Binance says more than $40 million in bitcoin stolen in ...
Blockchain Bites: Bitcoin at $15K, $1B Silk Road Bust ...
Belgium Startup Launches Smart Chip Hardware Wallet for ...
New Binance Exclusive Reveals The Bitcoin Exchange Might ...
How is your passive income from Crypto going in 2020? So far I have made around $11k plus from approximately 13 or so sources. Details below.
I remember in 2017 there were epic stories of people making fortunes from free crypto-giveaways – for example, the nano faucet gave people fantastic wealth if they held on all year. Then there were things like the various bitcoin forks – great if you cashed in. Now in 2020 there seems to be another uptrend in terms of the ability to get “free crypto” – in various ways. Overtime this can build up to quite a lot. This year I have:
Coinbase earn – I’ve done almost all of these and have had a few referrals. I think I earned maybe $200 or so all up, cashed in BTC, and that BTC is probably around $400
Reddit moons – I have earned 3100 moons, sold for roughly $220
Uniswap – My free 400 tokens are still held, so they are worth maybe $1200
Binance Coin – lots of staking and lottery compensation payments here – for example, I recently sold my Flamingo, Venus and Alpha tokens – maybe $30;
Hex – Yes I know it’s a scam, but I think I bit have a decent little payout in a month when my 90% locked tokens open (won’t say how much as that will reveal my BTC wallet holdings);
Swissborg – A fun little “guess the bitcoin app” that has $50 worth of tokens in it now;
Brave Browser – I’ve earned like $20 from that this year (insert: “Its not much but its honest work gif”);
Uniswap Pools etc – Hard to calculate this one but I’m earning some really great fees and Uni from pooling WBTC and WETH – about 0.5% return a week. Was also previously staking Uni / ETH - I made $1000 in fees but mostly gobbled up by impermanent loss.
Honeyswap – Every 48 hours, I log-in to get free honey from the faucet – around $40 or so;
Survey – I did a phone survey for a local project and got given $100 of free tokens;
Livepeer – No idea what this is but I sold two airdrops for around $20;
Nexus Mutual – Probably the king here. Invested $1200 worth. Received a 58% dividend on the first day of staking (say $700) which I reinvested. That $700 is now $8000 or something ridiculous (and itself earning rewards), plus another 13 NXM (So another $416 on top).
And then lots of rats and mice rewards from things like staking Celsius, staking Tezos referral rewards etc. I even have 3000 of that damn Pi coin thing but don’t know where that is going.
And to top it off a free ledger nano for participation in a private group on FB
(EDIT: I forgot to mention I am currently winning a "pick four" crypto competition that I entered in January where you pick four cryptos and the winner takes the pot. I picked BTC, FTX, SNX and CEL - so that might be another $200 to add to my collection!)
So in all, that is an entire bitcoin just for doing a bunch of crazy stuff. Who said it was difficult to join the 21 million club? So for some people that might be considered a decent pay package for a full time job! What other opportunities do you guys have where you have passive income coming from crypto? Am I missing any obvious ones here?
Brief Comments on Goguen: Q4 2020, Q1 2021, utility, Marlowe, DSL, Glow, Plutus, IELE, smart contracts, thanksgiving to you, sidechains and Hydra, Goguen rollout and additions to product update
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
Everyone and his grandma know what cryptocurrency mining is. Well, they may not indeed know what it actually is, in technical terms, but they have definitely heard the phrase as it is hard to miss the news about mining sucking in energy like a black hole gobbles up matter. On the other hand, staking, its little bro, has mostly been hiding in the shadows until recently. by StealthEX Today, with DeFi making breaking news across the cryptoverse, staking has become a new buzzword in the blockchain space and beyond, along with the fresh entries to the crypto asset investor’s vocabulary such as “yield farming”, “rug pull”, “total value locked”, and similar arcane stuff. If you are not scared off yet, then read on. Though we can’t promise you won’t be.
Cryptocurrency staking, little brother of crypto mining
There are two conceptually different approaches to achieving consensus in a distributed network, which comes down to transaction validation in the case of a cryptocurrency blockchain. You are most certainly aware of cryptocurrency mining, which is used with cryptocurrencies based on the Proof-of-Work (PoW) consensus algorithm such as Bitcoin and Ether (so far). Here miners compete against each other with their computational resources for finding the next block on the blockchain and getting a reward. Another approach, known as the Proof-of-Stake (PoS) consensus mechanism, is based not on the race among computational resources as is the case with PoW, but on the competition of balances, or stakes. In simple words, every holder of at least one stake, a minimally sufficient amount of crypto, can actively participate in creating blocks and thus also earn rewards under such network consensus model. This process came to be known as staking, and it can be loosely thought of as mining in the PoS environment. With that established, let’s now see why, after so many years of what comes pretty close to oblivion, it has turned into such a big thing.
Why has staking become so popular, all of a sudden?
The renewed popularity of staking came with the explosive expansion of decentralized finance, or DeFi for short. Essentially, staking is one of the ways to tap into the booming DeFi market, allowing users to earn staking rewards on a class of digital assets that DeFi provides easy access to. Technically, it is more correct to speak of DeFi staking as a new development of an old concept that enjoys its second coming today, or new birth if you please. So what’s the point? With old-school cryptocurrency staking, you would have to manually set up and run a validating node on a cryptocurrency network that uses a PoS consensus algo, having to keep in mind all the gory details of a specific protocol so as not to shoot yourself in the foot. This is where you should have already started to enjoy jitters if you were to take this avenu entirely on your own. Just think of it as having to run a Bitcoin mining rig for some pocket money. Put simply, DeFi staking frees you from all that hassle. At this point, let’s recall what decentralized finance is and what it strives to achieve. In broad terms, DeFi aims at offering the same products and services available today in the traditional financial world, but in a trutless and decentralized way. From this perspective, DeFi staking reseblems conventional banking where people put their money in savings accounts to earn interest. Indeed, you could try to lend out your shekels all by yourself, with varying degrees of success, but banks make it far more convenient and secure. The maturation of the DeFi space advanced the emergence of staking pools and Staking-as-a-Service (SaaS) providers that run nodes for PoS cryptocurrencies on your behalf, allowing you to stake your coins and receive staking rewards. In today’s world, interest rates on traditional savings accounts are ridiculous, while government spending, a handy euphemism for relentless money printing aka fiscal stimulus, is already translating into runaway inflation. Against this backdrop, it is easy to see why staking has been on the rise.
Okay, what are my investment options?
