Reading this article made me wonder - how much of the bitcoin rally is due to counterparty risks?
If I remember correctly the last ramp up happened during Mt. Gox era. They were having USD withdrawal issues which resulted in BTC prices being very high on the exchange. But it din't deter them from publishing prices and making markets.
Now is the case of Bitfinex suffered from a hack like Mt. Gox and are trying to stay afloat. As per coinmarketcap, has nearly 15% of bitcoin volume which is pretty high to ensure market follows in-step to their market making. A quick search on Google turns up pages of people asking about Bitfinex withdrawals.
For people who are curious about this, there was an article yesterday about Zimbabwean Bitcoin soaring to 12k USD, which obviously hinges a lot on counterparty risks and resulting low liquidity:
https://news.ycombinator.com/item?id=15627608
If this was true then you'd expect the exchange rate on Bitfinex to be much higher than other exchanges.
If you can't get USD out of Bitfinex, you'd buy BTC and withdraw, pushing the exchange rate up on Bitfinex. Then you'd sell the BTC on another exchange, pushing the exchange rate down there.
I am not sure I follow. Counterparty risk should push the price down, not up. This thing is not worth as much because there is a significant risk your investment may go away because of a bug or a mistake.
That assumes there's an immediate withdraw method on the exchange with higher rates.
MTGox abused the latency of withdraws in an attempt to attract BTC desposits (after their original deposits were stolen) on their exchange and presumably sell those back for cash via other outlets to slowly pay off customers and appear solvent.
MTGox also manipulated the market with trader bots.
> Counterparty risk should push the price down, not up.
Not if the counterparty risk causes you to be unable to withdraw national currency, thus forcing you to buy bitcoins for national currency and then withdraw the bitcoins.
The only way for the price to go down, in a scenario like this, is if it's possible to sell bitcoins on the exchange (thus pushing down the price) and withdraw the proceeds.
In a BTCUSD market, if you are unable to withdraw BTC you will sell BTC for USD and withdraw USD, thus pushing down the price. And if you're unable to withdraw USD you will buy BTC for USD and withdraw BTC, thus pushing up the price.
It would only push the price up on the untrustworthy exchanges, and it would lower the price everywhere else because it indicates the asset is not useful, it could be stolen & dumped on the market, it discourages anyone from getting in, it forces them to use alternative usually less convenient exchanges, etc. And even the counterparty risk doesn't produce that much increase: right up to the end when it was too late, the Mtgox premium was only like 10%. Such a mechanism can't possibly explain all or even a little bit of a runup from $2k to $7k (not to mention, the market cap being an order of magnitude or two higher).
Um? Let me use an example to explain what is happening here:
Me - Cryptocurrency markets are not mature that is why we have lot of arbitrage opportunity between exchanges.
You - Why do you think they're mature and perfect enough to worry about arbitrage opportunities?
So, let me repeat again - It is exactly because they are not mature there are issues. If they are mature, there is nothing to worry. And that is the sauce you are looking for.
You're claiming they are efficiently pricing in a particular risk, pushing up prices to reflect the counterparty risk, but then denying they are efficient enough to price in the other consequences they should be. This is not consistent or at least is very stretched.
It is in exchanges favor to offer increased prices so as to shore up their balances using BTC commissions earned per trade. This inversely leads to them serving an increased percentage of daily trades.
Add to the fact that, increased risks means people want more out of their BTC. So, if x is a fair price in other exchange, they want x + y% for the same BTC on exchange with issues.
Some of these people become aware of withdrawal issues later or buy some other crypto currency, move to another exchange to cash out.
There were no hardware wallets in the days of MtGox, which meant that it was extremely hard to secure Bitcoins. It got easier since then, and many people learned from MtGox (though many people haven't). Also companies take bigger care of securing their cold wallets.
I would never recommend BitFinex to anyone though (GDAX and BitStamp have VC money / long history)
What world are you living in? Software wallets are and always will be vulnerable to incalculable numbers of side-channel attacks that they cannot possibly defend against. It is intrinsic to running on a general purpose OS. Hardware wallets are the only method of having anything anywhere _near_ security here.
"The new firmware 1.3.3 is immune against this attack since it (1) requires a PIN to compute the public key and (2) uses branch-free computations for deriving the public key from the private key."
