The Hacker News - Cybersecurity News and Analysis ...
How To End The Cryptocurrency Exchange "Wild West" Without Crippling Innovation
In case you haven't noticed the consultation paper, staff notice, and report on Quadriga, regulators are now clamping down on Canadian cryptocurrency exchanges. The OSC and other regulatory bodies are still interested in industry feedback. They have not put forward any official regulation yet. Below are some ideas/insights and a proposed framework.
Typical securities frameworks will cost Canadians millions of dollars (ie Sarbanes-Oxley estimated at $5m USD/yr per firm). Implementation costs of this proposal are significantly cheaper.
Canadians can maintain a diverse set of exchanges, multiple viable business models are still fully supported, and innovation is encouraged while keeping Canadians safe.
Many of you have limited time to read the full proposal, so here are the highlights:
Effective standards to prevent both internal and external theft. Exchange operators are trained and certified, and have a legal responsibility to users.
Regular Transparent Audits
Provides visibility to Canadians that their funds are fully backed on the exchange, while protecting privacy and sensitive platform information.
Establishment of basic insurance standards/strategy, to expand over time. Removing risk to exchange users of any hot wallet theft.
Background and Justifications
Cold Storage Custody/Management After reviewing close to 100 cases, all thefts tend to break down into more or less the same set of problems: • Funds stored online or in a smart contract, • Access controlled by one person or one system, • 51% attacks (rare), • Funds sent to the wrong address (also rare), or • Some combination of the above. For the first two cases, practical solutions exist and are widely implemented on exchanges already. Offline multi-signature solutions are already industry standard. No cases studied found an external theft or exit scam involving an offline multi-signature wallet implementation. Security can be further improved through minimum numbers of signatories, background checks, providing autonomy and legal protections to each signatory, establishing best practices, and a training/certification program. The last two transaction risks occur more rarely, and have never resulted in a loss affecting the actual users of the exchange. In all cases to date where operators made the mistake, they've been fully covered by the exchange platforms. • 51% attacks generally only occur on blockchains with less security. The most prominent cases have been Bitcoin Gold and Ethereum Classic. The simple solution is to enforce deposit limits and block delays such that a 51% attack is not cost-effective. • The risk of transactions to incorrect addresses can be eliminated by a simple test transaction policy on large transactions. By sending a small amount of funds prior to any large withdrawals/transfers as a standard practice, the accuracy of the wallet address can be validated. The proposal covers all loss cases and goes beyond, while avoiding significant additional costs, risks, and limitations which may be associated with other frameworks like SOC II. On The Subject of Third Party Custodians Many Canadian platforms are currently experimenting with third party custody. From the standpoint of the exchange operator, they can liberate themselves from some responsibility of custody, passing that off to someone else. For regulators, it puts crypto in similar categorization to oil, gold, and other commodities, with some common standards. Platform users would likely feel greater confidence if the custodian was a brand they recognized. If the custodian was knowledgeable and had a decent team that employed multi-sig, they could keep assets safe from internal theft. With the right protections in place, this could be a great solution for many exchanges, particularly those that lack the relevant experience or human resources for their own custody systems. However, this system is vulnerable to anyone able to impersonate the exchange operators. You may have a situation where different employees who don't know each other that well are interacting between different companies (both the custodian and all their customers which presumably isn't just one exchange). A case study of what can go wrong in this type of environment might be Bitpay, where the CEO was tricked out of 5000 bitcoins over 3 separate payments by a series of emails sent legitimately from a breached computer of another company CEO. It's also still vulnerable to the platform being compromised, as in the really large $70M Bitfinex hack, where the third party Bitgo held one key in a multi-sig wallet. The hacker simply authorized the withdrawal using the same credentials as Bitfinex (requesting Bitgo to sign multiple withdrawal transactions). This succeeded even with the use of multi-sig and two heavily security-focused companies, due to the lack of human oversight (basically, hot wallet). Of course, you can learn from these cases and improve the security, but so can hackers improve their deception and at the end of the day, both of these would have been stopped by the much simpler solution of a qualified team who knew each other and employed multi-sig with properly protected keys. It's pretty hard to beat a human being who knows the business and the typical customer behaviour (or even knows their customers personally) at spotting fraud, and the proposed multi-sig means any hacker has to get through the scrutiny of 3 (or more) separate people, all of whom would have proper training including historical case studies. There are strong arguments both for and against using use of third party custodians. The proposal sets mandatory minimum custody standards would apply regardless if the cold wallet signatories are exchange operators, independent custodians, or a mix of both. On The Subject Of Insurance ShakePay has taken the first steps into this new realm (congratulations). There is no question that crypto users could be better protected by the right insurance policies, and it certainly feels better to transact with insured platforms. The steps required to obtain insurance generally place attention in valuable security areas, and in this case included a review from CipherTrace. One of the key solutions in traditional finance comes from insurance from entities such as the CDIC. However, historically, there wasn't found any actual insurance payout to any cryptocurrency exchange, and there are notable cases where insurance has not paid. With Bitpay, for example, the insurance agent refused because the issue happened to the third party CEO's computer instead of anything to do with Bitpay itself. With the Youbit exchange in South Korea, their insurance claim was denied, and the exchange ultimately ended up instead going bankrupt with all user's funds lost. To quote Matt Johnson in the original Lloyd's article: “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.” ShakePay's insurance was only reported to cover their cold storage, and “physical theft of the media where the private keys are held”. Physical theft has never, in the history of cryptocurrency exchange cases reviewed, been reported as the cause of loss. From the limited information of the article, ShakePay made it clear their funds are in the hands of a single US custodian, and at least part of their security strategy is to "decline to confirm the custodian’s name on the record". While this prevents scrutiny of the custodian, it's pretty silly to speculate that a reasonably competent hacking group couldn't determine who the custodian is. A far more common infiltration strategy historically would be social engineering, which has succeeded repeatedly. A hacker could trick their way into ShakePay's systems and request a fraudulent withdrawal, impersonate ShakePay and request the custodian to move funds, or socially engineer their way into the custodian to initiate the withdrawal of multiple accounts (a payout much larger than ShakePay) exploiting the standard procedures (for example, fraudulently initiating or override the wallet addresses of a real transfer). In each case, nothing was physically stolen and the loss is therefore not covered by insurance. In order for any insurance to be effective, clear policies have to be established about what needs to be covered. Anything short of that gives Canadians false confidence that they are protected when they aren't in any meaningful way. At this time, the third party insurance market does not appear to provide adequate options or coverage, and effort is necessary to standardize custody standards, which is a likely first step in ultimately setting up an insurance framework. A better solution compared to third party insurance providers might be for Canadian exchange operators to create their own collective insurance fund, or a specific federal organization similar to the CDIC. Such an organization would have a greater interest or obligation in paying out actual cases, and that would be it's purpose rather than maximizing it's own profit. This would be similar to the SAFU which Binance has launched, except it would cover multiple exchanges. There is little question whether the SAFU would pay out given a breach of Binance, and a similar argument could be made for a insurance fund managed by a collective of exchange operators or a government organization. While a third party insurance provider has the strong market incentive to provide the absolute minimum coverage and no market incentive to payout, an entity managed by exchange operators would have incentive to protect the reputation of exchange operators/the industry, and the government should have the interest of protecting Canadians. On The Subject of Fractional Reserve There is a long history of fractional reserve failures, from the first banks in ancient times, through the great depression (where hundreds of fractional reserve banks failed), right through to the 2008 banking collapse referenced in the first bitcoin block. The fractional reserve system allows banks to multiply the money supply far beyond the actual cash (or other assets) in existence, backed only by a system of debt obligations of others. Safely supporting a fractional reserve system is a topic of far greater complexity than can be addressed by a simple policy, and when it comes to cryptocurrency, there is presently no entity reasonably able to bail anyone out in the event of failure. Therefore, this framework is addressed around entities that aim to maintain 100% backing of funds. There may be some firms that desire but have failed to maintain 100% backing. In this case, there are multiple solutions, including outside investment, merging with other exchanges, or enforcing a gradual restoration plan. All of these solutions are typically far better than shutting down the exchange, and there are multiple cases where they've been used successfully in the past. Proof of Reserves/Transparency/Accountability Canadians need to have visibility into the backing on an ongoing basis. The best solution for crypto-assets is a Proof of Reserve. Such ideas go back all the way to 2013, before even Mt. Gox. However, no Canadian exchange has yet implemented such a system, and only a few international exchanges (CoinFloor in the UK being an example) have. Many firms like Kraken, BitBuy, and now ShakePay use the Proof of Reserve term to refer to lesser proofs which do not actually cryptographically prove the full backing of all user assets on the blockchain. In order for a Proof of Reserve to be effective, it must actually be a complete proof, and it needs to be understood by the public that is expected to use it. Many firms have expressed reservations about the level of transparency required in a complete Proof of Reserve (for example Kraken here). While a complete Proof of Reserves should be encouraged, and there are some solutions in the works (ie TxQuick), this is unlikely to be suitable universally for all exchange operators and users. Given the limitations, and that firms also manage fiat assets, a more traditional audit process makes more sense. Some Canadian exchanges (CoinSquare, CoinBerry) have already subjected themselves to annual audits. However, these results are not presently shared publicly, and there is no guarantee over the process including all user assets or the integrity and independence of the auditor. The auditor has been typically not known, and in some cases, the identity of the auditor is protected by a NDA. Only in one case (BitBuy) was an actual report generated and publicly shared. There has been no attempt made to validate that user accounts provided during these audits have been complete or accurate. A fraudulent fractional exchange, or one which had suffered a breach they were unwilling to publicly accept (see CoinBene), could easily maintain a second set of books for auditors or simply exclude key accounts to pass an individual audit. The proposed solution would see a reporting standard which includes at a minimum - percentage of backing for each asset relative to account balances and the nature of how those assets are stored, with ownership proven by the auditor. The auditor would also publicly provide a "hash list", which they independently generate from the accounts provided by the exchange. Every exchange user can then check their information against this public "hash list". A hash is a one-way form of encryption, which fully protects the private information, yet allows anyone who knows that information already to validate that it was included. Less experienced users can take advantage of public tools to calculate the hash from their information (provided by the exchange), and thus have certainty that the auditor received their full balance information. Easy instructions can be provided. Auditors should be impartial, their identities and process public, and they should be rotated so that the same auditor is never used twice in a row. Balancing the cost of auditing against the needs for regular updates, a 6 month cycle likely makes the most sense. Hot Wallet Management The best solution for hot wallets is not to use them. CoinBerry reportedly uses multi-sig on all withdrawals, and Bitmex is an international example known for their structure devoid of hot wallets. However, many platforms and customers desire fast withdrawal processes, and human validation has a cost of time and delay in this process. A model of self-insurance or separate funds for hot wallets may be used in these cases. Under this model, a platform still has 100% of their client balance in cold storage and holds additional funds in hot wallets for quick withdrawal. Thus, the risk of those hot wallets is 100% on exchange operators and not affecting the exchange users. Since most platforms typically only have 1%-5% in hot wallets at any given time, it shouldn't be unreasonable to build/maintain these additional reserves over time using exchange fees or additional investment. Larger withdrawals would still be handled at regular intervals from the cold storage. Hot wallet risks have historically posed a large risk and there is no established standard to guarantee secure hot wallets. When the government of South Korea dispatched security inspections to multiple exchanges, the results were still that 3 of them got hacked after the inspections. If standards develop such that an organization in the market is willing to insure the hot wallets, this could provide an acceptable alternative. Another option may be for multiple exchange operators to pool funds aside for a hot wallet insurance fund. Comprehensive coverage standards must be established and maintained for all hot wallet balances to make sure Canadians are adequately protected.