Now that we have gone through the basics of the state-of-the-art cryptocurrency staking, you may ask what are the options actually available for a common crypto enthusiast to earn from it? Many high-caliber exchanges like Binance or Bitfinex as well as online wallets such as Coinbase offer staking of PoS coins. In most cases, you don’t even need to do anything aside from simply holding your coins there to start receiving rewards as long as you are eligible and meet the requirements. This is called exchange staking. Further, there are platforms that specialize in staking digital assets. These are known as Staking-as-a-Service providers, while this form of staking is often referred to as soft staking. They enable even non-tech savvy customers to stake their PoS assets through a third party service, with all the technical stuff handled by the service provider. Most of these services are custodial, with the implication being that you no longer control your coins after you stake them. Figment Networks, MyContainer, Stake Capital are easily the most recognized among SaaS providers. However, while exchange staking and soft staking have everything to do with finance, they have little to nothing to do with the decentralized part of it, which is, for the record, the primary value proposition of the entire DeFi ecosystem. The point is, you have to deposit the stakable coins into your wallet with these services. And how can it then be considered decentralized? Nah, because DeFi is all about going trustless, no third parties, and, in a narrow sense, no staking that entails the transfer of private keys. This form of staking is called non-custodial, and it is of particular interest from the DeFi point of view. If you read our article about DeFi, you already know how it is possible, so we won’t dwell on this (if, on the off chance, you didn’t, it’s time to catch up). As DeFi continues to evolve, platforms that allow trustless staking with which you maintain full custody of your coins are set to emerge as well. The space is relatively new, with Staked being probably the first in the field. This type of staking allows you to remain in complete control of your funds, and it perfectly matches DeFi’s ethos, goals and ideals. Still, our story wouldn’t be complete if we didn’t mention utility tokens where staking may serve a whole range of purposes other than supporting the token network or obtaining passive income. For example, with platforms that deploy blockchain oracles such as Nexus Mutual, a decentralized insurance platform, staking tokens is necessary for encouraging correct reporting on certain events or reaching a consensus on a specific claim. In the case of Nexus Mutual, its membership token NXM is used by the token holders, the so-called assessors, for validating insurance claims. If they fail to assess claims correctly, their stakes are burned. Another example is Particl Marketplace, a decentralized eCommerce platform, which designed a standalone cryptocurrency dubbed PART. It can be used both as a cryptocurrency in its own right outside the marketplace and as a stakable utility token giving stakers voting rights facilitating the decentralized governance of the entire platform. Yet another example is the instant non-custodial cryptocurrency exchange service, ChangeNOW, that also recently came up with its stakable token, NOW Token, to be used as an internal currency and a means of earning passive income.
Nowadays, with most economies on pause or going downhill, staking has become a new avenue for generating passive income outside the traditional financial system. As DeFi continues to eat away at services previously being exclusively provided by conventional financial and banking sectors, we should expect more people to get involved in this activity along with more businesses dipping their toes into these uncharted waters. Achieving network consensus, establishing decentralized governance, and earning passive income are only three use cases for cryptocurrency staking. No matter how important they are, and they certainly are, there are many other uses along different dimensions that staking can be quite helpful and instrumental for. Again, we are mostly in uncharted waters here, and we can’t reliably say what the future holds for us. On the other hand, we can go and invent it. This should count as next. And remember if you need to exchange your coins StealthEX is here for you. We provide a selection of more than 250 coins and constantly updating the list so that our customers will find a suitable option. Our service does not require registration and allows you to remain anonymous. Why don’t you check it out? Just go to StealthEX and follow these easy steps: ✔ Choose the pair and the amount for your exchange. For example ETH to BTC. ✔ Press the “Start exchange” button. ✔ Provide the recipient address to which the coins will be transferred. ✔ Move your cryptocurrency for the exchange. ✔ Receive your coins! The views and opinions expressed here are solely those of the author. Every investment and trading move involves risk. You should conduct your own research when making a decision. Original article was posted onhttps://stealthex.io/blog/2020/09/08/cryptocurrency-staking-as-it-stands-today/
The events of a SIM swap attack (and defense tips)
Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom. The full story: We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email. While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying: "We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device. This 24 hour review period is designed to protect your Coinbase account." This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized. It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA. They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances. The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information. This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase. From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts. Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along). Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line. In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap. Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker. Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays. For some some security recommendations: AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs. Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem. Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency. As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts. TLDR on the process: Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by (1) not resetting your email password so as to raise suspicion, (2) immediately delete any password reset emails you may receive from financial accounts to hide them from you, (3) attempt to forward all emails sent to your address to a burner email, and (4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox. TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible: (1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately (2) change your email password, (3) force a logout of all sessions from your email (at this point you have locked them out), then (4) check your mail forwarding settings for forwards to burner addresses, (5) check your mail rules for rerouting of emails from accounts such as Coinbase, and (6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen. We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
The events of a SIM swap attack directed at Coinbase (and defense tips)
The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom. The full story: We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email. While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying: "We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device. This 24 hour review period is designed to protect your Coinbase account." This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized. It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA. They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances. The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information. This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase. From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts. Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along). Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line. In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap. Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker. Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays. For some some security recommendations: AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs. Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem. Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency. As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts. TLDR on the process: Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by (1) not resetting your email password so as to raise suspicion, (2) immediately delete any password reset emails you may receive from financial accounts to hide them from you, (3) attempt to forward all emails sent to your address to a burner email, and (4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox. TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible: (1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately (2) change your email password, (3) force a logout of all sessions from your email (at this point you have locked them out), then (4) check your mail forwarding settings for forwards to burner addresses, (5) check your mail rules for rerouting of emails from accounts such as Coinbase, and (6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen. We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
The power players of consumer finance in the 21st century will be crypto-native companies who build with blockchain technology at their core.
The crypto landscape is still nascent. We’re still very much in the fragmented, unbundled phase of the industry lifecycle. Beyond what Genesis Block is doing, there are signs of other companies slowly starting to bundle financial services into what could be an all-in-one bank replacement. So the key question that this series hopes to answer:
Which crypto-native company will successfully become the bank of the future?
We obviously think Genesis Block is well-positioned to win. But we certainly aren’t the only game in town. In this series, we’ll be doing an analysis of who is most capable of thwarting our efforts. We’ll look at categories like crypto exchanges, crypto wallets, centralized lending & borrowing services, and crypto debit card companies. Each category will have its own dedicated post. Today we’re analyzing big crypto exchanges. The two companies we’ll focus on today are Coinbase (biggest American exchange) and Binance (biggest global exchange). They are the top two exchanges in terms of Bitcoin trading volume. They are in pole position to winning this market — they have a huge existing userbase and strong financial resources. Will Coinbase or Binance become the bank of the future? Can their early success propel them to winning the broader consumer finance market? Is their growth too far ahead for anyone else to catch up? Let’s dive in. https://preview.redd.it/lau4hevpm7f51.png?width=800&format=png&auto=webp&s=2c5de1ba497199f36aa194e5809bd86e5ab533d8
The most formidable exchange on the global stage is Binance (Crunchbase). All signs suggest they have significantly more users and a stronger balance sheet than Coinbase. No other exchange is executing as aggressively and relentlessly as Binance is. The cadence at which they are shipping and launching new products is nothing short of impressive. As Tushar Jain from Multicoin argues, Binance is Blitzscaling. Here are some of the products that they’ve launched in the last 18 months. Only a few are announced but still pre-launch.
