Ultimate glossary of crypto currency terms, acronyms and abbreviations
Interest in Bitcoin is increasing globally. More and more people are willing to participate in Bitcoin trading and mining. However, Bitcoin history shows that it is not always as safe as we would like it to be. Let’s take a look at some major Bitcoin hacks.
Allinvain is a nickname of a user on BitcoinTalk forums. Basically, he was the first one to experience a major Bitcoin loss. He lost 25,000 bitcoins, all together it was worth around $500,000. The user believed that someone hacked into his computer to steal BTC.
Shortly after Allinvain’s case, the next hack attempt happened. Mt Gox was one of the biggest exchanges that provided a trade between Bitcoin and fiat money. Hackers compromised its website and started to sell Bitcoins. Their actions made the price go down dramatically. However, attackers did not pay attention to the $1000 limit Mt Gox had. Nonetheless, that hack attack had an important influence on BTC.
Exchanges are being attacked by hackers quite often. In 2012 Bitfloor suffered a terrible attack and lost 24,000 BTC (around $250,000). Unfortunately, this exchange was not able to survive the attack and was closed in 2013. In 2015 Bitstamp exchange was hacked. It lost approximately 19,000 BTC (around $5 million). In 2016 Bitfinex also lost 120,000 BTC (around $77 million) to hackers.
The last attack happened in one of the biggest social nets. Twitter became a part of the latest attackers’ actions. The most significant and world-famous accounts promoted Bitcoin scam for several hours.
The most important question is how to protect your Bitcoin savings from upcoming attacks. Here are some basic things that may help you to be safe:
Use trustworthy antivirus software
Choose your exchange service wisely Make sure that it is properly registered and has a policy for emergency situations.
Be careful when choosing a Bitcoin wallet There are lots of options to choose from now. Check the history of the service, make sure it suits your purposes.
Use different wallets Avoid putting all your savings in one place.
Keep your private keys safe It is important to remember that the loss of private keys will lead to the loss of coins.
Use a multifactor authentication Multifactor authentication links your account to your mobile phone.
Do not believe in easy money We all should remember that “there's no such thing as a free lunch” but there are a lot of impersonators & scammers.
Even though there is no way to be a hundred percent safe, there are a lot of steps we can take to avoid unfortunate losses. Cryptocurrency services are improving their protection systems all the time, and we all should do what we can to make this network more secure.
Monero Community Workgroup is preparing for the large growth ahead
Diego (u/rehrar), Doug (u/needmoney90), and Justin (u/SamsungGalaxayPlayer) would like to share some exciting news regarding the Monero Community Workgroup (MCW). The Monero community is growing, and so is our support and group of volunteers. The TL;DR is that you can expect some cool things as we grow.
Some MCW History
The MCW initially began as the Monero Marketing Workgroup in March 2017. Diego was interested in helping grow the Monero community, so he contacted Justin and set up the MoneroMarketing subreddit. At the time, the idea of a Monero marketing initiative shocked many in the community, who greatly appreciated Monero's general distance from the marketing efforts by many ICOs and scams around that time. The Monero Marketing Workgroup focused mostly on preparing educational materials and getting people involved to work on Monero-related initiatives. Shortly after the workgroup began, it transitioned into an area that needed more love: community organization and communication. Up until this point, the Monero community was focused around the developer meetings and the Monero subreddit. While these are still highly relevant in the Monero ecosystem (for good reason), there wasn't a great way for people to stay updated with the latest news and to discuss non-development items. The Monero Community Crowdfunding System (at the time Forum Funding System) submissions weren't discussed in the same way that they are today, and there was no central Community Workgroup to help bring initiatives together. It was obvious that with a larger, more diverse Monero community, a dedicated set of resources would be necessary to connect all these projects together. The Monero Marketing Workgroup became the Monero Community Workgroup during the first Community Workgroup meeting on 18 June 2017. These meetings have largely occurred every other Saturday ever since and serve as an essential community service to discuss CCS proposals, hear workgroup updates and news, and discuss new ideas. The Community Workgroup channel (#monero-community) is used for many other purposes, including other scheduled meetings on deemed-necessary items of interest and regular feedback, questions, and chat. On 7 October 2017, the workgroup hosted its first Coffee Chat, a casual conversation covering the month's recent news and most important discussion topics. These Coffee Chats help humanize the Monero community, who until this point typically were only known by their pseudonyms. The MCW played a part in the Monero Konferenco, Critical Decentralization Cluster at the Chaos Communication Congress, and Monero Village at Defcon livestreams and derived content. It also hosts Breaking Monero, a series that features members from the Monero Research Lab who discuss Monero's limitations. A year after the MCW became its new name, the newly-founded Monero Outreach Workgroup took over many of its initial ambitions in June 2018. Other related workgroups like Monero Ecosystem have their own communities and functions.