The browser with its plethora of extensions is arguably even worse than an operating system, and yet people keep using online banking and don't get hacked 24/7. Software can be reasonably secure and is basically as vulnerable as the human that's using it.
If you insist that one should err on the side of being paranoid when handling money, you can argue that hardware wallets are secure iff you manufacture your own hardware.
Want true security without going into hardware manufacturing?
Pick a private key and write it down on a piece of paper (ideally you'd do it in your head) along with the corresponding public key. Then send bitcoin to an address that's controlled by the keypair you just created. If you did all the calculations in your head while wearing a tin-foil hat your bitcoin should be reasonably secure.
Seriously: a box of dice, some graph paper, and a little patience goes a long way in terms of security.
Your threat model almost certainly is one in which writing down a strongly-generated password is much more secure than anything else, if you take efforts to secure the written copy.
I feel like passwords are some kind of magical Wild West of crypto, where everyone has rolled their own and the "best practice" recommendations are often nonsense that ignores threat modeling and I'm just taking crazy pills for thinking we should treat it like other kinds of crypto where users only apply standard methods with verified entropy generation.
While I'd enjoy a good detective journalism, this article is just making claims out of thin air. And here is one:
> However, this doesn’t stop Bitfinex from tripping over their shoelaces to immediately list a fork which doesn’t exist, in order to make money off of suckers.
That is not correct. Bitfinex didn't list Bitcoin Gold. They listed a future contract of Bitcoin Gold (though the naming "token" is a bit confusing). You can create a future contract about anything, like the weather or soccer.
> Prior to publishing this post I was informed that Tethers are on the rise. Today, at the time of this post there has been another 25,000,000 USDT printed.
First, a new creation of Tether doesn't result in a pump. That would be too obvious for traders to arb the effect.
Second, Tether is not used by Bitfinex heavily. Tether biggest clients are Polonix and Bittrex. And there is blockchain proof for that: https://wallet.tether.to/richlist
Tether is issued by Bitfinex-related company. There is no reason for USA to stockpile US dollars if they can print it. China would be the biggest client of US dollar and first place at dollar richlist.
"That is not correct. Bitfinex didn't list Bitcoin Gold. They listed a future contract of Bitcoin Gold (though the naming "token" is a bit confusing)."
This guy has been trying to spread doubt about bitfinex for a long time, but never has much to back it up. A few months ago he went on a big campaign against Tether (tokens associated with Bitfinex), claiming they were created out of thin air. Tether then completed and released an audit by a professional, accredited team of their bank balances (1). I don't personally use Bitfinex, and it's possible some of these accusations are at least partially true, but there's really no evidence to confirm that. Don't buy into this type of FUD without doing your own research.
Some of the claims he makes are disingenuous. Bitcoin Gold has nothing to do with Bitfinex, and is listed on a number of exchanges. It's definitely a pretty sketchy project, but it was a BTC fork and users tend to dislike when their exchange keeps forked tokens to themselves. EOS/IOTA are big projects with large market caps and real teams. Did some weird accounting happen after the Bitfinex hack? Maybe. Did most of the people end up getting their money back? Yes. Does it matter now? Not really. This is the largest BTC exchange (by volume) in the world. They generate tens of millions of revenue from exchange fees every month. There's no clear reason for them to engage in any weird, illegal money schemes at this point, they already have a money printing factory.
There are two key quotes that you need to pay attention to in that document:
This engagement does not contemplate tests of accounting records or the performance of other procedures performed in an audit or attest engagement.
In addition, our services do not include a determination of compliance with laws and regulations in any jurisdiction. All inquiries made throughout the consulting process have been directed toward, and the data obtained from, the Client and personnel responsible for maintaining such information.
In other words, that document is not an audit. Just like previous "audits" published by Bitfinex connected companies, it’s an internal management report created for the management by an accounting firm. Such reports assume that everything they’re told by management is true: why would management lie to themselves? What would be the point?
If you’re an external entity on the other hand, eg a shareholder in the company say who wants an external third party to validate claims made by management, then you will only rely on a real audit made by a company that sends staff to check on those claims personally. This document is not such an audit & it’s authors are at pains to point that out.