Binance is well-positioned to become the crypto-powered, all-in-one, bundled solution for financial services. They already have so many of the pieces. But the key question is:
Can they create a cohesive & united product experience?
Binance is strong, but they do have a few major weaknesses that could slow them down.
Traders & Speculators Binance is currently very geared for speculators, traders, and financial professionals. Their bread-and-butter is trading (spot, margin, options, futures). Their UI is littered with depth charts, order books, candlesticks, and other financial concepts that are beyond the reach of most normal consumers. Their product today is not at all tailored for the broader consumer market. Given Binance’s popularity and strength among the pro audience, it’s unlikely that they will dumb down or simplify their product any time soon. That would jeopardize their core business. Binance will likely need an entirely new product/brand to go beyond the pro user crowd. That will take time (or an acquisition). So the question remains, is Binance even interested in the broader consumer market? Or will they continue to focus on their core product, the one-stop-shop for pro crypto traders?
Controversies & Hot Water Binance has had a number of controversies. No one seems to know where they are based — so what regulatory agencies can hold them accountable? Last year, some sensitive, private user data got leaked. When they announced their debit card program, they had to remove mentions of Visa quickly after. And though the “police raid” story proved to be untrue, there are still a lot of questions about what happened with their Shanghai office shut down (where there is smoke, there is fire). If any company has had a “move fast and break things” attitude, it is Binance. That attitude has served them well so far but as they try to do business in more regulated countries like America, this will make their road much more difficult — especially in the consumer market where trust takes a long time to earn, but can be destroyed in an instant. This is perhaps why the Binance US product is an empty shell when compared to their main global product.
Disjointed Product Experience Because Binance has so many different teams launching so many different services, their core product is increasingly feeling disjointed and disconnected. Many of the new features are sloppily integrated with each other. There’s no cohesive product experience. This is one of the downsides of executing and shipping at their relentless pace. For example, users don’t have a single wallet that shows their balances. Depending on if the user wants to do spot trading, margin, futures, or savings… the user needs to constantly be transferring their assets from one wallet to another. It’s not a unified, frictionless, simple user experience. This is one major downside of the “move fast and break things” approach.
BNB token Binance raised $15M in a 2017 ICO by selling their $BNB token. The current market cap of $BNB is worth more than $2.6B. Financially this token has served them well. However, given how BNB works (for example, their token burn), there are a lot of open questions as to how BNB will be treated with US security laws. Their Binance US product so far is treading very lightly with its use of BNB. Their token could become a liability for Binance as it enters more regulated markets. Whether the crypto community likes it or not, until regulators get caught up and understand the power of decentralized technology, tokens will still be a regulatory burden — especially for anything that touches consumers.
Binance Chain & Smart Contract Platform Binance is launching its own smart contract platform soon. Based on compatibility choices, they have their sights aimed at the Ethereum developer community. It’s unclear how easy it’ll be to convince developers to move to Binance chain. Most of the current developer energy and momentum around smart contracts is with Ethereum. Because Binance now has their own horse in the race, it’s unlikely they will ever decide to leverage Ethereum’s DeFi protocols. This could likely be a major strategic mistake — and hubris that goes a step too far. Binance will be pushing and promoting protocols on their own platform. The major risk of being all-in on their own platform is that they miss having a seat on the Ethereum rocket ship — specifically the growth of DeFi use-cases and the enormous value that can be unlocked. Integrating with Ethereum’s protocols would be either admitting defeat of their own platform or competing directly against themselves.
The crypto-native company that I believe is more likely to become the bank of the future is Coinbase (crunchbase). Their dominance in America could serve as a springboard to winning the West (Binance has a stronger foothold in Asia). Coinbase has more than 30M users. Their exchange business is a money-printing machine. They have a solid reputation as it relates to compliance and working with regulators. Their CEO is a longtime member of the crypto community. They are rumored to be going public soon.
Let’s look at what makes them strong and a likely contender for winning the broader consumer finance market.
Different Audience, Different Experience Coinbase has been smart to create a unique product experience for each audience — the pro speculator crowd and the common retail user. Their simple consumer version is at Coinbase.com. That’s the default. Their product for the more sophisticated traders and speculators is at Coinbase Pro (formerly GDAX). Unlike Binance, Coinbase can slowly build out the bank of the future for the broad consumer market while still having a home for their hardcore crypto traders. They aren’t afraid to have different experiences for different audiences.
Brand & Design Coinbase has a strong product design team. Their brand is capable of going beyond the male-dominated crypto audience. Their product is clean and simple — much more consumer-friendly than Binance. It’s clear they spend a lot of time thinking about their user experience. Interacting directly with crypto can sometimes be rough and raw (especially for n00bs). When I was at Mainframe we hosted a panel about Crypto UX challenges at the DevCon4 Dapp Awards. Connie Yang (Head of Design at Coinbase) was on the panel. She was impressive. Some of their design philosophies will bode well as they push to reach the broader consumer finance market.
Early Signs of Bundling Though Coinbase has nowhere near as many products & services as Binance, they are slowly starting to add more financial services that may appeal to the broader market. They are now letting depositors earn interest on USDC (also DAI & Tezos). In the UK they are piloting a debit card. Users can now invest in crypto with dollar-cost-averaging. It’s not much, but it’s a start. You can start to see hints of a more bundled solution around financial services.
Let’s now look at some things that could hold them back.
Slow Cadence In the fast-paced world of crypto, and especially when compared to Binance, Coinbase does not ship very many new products very often. This is perhaps their greatest weakness. Smaller, more nimble startups may run circles around them. They were smart to launch Coinbase Ventures where tey invest in early-stage startups. They can now keep an ear to the ground on innovation. Perhaps their cadence is normal for a company of their size — but the Binance pace creates quite the contrast.
Institutional Focus As a company, we are a Coinbase client. We love their institutional offering. It’s clear they’ve been investing a lot in this area. A recent Coinbase blog post made it clear that this has been a focus: “Over the past 12 months, Coinbase has been laser-focused on building out the types of features and services that our institutional customers need.” Their Tagomi acquisition only re-enforced this focus. Perhaps this is why their consumer product has felt so neglected. They’ve been heavily investing in their institutional services since May 2018. For a company that’s getting very close to an IPO, it makes sense that they’d focus on areas that present strong revenue opportunities — as they do with institutional clients. Even for big companies like Coinbase, it’s hard to have a split focus. If they are “laser-focused” on the institutional audience, it’s unlikely they’ll be launching any major consumer products anytime soon.
Coinbase Wrap Up
At Genesis Block, we‘re proud to be working with Coinbase. They are a fantastic company. However, I don’t believe that they’ll succeed in building their own product for the broader consumer finance market. While they have incredible design, there are no signs that they are focused on or capable of internally building this type of product. Similar to Binance, I think it’s far more likely that Coinbase acquires a promising young startup with strong growth.