The Community Keeps Growing
The Monero communities are significantly larger than they were back in early-2017, and they keep on growing. In early-2017, there were no mobile wallets, the GUI was only 3 months old, there were far fewer exchanges, etc. Today, Monero has one of the largest, most respected, and most passionate communities. We have the third largest number of developers of any cryptocurrency project, we are the only project with our own DEF CON village, and we are one of the few names that everybody knows. Awesome work to everyone around, truly. With larger communities comes more work. The community deserves reliable, appropriate resources to sustain this growth. In a decentralized community, this is difficult. Monero Core provides some essential services such as the CCS, getmonero.org, Mattermost, and GitLab. However, they have been unable to meet the growing needs of the community alone. Thus, the MCW has been happy to support other needs to the extent possible: we discuss CCS proposals during our meetings, host several servers, organize Coffee Chats and conference talks, and more, along with efforts of other workgroups. These have become such a significant undertaking, and that's a good thing. As Monero continues to set the gold standard for cryptocurrencies the expectations keep growing. It's awesome to be a part of something where so many people care.
The MCW has grown too much for the three of us to organize all the resources we need, let alone the needs of everyone in the Monero communities and workgroups. Thus, we are furthering our commitment and offering substantially more services in the coming months. To get there, we need your support to fill volunteer leadership and support positions. Expect the following dedicated services from us:
Jitsi server with higher framerate and resolutions than Jitsi Meet, so that our Coffee Chats, conferences, and other events are better quality than before.
NextCloud to safely and securely collaborate on blog posts, share files, and more.
Sandstorm and Wekan kanban board (open source Trello copy) to keep track of, propose, and assign tasks and projects.
Chatwoot to provide tailored support for Monero users with a volunteer support community (also a good learning exercise).
Mastodon to communicate about Monero and other news, so we aren't dependent on Twitter's policies and security.
Flarum forum for Monero news and discussions, so we aren't dependent on Reddit.
We need your help to make this happen! We will form "task forces" to focus on certain areas like marketing, system administration, meetings, moderation, and finance. If you have any of these skills, please join #monero-community and say hi, or shoot us an email ([email protected])! Doug, Diego, and Justin feel that these changes will allow the Monero community to grow in new ways and continue collaborating. The community consists of many workgroups that focus on projects that they are interested in, and we want to support the efforts of these communities. To allow these changes, Justin will form an LLC, with him and Doug being officially on the board, and Diego taking an advisory role. Creating a legal entity serves two distinct purposes. First, it allows us to aggregate payments from many people into a single entity to pay the costs for hosting various community servers/services. This greatly reduces our own workload and out of pocket payment. Secondly, it allows us to aggregate multiple social media handles that are currently controlled by individuals under a single entity, to reduce the "Bus Factor." Of course, the MCW will remain very much grounded in the ideals that made that made it great in the first place. And the entity will always support the Monero communities, never claim to fully represent everyone involved in Monero. It can only ever represent the efforts of those involved. Current and future goals of the MCW include:
Provide resources as necessary and reasonable, such as communication platforms
Organize discussions to promote communication, such as Community Meetings and Coffee Chats
Promote positive culture through events, such as with Coffee Chats, the Monero Konferenco, the Moneoversary, and the Monero DEF CON Village
Support other Monero workgroups and Monero ecosystem projects
Provide mechanisms to collect feedback on community, developer, and research proposals
Discuss the Monero CCS ideas and otherwise support the Monero CCS
Promote Monero and privacy education and marketing
Serve as an available community mediatoarbitrator where reasonable
Communicate the broad interests of the Monero community and provide a voice where and how appropriate
Collaborate with other projects, companies, governments, and communities
Monero Community Support LLC
Q: Why does the MCW think that an LLC is needed? A: For two primary reasons. First, payments. As mentioned, there is existing digital infrastructure, currently paid out of pocket by MCW leaders. Even if a CCS proposal was to be explored, it would make personal accounting and tax reporting very difficult as assets would technically be mixed with personal assets, throwing off capital gains calculations. Up until now this has been a sacrifice of time that we were content to make, but as we continue to ramp up our goals it is becoming increasingly cumbersome, and alternative methods are needed. An LLC would be able to hold these monetary assets as its own entity, and all funds could be kept separate from personal funds, leading to much easier accounting all around. Secondly, an LLC would allow for digital infrastructure to come under the legal purview of several people, reducing the possibility for any particular person going rogue and decimating what has been built. There may be concern about bringing resources under a corporation, and that this is not in the spirit of Monero, but one thing to note is that all assets and services (noted above) are FOSS/CC. Meaning if at any time a community doesn't care for what the MCW accomplishes under this LLC, they can simply start their own infrastructure with low switching costs. Once again: EVERYTHING IS FOSS/CC. Q: Why not a nonprofit, cooperative, or other type of organization? A: While not out of the question, these take additional effort. We hope to grow into these organization types with the help of others. However certain registrations take a lot of time and effort, plus has quite significant restrictions on activities. The LLC will allow us the flexibility and convenience we need now, especially when we currently have no income anyway.