Edit: The auditors did confirm bank balances with the holding banks, but did not perform an audit that would find any corresponding liabilities, nor that the claimed Trustee relationship between the company and the individual named on the account had any legal force. What this document shows is that people connected with the company had accounts with the claimed $Xmillion in them in total on the day in question & this was confirmed by the accountants. That’s it - it’s still not an audit.
> Such reports assume that everything they’re told by management is true
No, they checked the balances with the banks. They verified the amount as stated was held by the bank at the time. You can see that in the section that begins "FLLP confirmed each bank account directly with the respective bank"
They stole 15% of every users Bitcoin Cash, it was suppose to be a 1:1 split, but since they don't like bitcoin cash and lists it as bcash, that might be reason why, I expect more "technical difficulties" during the next fork
They didn't 'steal' this, they transferred it to lenders (and/or short sellers).
Bitfinex (unwisely) specified that during the Bcash-Bitcoin fork, lenders would get Bcash for lent-out Bitcoin. However if Alice lends 1 Bitcoin to Bob before the fork and Bob sells it to Carol then Bitfinex will owe both Alice and Carol one Bcash after the fork, but they will only have one to distribute. So they split it up.
This can get worse when Carol lends it out again, etc, etc, and in the end Zack withdraws the Bitcoin. Unbounded liability and potentially no assets. So them paying out 15% less than expected was a pretty good result.
Seriously, makes me wonder if he is just pissed that he sold his tokens for pennies on the dollar, or somehow has short exposure to bitfinex / the crypto space.
Maybe I misunderstood this, but basically you got 1 bfx token for each dollar that was stolen due to the hack. As people sold bfx tokens at lower prices than $1, (in part, because the us announced this was not ok, in part due to varying confidence in bfx ability to repay,) bitfinex could rebuy some of those tokens at a discount, and clear them to itself at a fraction of the cost
There were also occasionally rolling rebuys of bfx tokens at the face value of $1.
> As Bitfinex has become more and more desperate, they have listed more and more crypto-currencies of questionable value, such as EOS/IOTA/ETP and so on.
As per coinmarketcap.com:
EOS is ranked 19, 442 million in marketcap
IOTA is ranked 11, 950 million in marketcap
ETP is ranked 70, 73 million in marketcap
Anyone can throw some light on what these coins really are?
Swapping deposit-like liabilities for equity and then encouraging the secondary trading of that debt is banned in the United States for good reason. Bitfinex’s actions do not seem like either a debt-for-equity swap nor a Ponzi scheme, but plain and simple fraud.
IOTA actually seems pretty revolutionary. I don't think it's a finished product yet but if you want some info then it's a DAG ("tangle")[1] instead of a blockchain and offers 0 fees and possibly huge scalability. There are some products already using it: RuuviTag[2], Bosh XDK Iot[3], PoC ElaadNL charging station[4], Modum[5].
Once they prove they can go without the "Coordinator"[6] I'm going to be completely sold on the project.
The principles could be relevant (although I haven't verified (or read an independent review of) the proofs).
However, at least the execution is dubious: not only was a major cryptographic vulnerability found a few months ago[0], it highlighted that
1. they made their own unproven crypto hash, which is a red flag, (in production, you should always prefer crypto that has survived many years of cryptanalysis) and
2. they were really not up-to-date on cryptanalysis techniques, as being vulnerable to differential cryptanalysis is, as Bruce Schneier puts it, "a rookie mistake".
Worse than that, they seem to rely on security through obscurity, purposefully making it hard to analyse their systems by making it base 3 (instead of the obvious base 2 that all of practical computer science relies on).
Finally, their justification for the coordinator is also a red flag[1].
The coordinator will be open-sourced and in all seriousness, even bitcoin had a sort of coordinator in the beginning, people aren't even forced to use it/can bypass it, but it's recommended to use it for now. So your statement isn't 100% valid.
"The replacement Kerl hash function is unmodified KECCAK-384 that only converts its input and output from/to 243 trits to 48 bytes using basic two’s complement. KECCAK-384 is well vetted and researched."
Just to clarify, since I misread your quote and think others might as well:
> "The replacement Kerl hash function is unmodified KECCAK-384 that only converts its input and output from/to 243 trits to 48 bytes using basic two’s complement. KECCAK-384 is well vetted and researched."
"Replacement" really does mean replacement, i.e. what they substituted in after the researchers successfully attacked their original hash function. (The new one is called "Kerl" and the old one is called "Curl", which seems confusing.)