Other US-based exchanges worth mentioning are Kraken, Gemini, and Bittrex. So far we’ve seen very few signs that any of them will aggressively attack broader consumer finance. Most are going in the way of Binance — listing more assets and adding more pro tools like margin and futures trading. And many, like Coinbase, are trying to attract more institutional customers. For example, Gemini with their custody product.
Coinbase and Binance have huge war chests and massive reach. For that alone, they should always be considered threats to Genesis Block. However, their products are very, very different than the product we’re building. And their approach is very different as well. They are trying to educate and onboard people into crypto. At Genesis Block, we believe the masses shouldn’t need to know or care about it. We did an entire series about this, Spreading Crypto. Most everyone needs banking — whether it be to borrow, spend, invest, earn interest, etc. Not everyone needs a crypto exchange. For non-crypto consumers (the mass market), the differences between a bank and a crypto exchange are immense. Companies like Binance and Coinbase make a lot of money on their crypto exchange business. It would be really difficult, gutsy, and risky for any of them to completely change their narrative, messaging, and product to focus on the broader consumer market. I don’t believe they would ever risk biting the hand that feeds them. In summary, as it relates to a digital bank aimed at the mass market, I believe both Coinbase and Binance are much more likely to acquire a startup in this space than they are to build it themselves. And I think they would want to keep the brand/product distinct and separate from their core crypto exchange business. So back to the original question, is Coinbase and Binance a threat to Genesis Block? Not really. Not today. But they could be, and for that, we want to stay close to them. ------ Other Ways to Consume Today's Episode:
Brave Browser: TRULY FASTER - The browser that rethinks the web
The Brave browser is very new to the browser scene but they are seriously making a huge thing in the market. Not only promising and insanely fast speed beat out Chrome and Firefox but also security and privacy built in by default for the user. Is this all just hype, is it there is something to it and why most people switch to Brave. https://preview.redd.it/gaodv4set1151.png?width=625&format=png&auto=webp&s=9656fe17369c4389964addd9145822e0acf9bb05 For the record, Brave Rewards, BAT, Brave Ads & anything cryptocurrency related is DISABLED by default. This is a big misconception as these features are OPT IN and completely optional to the user. The browser you currently using loaded with trackers, cookies and other data collection parasites that is constantly following you when you are browsing your browser. What if instead of being used, you were actually rewarded for your regular internet usage. What if you could limit your ads. Wouldn't it makes internet a better place. That's why i use Brave browser. Brave doesn't collect my browsing data in fact my data never leaves my device. Brave shields against Malware, Autoplaying videos, Phishing attempts, Fingerprinting and other malicious attempt to steal and exploit your sensitive information.
Brave is built on Chromium and is an open-source browser project that aims to build a safer, faster and a more stable way for all internet users to experienced the web.
Why BRAVE browser
Load pages 3x to 6x faster Import and continue where you left off Support your favourite sites with Brave Rewards Experience unparalleled privacy and security.
BRAVE browser features
Per-site shield settings
Configurable global shield defaults
Earn by viewing private ads
Tip your favorite creators
Contribute monthly to sites
Auto-contribute to sites
Verify with Uphold and move funds in and out of your wallet
Become a verified creator and start earning BAT from tips, contributions and referrals
Tabs & Windows
Drag and drop*
Find on page
Clear browsing data
Built-in password manager
Control content access to full-screen presentation*
Control site access to autoplay media
Send “Do not track” with browsing requests
Choose default search engine
Use keyboard shortcuts for alternate search engines*
Option to use DuckDuckGo for private window search*
Extensions/Plugins Brave Desktop now supports most of the Chrome extensions in the chrome web store. Address Bar
Search from address bar
Autosuggest search terms
Show/hide bookmarks toolbar*
Show secure or insecure site
How does Brave Rewards work?
Brave Browser users earn tokens by surfing the web.
They tip tokens to you, their favourite content creator.
You sign up as a verified content creator on Brave Rewards.
Hey all, We are trying something new. Full disclosure, I work for BitcoinTaxes, and I am the host of the new podcast I am here to talk about. News happens in the world of cryptocurrency at a rapid pace. Every day something new and innovative is announced, that expands on existing technologies. The Cryptocurrency Informer is a weekly update series highlighting notable events happening in the crypto and crypto-adjacent spaces. Each episode provides a brief summary of these events, and an accompanying blog post provides sources for each story, so our listeners can dig deep on the things they want to know more about. In the first episode of The Cryptocurrency Informer, we discuss the effects of the COVID-19 outbreak on tax deadlines and federally backed cryptocurrencies. Binance has released it’s new “Binance Card”, and Mt.Gox creditors may be getting closer to a payout. Podcast Links: Podcast Page Direct Episode Link Info Links:
*Creditor Portal Login (View Documents) Coindesk Report * Please use your best judgement when providing login information. The Creditor Portal Login link was provided via update on Mt. Gox's page. A PDF of this annoncement can be found here. --- Hopefully you guys enjoy this kind of content. We'll still be releasing normal episodes of The BitcoinTaxes Podcast soon, but this will be an additional series that we release now as well.
[Part 2] KAVA Historical AMA Tracker! (Questions & Answers)
ATTN: These AMA questions are from Autumn 2019 - before the official launch of the Kava Mainnet, and it's fungible Kava Token. These questions may no longer be relevant to the current Kava landscape, however, they do provide important historical background on the early origins of Kava Labs. Please note, that there are several repeat questions/answers.
How do you think about France in Kava market development plan?
What is your next plan to raise awareness among French about Kava?
Answer: It is important to reach many top markets. For countries like France we need to find 1st regulator partners such as Binance that can help provide access to KAVA for users. When our CDP platform launches, we will work through local validator partners to help translate content and work with local users.
We have some great community efforts where people create content for us.
Why did you choose Cosmos instead of Aion, which comes with AVM built on JAVA, which can be accepted by many developers?
Will there be a possibility that one day we will be able to collateralize a privacy coin, such as Monero, on KAVA?
Answer: We like programming in GO, interfaces are OK for Java. Cosmos will also feature a WASM module and EVM later. The Cosmos-SDK is very flexible and it allowed us to choose our own security model. That was unique compared to other frameworks where we had to adopt the underlying blockchains. In Cosmos-SDK we can create our own blockchain.
Re: privacy - you can do some fun things in payment channels to make transactions more private. Such as onion routing clearing and settlement across different nodes. This can be possible in the future, but not our priority now.
The biggest advantage of finance is the efficient allocation of resource allocation. If KAVA connects assets of multiple platforms through the interchain technology, the efficiency across the market will be improved.
But in terms of connectivity, Facebook's Libra, with its centralized giant platform, could be a big threat for the future. Of course, regulatory uncertainty still exists. KAVA wonders what big platform companies think about entering the blockchain field and how they can cope with their competition.