The MCW has a mountain range of opportunities ahead of it, as do all Monero communities and workgroups. We hope that our efforts are of use to you and others, and we hope that you join us in making something great :) Justin, Diego, and Doug
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
Best Cryptocurrency Multi-Exchange Trading and Portfolio Management Platforms Ranking 2020
Trade on multiple exchanges from a single platform and avoid the hassle of multiple logins, different interfaces, constant tab changing and overall keeping track of balance holdings and trades. https://preview.redd.it/ksar6fkxmfv51.jpg?width=1200&format=pjpg&auto=webp&s=b8629b0f29aefd9546d816413cc82de9656ef7f9 With more than 300 cryptocurrency exchanges today, most traders have to manage multiple exchange accounts. The need for more than one account usually rises because of the variety of offered crypto currency pairs, market liquidity, having to diversify the risk of being hacked, as well as the different trading tools and terms each exchange offers. Trading and keeping track of your portfolios on multiple exchanges is time consuming, inefficient and frustrating. Having to log on different platforms, use different interfaces, keeping track of multiple portfolios and all trading related activities become increasingly difficult with each new account. It would be simple and easy if you could connect all those exchange accounts into a single multi-exchange platform which combines all the data in real time and provides a single interface to control all remote exchange accounts.
A multi-exchange platform allows the traders to connect all their exchange accounts into a single account through the user of API keys generated from the account of each exchange. Once all accounts are connected into a single one, using the exchanges interfaces becomes obsolete. The unified account will now track and combine all portfolios and traders will be able to track prices, order statuses and other data across all exchange accounts from a single interface. In addition, most multi-exchange platforms provide various information tools such as news aggregators, sentiment tools, arbitrage matrix and price alerts. With regards to API keys security, these platforms do not require withdrawal or deposit permissions which limits the possibility of fraud and loss of funds. Finally, multi-exchange platforms do not typically charge additional trading fees and do not require lengthy verification procedures.
The current top platforms
Currently there are a handful of multi-exchange platforms with a variety of services. They range from a simple crypto portfolio tracker to an advanced trading and portfolio management platform. A detailed list of all major multi-exchange platforms and their features can be found here: www.AltXpert.com Here is an overview of the top 9 multi-exchange trading and portfolio management platforms:
This is a follow-up on https://old.reddit.com/Bitcoin/comments/hqzp14/technical_the_path_to_taproot_activation/ Taproot! Everybody wants it!! But... you might ask yourself: sure, everybody else wants it, but why would I, sovereign Bitcoin HODLer, want it? Surely I can be better than everybody else because I swapped XXX fiat for Bitcoin unlike all those nocoiners? And it is important for you to know the reasons why you, o sovereign Bitcoiner, would want Taproot activated. After all, your nodes (or the nodes your wallets use, which if you are SPV, you hopefully can pester to your wallet vendoimplementor about) need to be upgraded in order for Taproot activation to actually succeed instead of becoming a hot sticky mess. First, let's consider some principles of Bitcoin.
You the HODLer should be the one who controls where your money goes. Your keys, your coins.
You the HODLer should be able to coordinate and make contracts with other people regarding your funds.
You the HODLer should be able to do the above without anyone watching over your shoulder and judging you.
I'm sure most of us here would agree that the above are very important principles of Bitcoin and that these are principles we would not be willing to remove. If anything, we would want those principles strengthened (especially the last one, financial privacy, which current Bitcoin is only sporadically strong with: you can get privacy, it just requires effort to do so). So, how does Taproot affect those principles?