I'm not sure how asserting that the replacement is well-researched addresses the OP's point that their history of (a) rolling their own hash function, and (b) not adequately considering differential cryptanalysis, is a red flag. True, that specific vulnerability can now be considered fixed, which might not be clear from the OP's post - but it's still evidence of incompetence, which doesn't bode well for the quality of the rest of their design.
This is a common misunderstanding. IOTA never deployed a vulnerable hashfunction. They had precautionary measures in place and thus had Curl there to test it out, which worked out brilliantly. Keep in mind that IOTA asked the team to attack Curl, not the other way around. This was planned.
Curl is meant to be a lightweight crypto for IOT, a field of very active research. None of this is controversial to anyone that isn't looking for things to latch negativity onto.
> Keep in mind that IOTA asked the team to attack Curl, not the other way around. This was planned.
This seems to contradict the researcher's own post [1]:
> We discovered a vulnerability in IOTA after reviewing their code on GitHub in July. We disclosed what we found to the IOTA team on July 14th, and have been in contact with them since then as we discovered new issues and exploits.
Finally, even if Curl is meant as a new, lightweight hash function, it was broken by differential cryptanalysis, not some novel, exotic attack vector. Sounds like it needs a lot of work before it's fit for purpose.
Can you provide a link please? All I see in the comments to the researcher's piece is an IOTA advisor threatening a libel suit - a really good sign that they "really care" about their technical issues.
Ok. I've read it. Nowhere does it mention IOTA contacting the researchers in question in May.
This article also answers the wrong question. If the crytocurrency is not cryptographically secure all that stands between an attacker and a victim is a piece of malware or social engineering. The fact that the researchers didn't go all the way and document a specific attack that could be performed tomorrow does not mean that Curl was secure in practice.
Finally this continues to fail to address many salient points. Like why use trits? Why wasn't kekkac used from day one?
1. It doesn’t matter whether the software that implements the central coordinator is open source, because the entire challenge of creating digital money is decentralized trust. Chaumian Cash solved digital money with a central issuer long ago.
2. Bitcoin had no privileged nodes, nor does it now. All miners compete on the same terms. A central coordinator by definiton does not, or it wouldn’t be centralized.
IOTA, and others, were not analyzed from adversarial known/expert researchers yet. Period. For more serious DAG oriented research you can check SPECTRE and the papers in this list [1].
I’m highly skeptical of this claim since there’s a cost to running any system. It seems more likely that they just made fees implicit rather than explicit (as in Bitcoin) but, regardless, someone needs to be paid to keep servers running.
In bitcoin you don't get paid to run full nodes. Only the miners get paid for verifying transactions. Verifying transactions is done by the users themselves with iota, so there is no need for miners and no need for fees.
> Verifying transactions is done by the users themselves with iota [...]
Unless the cost of verifying transactions is zero, this just means that the cost is now measured in CPU cycles at the client. In the end, this may be higher than whatever you pay with Bitcoin, depending on how much work you need to do. This is what I mean by "making fees implicit" - there's still work to be done, but not putting a price on this work doesn't mean it's free.
But the PoW is for small IOT devices right? Or at any case it is for regular users, and does not take them minutes to compute. I cannot see how that is resistant to an adversary with dedicated hardware.
> Though whether the equity shares are worth as much as Bitfinex is claiming them to be is an another question.
I am not sure but they might be restricting the IOUs or shares to trade on their platform. So they are raking in commissions on the shares being traded. In which case it is surely a scam. But to be pedantic it is not a Ponzi scheme.
As the author has made a strong argument that the equity shares are in fact worthless, the caveat is not much of one.
To be precise, it is not the debt-to-equity swap that the author is comparing to a Ponzi scheme, but the part where it is suggested they get their money back by selling on to a second round of 'investors' - but pedantic arguments over what to call it can only distract from the central issue of fraud.
Not entirely sure. But a friend and I have day traded IOTA as an example quite a bit. We have no illusions (well I don't) about how potentially shady this all is. People start talking in crypto circles. IOTA goes up double digits that says. Then usually just goes back to where it was a few days later.
I assume none have any real value. Though IOTA seems like it has different spins on what it is doing and is trying to do real things with the coin. I've heard positives and negatives. I'm not entirely familiar with the details. Regardless for that reason and in general risk reasons, i wouldn't stake a claim in IOTA or almost small altcoins like the ones you mentioned for long.