Answer: We think of Kava as a DeFi service that can integrate with wallets, exchanges, and other platforms when users want loans or stable coins for payments. We don't see competition with Libra, but we see lots of users potentially getting into crypto which will be good for the market, good for BTC, and good for Kava.
What will you do with the money after IEO?
What is the most important markets that Kava is focusing?
What is your marketing strategy to approach those markets?
Answer: What will we do with the IEO money? Put it in a bank and keep building. We keep our funds safe in secure accounts that are insured. We always maintain at least 2 years runway in pure fiat to ensure we can survive in any bear market conditions and come out on top in the end.
On mainnet, which function/feature can we expect to see on Kava since i only saw informations about its testnet?
Answer: mainnet will feature KAVA, staking, delegating, validator software, voting and governance / parameter changes. Following mainnet, the validators will vote to enable transactions and the CDP platform. We expect this to be towards the end of the yeaQ1 2020
How does Kava maintain the stability of its stablecoin? Are there any opportunties for outsiders to arbitrage or any other mechanisms to maintain price stabilization?
Answer: Kava users deposit crypto assets as collateral and can withdraw a loan based on the amount they deposited. They must always provide more collateral than the loan is worth. When the value of the collateral drops due to market conditions, before it reaches the value of the loaned amount, the platform will auction off the crypto assets for USDX that is on the market at a discount. Holders of USDX can buy these assets at a profit. This removes USDX from the market and makes sure that the global USDX to collateral in the system remains balanced. Similar to MakerDao, 3rd parties can run "keepers" - very simple implementations which continuously monitors the Kava/USDX credit system for unsafe CDPs, and execute the liquidation function the moment they become unsafe. Keepers can also perform arbitrage on DEX/Exchanges executing trades across the Kava platform and the markets.
Alright! So KAVA is doing DeFi right, could you explain DeFi in layman term to us.
Answer: Decentralized Finance. Finance is really ensuring everything about past, present, and future value of money. You need safe custody and a store of value to keep money you earned in the past safe to be used later when you need it. You need something liquid and easily tradable to be used in the present. And the trickier one is the future - people need to get loans on the assets they have or hedge against the assets they have in order to ensure they can build for a better future. That’s finance.
DeFi is taking all those things and making them open access and unregulated so that regardless if you were born with out an ID, if your credit score is bad, or if the government is trying to censor your actions and limit your spending - DeFi promises to give you a way to get access to the financial products you need.
Could you please briefly explain your projects, and why you choose DeFi as a problem to solve?
Answer: Kava is a cross-chain DeFi platform for cryptocurrencies. Kava offers decentralized loans and stable coins for any other crypto asset such as BTC, XRP, BNB, and ATOM.
DeFi is the killer use case of crypto today. I think most people see this clearly now. We believe providing the basic DeFi services is the very first step that is required before blockchain technology can really become wide spread - so we started here.
Why the name of the project KAVA?
Answer: We started in crypto thinking we would build banking products and we wanted a more relaxed cool name to stand out from other solutions. Turns out Kava means many things.
Kava = Hippopotamus in Japanese
Kava = crow in hindi
Cava = wine region in spain
Kava = a medicinal root you add to Tea
Kava = now a cross-chain DeFi platform
But TLDR - we liked the name and thought it sounded short and sweet.
What do you think of the future of DeFi in this space? Will DeFi one day take over the traditional financial systems? -- any wild guess on when it might happen?
Answer: I think centralized solutions will always have certain advantages and DeFi will also have certain advantages.
But truthfully, KYC is a problem from a user experience point of view. One of the big things with DeFi is there is no need to make people go through a KYC process anymore.
If we imagine a world where USD Is king, or Renminbi is king, or BTC is king. DeFi has a place in all of them because open access to financial services is a basic human necessity.
As we have known, Lending is not the only problem to solve in the whole financial areas, are you planning on going beyond lending? What other financial products are in your pipeline?
Answer: Thats a good #Q .
While we have a lot to solve to offer lending to other crypto assets - we can expand our support to non-crypto assets, to NFT tokens, and other assets.
We also have plans to offer derivatives and other synthetics other than USDX - such as synthetic bitcoin and Yuan. What is exciting about Kava and the oracle system run by validators is that we can leverage this infrastructure around the world to do all sort of things.
One of the more interesting products is creating under-collateralized loans using payment channel (layer-2 tech) of our USDX coin. Two parties can lock funds in payment channels and place bets on the price feeds from the oracles. When the funds reach a maximum threshold, the bet closes. Since a price feed is just a data set, we can have the settlement rules be multiples of the real data. In simple terms we can create 100x leverage products for the craziest of traders 😉
Btw KAVA is a bit unique because it use Cosmos/Tendermint. While other DeFi use Ethereum , why you guys choose Cosmos?
Answer: Cosmos is the future. Even facebook’s Libra consensus design was just a copy of Tendermint. Kava, Binance, the Cosmos Hub and many other blockchains are built on the same Cosmos-SDK framework.
It’s very flexible and soon interoperable. This is a huge advantage over Ethereum. Where system’s like MakerDAO will be forced to develop in a slowly evolving chain like Ethereum and only touching Erc20 assets, Kava will be able to rapidly evolve, program in GO rather than solidity, and interoperate with chains like Binance directly.
We’re very excited to get BNB and BTCB onto Kava’s CDPs and to put KAVA and USDX onto the Binance DEX. This is fairly easy on Cosmos.
I saw in KAVA deck that you guys will use USDX, is it a stable coin? How is it going to work and its relationship with KAVA token itself?
Answer: USDX is an algorithmically stable token pegged to the USD. USDX is the token users recieve when they get a loan from the Kava platform. USDX is collateralized or backed by crypto assets so the Kava platform should always hold more crypto value than the USDX it loans making USDX a very safe store of value even if the market crashes 10x overnight. That is what a stable coin should do.
USDX is special though. Natively, users can spend or trade USDX freely like other stable coins, but the important difference is that 1) USDX is free of censorship and does not require a bank or anything else. 2) USDX can be “bonded” or “staked” providing an interest bearing yield between 2-10% APR. This is substantially more than what I can even get from my bank account.
From your point of view as KAVA team, what would be most anticipated feature in KAVA ?
Answer: Our CDP platform launch later this year. The first USDX will be minted then.
Support of BTC in the CDP smart contracts. No blockchain has supported a real decentralized custody and use of BTC with smart contracts before.
Indonesia is one of the “developing” countries, how is DeFi can help in making a difference in those “developing” countries?
Answer: I can’t speak for developing countries as it’s not my expertise, but DeFi in general is trying to offer the exact same services to EVERYONE. Whether you are in San Francisco or Indonesia, the financial services you should have should be similar. The rates and fees you pay should be the same. DeFi is fair treatment and open access for everyone. That is what’s nice about having things run on a protocol.
Last but no least, since we are doing AMA in Indonesian group, I believed our members wants to know if you are interested in going to Indonesia to expand your community and reach?