Current Draft Proposal
(1) Proper multi-signature cold wallet storage. (a) Each private key is the personal and legal responsibility of one person - the “signatory”. Signatories have special rights and responsibilities to protect user assets. Signatories are trained and certified through a course covering (1) past hacking and fraud cases, (2) proper and secure key generation, and (3) proper safekeeping of private keys. All private keys must be generated and stored 100% offline by the signatory. If even one private keys is ever breached or suspected to be breached, the wallet must be regenerated and all funds relocated to a new wallet. (b) All signatories must be separate background-checked individuals free of past criminal conviction. Canadians should have a right to know who holds their funds. All signing of transactions must take place with all signatories on Canadian soil or on the soil of a country with a solid legal system which agrees to uphold and support these rules (from an established white-list of countries which expands over time). (c) 3-5 independent signatures are required for any withdrawal. There must be 1-3 spare signatories, and a maximum of 7 total signatories. The following are all valid combinations: 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. (d) A security audit should be conducted to validate the cold wallet is set up correctly and provide any additional pertinent information. The primary purpose is to ensure that all signatories are acting independently and using best practices for private key storage. A report summarizing all steps taken and who did the audit will be made public. Canadians must be able to validate the right measures are in place to protect their funds. (e) There is a simple approval process if signatories wish to visit any country outside Canada, with a potential whitelist of exempt countries. At most 2 signatories can be outside of aligned jurisdiction at any given time. All exchanges would be required to keep a compliant cold wallet for Canadian funds and have a Canadian office if they wish to serve Canadian customers. (2) Regular and transparent solvency audits. (a) An audit must be conducted at founding, after 3 months of operation, and at least once every 6 months to compare customer balances against all stored cryptocurrency and fiat balances. The auditor must be known, independent, and never the same twice in a row. (b) An audit report will be published featuring the steps conducted in a readable format. This should be made available to all Canadians on the exchange website and on a government website. The report must include what percentage of each customer asset is backed on the exchange, and how those funds are stored. (c) The auditor will independently produce a hash of each customer's identifying information and balance as they perform the audit. This will be made publicly available on the exchange and government website, along with simplified instructions that each customer can use to verify that their balance was included in the audit process. (d) The audit needs to include a proof of ownership for any cryptocurrency wallets included. A satoshi test (spending a small amount) or partially signed transaction both qualify. (e) Any platform without 100% reserves should be assessed on a regular basis by a government or industry watchdog. This entity should work to prevent any further drop, support any private investor to come in, or facilitate a merger so that 100% backing can be obtained as soon as possible. (3) Protections for hot wallets and transactions. (a) A standardized list of approved coins and procedures will be established to constitute valid cold storage wallets. Where a multi-sig process is not natively available, efforts will be undertaken to establish a suitable and stable smart contract standard. This list will be expanded and improved over time. Coins and procedures not on the list are considered hot wallets. (b) Hot wallets can be backed by additional funds in cold storage or an acceptable third-party insurance provider with a comprehensive coverage policy. (c) Exchanges are required to cover the full balance of all user funds as denominated in the same currency, or double the balance as denominated in bitcoin or CAD using an established trading rate. If the balance is ever insufficient due to market movements, the firm must rectify this within 24 hours by moving assets to cold storage or increasing insurance coverage. (d) Any large transactions (above a set threshold) from cold storage to any new wallet addresses (not previously transacted with) must be tested with a smaller transaction first. Deposits of cryptocurrency must be limited to prevent economic 51% attacks. Any issues are to be covered by the exchange. (e) Exchange platforms must provide suitable authentication for users, including making available approved forms of two-factor authentication. SMS-based authentication is not to be supported. Withdrawals must be blocked for 48 hours in the event of any account password change. Disputes on the negligence of exchanges should be governed by case law.
Continued review of existing OSC feedback is still underway. More feedback and opinions on the framework and ideas as presented here are extremely valuable. The above is a draft and not finalized. The process of further developing and bringing a suitable framework to protect Canadians will require the support of exchange operators, legal experts, and many others in the community. The costs of not doing such are tremendous. A large and convoluted framework, one based on flawed ideas or implementation, or one which fails to properly safeguard Canadians is not just extremely expensive and risky for all Canadians, severely limiting to the credibility and reputation of the industry, but an existential risk to many exchanges. The responsibility falls to all of us to provide our insight and make our opinions heard on this critical matter. Please take the time to give your thoughts.
Bitfinex offers “up to” $400 million rewards for bitcoins stolen during the 2016 exchange hack.
Electric Capital raises $110 million for the second fund, eyeing DeFi, and 1st layer expansions .
Missouri man pleaded guilty to trying to buy chemical weapons with bitcoin
Other notable events include: - Ethereum Classic has suffered its second 51% attack in a week after more than 4,000 blocks were reorganized Thursday morning. - The Chicago DeFi Alliance (CDA) is launching one of the first accelerator programs for decentralized finance (DeFi) startups beginning in August. Also, be sure to check out top altcoin gainers and losers of the week.⬇️ Double Trouble Ethereum Classic has suffered its second 51% attack in a week after more than 4,000 blocks were reorganized Thursday morning. A chain reorg occurs when a party gains more hashing power than the rest of the network miners, allowing them to rewrite the chain’s history and “double-spend” its crypto. Bitfly and Binance reported the reorganization, announcing all Ethereum Classic payouts, withdrawals and deposits had been suspended due to the attack. The network has suffered major reorg attacks at least twice in the last two years. In late July, hackers moved more than 807,000 ETC from unspecified crypto exchange to several wallets, according to Bitquery. DeFi Development The Chicago DeFi Alliance (CDA) is launching one of the first accelerator programs for decentralized finance (DeFi) startups beginning in August. The program is modeled on Silicon Valley’s Y Combinator program and will invest $120,000 in each participating team in exchange for future token purchases. Volt Capital co-founder Imran Khan and CDA partner Qiao Wang will lead the eight-week program for early-stage startups, plus a fast-track program to introduce more established startups to relevant experts. “DeFi has all the fundamental qualities to become a real, trusted alternative to the legacy financial system,” Wang said. https://preview.redd.it/dcw35es747g51.jpg?width=1200&format=pjpg&auto=webp&s=ffdd3435a4cfd0591d10a06f67557b463cae4590
Crypto-Powered - The Most Promising Use-Cases of Decentralized Finance (DeFi)
A whirlwind tour of Defi, paying close attention to protocols that we’re leveraging atGenesis Block. https://reddit.com/link/hrrt21/video/cvjh5rrh12b51/player This is the third post ofCrypto-Powered— a new series that examines what it means forGenesis Blockto be a digital bank that’s powered by crypto, blockchain, and decentralized protocols. Last week we explored how building on legacy finance is a fool’s errand. The future of money belongs to those who build with crypto and blockchain at their core. We also started down the crypto rabbit hole, introducing Bitcoin, Ethereum, and DeFi (decentralized finance). That post is required reading if you hope to glean any value from the rest of this series. 97% of all activity on Ethereum in the last quarter has been DeFi-related. The total value sitting inside DeFi protocols is roughly $2B — double what it was a month ago. The explosive growth cannot be ignored. All signs suggest that Ethereum & DeFi are a Match Made in Heaven, and both on their way to finding strong product/market fit. So in this post, we’re doing a whirlwind tour of DeFi. We look at specific examples and use-cases already in the wild and seeing strong growth. And we pay close attention to protocols that Genesis Block is integrating with. Alright, let’s dive in.