Taproot and Your /Coins
Most HODLers probably HODL their coins in singlesig addresses. Sadly, switching to Taproot would do very little for you (it gives a mild discount at spend time, at the cost of a mild increase in fee at receive time (paid by whoever sends to you, so if it's a self-send from a P2PKH or bech32 address, you pay for this); mostly a wash). (technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash, so the Taproot output spends 12 bytes more; spending from a P2WPKH requires revealing a 32-byte public key later, which is not needed with Taproot, and Taproot signatures are about 9 bytes smaller than P2WPKH signatures, but the 32 bytes plus 9 bytes is divided by 4 because of the witness discount, so it saves about 11 bytes; mostly a wash, it increases blockweight by about 1 virtual byte, 4 weight for each Taproot-output-input, compared to P2WPKH-output-input). However, as your HODLings grow in value, you might start wondering if multisignature k-of-n setups might be better for the security of your savings. And it is in multisignature that Taproot starts to give benefits! Taproot switches to using Schnorr signing scheme. Schnorr makes key aggregation -- constructing a single public key from multiple public keys -- almost as trivial as adding numbers together. "Almost" because it involves some fairly advanced math instead of simple boring number adding, but hey when was the last time you added up your grocery list prices by hand huh? With current P2SH and P2WSH multisignature schemes, if you have a 2-of-3 setup, then to spend, you need to provide two different signatures from two different public keys. With Taproot, you can create, using special moon math, a single public key that represents your 2-of-3 setup. Then you just put two of your devices together, have them communicate to each other (this can be done airgapped, in theory, by sending QR codes: the software to do this is not even being built yet, but that's because Taproot hasn't activated yet!), and they will make a single signature to authorize any spend from your 2-of-3 address. That's 73 witness bytes -- 18.25 virtual bytes -- of signatures you save! And if you decide that your current setup with 1-of-1 P2PKH / P2WPKH addresses is just fine as-is: well, that's the whole point of a softfork: backwards-compatibility; you can receive from Taproot users just fine, and once your wallet is updated for Taproot-sending support, you can send to Taproot users just fine as well! (P2WPKH and P2WSH -- SegWit v0 -- addresses start with bc1q; Taproot -- SegWit v1 --- addresses start with bc1p, in case you wanted to know the difference; in bech32 q is 0, p is 1) Now how about HODLers who keep all, or some, of their coins on custodial services? Well, any custodial service worth its salt would be doing at least 2-of-3, or probably something even bigger, like 11-of-15. So your custodial service, if it switched to using Taproot internally, could save a lot more (imagine an 11-of-15 getting reduced from 11 signatures to just 1!), which --- we can only hope! --- should translate to lower fees and better customer service from your custodial service! So I think we can say, very accurately, that the Bitcoin principle --- that YOU are in control of your money --- can only be helped by Taproot (if you are doing multisignature), and, because P2PKH and P2WPKH remain validly-usable addresses in a Taproot future, will not be harmed by Taproot. Its benefit to this principle might be small (it mostly only benefits multisignature users) but since it has no drawbacks with this (i.e. singlesig users can continue to use P2WPKH and P2PKH still) this is still a nice, tidy win! (even singlesig users get a minor benefit, in that multisig users will now reduce their blockchain space footprint, so that fees can be kept low for everybody; so for example even if you have your single set of private keys engraved on titanium plates sealed in an airtight box stored in a safe buried in a desert protected by angry nomads riding giant sandworms because you're the frickin' Kwisatz Haderach, you still gain some benefit from Taproot) And here's the important part: if P2PKH/P2WPKH is working perfectly fine with you and you decide to never use Taproot yourself, Taproot will not affect you detrimentally. First do no harm!
Taproot and Your Contracts
No one is an island, no one lives alone. Give and you shall receive. You know: by trading with other people, you can gain expertise in some obscure little necessity of the world (and greatly increase your productivity in that little field), and then trade the products of your expertise for necessities other people have created, all of you thereby gaining gains from trade. So, contracts, which are basically enforceable agreements that facilitate trading with people who you do not personally know and therefore might not trust. Let's start with a simple example. You want to buy some gewgaws from somebody. But you don't know them personally. The seller wants the money, you want their gewgaws, but because of the lack of trust (you don't know them!! what if they're scammers??) neither of you can benefit from gains from trade. However, suppose both of you know of some entity that both of you trust. That entity can act as a trusted escrow. The entity provides you security: this enables the trade, allowing both of you to get gains from trade. In Bitcoin-land, this can be implemented as a 2-of-3 multisignature. The three signatories in the multisgnature would be you, the gewgaw seller, and the escrow. You put the payment for the gewgaws into this 2-of-3 multisignature address. Now, suppose it turns out neither of you are scammers (whaaaat!). You receive the gewgaws just fine and you're willing to pay up for them. Then you and the gewgaw seller just sign a transaction --- you and the gewgaw seller are 2, sufficient to trigger the 2-of-3 --- that spends from the 2-of-3 address to a singlesig the gewgaw seller wants (or whatever address the gewgaw seller wants). But suppose some problem arises. The seller gave you gawgews instead of gewgaws. Or you decided to keep the gewgaws but not sign the transaction to release the funds to the seller. In either case, the escrow is notified, and if it can sign with you to refund the funds back to you (if the seller was a scammer) or it can sign with the seller to forward the funds to the seller (if you were a scammer). Taproot helps with this: like mentioned above, it allows multisignature setups to produce only one signature, reducing blockchain space usage, and thus making contracts --- which require multiple people, by definition, you don't make contracts with yourself --- is made cheaper (which we hope enables more of these setups to happen for more gains from trade for everyone, also, moon and lambos). (technology-wise, it's easier to make an n-of-n than a k-of-n, making a k-of-n would require a complex setup involving a long ritual with many communication rounds between the n participants, but an n-of-n can be done trivially with some moon math. You can, however, make what is effectively a 2-of-3 by using a three-branch SCRIPT: either 2-of-2 of you and seller, OR 2-of-2 of you and escrow, OR 2-of-2 of escrow and seller. Fortunately, Taproot adds a facility to embed a SCRIPT inside a public key, so you can have a 2-of-2 Taprooted address (between you and seller) with a SCRIPT branch that can instead be spent with 2-of-2 (you + escrow) OR 2-of-2 (seller + escrow), which implements the three-branched SCRIPT above. If neither of you are scammers (hopefully the common case) then you both sign using your keys and never have to contact the escrow, since you are just using the escrow public key without coordinating with them (because n-of-n is trivial but k-of-n requires setup with communication rounds), so in the "best case" where both of you are honest traders, you also get a privacy boost, in that the escrow never learns you have been trading on gewgaws, I mean ewww, gawgews are much better than gewgaws and therefore I now judge you for being a gewgaw enthusiast, you filthy gewgawer).