Answer: As I said, I have not been before! I am traveling throughout South East Asia for a lot of the year. It is one of my destinations. I hope to meet many of you while I am out there.
Defi companies are growing at a rapid pace, but they're actually smaller than traditional financial institutions. In order for Defy to become a global trend, it must eventually acquire consumers within the traditional financial industry.
Traditional financial consumers, however, have poor technical understanding and want psychological stability through government guarantees such as deposit insurance. After all, what does KAVA think about long-term competitors as traditional financial institutions, and what long-term strategies do they have to embrace traditional financial consumers?
Answer: We think of financial institutions as big honey pots of potential DeFi users. For example, if Kava can offer margin lending at better rates than a bank because there is no middle men or compliance costs, users should want to use that service.
As crypto grows, I believe more FIs will integrate crypto assets and DeFi services. For example, in the US you cannot currently margin trade crypto as a retail user. But it could be possible for a regulated FI to integrate a lending service like KAVA without causing issues with regulators due to Kava having no counter party risk other than the user itself.
MakerDAO is only for ethereum but Kava support multiple assets, is this only difference?
What are Kava main advantages compared to MakerDAO?
Answer: Kava supports multiple assets THAT are on different blockchains. Maker can only support ETH. This is a huge difference. In addtion, the role of Maker is quite likely a security token. It represents fees paid by others. Where in Kava, the token is used in security of the blockchain protocol itself. The holders of Kava have a lot at stake and need it to govern the system. Maker holders have nothing at stake.
I think a huge difference is that with our model being POS and based on validators with slashing if they don't participate our governance participation and management will be much more effective than MakerDao.
Ticket claim for KAVA Launchpad is comming around the corner. This maybe last IEO ticket claim of this year. With this hype and expectation of investors/traders, do you think KAVA will be a big boom to end this year with happy tears?
If someone wants to manipulate Governance function of KAVA by changing voting result by possessing many Validators Node through buying over 51% KAVA of market, what will KAVA team do? Do you think Emergency Shutdown(Maker has this) can be considerd as a solution?
How will USDX be minted and backed on KAVA platform? If its based on uses crypto collateral, how will KAVA team make it stable since the inflation of crypto price?
Answer: I believe Kava to be underpriced currently, especially compared to maker which is 10x the value and serving ETH which is much smaller market than ours.
But I cannot tell you with certain if Kava will boom or bust - only the market can decide that. As with all speculative assets, do your homework and trade at your own risk. We here at kava are very LONG Kava, but we are biased 😉
Stablecoin is the word that I heard everyday, so do you have any plans to release wallet for stablecoin?
Answer: There are already wallets created for Kava that can hold our tokens 😉
My first question is: Why do traders choose to use KAVA instead of margin on exchanges?
My second #Q is: What happens whenKAVA doesn't have enough cash to loan out?
Answer: Traders who cannot get passed KYC can use Kava. Traders who want better rates than exchanges can use Kava. If regulators like in the US prevent margin trading, Kava is a great solution.
Kava creates USDX out of thin air when users withdraw loans. It will only create Kava is the user locks a great value of crypto in the system to back it. When the USDX loan is repaid, it is destroyed. In this way, Kava can scale however big it wants - it will never run out of cash.
i heard as you said before in San Fransisco, Silicon Valley. what is the relationship about Silicon Valley and KAVA? and what will KAVA done in this Q1 ?
Answer: I am born and raised in Silicon Valley. I am blessed to have grown up in this area where lots of tech innovation is. However, I am the only one at Kava that lives here full time. The others on my team are in the Cayman Islands and Cambridge.
San Francisco is a hub for the largest crypto projects - Ripple, Coinbase, Stellar, etc. It's a great place to network with founders and feel inspired to do big things. It is not the best weather here, but the people are focused and extremely helpful if they can be if you aim to do big things.
With regard to minting new USDX, is there any potential chance to against Global financial law? Likewise USDT, issuing money should guarantee deposit of real collateral as I have known.
Answer: USDX is debt. It is not a guarantee, but the protocol's rules state it must have more crypto assets behind it than the # of USDX issued. In this way, rules are better than guarantees. Tether guaranteed 1:1 USD, it turned out not to be true because their funds were seized by regulators. That is impossible in the case of Kava.
What is the uniqueness of KAVA project that cannot be found in other project that´s been released before?
Answer: Cross-chain is unique for us. But most unique is our partners and validator group that is launching our blockchain. We have incredible partners that support our work including Ripple, Cosmos, Arrington, Hashkey, SNZ, Lemniscap, etc.
KAVA was initially planned to launch on Ripple network but later switched to Cosmos Tindermint Core. What is that something you see in Tindermint Core that is not available anywhere.
Answer: We did not plan to launch on ripple and did not launch on "Tinder"-mint. I have a fiance - she would be quite mad.
We did however use the Cosmos SDK - a tool set, to build our blockchain that features tendermint consensus.
Tendermint is just the consensus so I assume you mean the SDK. The SDK is very much "choose your own adventure" you can build anything and design all the spec of your blockchain easily. In this way you choose the tradeoffs that make the most sense for your special application/network
How much portion of USDX is backed from crypto/fiat money ...& please mention why any trader, hodler will prefer USDX over other stable coins?
What are the biggest challenges you expect to face and how do you plan to overcome these challenges?
Answer: 150% of USDX or more is backed by crypto. Traders will use USDX because it offers a savings rate. This rate allows traders heding bitcoin or other assets to not only store value, but earn a return.
What do you think about creating liquidity for the Kava project?
Answer: It's the biggest challenge. My hope is the savings rate USDX offers will give it natural organic demand over existing stable coins. It will definitely be a large BD process to get USDX listed and used worldwide.
We work with some of the worlds best market makers to seed liquidity today. But we will need organic demand in the long-term
So many IEO projects consistently drop in price after listing. Whats different with KAVA, what are some special highlights?
Answer: Why is Kava based on Cosmos? Based on what considerations?
How do you see the chinese language community? How do you view the opportunities for growth in the chinese community?
Answer: You will be soon listing on Binance, what are your plans on the business side after listing? In one years time, what are your thoughts on where Kava's development will be?
If we take a look at all the different types of DeFi products/apps out there, including decentralized exchanges, stablecoins, atomic swaps, insurance products, lending platforms, trade financing platforms, custodial platforms, crowd investment platforms, etc, nearly cover all the important areas of traditional finance.
In this age of all these different platforms taking hold, where does Kava see itself appealing to its app developers, users, investors?
Answer: What does Kava do? What can a normal user (of crypto) achieve by using KAVA?
How does Kava maintain the stability of its stablecoin? Are there any opportunities for outsiders to arbitrage or any other mechanisms to maintain price stabilization
Answer: What is the reason for the IEO price reaching 6x the first round private sale price? How did you come about to reaching this valuation?
What would you be able to do more for Russian-speaking communities and regions?