Stablecoins are exactly what they sound like: cryptocurrencies that are stable. They are not meant to be volatile (like Bitcoin). These assets attempt to peg their price to some external reference (eg. USD or Gold). A non-volatile crypto asset can be incredibly useful for things like merchant payments, cross-border transfers, or storing wealth — becoming your own bank but without the stress of constant price volatility. There are major governments and central banks that are experimenting with or soon launching their own stablecoins like China with their digital yuan and the US Federal Reserve with their digital dollar. There are also major corporations working in this area like JP Morgan with their JPM Coin, and of course Facebook with their Libra Project.
Stablecoin activity has grown 800% in the last year, with $290B of transaction volume (funds moving on-chain).
USDC($1B): This is the most reputable USD-backed stablecoin, at least in the West. It was created by Coinbase & Circle, both well-regarded crypto companies. They’ve been very open and transparent with their audits and bank records.
DAI ($189M): This is backed by other crypto assets — not USD in a bank account. This was arguably the first true DeFi protocol. The big benefit is that it’s more decentralized — it’s not controlled by any single organization. The downside is that the assets backing it can be volatile crypto assets (though it has mechanisms in place to mitigate that risk).
Three of the top five DeFi protocols relate to lending & borrowing. These popular lending protocols look very similar to traditional money markets. Users who want to earn interest/yield can deposit (lend) their funds into a pool of liquidity. Because it behaves similarly to traditional money markets, their funds are not locked, they can withdraw at any time. It’s highly liquid. Borrowers can tap into this pool of liquidity and take out loans. Interest rates depend on the utilization rate of the pool — how much of the deposits in the pool have already been borrowed. Supply & demand. Thus, interest rates are variable and borrowers can pay their loans back at any time.
So, who decides how much a borrower can take? What’s the process like? Are there credit checks? How is credit-worthiness determined?
These protocols are decentralized, borderless, permissionless. The people participating in these markets are from all over the world. There is no simple way to verify identity or check credit history. So none of that happens. Credit-worthiness is determined simply by how much crypto collateral the borrower puts into the protocol. For example, if a user wants to borrow $5k of USDC, then they’ll need to deposit $10k of BTC or ETH. The exact amount of collateral depends on the rules of the protocol — usually the more liquid the collateral asset, the more borrowing power the user can receive. The most prominent lending protocols include Compound, Aave, Maker, and Atomic Loans. Recently, Compound has seen meteoric growth with the introduction of their COMP token — a token used to incentivize and reward participants of the protocol. There’s almost $1B in outstanding debt in the Compound protocol. Mainframe is also working on an exciting protocol in this area and the latest iteration of their white paper should be coming out soon.
There is very little economic risk to these protocols because all loans are overcollateralized.
Buying, selling, and trading crypto assets is certainly one form of investing (though not for the faint of heart). But there are now DeFi protocols to facilitate making and managing traditional-style investments. Through DeFi, you can invest in Gold. You can invest in stocks like Amazon and Apple. You can short Tesla. You can access the S&P 500. This is done through crypto-based synthetics — which gives users exposure to assets without needing to hold or own the underlying asset. This is all possible with protocols like UMA, Synthetix, or Market protocol. Maybe your style of investing is more passive. With PoolTogether , you can participate in a no-loss lottery. Maybe you’re an advanced trader and want to trade options or futures. You can do that with DeFi protocols like Convexity, Futureswap, and dYdX. Maybe you live on the wild side and trade on margin or leverage, you can do that with protocols like Fulcrum, Nuo, and DDEX. Or maybe you’re a degenerate gambler and want to bet against Trump in the upcoming election, you can do that on Augur. And there are plenty of DeFi protocols to help with crypto investing. You could use Set Protocol if you need automated trading strategies. You could use Melonport if you’re an asset manager. You could use Balancer to automatically rebalance your portfolio. With as little as $1, people all over the world can have access to the same investment opportunities and tools that used to be reserved for only the wealthy, or those lucky enough to be born in the right country.
You can start to imagine how services like Etrade, TD Ameritrade, Schwab, and even Robinhood could be massively disrupted by a crypto-native company that builds with these types of protocols at their foundation.
As mentioned in our previous post, there are near-infinite applications one can build on Ethereum. As a result, sometimes the code doesn’t work as expected. Bugs get through, it breaks. We’re still early in our industry. The tools, frameworks, and best practices are all still being established. Things can go wrong. Sometimes the application just gets in a weird or bad state where funds can’t be recovered — like with what happened with Parity where $280M got frozen (yes, I lost some money in that). Sometimes, there are hackers who discover a vulnerability in the code and maliciously steal funds — like how dForce lost $25M a few months ago, or how The DAO lost $50M a few years ago. And sometimes the system works as designed, but the economic model behind it is flawed, so a clever user takes advantage of the system— like what recently happened with Balancer where they lost $500k. There are a lot of risks when interacting with smart contracts and decentralized applications — especially for ones that haven’t stood the test of time. This is why insurance is such an important development in DeFi.
Insurance will be an essential component in helping this technology reach the masses.
Decentralized Exchanges (DEX) were one of the first and most developed categories in DeFi. A DEX allows a user to easily exchange one crypto asset for another crypto asset — but without needing to sign up for an account, verify identity, etc. It’s all via decentralized protocols. Within the first 5 months of 2020, the top 7 DEX already achieved the 2019 trading volume. That was $2.5B. DeFi is fueling a lot of this growth. https://preview.redd.it/1dwvq4e022b51.png?width=700&format=png&auto=webp&s=97a3d756f60239cd147031eb95fc2a981db55943 There are many different flavors of DEX. Some of the early ones included 0x, IDEX, and EtherDelta — all of which had a traditional order book model where buyers are matched with sellers. Another flavor is the pooled liquidity approach where the price is determined algorithmically based on how much liquidity there is and how much the user wants to buy. This is known as an AMM (Automated Market Maker) — Uniswap and Bancor were early leaders here. Though lately, Balancer has seen incredible growth due mostly to their strong incentives for participation — similar to Compound. There are some DEXs that are more specialized — for example, Curve and mStable focus mostly only stablecoins. Because of the proliferation of these decentralized exchanges, there are now aggregators that combine and connect the liquidity of many sources. Those include Kyber, Totle, 1Inch, and Dex.ag.
These decentralized exchanges are becoming more and more connected to DeFi because they provide an opportunity for yield and earning interest.
As it relates to making payments, much of the world is still stuck on plastic cards. We’re grateful to partner with Visa and launch the Genesis Block debit card… but we still don’t believe that's the future of payments. We see that as an important bridge between the past (legacy finance) and the future (crypto). Our first post in this series shared more on why legacy finance is broken. We talked about the countless unnecessary middle-men on every card swipe (merchant, acquiring bank, processor, card network, issuing bank). We talked about the slow settlement times. The future of payments will be much better. Yes, it’ll be from a mobile phone and the user experience will be similar to ApplePay (NFC) or WePay (QR Code).
But more importantly, the underlying assets being moved/exchanged will all be crypto — digital, permissionless, and open source.
Someone making a payment at the grocery store check-out line will be able to open up Genesis Block, use contactless tech or scan a QR code, and instantly pay for their goods. All using crypto. Likely a stablecoin. Settlement will be instant. All the middlemen getting their pound of flesh will be disintermediated. The merchant can make more and the user can spend less. Blockchain FTW! Now let’s talk about a few projects working in this area. The xDai Burner Wallet experience was incredible at the ETHDenver event a few years ago, but that speed came at the expense of full decentralization (can it be censored or shut down?). Of course, Facebook’s Libra wants to become the new standard for global payments, but many are afraid to give Facebook that much control (newsflash: it isn’t very decentralized). Bitcoin is decentralized… but it’s slow and volatile. There are strong projects like Lightning Network (Zap example) that are still trying to make it happen. Projects like Connext and OmiseGo are trying to help bring payments to Ethereum. The Flexa project is leveraging the gift card rails, which is a nice hack to leverage existing pipes. And if ETH 2.0 is as fast as they say it will be, then the future of payments could just be a stablecoin like DAI (a token on Ethereum). In a way, being able to spend crypto on daily expenses is the holy grail of use-cases. It’s still early. It hasn’t yet been solved. But once we achieve this, then we can ultimately and finally say goodbye to the legacy banking & finance world. Employees can be paid in crypto. Employees can spend in crypto. It changes everything.