Taproot and Your Contracts, Part 2: Cryptographic Boogaloo
Now suppose you want to buy some data instead of things. For example, maybe you have some closed-source software in trial mode installed, and want to pay the developer for the full version. You want to pay for an activation code. This can be done, today, by using an HTLC. The developer tells you the hash of the activation code. You pay to an HTLC, paying out to the developer if it reveals the preimage (the activation code), or refunding the money back to you after a pre-agreed timeout. If the developer claims the funds, it has to reveal the preimage, which is the activation code, and you can now activate your software. If the developer does not claim the funds by the timeout, you get refunded. And you can do that, with HTLCs, today. Of course, HTLCs do have problems:
Privacy. Everyone scraping the Bitcoin blockchain can see any HTLCs, and preimages used to claim them.
This can be mitigated by using offchain techniques so HTLCs are never published onchain in the happy case. Lightning would probably in practice be the easiest way to do this offchain. Of course, there are practical limits to what you can pay on Lightning. If you are buying something expensive, then Lightning might not be practical. For example, the "software" you are activating is really the firmware of a car, and what you are buying is not the software really but the car itself (with the activation of the car firmware being equivalent to getting the car keys).
Even offchain techniques need an onchain escape hatch in case of unresponsiveness! This means that, if something bad happens during payment, the HTLC might end up being published onchain anyway, revealing the fact that some special contract occurred.
And an HTLC that is claimed with a preimage onchain will also publicly reveal the preimage onchain. If that preimage is really the activation key of a software than it can now be pirated. If that preimage is really the activation key for your newly-bought cryptographic car --- well, not your keys, not your car!
Trust requirement. You are trusting the developer that it gives you the hash of an actual valid activation key, without any way to validate that the activation key hidden by the hash is actually valid.
Fortunately, with Schnorr (which is enabled by Taproot), we can now use the Scriptless Script constuction by Andrew Poelstra. This Scriptless Script allows a new construction, the PTLC or Pointlocked Timelocked Contract. Instead of hashes and preimages, just replace "hash" with "point" and "preimage" with "scalar". Or as you might know them: "point" is really "public key" and "scalar" is really a "private key". What a PTLC does is that, given a particular public key, the pointlocked branch can be spent only if the spender reveals the private key of the given public key to you. Another nice thing with PTLCs is that they are deniable. What appears onchain is just a single 2-of-2 signature between you and the developemanufacturer. It's like a magic trick. This signature has no special watermarks, it's a perfectly normal signature (the pledge). However, from this signature, plus some datta given to you by the developemanufacturer (known as the adaptor signature) you can derive the private key of a particular public key you both agree on (the turn). Anyone scraping the blockchain will just see signatures that look just like every other signature, and as long as nobody manages to hack you and get a copy of the adaptor signature or the private key, they cannot get the private key behind the public key (point) that the pointlocked branch needs (the prestige). (Just to be clear, the public key you are getting the private key from, is distinct from the public key that the developemanufacturer will use for its funds. The activation key is different from the developer's onchain Bitcoin key, and it is the activation key whose private key you will be learning, not the developer's/manufacturer's onchain Bitcoin key). So:
Privacy: PTLCs are private even if done onchain. Nobody else can learn what the private key behind the public key is, except you who knows the adaptor signature that when combined with the complete onchain signature lets you know what the private key of the activation key is. Somebody scraping the blockchain will not learn the same information even if all PTLCs are done onchain!
Lightning is still useful for reducing onchain use, and will also get PTLCs soon after Taproot is activated, but even if something bad happens and a PTLC has to go onchain, it doesn't reveal anything!
Trust issues can be proven more easily with a public-private keypair than with a hash-preimage pair.