Answer: one thing to keep in mind is that yes, we do have limitations and regulations to follow when it comes to certain countries and we will adhere to those regulations in hopes of proving ourselves to be a thoughtful and long-term solution. while we may not directly work with some countries, we hope that communities there can understand that we're here focused on being sustainable rather than another project around shorter-term gains.
for myself, I'm actually belarusian myself so I absolutely see the value of working in the CIS/Russian-speaking regions. we'll continue to do AMAs, interviews, and always engage with Russian-speaking communities to better understand what the #Q s, concerns, and thoughts.
If there's anything else we can do in this region and with the @gagarin_ico communities, please let us know!
What are your major goals to archive in the next 3-4 years? Where can we KAVA ecosystem in this period? What are your plans to expand and gain more adoption?
Do you guys feel satisfied by seeing your progresses and achievements till now, when you look back to the day when you have started this project?
Answer: We want to really build out great DeFi products for the masses. I really believe that DeFi will be a major force to allow much more mass adoption for crypto over the coming years. In the sorter term, we want to push out our blockchain and build on top of that our CDP platform, which allows users to trustlessly put collateral onto the Kava blockchain, and receive a loan in USDX that will be also trustlessly administered.
We will then build out more complex products and financial derivatives for crypto users and traders. We have barely scratched the surface in what we can do with DeFi so I can't predict the future, but we want to build products that are pegged to BTC values so that traders have more leverage purely in crypto.
Which one of your milestone do you think was difficult and which was the encouragement that courages you to achieve it?
What were the Minimum and Maximum limit of KAVA tokens that one can be able to STAKE after the Mainnet launch ? And What will be the percentage of reward one gets and will it in future ?
Answer: Good #Q ! Well we've been working on open source cross-chain technologies for a number of years and honestly it can be a pain. I think the Cosmos SDK made it significantly easier to implement the features that we wanted into the software.
I think the largest challenges for Kava are not software based but in market adoption. Makerdao is a great project and they have spearheaded a lot of the work in the lending field. Hopefully Kava can be a very meaningful contributor as well
What if someone fails to repay the debt? Is that KAVA is taking collateral system to enterprise level & if so, what's the plan? How secure KAVA is to safely handle the collateral tokens?
Answer: These CDPs or "collateral debt positions" are always over-collateralized, which means you have to have more asset locked up in the bucket than you can draw from the bucket. The system leaves a margin when the collateral is 'called' to be able to sell off. If the asset cannot be fully redeemed KAVA is minted to cover the balance. Hence KAVA is a 'lender of last resort". This is why its important that we select good initially assets to support 👍
I am very impressed with your voting method, how does it work? Whether users can vote to change things in the platform, are you a programmer with filters to decide what can be voted on and what is not possible?
Answer: Thanks. A lot of this was pioneered with the Tendermint team. Basically voting is entirely open and asynchronous, meaning anyone can submit a proposal to be voted on. All the project in the Cosmos ecosystem are working diligently to expand the space of variable or features that can be modified via this governance method in protocol. For example, we were the first to enable transactions directly via governance in our Testnet-2000!
Where does the interest rate come from for holding USDX specifically & technically?
Answer: Great #Q ! Just like in MakerDAO, lenders of collateral (e.g. BTC, BNB) pay an annual interest rate to borrow USDX. A portion of that interest rate accretes to holders of KAVA, the rest we can apply a 'carrot' for users to adopt USDX. In short, Savings rate is loan interest rate less 'rents' collected from KAVA holders
As far as I understand it KaVa is used both as a staking token and as collateral for Kava stablecoins (UsDX) .Can you talk a bit about the stability mechanism? Can other forms of collateral be used to create Kava stablecoins (a la Multi-Collateral Dai)?
Answer: KAVA will not be used as a collateral type in the CDPs. Collateral types will be assets exogenous to the system, like BTC and BNB. Of course BTC and BNB's value fluctuates. To make USDX not fluctate we ensure there is always more BTC or BNB in the CDP bucket than 'stable' USDX. Therefore BTC could increase or decrease a lot, as long as its less than the 'stable' debt of USDX that you have drawn, the system is healthy and functional 👌
As far as I know, KAVA had 150 Validators in the test. Why do you have so much. Which conditions are your team based on to choose / invite them to stay decentralized, important for a Defi platform like KAVA?
Answer: KAVA mainnet will launch with a cap of 100 validators. We want as many validators as possible. The reason? What if KAVA was run by just you and me. Well that works if people trust us, but its pretty for us to collude and act maliciously. Its harder for 100 people to collude -- its still possible, but harder. And so we put a lot of effort in to promoting a healthy and large validator community, and empowering them to grow their stake in the system
As a developer, which program languages can i use in kava core smart contracts?
2How secure your fully on-chain liquidity protocol & What's is a core Smart Contract ?can you briefly explain.
Answer: Yay developers! 🤓 The Cosmos SDK is currently written in Golang. So thats a good start. What other language would you like to work in?
What do you think of DEFI in the Blockchain space?
DeFi brings many benefits to users, but conflicts of interests with the Bank. What is the solution of kava?
Answer: Defi to me is offering financial primates, the supplies of which are spreadout amongst many participants, as opposed to few. People offer loans on BTC today. Kava's goal is to maximize the amount of counterparties to any loan, thereby 'socializing' the returns on any activiely used financial product
What is the crucial thing, in your opinion,that would increase adoption of KAVA and possibly the rest of crypto. What’s the KAVA economic model and how will it is architecture ensure scarcity of the token and help to growth token price?
Can you tell me more about the new technology that combines the benefits and interactive functions of Cosmos with the DeFi applications you have built?
Answer: Principly what I believe is 'new' about the KAVA tech stack is that we are building a standalone piece of software that treats other network techologies as 'first class citizens'. This means from the ground up our design is mean to easily incorporate and work with other software. A lot of blockchain is a story of "everyone will use my software, because its the best". Kava Labs worked for years against this view while bringing open Interledger to market.
As Per Kava website ! $KAVA was done many partnerships with Big project like Ripple, Cosmos, TenderMint, Hashkey, etc ! So, whats the major reason and benefits of these partnerships to kava project?
Kava Project have their own Mainnet Blockchain So, whats the main work of Cosmos Blockchain in Kava ? Is Kava projects is on Both mainnet and Cosmos OR Kava is just using the Cosmos Blockchain services?
Answer: Working together. Pooling resources and talent to make something bigger! Crypto is still a little fish in a huge ocean of financial services. Kava Labs has always had an eye for inclusivity. Grow the pie!
I have been too involved in KAVA's AMA, I think I know all about your technology.I want to ask a successful person like you why come with cryptocurrencies and blockchain, with talent. There are many other areas for you to choose, so why are you targeting such a risky market?