The FUD against EOS is really strong. It is interesting that despite the FUD, its valuation is very big too. The FUD is mostly about the business behind EOS, as a technical project is solid C++ code with well thought out architecture. In fact this is the kind of project where as I got deeper into it I believe that it can work. In case of most other projects when I dig deeper, I become more and more sceptic. The reason is probably that the CTO makes this project based on his experiences in Bitshares and Steemit, so the decisions in EOS are relatively mature compared to most crypto projects. Also I find the CTO one of the most talented and most practical developer/architect in the space. (Maybe I am biased as I am a performance optimization geek, and EOS is mostly about high performance) With EOS I regret one thing: that its valuation is so high already. I still invested into it, but I would have invested much more if its valuation would be lower.
TLDR: as an investment, it is not my biggest investment, but as a technology it is my favourite in the crypto space.
Multiple downvotes on my comment proves my point. There is serious hate on the EOS project. No matter how much you downvote me, EOS is still doing one of the most promising research and development on how to improve crpyto network throughput and latency. Ethereum research on sharding is also interesting, but seemingly there are extremely hard problems to be solveed there with way more complex software than EOS.
I didn't downvote or upvote you. I had no idea what EOS is until I googled it. I have zero bitcoins (and some token gridcoins from the last month, but in donating CPU time since it started as SETI).
The above being said, it looks like you are in your own EOS bubble.
You should zoom out of it, and I'd suggest further zoom out of the crypto coin hype, look at the digital coins objectively and decide if you want to lose your money, or risk increasing it.
That being said, some starting points for you:
Coins are trying to become money. We have tons of money, in fact we never had more historically.
After the last few crashes, the CBs dumped primes near zero (to avoid Max style of societial developments), and we even have more money around (cheap debts etc).
But, now we are doing fine.
BIS had a report weeks ago, outlining money contractions, salaries going up, cheap workforce from China+India joining the global economy 20 years ago stabilizing, and all that.
Cheap money, on this planet (so , not in the crypto world, or USA, or Luxemburg, but on this planet) will start contracting.
Crypto valuations, TAM and market caps are as high because people have a lot of extra fiat to dump into it (or in real estate, iPhones, high margin cars, etc).
As money becomes less obtainable, take a guess where they'll be drawn out from (well, Canadian real estate, but other stuff too).
So, after all of the above being said; I'm really glad you have a job as a c++ optimization expert in coin attempt number 3 by your CTO, but I suggest you remain sceptical about it success prospects.
Bitcoin is (or aims to become) digital gold. It is a possibility to store 'gold' in a way that you don't have to trust anyone to store it for you, and can only be stealed from you if somebody knows your private key. Even if you are skeptical about the whole crypto industry, I suggest you to consider that at least the above alone have tremendous value.
EOS is not a money though. It is a trustless high-throughput decentralized execution environment or 'decentralized trustless cloud' so to say. It is an amazing project from technical point of view, (when your cloud application runs, it is run on 21 block producer clusters independently which are voted by stakeholders). And I find it antiintellectual to downvote somebody that speaks positively about this project, while serious and honest debate about it is very rare on the net. (I understand you did not downvote me). Whether it is a good investment, is a tougher question that is why it is not my biggest investment as I mentioned.
As for digital money: Do we need a decentralized trustless money and payment network? There can be a debate about it, but I think, yes. There is a lot of competition in this space, and there is a possibility that because of network effects only one of them will become mainstream. I think DASH is the one that has the biggest potential to achieve this.
Bitfinex didn't force anyone to convert to equity. I was a bitfinex customer. I lost money in the hack. They certainly paid me back. These silly criticisms of them need to stop. They did the best they could with a bad situation. I wouldn't have wanted them to do anything differently than exactly what they did.
They allowed people to convert to equity as an option. A choice. They paid back everyone who didn't choose to do that, in full, and quite quickly. Bitfinex's response to that hack should be considered a model for any future company in that situation. Hopefully such a thing won't happen, but if it does, there's no better way to respond than exactly how Bitfinex did.
All scams start with a "choice". That is not relevant, and the author is right to educate "choosers" by demonstrating the information asymmetry that leads to them going broke by choosing incorrectly.