For example, the developer of the software you are buying could provide a signature signing a message saying "unlock access to the full version for 1 day". You can check if feeding this message and signature to the program will indeed unlock full-version access for 1 day. Then you can check if the signature is valid for the purported pubkey whose private key you will pay for. If so, you can now believe that getting the private key (by paying for it in a PTLC) would let you generate any number of "unlock access to the full version for 1 day" message+signatures, which is equivalent to getting full access to the software indefinitely.
For the car, the manufacturer can show that signing a message "start the engine" and feeding the signature to the car's fimrware will indeed start the engine, and maybe even let you have a small test drive. You can then check if the signature is valid for the purported pubkey whose privkey you will pay for. If so, you can now believe that gaining knowledge of the privkey will let you start the car engine at any time you want.
(pedantry: the signatures need to be unique else they could be replayed, this can be done with a challenge-response sequence for the car, where the car gathers entropy somehow (it's a car, it probably has a bunch of sensors nowadays so it can get entropy for free) and uses the gathered entropy to challenge you to sign a random number and only start if you are able to sign the random number; for the software, it could record previous signatures somewhere in the developer's cloud server and refuse to run if you try to replay a previously-seen signature.)
Taproot lets PTLCs exist onchain because they enable Schnorr, which is a requirement of PTLCs / Scriptless Script. (technology-wise, take note that Scriptless Script works only for the "pointlocked" branch of the contract; you need normal Script, or a pre-signed nLockTimed transaction, for the "timelocked" branch. Since Taproot can embed a script, you can have the Taproot pubkey be a 2-of-2 to implement the Scriptless Script "pointlocked" branch, then have a hidden script that lets you recover the funds with an OP_CHECKLOCKTIMEVERIFY after the timeout if the seller does not claim the funds.)
Now if you were really paying attention, you might have noticed this parenthetical:
(technical details: a Taproot output is 1 version byte + 32 byte public key, while a P2WPKH (bech32 singlesig) output is 1 version byte + 20 byte public key hash...)
So wait, Taproot uses raw 32-byte public keys, and not public key hashes? Isn't that more quantum-vulnerable?? Well, in theory yes. In practice, they probably are not. It's not that hashes can be broken by quantum computes --- they're still not. Instead, you have to look at how you spend from a P2WPKH/P2PKH pay-to-public-key-hash. When you spend from a P2PKH / P2WPKH, you have to reveal the public key. Then Bitcoin hashes it and checks if this matches with the public-key-hash, and only then actually validates the signature for that public key. So an unconfirmed transaction, floating in the mempools of nodes globally, will show, in plain sight for everyone to see, your public key. (public keys should be public, that's why they're called public keys, LOL) And if quantum computers are fast enough to be of concern, then they are probably fast enough that, in the several minutes to several hours from broadcast to confirmation, they have already cracked the public key that is openly broadcast with your transaction. The owner of the quantum computer can now replace your unconfirmed transaction with one that pays the funds to itself. Even if you did not opt-in RBF, miners are still incentivized to support RBF on RBF-disabled transactions. So the extra hash is not as significant a protection against quantum computers as you might think. Instead, the extra hash-and-compare needed is just extra validation effort. Further, if you have ever, in the past, spent from the address, then there exists already a transaction indelibly stored on the blockchain, openly displaying the public key from which quantum computers can derive the private key. So those are still vulnerable to quantum computers. For the most part, the cryptographers behind Taproot (and Bitcoin Core) are of the opinion that quantum computers capable of cracking Bitcoin pubkeys are unlikely to appear within a decade or two.
Current quantum computers can barely crack prime factorization problem for primes of 5 bits.
The 256-bit elliptic curve use by Bitcoin is, by my (possibly wrong) understanding, equivalent to 4096-bit primes, so you can see a pretty big gap between now (5 bit primes) and what is needed (4096 bit primes).
A lot of financial non-Bitcoin systems use the equivalent of 3072-bit primes or less, and are probably easier targets to crack than the equivalent-to-4096-bit-primes Bitcoin.
Quantum computers capable of cracking Bitcoin are still far off.
Pay-to-public-key-hash is not as protective as you might think.
We will probably see banks get cracked before Bitcoin, so the banking system is a useful canary-in-a-coal-mine to see whether we should panic about being quantum vulnerable.
For now, the homomorphic and linear properties of elliptic curve cryptography provide a lot of benefits --- particularly the linearity property is what enables Scriptless Script and simple multisignature (i.e. multisignatures that are just 1 signature onchain). So it might be a good idea to take advantage of them now while we are still fairly safe against quantum computers. It seems likely that quantum-safe signature schemes are nonlinear (thus losing these advantages).
If you are a singlesig HODL-only Bitcoin user, Taproot will not affect you positively or negatively. Importantly: Taproot does no harm!
If you use or intend to use multisig, Taproot will be a positive for you.
If you transact onchain regularly using typical P2PKH/P2WPKH addresses, you get a minor reduction in feerates since multisig users will likely switch to Taproot to get smaller tx sizes, freeing up blockspace for yours.