Answer: Successful ay? hehe. Depends how you define success and what your goals are. I love delivering products to users. Crypto has some fantastic users, and there is still sooo much to be built. I think KAVA has a lot of promise, but there is still so much work to be done and I hope users like you all become producers some day as well
What's the most critical and innovative point of KAVA to ensure users that it is the best under DeFi niche?
How can you compete MakerDAO which has done good number of business with recent market! If I hold KAVA tokens how KAVA leverage the tokens value and make it moon for me? 🙈
Answer: "IF" you hold KAVA tokens now? 😂 Again I think this a markets concern. To the extend that users on other chains begin to trust KAVA brand for loan issuance, and we get some solid adoption of USDX I think we're in a good spot. I would say a benefit of KAVA is that we are FOCUSED. We're not trying to be everything for everyone. This is lending, quite simply, for the large market cap coins -- and that's hard enough
Why KAVA needs to create it's own stable coin, whereas there are are many other options available in the market? Is that crypto tokens can be stable!!?
Answer: Yeah there are a lot of USD backed stable coins that is true. Indeed we have looked around with working together with a number of them. The difference with USDX (and DAI) is that its crypto-collateral backed. Doesnt mean we won't work with others in the future 😉
Processing fees on loans we need to pay in kava or usdx?
Which types of success you've been seen in testnet? Why on Nov 5th you've planned to launch mainnet? How many testnet was processed in the past?
Answer: Three major testnets with some minor iterations therein. Testnet-3000's software was pinned to KAVA mainnet software. That testnet is looking good which is a good indicator for smooth sailing on mainnet launch, we'll see 🤞
DeFi is a hot niche when it comes to crypto/blockchain project! Most of the projects are developing aiming DeFi, How KAVA is looking to contribute in DeFi ecosystem? What will be the approach of KAVA to systemize & increase adoptability?
Answer: DeFi is big. Mostly on Ethereum, which is great! KAVA is for non-ethereum networks 😇
What is the main reason that you think that Cosmos-based Kava zone will present a new validator opportunity :- a complex and multi-faceted governance system that allows differentiation?
Answer: Validator #Q , nice. I believe its important for validators to be able to distiguish there service in multiple ways, not just on security (otherwise they will be treated as a commodity). KAVA present an opportunity for validators to distiguish themselves on the basis of proper governance of system parameters on behalf of their delegating constituents. KAVA is a "lender of last resort", so delegating to a sophisticated validator could lead to better results beyond security.
How is kavas tendermint better than other defi consensus especially with the introduction of etheruem 2.0 which many believe will be better than all others - considering kavas association with ripple, is it possible to foresee defi loans from crypto to fiat ?
Maybe kava partnership with centralised banks?
Answer: IDK about that. But we will be working closely with the great folks over at Ripple, thats for sure!
Adoption is one of the important factor that all sustainable blockchain projects should focus to be more attractive in the invertors' eyes.
Can you tell me what KAVA has done and plan to do to achieve Adoption in the reality, real use cases, our real society?
Answer: Bitcoin is real!? I'm continuously impressed by the demand and size of that network. Help us capture that demand! Really, if we can I think the future looks bright for KAVA!
Bitcoin’s stimulus Bitcoin crossed $15,000, the first time since January 2018. The cryptocurrency is now up 7.8% over the past 24 hours and over 108% on a year-to-date basis, with little sign of ... After being integrated into Binance Trust Wallet adds an on-chain mobile wallet to the exchange and it will clearly work in the future with other integrations. Binance wrote at that moment: “As a technology driven company, Binance’s acquisition of Trust Wallet shows the importance of secure wallet technology for the future development of cryptocurrency as a whole.” Users can download the ... Digital money that’s instant, private, and free from bank fees. Download our official wallet app and start using Bitcoin today. Read news, start mining, and buy BTC or BCH. Since Binance acquired Trust Wallet last July 2018, ... During the early years of Bitcoin, Viktor was a full-time university student in Ukraine who also advised major institutional banks for online security vulnerabilities and ran an online forum for security engineers on the side. When his country’s government requested him to give out IP addresses of his contacts, he resisted out of ... Researchers found that bitcoin worth over $1 million from several addresses connected to Ryuk ransomware attacks made its way to a wallet on the Binance exchange over the last three years, with ... The Binance Card App allows you to manage your funds, card security, and spending with only a few taps. Once your new card arrives, you need to load it with funds. Just transfer Bitcoin or BNB from your Binance.com wallet to the Binance Card wallet, and you're ready to go. The Binance Card App will be available soon. I'm trying to send bitcoin from etoro to binance, but on my wallet under balance it says 0, but under trades my full amount of bitcoin is there … Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts. Log in sign up. User account menu • Transferring bitcoin from etoro wallet to binance. Close • Posted by just now. Transferring bitcoin from etoro ... Binance traced the cryptocurrency theft — more than 7,000 bitcoins at the time of writing — to a single wallet after the hackers stole the contents of the company’s bitcoin hot wallet ... The Hong Kong-based crypto exchange Gate.io has launched a new type of hardware wallet that features fingerprint recognition. The device supports over 10,000 cryptocurrencies with wallet.io and ... A Bitcoin Cash Hardware Wallet With a Secure Chip and Low Form Factor. ... Tags in this story ... $100 Million Accelerator Fund from Binance Now Supports PARSIQ, a Reverse-Oracle... Nov 3, 2020 ...
In this video: Deposting Bitcoin to Your Binance Wallet Address. We go step by step and deposit Bitcoin to Binance Wallet Address. How to fund binance account. Heute zeige ich euch wie man sein Guthaben auf der Exchange Binance auflädt bzw. Coins dorthin versendet. Außerdem wird gezeigt wie ihr Coins von Bitcoin.de ... Using Trust Wallet to Store Ethereum and ERC 20 tokens - Duration: 19 ... Everything You Need to Know to Store Binance Coin on Ledger - Duration: 10:07. Crypto Tips 6,979 views. 10:07. Exchange ... Safepal review: the Safepal S1 hardware wallet is a low-cost but feature-packed wallet to store your crypto off of an exchange. The wallet's development was invested in by Binance through their ... Atomic is a universal cryptocurrency wallet. Manage your BNB, BTC, ETH, and 300+ coins and tokens. Instant exchange and buy crypto. https://AtomicWallet.io Let's create a non-custodial Binance ... The First Binance Approved Crypto Wallet ... Votre BANQUE n'aime pas BITCOIN #JTduCoin n°125 - Duration: 16:04. Journal du Coin 5,135 views. 16:04. VERS UNE NOUVELLE ALTCOIN SEASON ? (SWISSBORG ... Bitcoin Golden-Cross Binance Hack FUD Ripple wie Amazon? Chainlink löst DeFi Problem Tezos Rakete IOTA Sicherheits Update 🔐 Bitcoin & Crypto Wallet... 1 month free. Find out why Close. More on Coinigy & Binance - using APIs and adding wallets Buy Bitcoin Australia. Loading... Unsubscribe from Buy Bitcoin Australia? Cancel Unsubscribe. Working ...