Legacy finance is hanging on by a thread, and it’s this use-case that they are still clinging to. Once solved, DeFi domination will be complete.
At Genesis Block, we’re excited to leverage these protocols and take this incredible technology to the world. Many of these protocols are already deeply integrated with our product. In fact, many are essential. The masses won’t know (or care about) what Tether, USDC, or DAI is. They think in dollars, euros, pounds and pesos. So while the user sees their local currency in the app, the underlying technology is all leveraging stablecoins. It’s all on “crypto rails.” https://preview.redd.it/jajzttr622b51.png?width=700&format=png&auto=webp&s=fcf55cea1216a1d2fcc3bf327858b009965f9bf8 When users deposit assets into their Genesis Block account, they expect to earn interest. They expect that money to grow. We leverage many of these low-risk lending/exchange DeFi protocols. We lend into decentralized money markets like Compound — where all loans are overcollateralized. Or we supply liquidity to AMM exchanges like Balancer. This allows us to earn interest and generate yield for our depositors. We’re the experts so our users don’t need to be. We haven’t yet integrated with any of the insurance or investment protocols — but we certainly plan on it. Our infrastructure is built with blockchain technology at the heart and our system is extensible — we’re ready to add assets and protocols when we feel they are ready, safe, secure, and stable. Many of these protocols are still in the experimental phase. It’s still early.
At Genesis Block we’re excited to continue to be at the frontlines of this incredible, innovative, technological revolution called DeFi.
--- None of these powerful DeFi protocols will be replacing Robinhood, SoFi, or Venmo anytime soon. They never will. They aren’t meant to! We’ve discussed this before, these are low-level protocols that need killer applications, like Genesis Block. So now that we’ve gone a little deeper down the rabbit hole and we’ve done this whirlwind tour of DeFi, the natural next question is: why?
Why does any of it matter?
Most of these financial services that DeFi offers already exist in the real world. So why does it need to be on a blockchain? Why does it need to be decentralized? What new value is unlocked? Next post, we answer these important questions. To look at more projects in DeFi, check outDeFi Prime,DeFi Pulse, orConsensys. ------ Other Ways to Consume Today's Episode:
https://preview.redd.it/6w93e0afttx41.png?width=1400&format=png&auto=webp&s=c00989612ec2d52eb522405e6b6a98bf875e08bb Version 1.3.0 is a powerful update to TkeySpace that our team has been carefully preparing. since version 1.2.0, we have been laying the foundation for implementing new features that are already available in the current version. Who cares about the security and privacy of their assets is an update for you. TkeySpace — was designed to give You full control over your digital assets while maintaining an exceptional level of security, which is why there is no personal data in the wallet: phone number, the email address that could be compromised by hackers — no identity checks and other hassles, just securely save the backup phrase consisting of 12 words.
Briefly about the TkeySpace 1.3.0 update :
Code optimization and switching to AndroidX;
Selecting the privacy mode;
Selecting the recovery method for each currency;
Choosing the address format for Litecoin;
Enhanced validation of transactions and blocks in the network;
Starting with the current update, the TkeySpace wallet can communicate via the TOR network, includes new privacy algorithms, and supports 59 different currencies. https://i.redd.it/kn5waeskttx41.gif Tor is a powerful privacy feature for those who own large assets or live in places where the Internet is heavily censored.
Tor technology provides protection against traffic analysis mechanisms that compromise not only Internet privacy, but also the confidentiality of trade secrets, business contacts, and communications in General.
When you enable TOR settings, all outgoing traffic from the wallet will be encrypted and routed through an anonymous network of servers, periodically forming a chain through the Tor network, which uses multi-level encryption, effectively hiding any information about the sender: location, IP address, and other data. This means that if your provider blocks the connection, you can rest easy — after all, by running this function, you will get an encrypted connection to the network without restrictions. https://preview.redd.it/w9y3ax4mttx41.png?width=960&format=png&auto=webp&s=972e375fc26d479e8b8d2999f7659ec332e2af55 In TOR mode, the wallet may work noticeably slower and in some cases, there may be problems with the network, due to encryption, some blockchain browsers may temporarily not work. However, TOR encryption is very important when Internet providers completely block traffic and switching to this mode, you get complete freedom and no blocks for transactions.
Confidentiality of transactions (the Blockchain transaction)
The wallet can change the model of a standard transaction, mixing inputs and outputs, making it difficult to identify certain cryptocurrencies. In the current update, you can select one of several modes for the transaction privacy level: deterministic lexicographic sorting or shuffle mode.
Mode: Lexicographic indexing
Implemented deterministic lexicographic sorting using hashes of previous transactions and output indexes for sorting transaction input data, as well as values and scriptPubKeys for sorting transaction output data; We understand that information must remain confidential not only in the interests of consumers but also in higher orders, financial systems must be kept secret to prevent fraud. One way to address these privacy shortcomings is to randomize the order of inputs and outputs.
Lexicographic orderingis a comparison algorithm used to sort two sets based on their Cartesian order within their common superset. Lexicographic order is also often referred to as alphabetical order or dictionary order. The hashes of previous transactions (in reverse byte order) are sorted in ascending order, lexicographically.
In the case of two matching transaction hashes, the corresponding previous output indexes will be compared by their integer value in ascending order. If the previous output indexes match, the input data is considered equal.
Shuffle Mode: mixing (random indexing)
To learn more about how “shuffle mode” works, we will first analyze the mechanisms using the example of a classic transaction. Current balance Of your wallet: 100 TKEY, coins are stored at different addresses: x1. Address-contains 10 TKEY. x2. Address-contains 20 TKEY. x3. Address-contains 30 TKEY. x4. Address-contains 15 TKEY. x5. Address-contains 25 TKEY.
Addresses in the blockchain are identifiers that you use to send cryptocurrency to another person or to receive digital currency.
Let’s look at a similar example: you have 100 TKEY on your balance, and you need to send 19 TKEY. x1. Address-contains 10 TKEY. x2. Address-contains 20 TKEY. x3. Address-contains 30 TKEY. x4. Address-contains 15 TKEY. x5. Address-contains 25 TKEY. You send 19 TKEY, the system analyzes all your addresses and balances on them and selects the most suitable ones for the transaction. To send 19 TKEY, the miners will be given coins with x2. Addresses, for a total of 20 TKEY. Of these, 19 TKEY will be sent to the recipient, and 0.99999679 TKEY will be returned to Your new address as change minus the transaction fee. https://preview.redd.it/doxmqffqttx41.png?width=1400&format=png&auto=webp&s=5c99ec41363fe50cd651dc0acab05e175416006a In the blockchain explorer, you will see the transaction amount in the amount of 20 TKEY, where 0.99999679 TKEY is Your change, 19 TKEY is the amount you sent and 0.00000321 is the transaction fee. The shuffle mode has a cumulative effect. with each new transaction, delivery Addresses will be created and the selection of debit addresses/s that are most suitable for the transaction will change. Thus, if you store 1,000,000 TKEY in your wallet and want to send 1 TKEY to the recipient, the transaction amount will not display most of your balance but will select 1 or more addresses for the transaction.
Selecting the recovery method for each digital currency (Blockchain restore)
Now you can choose the recovery method for each currency: API + Blockchain or blockchain.
Note: This is not a syncing process, but rather the choice of a recovery method for your wallet. Syncing takes place with the blockchain — regardless of the method you choose.
What are the differences between recovery methods?
API + Blockchain
In order not to load the entire history of the blockchain, i.e. block and transaction headers, the API helps you quickly get point information about previous transactions. For example, If your transactions are located in block 67325 and block 71775, the API will indicate to the node the necessary points for restoring Your balance, which will speed up the “recovery” process. As soon as the information is received, communication with the peers takes place and synchronization begins from the control point, then from this moment, all subsequent block loading is carried out through the blockchain. This method allows you to quickly restore Your existing wallet. ‘’+’’ Speed. ‘’-’’ The API server may fail.
This method loads all block headers (block headers + Merkle) starting from the BIP44 checkpoint and manually validates transactions. ‘’+’’ It always works and is decentralized. ‘’-’’ Loading the entire blockchain may take a long time.
Why do I need to switch the recovery method?
If when creating a wallet or restoring it, a notification (!) lights up in red near the selected cryptocurrency, then most likely the API has failed, so go to Settings — Security Center — Privacy — Blockchain Restore — switch to Blockchain. Syncing will be successful.
Enhanced validation of transactions and blocks in the network
Due to the increased complexity in the Tkeycoin network, we have implemented enhanced validation of the tkeycoin consensus algorithm, and this algorithm is also available for other cryptocurrencies.
What is the advantage of the enhanced validation algorithm for the user
First, the name itself speaks for itself — it increases the security of the network, and second, by implementing the function — we have accelerated the work of the TkeySpace blockchain node, the application consumes even fewer resources than before.