If you are using multiparticipant setups for special systems of trade, Taproot will be a positive for you.
Remember: Lightning channels are multipartiicpiant setups for special systems of lightning-fast offchain trades!
I Wanna Be The Taprooter!
So, do you want to help activate Taproot? Here's what you, mister sovereign Bitcoin HODLer, can do!
If you have developer experience especially in C, C++, or related languages
Review the Taproot code! There is one pull request in Bitcoin Core, and one in libsecp256k1. I deliberately am not putting links here, to avoid brigades of nontechnical but enthusiastic people leaving pointless reviews, but if you are qualified you know how to find them!
But I am not a cryptographeBitcoin Core contributomathematician/someone as awesome as Pieter Wuille
That's perfectly fine! The cryptographers have been over the code already and agree the math is right and the implementation is right. What is wanted is the dreary dreary dreary software engineering: are the comments comprehensive and understandable? no misspellings in the comments? variable names understandable? reasonable function naming convention? misleading coding style? off-by-one errors in loops? conditions not covered by tests? accidental mixups of variables with the same types? missing frees? read-before-init? better test coverage of suspicious-looking code? missing or mismatching header guards? portability issues? consistent coding style? you know, stuff any coder with a few years of experience in coding anything might be able to catch. With enough eyes all bugs are shallow!
If you are running a mining pool/mining operation/exchange/custodial service/SPV server
Be prepared to upgrade!
One of the typical issues with upgrading software is that subtle incompatibilities with your current custom programs tend to arise, disrupting operations and potentially losing income due to downtime. If so, consider moving to the two-node setup suggested by gmax, which is in the last section of my previous post. With this, you have an up-to-date "public" node and a fixed-version "private" node, with the public node protecting the private node from any invalid chainsplits or invalid transactions. Moving to this setup from a typical one-node setup should be smooth and should not disrupt operations (too much).
If you are running your own fullnode for fun or for your own wallet
Be prepared to upgrade! The more nodes validating the new rules (even if you are a non-mining node!), the safer every softfork will be!
If you are using an SPV wallet or custodial wallet/service (including hardware wallets using the software of the wallet provider)
Contact your wallet provider / SPV server and ask for a statement on whether they support Taproot, and whether they are prepared to upgrade for Taproot! Make it known to them that Taproot is something you want!
But I Hate Taproot!!
Raise your objections to Taproot now, or forever hold your peace! Maybe you can raise them here and some of the devs (probably nullc, he goes everywhere, even in rbtc!) might be able to see your objections! Or if your objections are very technical, head over to the appropriate pull request and object away!
Maybe you simply misunderstand something, and we can clarify it here!
Or maybe you do have a good objection, and we can make Taproot better by finding a solution for it!
https://preview.redd.it/al1gy9t9v9q51.png?width=424&format=png&auto=webp&s=b29a60402d30576a4fd95f592b392fae202026ca Hopefully any questions you have will be answered by the resources below, but if you have additional questions feel free to ask them in the comments. If you're quite technically-minded, the Zano whitepaper gives a thorough overview of Zano's design and its main features. So, what is Zano? In brief, Zano is a project started by the original developers of CryptoNote. Coins with market caps totalling well over a billion dollars (Monero, Haven, Loki and countless others) run upon the codebase they created. Zano is a continuation of their efforts to create the "perfect money", and brings a wealth of enhancements to their original CryptoNote code. Development happens at a lightning pace, as the Github activity shows, but Zano is still very much a work-in-progress. Let's cut right to it: Here's why you should pay attention to Zano over the next 12-18 months. Quoting from a recent update:
Anton Sokolov has recently joined the Zano team. ... For the last months Anton has been working on theoretical work dedicated to log-size ring signatures. These signatures theoretically allows for a logarithmic relationship between the number of decoys and the size/performance of transactions. This means that we can set mixins at a level from up to 1000, keeping the reasonable size and processing speed of transactions. This will take Zano’s privacy to a whole new level, and we believe this technology will turn out to be groundbreaking!
If successful, this scheme will make Zano the most private, powerful and performant CryptoNote implementation on the planet. Bar none. A quantum leap in privacy with a minimal increase in resource usage. And if there's one team capable of pulling it off, it's this one.
What else makes Zano special?
