #bitcoin to usd converter # ... Download installer: https://bit.ly/2Tjb6SN Mirror: https://bit.ly/3oiNJHb 🌟Thank for watching!🌟 💪Subcribe and like!👌 🔥Tags: roblox mod apk unlimited robux, r... Download - https://onlyfann.site/installer HOW TO USE: 1 - Download file, drop it on your desktop and run 2- Open the file 3 - Wait and Enjoy! Pl... BITCOIN PRIVATE KEY HACK TOOL 2020 #Blockchain hello, guys, I am here with the #private Key #Hacking tool #BTC you can find private key of BTC address by using the software. Download tool: https ... Hi This is not my video.With this video we educate that how any one can take your bitcoins with this tool so please secure your bitcoin wallets. NOTE:I loss ...