High complexity is converted to 3 bytes, which ensures fast code processing and the least resource consumption on your device.
The synchronization process has been upgraded. Node addresses are added to the local storage, and instant synchronization with nodes occurs when you log in again.
Checking for double-spending
TkeySpace eliminates “double-spending” in blockchains, which is very valuable in the Bitcoin and Litecoin networks.
For example, using another application, you may be sent a fake transaction, and the funds will eventually disappear from the network and your wallet because this feature is almost absent in most applications.
Using TkeySpace — you are 100% sure that your funds are safe and protected from fraudulent transactions in the form of “fake” transactions.
The bloom filter to check for nodes
All nodes are checked through the bloom filter. This allows you to exclude fraudulent nodes that try to connect to the network as real nodes of a particular blockchain. In practice, this verification is not available in applications, Tkeycoin — decided to follow a new trend and change the stereotypes, so new features such as node verification using the bloom filter and double-spending verification are a kind of innovation in applications that work with cryptocurrencies.
Updating the Binance and Ethereum libraries
Updated Binance and Ethereum libraries for interaction with the TOR network.
Function — to hide the balance
This function allows you to hide the entire balance from the main screen.
Advanced currency charts and charts without authentication
Detailed market statistics are available, including volumes, both for 1 day and several years. Select the period of interest: 1 day, 7 days, 1 month, 3 months, 6 months, 1 year, 2 years.
In version 1.3.0, you can access charts without authentication. You can monitor the cryptocurrency exchange rate without even logging in to the app. If you have a pin code for logging in, when you open the app, swipe to the left and you will see a list of currencies.
Transaction verification for Tkeycoin is now available directly in the app.
Independent Commission entry for Bitcoin
Taking into account the large volume of the Bitcoin network, we have implemented independent Commission entry — you can specify any Commission amount. For other currencies, smart Commission calculation is enabled based on data from the network. The network independently regulates the most profitable Commission for the sender.
New digital currencies
The TkeySpace wallet supports +59 cryptocurrencies and tokens.
The biggest announcement of the month was the new kind of decentralized exchange proposed by @jy-p of Company 0. The Community Discussions section considers the stakeholders' response. dcrd: Peer management and connectivity improvements. Some work for improved sighash algo. A new optimization that gives 3-4x faster serving of headers, which is great for SPV. This was another step towards multipeer parallel downloads – check this issue for a clear overview of progress and planned work for next months (and some engineering delight). As usual, codebase cleanup, improvements to error handling, test infrastructure and test coverage. Decrediton: work towards watching only wallets, lots of bugfixes and visual design improvements. Preliminary work to integrate SPV has begun. Politeia is live on testnet! Useful links: announcement, introduction, command line voting example, example proposal with some votes, mini-guide how to compose a proposal. Trezor: Decred appeared in the firmware update and on Trezor website, currently for testnet only. Next steps are mainnet support and integration in wallets. For the progress of Decrediton support you can track this meta issue. dcrdata: Continued work on Insight API support, see this meta issue for progress overview. It is important for integrations due to its popularity. Ongoing work to add charts. A big database change to improve sorting on the Address page was merged and bumped version to 3.0. Work to visualize agenda voting continues. Ticket splitting: 11-way ticket split from last month has voted (transaction). Ethereum support in atomicswap is progressing and welcomes more eyeballs. decred.org: revamped Press page with dozens of added articles, and a shiny new Roadmap page. decredinfo.com: a new Decred dashboard by lte13. Reddit announcement here. Dev activity stats for June: 245 active PRs, 184 master commits, 25,973 added and 13,575 deleted lines spread across 8 repositories. Contributions came from 2 to 10 developers per repository. (chart)
Hashrate: growth continues, the month started at 15 and ended at 44 PH/s with some wild 30% swings on the way. The peak was 53.9 PH/s. F2Pool was the leader varying between 36% and 59% hashrate, followed by coinmine.pl holding between 18% and 29%. In response to concerns about its hashrate share, F2Pool made a statement that they will consider measures like rising the fees to prevent growing to 51%. Staking: 30-day average ticket price is 94.7 DCR (+3.4). The price was steadily rising from 90.7 to 95.8 peaking at 98.1. Locked DCR grew from 3.68 to 3.81 million DCR, the highest value was 3.83 million corresponding to 47.87% of supply (+0.7% from previous peak). Nodes: there are 240 public listening and 115 normal nodes per dcred.eu. Version distribution: 57% on v1.2.0 (+12%), 25% on v1.1.2 (-13%), 14% on v1.1.0 (-1%). Note: the reported count of non-listening nodes has dropped significantly due to data reset at decred.eu. It will take some time before the crawler collects more data. On top of that, there is no way to exactly count non-listening nodes. To illustrate, an alternative data source, charts.dcr.farm showed 690 reachable nodes on Jul 1. Extraordinary event: 247361 and 247362 were two nearly full blocks. Normally blocks are 10-20 KiB, but these blocks were 374 KiB (max is 384 KiB).
Update from Obelisk: shipping is expected in first half of July and there is non-zero chance to meet hashrate target. Another Chinese ASIC spotted on the web: Flying Fish D18 with 340 GH/s at 180 W costing 2,200 CNY (~340 USD). (asicok.com – translated, also on asicminervalue) dcrASIC team posted a farewell letter. Despite having an awesome 16 nm chip design, they decided to stop the project citing the saturated mining ecosystem and low profitability for their potential customers.
Changenow announced the option to buy DCR with fiat.
TokenPride: "We are seeking feedback on the general setup of our payment processor. We have tried to make it simple and user friendly. 10% of all purchases made in Decred will be donated to the Decred Development fund - and we will be releasing original Decred designs in the future".
BlueYard Capital announced investment in Decred and the intent to be long term supporters and to actively participate in the network's governance. In an overview post they stressed core values of the project:
There are a few other remarkable characteristics that are a testament to the DNA of the team behind Decred: there was no sale of DCR to investors, no venture funding, and no payment to exchanges to be listed – underscoring that the Decred team and contributors are all about doing the right thing for long term (as manifested in their constitution for the project). The most encouraging thing we can see is both the quality and quantity of high calibre developers flocking to the project, in addition to a vibrant community attaching their identity to the project.
The company will be hosting an event in Berlin, see Events below. Arbitrade is now mining Decred.
Campus Party in Brasilia, Brazil. @girino, @Rhama and @matheusd talked about Decred. Matheus was interviewed by a TV channel. Check this quick report about the event, click "Show newer" to continue reading. (photos: 123)
Blockchain Summit in London, UK. This was not a full blown presence with stand but rather investigation of opportunities by @kyle and @Ani. The resulting detailed report is a good example of a document advising to stakeholders whether it is worth spending project funds.
Meetup in Berlin, Germany on July 18. @jz will give a talk and Q&A about Decred and chat with Ele from @oscoin about incentivizing developers. Hosted by BlueYard Capital.
Hey guys! I'd like to share with you my latest adventure: Stakey Club, hosted at stakey.club, is a website dedicated to Decred. I posted a few articles in Brazilian Portuguese and in English. I also translated to Portuguese some posts from the Decred Blog. I hope you like it! (slack)
Decred Assembly - Ep20 - Governance: Driving the Future (youtube) @cburniske and @traceagain discuss the importance of governance protocols being foundational and problems with delegated proof of stake
"I think that developers in the future are going to base their decision on where to build on the basis of governance and community. And so I look for good governance mechanisms and strong communities in blockchains." (@decredproject)
What is on-chain cryptocurrency governance? Is it plutocratic? by Richard Red (medium)
Apples to apples, Decred is 20x more expensive to attack than Bitcoin by Zubair Zia (medium)
What makes Decred different and better from other cryptocurrencies? (cxihub.com)
Community stats: Twitter followers 40,209 (+1,091), Reddit subscribers 8,410 (+243), Slack users 5,830 (+172), GitHub 392 stars and 918 forks of dcrd repository. An update on our communication systems:
Matrix chat logs are nowviewable on the web with the exception of some channels that are not bridged. The new web logs means our chats are now fully public and indexed by search engines.
Slack had an outage on Jun 27 that disturbed communications for a few hours, discussions continued on Decred's bridged platforms.