It's great for you that you were able to be repaid at the cost of other victims who were robbed and swindled, but that isn't a responsible way to handle these things, and is most definitely not a model for handling losses. It's illegal for a reason.
What information asymmetry? They didn't lie about anything. They offered people a choice between repayment and equity. Some people chose equity, and to be quite honest, I wish I had too. It seems like they're doing very well.
The 112k bitcoins stolen were worth $72 million at the time, they are now worth $856 million (!). The loss they caused their customers is only getting worse and worse.
Every exchange has their own "virtual dollars", i.e. the user deposits. How do you know they are real? Tether is just a way to securely transfer user deposits between exchanges, and it's not more or less trustworthy.
If the alligation is true that the supply of Tethers is created from nothing, they would have the ability to trade their millions of "dollars" for other cryptocurrencies, taking control of the supply of other blockchains.
Bitfinex is the largest BTC exchange in the world, over $500 million per day in volume today. Big days are multi-billion dollar volume. Like most exchanges, they take a percentage cut of every transaction. This is not a company with zero value. The "buy low sell high" arbitrage thing is from a previous, unrelated business idea posted 5 years ago to a btc forum by the founder of bitfinex. As far as I know, it never went anywhere.
There has to be profit to give dividends, there's such a thing as non-voting shares, and bankruptcy liquidations tend to pay out nothing to shareholders.
> As Bitfinex has become more and more desperate, they have listed more and more crypto-currencies of questionable value, such as EOS/IOTA/ETP and so on.
I really wish that HN had a rule where it would be mandatory for commenters to disclose their holdings in any cryptocurrency threads. This would make it easier to flag comments that look like they're just pumping a coin to improve its search engine status.
If you're praising Bitcoin, EOS, IOTA or whatever FooBarToken, please add a short note at the end to explain what you stand to gain. Either: "I'm long IOTA", or "I don't own IOTA and have no plans to initiate a position on the short term".
Similar rules apply at forums where penny stocks and other volatile traditional securities are discussed, so it's absolutely not an unreasonable thing to ask.
It's not unreasonable to ask but it's completely unreasonable to expect that anyone pumping a coin on HN would have even the slightest inclination to be truthful about their position.
The disclaimer (truthful or not) serves two purposes:
1) For the pumper poster, it makes them more conscious of the lie. Promoting a coin and forgetting to mention your holdings feels like a little white lie of omission. Actively lying about your holdings feels like deceit.
2) For the reader, it’s an important reminder that a seemingly objective technical-looking comment can be motivated by greed.
A) Iota is a legit currency trying to do something new in the crypto space.
B) The listing Bitcoin gold did not 'create' 2 bn usd - if you tried to liquidate even a fraction of that, you would drive the price to 0. There was significant demand from trader and speculators for its listing (not that I agree with it, but anyway).
C) Saying that a company that generates 30 mil. usd in revenues each month is worthless is really laughable.
D) This author has had a bone to pick with bitfinex for a long time. I consider him a shill with an agenda, and it is surprising that he is given so much space (even on HN) to spew his BS.
IOTA made their own crypto, then when got called on it they denied it mattered at first. Then they backed down and said it was intentional! So that they could destroy anyone else using their open source code. When pressed to promise that they had not left more backdoors in, they refused. Of course they had to refuse, these were accidental bugs rolling their own stuff.
That looks totally incompetent to me. Then mention centralized coordinator and they throw fits. Refuse to discuss it because it is only temporary.
Fair enough, the currency has questionable potential. However, the article seems to imply that bfx lists some questionable currencies, and I feel that that characterization is misleading.
If I remember correctly the last ramp up happened during Mt. Gox era. They were having USD withdrawal issues which resulted in BTC prices being very high on the exchange. But it din't deter them from publishing prices and making markets.
Now is the case of Bitfinex suffered from a hack like Mt. Gox and are trying to stay afloat. As per coinmarketcap, has nearly 15% of bitcoin volume which is pretty high to ensure market follows in-step to their market making. A quick search on Google turns up pages of people asking about Bitfinex withdrawals.
For people who are curious about this, there was an article yesterday about Zimbabwean Bitcoin soaring to 12k USD, which obviously hinges a lot on counterparty risks and resulting low liquidity: https://news.ycombinator.com/item?id=15627608