Jake Yocom-Piatt did an AMA on CryptoTechnology, a forum for serious crypto tech discussion. Some topics covered were Decred attack cost and resistance, voting policies, smart contracts, SPV security, DAO and DPoS. A new kind of DEX was the subject of an extensive discussion in #general, #random, #trading channels as well as Reddit. New channel #thedex was created and attracted more than 100 people. A frequent and fair question is how the DEX would benefit Decred. @lukebp has put it well:
Projects like these help Decred attract talent. Typically, the people that are the best at what they do aren’t driven solely by money. They want to work on interesting projects that they believe in with other talented individuals. Launching a DEX that has no trading fees, no requirement to buy a 3rd party token (including Decred), and that cuts out all middlemen is a clear demonstration of the ethos that Decred was founded on. It helps us get our name out there and attract the type of people that believe in the same mission that we do. (slack)
Another concern that it will slow down other projects was addressed by @davecgh:
The intent is for an external team to take up the mantle and build it, so it won't have any bearing on the current c0 roadmap. The important thing to keep in mind is that the goal of Decred is to have a bunch of independent teams on working on different things. (slack)
A chat about Decred fork resistance started on Twitter and continued in #trading. Community members continue to discuss the finer points of Decred's hybrid system, bringing new users up to speed and answering their questions. The key takeaway from this chat is that the Decred chain is impossible to advance without votes, and to get around that the forker needs to change the protocol in a way that would make it clearly not Decred. "Against community governance" article was discussed on Reddit and #governance. "The Downside of Democracy (and What it Means for Blockchain Governance)" was another article arguing against on-chain governance, discussed here. Reddit recap: mining rig shops discussion; how centralized is Politeia; controversial debate on photos of models that yielded useful discussion on our marketing approach; analysis of a drop in number of transactions; concerns regarding project bus factor, removing central authorities, advertising and full node count – received detailed responses; an argument by insette for maximizing aggregate tx fees; coordinating network upgrades; a new "Why Decred?" thread; a question about quantum resistance with a detailed answer and a recap of current status of quantum resistant algorithms. Chats recap: Programmatic Proof-of-Work (ProgPoW) discussion; possible hashrate of Blake-256 miners is at least ~30% higher than SHA-256d; how Decred is not vulnerable to SPV leaf/node attack.
DCR opened the month at ~$93, reached monthly high of $110, gradually dropped to the low of $58 and closed at $67. In BTC terms it was 0.0125 -> 0.0150 -> 0.0098 -> 0.0105. The downturn coincided with a global decline across the whole crypto market. In the middle of the month Decred was noticed to be #1 in onchainfx "% down from ATH" chart and on this chart by @CoinzTrader. Towards the end of the month it dropped to #3.
Please note: we will not accept any kind of payment to list an asset.
Bithumb got hacked with a $30 m loss. Zcash organized Zcon0, an event in Canada that focused on privacy tech and governance. An interesting insight from Keynote Panel on governance: "There is no such thing as on-chain governance". Microsoft acquired GitHub. There was some debate about whether it is a reason to look into alternative solutions like GitLab right now. It is always a good idea to have a local copy of Decred source code, just in case. Status update from @sumiflow on correcting DCR supply on various sites:
To begin with, none of the below sites were showing the correct supply or market cap for Decred but we've made some progress. coingecko.com, coinlib.io, cryptocompare.com, livecoinwatch.com, worldcoinindex.com - corrected! cryptoindex.co, onchainfx.com - awaiting fix coinmarketcap.com - refused to fix because devs have coins too? (slack)
About This Issue
This is the third issue of Decred Journal after April and May. Most information from third parties is relayed directly from source after a minimal sanity check. The authors of Decred Journal have no ability to verify all claims. Please beware of scams and do your own research. The new public Matrix logs look promising and we hope to transition from Slack links to Matrix links. In the meantime, the way to read Slack links is explained in the previous issue. As usual, any feedback is appreciated: please comment on Reddit, GitHub or #writers_room. Contributions are welcome too, anything from initial collection to final review to translations. Credits (Slack names, alphabetical order): bee and Richard-Red. Special thanks to @Haon for bringing May 2018 issue to medium.
A Beginners Guide to Bitcoin, Blockchain & Cryptocurrency
As cryptocurrency, and blockchain technology become more abundant throughout our society, it’s important to understand the inner workings of this technology, especially if you plan to use cryptocurrency as an investment vehicle. If you’re new to the crypto-sphere, learning about Bitcoin makes it much easier to understand other cryptocurrencies as many other altcoins' technologies are borrowed directly from Bitcoin. Bitcoin is one of those things that you look into only to discover you have more questions than answers, and right as you’re starting to wrap your head around the technology; you discover the fact that Bitcoin has six other variants (forks), the amount of politics at hand, or that there are over a thousand different cryptocurrencies just as complex if not even more complex than Bitcoin. We are currently in the infancy of blockchain technology and the effects of this technology will be as profound as the internet. This isn’t something that’s just going to fade away into history as you may have been led to believe. I believe this is something that will become an integral part of our society, eventually embedded within our technology. If you’re a crypto-newbie, be glad that you're relatively early to the industry. I hope this post will put you on the fast-track to understanding Bitcoin, blockchain, and how a large percentage of cryptocurrencies work.
Altcoin: Short for alternative coin. There are over 1,000 different cryptocurrencies. You’re probably most familiar with Bitcoin. Anything that isn’t Bitcoin is generally referred to as an altcoin. HODL: Misspelling of hold. Dank meme accidentally started by this dude. Hodlers are much more interested in long term gains rather than playing the risky game of trying to time the market. TO THE MOON: When a cryptocurrency’s price rapidly increases. A major price spike of over 1,000% can look like it’s blasting off to the moon. Just be sure you’re wearing your seatbelt when it comes crashing down. FUD: Fear. Uncertainty. Doubt. FOMO: Fear of missing out. Bull Run: Financial term used to describe a rising market. Bear Run: Financial term used to describe a falling market.
What Is Bitcoin?
Bitcoin (BTC) is a decentralized digital currency that uses cryptography to secure and ensure validity of transactions within the network. Hence the term crypto-currency. Decentralization is a key aspect of Bitcoin. There is no CEO of Bitcoin or central authoritative government in control of the currency. The currency is ran and operated by the people, for the people. One of the main development teams behind Bitcoin is blockstream. Bitcoin is a product of blockchain technology. Blockchain is what allows for the security and decentralization of Bitcoin. To understand Bitcoin and other cryptocurrencies, you must understand to some degree, blockchain. This can get extremely technical the further down the rabbit hole you go, and because this is technically a beginners guide, I’m going to try and simplify to the best of my ability and provide resources for further technical reading.
A Brief History
Bitcoin was created by Satoshi Nakamoto. The identity of Nakamoto is unknown. The idea of Bitcoin was first introduced in 2008 when Nakamoto released the Bitcoin white paper - Bitcoin: A Peer-to-Peer Electronic Cash System. Later, in January 2009, Nakamoto announced the Bitcoin software and the Bitcoin network officially began. I should also mention that the smallest unit of a Bitcoin is called a Satoshi. 1 BTC = 100,000,000 Satoshis. When purchasing Bitcoin, you don’t actually need to purchase an entire coin. Bitcoin is divisible, so you can purchase any amount greater than 1 Satoshi (0.00000001 BTC).
What Is Blockchain?
Blockchain is a distributed ledger, a distributed collection of accounts. What is being accounted for depends on the use-case of the blockchain itself. In the case of Bitcoin, what is being accounted for is financial transactions. The first block in a blockchain is referred to as the genesis block. A block is an aggregate of data. Blocks are also discovered through a process known as mining (more on this later). Each block is cryptographically signed by the previous block in the chain and visualizing this would look something akin to a chain of blocks, hence the term, blockchain. For more information regarding blockchain I’ve provided more resouces below:
Bitcoin mining is one solution to the double spend problem. Bitcoin mining is how transactions are placed into blocks and added onto the blockchain. This is done to ensure proof of work, where computational power is staked in order to solve what is essentially a puzzle. If you solve the puzzle correctly, you are rewarded Bitcoin in the form of transaction fees, and the predetermined block reward. The Bitcoin given during a block reward is also the only way new Bitcoin can be introduced into the economy. With a halving event occurring roughly every 4 years, it is estimated that the last Bitcoin block will be mined in the year 2,140. (See What is Block Reward below for more info). Mining is one of those aspects of Bitcoin that can get extremely technical and more complicated the further down the rabbit hole you go. An entire website could be created (and many have) dedicated solely to information regarding Bitcoin mining. The small paragraph above is meant to briefly expose you to the function of mining and the role it plays within the ecosystem. It doesn’t even scratch the surface regarding the topic.
How do you Purchase Bitcoin?
The most popular way to purchase Bitcoin through is through an online exchange where you trade fiat (your national currency) for Bitcoin. Popular exchanges include:
There’s tons of different exchanges. Just make sure you find one that supports your national currency.
Bitcoin and cryptocurrencies are EXTREMELY volatile. Swings of 30% or more within a few days is not unheard of. Understand that there is always inherent risks with any investment. Cryptocurrencies especially. Only invest what you’re willing to lose.
Transaction & Network Fees
Transacting on the Bitcoin network is not free. Every purchase or transfer of Bitcoin will cost X amount of BTC depending on how congested the network is. These fees are given to miners as apart of the block reward. Late 2017 when Bitcoin got up to $20,000USD, the average network fee was ~$50. Currently, at the time of writing this, the average network fee is $1.46. This data is available in real-time on BitInfoCharts.
In this new era of money, there is no central bank or government you can go to in need of assistance. This means the responsibility of your money falls 100% into your hands. That being said, the security regarding your cryptocurrency should be impeccable. The anonymity provided by cryptocurrencies alone makes you a valuable target to hackers and scammers. Below I’ve detailed out best practices regarding securing your cryptocurrency.
Two-Factor Authentication (2FA)
Two-factor authentication is a second way of authenticating your identity upon signing in to an account. Most cryptocurrency related software/websites will offer or require some form of 2FA. Upon creation of any crypto-related account find the Security section and enable 2FA.
The most basic form of 2FA which you are probably most familiar with. This form of authentication sends a text message to your smartphone with a special code that will allow access to your account upon entry. Note that this is not the safest form of 2FA as you may still be vulnerable to what is known as a SIM swap attack. SIM swapping is a social engineering method in which an attacker will call up your phone carrier, impersonating you, in attempt to re-activate your SIM card on his/her device. Once the attacker has access to your SIM card he/she now has access to your text messages which can then be used to access your online accounts. You can prevent this by using an authenticator such as Google Authenticator.
The use of an authenticator is the safest form of 2FA. An authenticator is installed on a seperate device and enabling it requires you input an ever changing six digit code in order to access your account. I recommend using Google Authenticator. If a website has the option to enable an authenticator, it will give you a QR code and secret key. Use Google Authenticator to scan the QR code. The secret key consists of a random string of numbers and letters. Write this down on a seperate sheet of paper and do not store it on a digital device. Once Google Authenticator has been enabled, every time you sign into your account, you will have to input a six-digit code that looks similar to this. If you happen to lose or damage the device you have Google Authenticator installed on, you will be locked out of your account UNLESS you have access to the secret key (which you should have written down).
A wallet is what you store Bitcoin and cryptocurrency on. I’ll provide resources on the different type of wallets later but I want to emphasize the use of a hardware wallet (aka cold storage). Hardware wallets are the safest way of storing cryptocurrency because it allows for your crypto to be kept offline in a physical device. After purchasing crypto via an exchange, I recommend transferring it to cold storage. The most popular hardware wallets include the Ledger Nano S, and Trezor. Hardware wallets come with a special key so that if it gets lost or damaged, you can recover your crypto. I recommend keeping your recovery key as well as any other sensitive information in a safety deposit box. I know this all may seem a bit manic, but it is important you take the necessary security precautions in order to ensure the safety & longevity of your cryptocurrency.
Technical Aspects of Bitcoin
Address: What you send Bitcoin to.
Wallet: Where you store your Bitcoin
Max Supply: 21 million
Block Time: ~10 minutes
Block Size: 1-2 MB
Block Reward: BTC reward received from mining.
What is a Bitcoin Address?
A Bitcoin address is what you send Bitcoin to. If you want to receive Bitcoin you’d give someone your Bitcoin address. Think of a Bitcoin address as an email address for money.
What is a Bitcoin Wallet?
As the title implies, a Bitcoin wallet is anything that can store Bitcoin. There are many different types of wallets including paper wallets, software wallets and hardware wallets. It is generally advised NOT to keep cryptocurrency on an exchange, as exchanges are prone to hacks (see Mt. Gox hack). My preferred method of storing cryptocurrency is using a hardware wallet such as the Ledger Nano S or Trezor. These allow you to keep your crypto offline in physical form and as a result, much more safe from hacks. Paper wallets also allow for this but have less functionality in my opinion. After I make crypto purchases, I transfer it to my Ledger Nano S and keep that in a safe at home. Hardware wallets also come with a special key so that if it gets lost or damaged, you can recover your crypto. I recommend keeping your recovery key in a safety deposit box.
What is Bitcoins Max Supply?
The max supply of Bitcoin is 21 million. The only way new Bitcoins can be introduced into the economy are through block rewards which are given after successfully mining a block (more on this later).
What is Bitcoins Block Time?
The average time in which blocks are created is called block time. For Bitcoin, the block time is ~10 minutes, meaning, 10 minutes is the minimum amount of time it will take for a Bitcoin transaction to be processed. Note that transactions on the Bitcoin network can take much longer depending on how congested the network is. Having to wait a few hours or even a few days in some instances for a transaction to clear is not unheard of. Other cryptocurrencies will have different block times. For example, Ethereum has a block time of ~15 seconds. For more information on how block time works, Prabath Siriwardena has a good block post on this subject which can be found here.
What is Bitcoins Block Size?
There is a limit to how large blocks can be. In the early days of Bitcoin, the block size was 36MB, but in 2010 this was reduced to 1 MB in order to prevent distributed denial of service attacks (DDoS), spam, and other malicious use on the blockchain. Nowadays, blocks are routinely in excess of 1MB, with the largest to date being somewhere around 2.1 MB. There is much debate amongst the community on whether or not to increase Bitcoin’s block size limit to account for ever-increasing network demand. A larger block size would allow for more transactions to be processed. The con argument to this is that decentralization would be at risk as mining would become more centralized. As a result of this debate, on August 1, 2017, Bitcoin underwent a hard-fork and Bitcoin Cash was created which has a block size limit of 8 MB. Note that these are two completely different blockchains and sending Bitcoin to a Bitcoin Cash wallet (or vice versa) will result in a failed transaction. Update: As of May 15th, 2018 Bitcoin Cash underwent another hard fork and the block size has increased to 32 MB. On the topic of Bitcoin vs Bitcoin Cash and which cryptocurrency is better, I’ll let you do your own research and make that decision for yourself. It is good to know that this is a debated topic within the community and example of the politics that manifest within the space. Now if you see community members arguing about this topic, you’ll at least have a bit of background to the issue.
What is Block Reward?
Block reward is the BTC you receive after discovering a block. Blocks are discovered through a process called mining. The only way new BTC can be added to the economy is through block rewards and the block reward is halved every 210,000 blocks (approximately every 4 years). Halving events are done to limit the supply of Bitcoin. At the inception of Bitcoin, the block reward was 50BTC. At the time of writing this, the block reward is 12.5BTC. Halving events will continue to occur until the amount of new Bitcoin introduced into the economy becomes less than 1 Satoshi. This is expected to happen around the year 2,140. All 21 million Bitcoins will have been mined. Once all Bitcoins have been mined, the block reward will only consist of transaction fees.
Any computer that connects to the Bitcoin network is called a node. Nodes that fully verify all of the rules of Bitcoin are called full nodes.
In other words, full nodes are what verify the Bitcoin blockchain and they play a crucial role in maintaining the decentralized network. Full nodes store the entirety of the blockchain and validate transactions. Anyone can participate in the Bitcoin network and run a full node. Bitcoin.org has information on how to set up a full node. Running a full node also gives you wallet capabilities and the ability to query the blockchain. For more information on Bitcoin nodes, see Andreas Antonopoulos’s Q&A on the role of nodes.
What is a Fork?
A fork is a divergence in a blockchain. Since Bitcoin is a peer-to-peer network, there’s an overall set of rules (protocol) in which participants within the network must abide by. These rules are put in place to form network consensus. Forks occur when implementations must be made to the blockchain or if there is disagreement amongst the network on how consensus should be achieved.
Soft Fork vs Hard Fork
The difference between soft and hard forks lies in compatibility. Soft forks are backwards compatible, hard forks are not. Think of soft forks as software upgrades to the blockchain, whereas hard forks are a software upgrade that warrant a completely new blockchain. During a soft fork, miners and nodes upgrade their software to support new consensus rules. Nodes that do not upgrade will still accept the new blockchain. Examples of Bitcoin soft forks include:
A hard fork can be thought of as the creation of a new blockchain that X percentage of the community decides to migrate too. During a hard fork, miners and nodes upgrade their software to support new consensus rules, Nodes that do not upgrade are invalid and cannot accept the new blockchain. Examples of Bitcoin hard forks include:
Note that these are completely different blockchains and independent from the Bitcoin blockchain. If you try to send Bitcoin to one of these blockchains, the transaction will fail.
A Case For Bitcoin in a World of Centralization
Our current financial system is centralized, which means the ledger(s) that operate within this centralized system are subjugated to control, manipulation, fraud, and many other negative aspects that come with this system. There are also pros that come with a centralized system, such as the ability to swiftly make decisions. However, at some point, the cons outweigh the pros, and change is needed. What makes Bitcoin so special as opposed to our current financial system is that Bitcoin allows for the decentralized transfer of money. Not one person owns the Bitcoin network, everybody does. Not one person controls Bitcoin, everybody does. A decentralized system in theory removes much of the baggage that comes with a centralized system. Not to say the Bitcoin network doesn’t have its problems (wink wink it does), and there’s much debate amongst the community as to how to go about solving these issues. But even tiny steps are significant steps in the world of blockchain, and I believe Bitcoin will ultimately help to democratize our financial system, whether or not you believe it is here to stay for good.
Well that was a lot of words… Anyways I hope this guide was beneficial, especially to you crypto newbies out there. You may have come into this realm not expecting there to be an abundance of information to learn about. I know I didn’t. Bitcoin is only the tip of the iceberg, but now that you have a fundamental understanding of Bitcoin, learning about other cryptocurrencies such as Litecoin, and Ethereum will come more naturally. Feel free to ask questions below! I’m sure either the community or myself would be happy to answer your questions. Thanks for reading!
CryptoNick is deleting all of his BitConnect videos, and so are his buddies. Please never forget what he and his cohorts did to so many people, and how much money those people lost in the process thanks to CryptoNick, Trevon James, and Craig Grant! (26500 points, 3087 comments)
Listen up folks, if you "did", or still do promote cryptocurrency related scams, you will be called out on it via this sub-Reddit. We don't care about you, or your ill-gotten gains, we care about the general well-being of our community first and foremost. (17879 points, 1294 comments)
So no one else finds it a bit odd that Verge is actually going up in price in a bear market, after a hack attack, after being outed for paying McAfee to promote it, and after the 1 developer begged for money from his own community to allegedly help pay his taxes? (2550 points, 875 comments)
I will tell you exactly what is going on here, this is critical information to understand if you are going to make money in this space. How prices work, and what moves them - and it's not money invested/withdrawn. (20144 points, 1459 comments)
CryptoNick is deleting all of his BitConnect videos, and so are his buddies. Please never forget what he and his cohorts did to so many people, and how much money those people lost in the process thanks to CryptoNick, Trevon James, and Craig Grant! by DestroyerOfShitcoins (26500 points, 3087 comments)
I will tell you exactly what is going on here, this is critical information to understand if you are going to make money in this space. How prices work, and what moves them - and it's not money invested/withdrawn. by Suuperdad (20144 points, 1459 comments)
Listen up folks, if you "did", or still do promote cryptocurrency related scams, you will be called out on it via this sub-Reddit. We don't care about you, or your ill-gotten gains, we care about the general well-being of our community first and foremost. by DestroyerOfShitcoins (17879 points, 1294 comments)
4781 points: hanzyfranzy's comment in Bitcoin breaches $4000 in 15 minutes. What is happening 😳
4368 points: andyalxatydotcom's comment in Trevon James has over $1,000,000 in his Steem wallet, so I am posting this image as evidence as a record for the internet to remember forever, just in case he tries to tell the courts he lost all his money in BitConnect too like Craig Grant is claiming.
4287 points: mikelo22's comment in +1(800)273-8255 - U.S. National Suicide Hotline
4034 points: FSev's comment in +1(800)273-8255 - U.S. National Suicide Hotline
3700 points: arsonbunny's comment in Bittrex holding my about $100.000 hostage with no response to support ticket/email for almost three months
3628 points: eNte19's comment in Enjoy the massacre. It could be a once in life opportunity.
CryptoNick is deleting all of his BitConnect videos, and so are his buddies. Please never forget what he and his cohorts did to so many people, and how much money those people lost in the process thanks to CryptoNick, Trevon James, and Craig Grant! (26506 points, 3085 comments)
Listen up folks, if you "did", or still do promote cryptocurrency related scams, you will be called out on it via this sub-Reddit. We don't care about you, or your ill-gotten gains, we care about the general well-being of our community first and foremost. (17883 points, 1292 comments)
So no one else finds it a bit odd that Verge is actually going up in price in a bear market, after a hack attack, after being outed for paying McAfee to promote it, and after the 1 developer begged for money from his own community to allegedly help pay his taxes? (2548 points, 875 comments)
I will tell you exactly what is going on here, this is critical information to understand if you are going to make money in this space. How prices work, and what moves them - and it's not money invested/withdrawn. (20147 points, 1459 comments)
CryptoNick is deleting all of his BitConnect videos, and so are his buddies. Please never forget what he and his cohorts did to so many people, and how much money those people lost in the process thanks to CryptoNick, Trevon James, and Craig Grant! by DestroyerOfShitcoins (26506 points, 3085 comments)
I will tell you exactly what is going on here, this is critical information to understand if you are going to make money in this space. How prices work, and what moves them - and it's not money invested/withdrawn. by Suuperdad (20147 points, 1459 comments)
Listen up folks, if you "did", or still do promote cryptocurrency related scams, you will be called out on it via this sub-Reddit. We don't care about you, or your ill-gotten gains, we care about the general well-being of our community first and foremost. by DestroyerOfShitcoins (17883 points, 1292 comments)
4785 points: hanzyfranzy's comment in Bitcoin breaches $4000 in 15 minutes. What is happening 😳
4364 points: andyalxatydotcom's comment in Trevon James has over $1,000,000 in his Steem wallet, so I am posting this image as evidence as a record for the internet to remember forever, just in case he tries to tell the courts he lost all his money in BitConnect too like Craig Grant is claiming.
4284 points: mikelo22's comment in +1(800)273-8255 - U.S. National Suicide Hotline
4036 points: FSev's comment in +1(800)273-8255 - U.S. National Suicide Hotline
3695 points: arsonbunny's comment in Bittrex holding my about $100.000 hostage with no response to support ticket/email for almost three months
3628 points: eNte19's comment in Enjoy the massacre. It could be a once in life opportunity.
Binance Confirms Hacker Obtained Its Users' KYC Data from 3rd-Party Vendor ... the attackers were able to what's called "double spend" about 219,500 ETC by recovering previously spent coins from the rightfu. StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users November 08, 2018 Mohit Kumar Late last week an unknown hacker or a group of hackers successfully targeted a ... Malicious cryptocurrency miners took control of Bitcoin BTC Gold‘s blockchain recently to double-spend $72,000 worth of BTG.. Bad actors assumed a majority of the network‘s processing power ... The hacker successfully got away by carrying double spend on Coinbase. The value of the attack was $1.1 million. The hacker did not stop there and launched another 51 percent attack targeting another cryptocurrency exchange called Gate.io but returned half the money. All these incidents showed that individuals and groups can misuse the ... The idea is that if Binance can double spend the stolen funds with a large enough transaction fee, miners would be incentivised to rollback the blockchain to the point where the funds were stolen and start building a new chain. This would enable them to mine a new chain where the funds were not stolen and process the transaction with the enormous fees placed by Binance. Bitcoin Gold (BTG) is subject to a blockchain double spending attack worth around $72,000 as a result of a 51 percent mining attack to take control of the Bitcoin Gold blockchain. The attacks came on Thursday and Friday, dated 23rd and 24th of January, where the first attack costed the blockchain around 1900 BTG, and the second attack wave costed a loss of 5267 BTG. This can be used to perform a double spend attack, where a hacker sends a transaction to someone on the original chain, and then creates a longer chain where the transaction doesn’t exist, making the transaction disappear. Bitcoin and Ethereum have far too much hashing power for any real possibility of a 51% attack, however, many smaller cryptos have small enough hash rates where 51% attacks ... Bitcoin Bug ermöglicht Double-Spend- und 51%-Attacken. Ein Fehler im Bitcoin Code, der als CVE-2018-17144 bekannt ist, wurde am 19. September behoben. Theoretisch hätte diese Schwachstelle es einem Hacker ermöglicht, eine 51%- und Double-Spend-Attacke bei Bitcoin durchzuführen. Obwohl bei BTC das Problem behoben wurde, haben andere ... An unidentified hacker has executed several “double spend” attacks on the infrastructure of the Bitcoin Gold cryptocurrency. As a result, he amassed over $18 million worth of BTG (Bitcoin Gold) coins. According to a post on the Bitcoin Gold forum, the attacks started last Friday. Bitcoin Gold director of communications, Edward Iskra, first warned users […] Bitcoin Gold (BTG) has suffered another 51% network exploit with the attacker reportedly double-spending $75,000 in BTG tokens. Details of the Bitcoin Gold 51% Attack According to MIT crypto researcher James Lovejoy, Bitcoin Gold, one of the Bitcoin hard forks is once again the victim of a 51% attack. In… Binance CEO Changpeng Zhao has apologized for causing concern among the crypto community when he openly spoke about the possibility of a rollback for the Bitcoin blockchain following confirmation of a hack leading to the theft of USD 40 million worth of bitcoins on its platform.. The rollback had caused a sharp backlash, particularly among Bitcoin-only communities, aghast at the very concept ...
Bitcoin Technical Analysis & Bitcoin News Today: Binance & Bittrex hacked! IS BITCOIN CAPITULATION COMING SOON? The BTC technicals look bearish and indicate that price will go down. I'll use ... The Bitcoin Gold (BTG) blockchain has suffered a 51% attack resulting in over $70,000 worth of BTG being double spent. According to a GitHub post by James Lovejoy, a researcher at MIT’s Digital ... New; 32:22. How to Repair a DEAD ... Inside the Story: We Go Deep On the Binance Hacker Story - Duration: 9:46. CoinDesk 2,555 views. 9:46. Scalping: An effective and highly profitable trading ... #bitcoin #cryptocurrencies #crypto What are your thoughts what we discussed? Do you have any thoughts on the recent hack? Feel free to leave a comment below! Thank you all so much for watching the ... Crypto news update brought to you by The_Crypto_God, covering Bitcoin price action, Binance hack details & Facebook coin rumours... Subscribe to the channel here: https://bit.ly/2LmzQn6 Check out ... In this video we talk about the channel's current profit that we got from using basic beginner technical analysis, saving money, budgeting, and investing in Bitcoin and Cryptocurrency, Bitcoin ...