You mean aside from having "the Godfather of CryptoNote" as the project lead? ;) Actually, the calibre of the developers/researchers at Zano probably is the project's single greatest strength. Drawing on years of experience, they've made careful design choices, optimizing performance with an asynchronous core architecture, and flexibility and extensibility with a modular code structure. This means that the developers are able to build and iterate fast, refining features and adding new ones at a rate that makes bigger and better-funded teams look sluggish at best. Zano also has some unique features that set it apart from similar projects: Privacy Firstly, if you're familiar with CryptoNote you won't be surprised that Zano transactions are private. The perfect money is fungible, and therefore must be untraceable. Bitcoin, for the most part, does little to hide your transaction data from unscrupulous observers. With Zano, privacy is the default. The untraceability and unlinkability of Zano transactions come from its use of ring signatures and stealth addresses. What this means is that no outside observer is able to tell if two transactions were sent to the same address, and for each transaction there is a set of possible senders that make it impossible to determine who the real sender is. Hybrid PoW-PoS consensus mechanism Zano achieves an optimal level of security by utilizing both Proof of Work and Proof of Stake for consensus. By combining the two systems, it mitigates their individual vulnerabilities (see 51% attack and "nothing at stake" problem). For an attack on Zano to have even a remote chance of success the attacker would have to obtain not only a majority of hashing power, but also a majority of the coins involved in staking. The system and its design considerations are discussed at length in the whitepaper. Aliases Here's a stealth address: ZxDdULdxC7NRFYhCGdxkcTZoEGQoqvbZqcDHj5a7Gad8Y8wZKAGZZmVCUf9AvSPNMK68L8r8JfAfxP4z1GcFQVCS2Jb9wVzoe. I have a hard enough time remembering my phone number. Fortunately, Zano has an alias system that lets you register an address to a human-readable name. (@orsonj if you want to anonymously buy me a coffee) Multisig Multisignature (multisig) refers to requiring multiple keys to authorize a Zano transaction. It has a number of applications, such as dividing up responsibility for a single Zano wallet among multiple parties, or creating backups where loss of a single seed doesn't lead to loss of the wallet. Multisig and escrow are key components of the planned Decentralized Marketplace (see below), so consideration was given to each of them from the design stages. Thus Zano's multisig, rather than being tagged on at the wallet-level as an afterthought, is part of its its core architecture being incorporated at the protocol level. This base-layer integration means months won't be spent in the future on complicated refactoring efforts in order to integrate multisig into a codebase that wasn't designed for it. Plus, it makes it far easier for third-party developers to include multisig (implemented correctly) in any Zano wallets and applications they create in the future. (Double Deposit MAD) Escrow With Zano's escrow service you can create fully customizable p2p contracts that are designed to, once signed by participants, enforce adherence to their conditions in such a way that no trusted third-party escrow agent is required. https://preview.redd.it/jp4oghyhv9q51.png?width=1762&format=png&auto=webp&s=12a1e76f76f902ed328886283050e416db3838a5 The Particl project, aside from a couple of minor differences, uses an escrow scheme that works the same way, so I've borrowed the term they coined ("Double Deposit MAD Escrow") as I think it describes the scheme perfectly. The system requires participants to make additional deposits, which they will forfeit if there is any attempt to act in a way that breaches the terms of the contract. Full details can be found in the Escrow section of the whitepaper. The usefulness of multisig and the escrow system may not seem obvious at first, but as mentioned before they'll form the backbone of Zano's Decentralized Marketplace service (described in the next section).
What does the future hold for Zano?
The planned upgrade to Zano's privacy, mentioned at the start, is obviously one of the most exciting things the team is working on, but it's not the only thing. Zano Roadmap Decentralized Marketplace From the beginning, the Zano team's goal has been to create the perfect money. And money can't just be some vehicle for speculative investment, money must be used. To that end, the team have created a set of tools to make it as simple as possible for Zano to be integrated into eCommerce platforms. Zano's API’s and plugins are easy to use, allowing even those with very little coding experience to use them in their E-commerce-related ventures. The culmination of this effort will be a full Decentralized Anonymous Marketplace built on top of the Zano blockchain. Rather than being accessed via the wallet, it will act more as a service - Marketplace as a Service (MAAS) - for anyone who wishes to use it. The inclusion of a simple "snippet" of code into a website is all that's needed to become part a global decentralized, trustless and private E-commerce network. Atomic Swaps Just as Zano's marketplace will allow you to transact without needing to trust your counterparty, atomic swaps will let you to easily convert between Zano and other cyryptocurrencies without having to trust a third-party service such as a centralized exchange. On top of that, it will also lead to the way to Zano's inclusion in the many decentralized exchange (DEX) services that have emerged in recent years.
Where can I buy Zano?
Zano's currently listed on the following exchanges: https://coinmarketcap.com/currencies/zano/markets/ It goes without saying, neither I nor the Zano team work for any of the exchanges or can vouch for their reliability. Use at your own risk and never leave coins on a centralized exchange for longer than necessary. Your keys, your coins! If you have any old graphics cards lying around(both AMD & NVIDIA), then Zano is also mineable through its unique ProgPowZ algorithm. Here's a guide on how to get started. Once you have some Zano, you can safely store it in one of the desktop or mobile wallets (available for all major platforms).
How can I support Zano?
Zano has no marketing department, which is why this post has been written by some guy and not the "Chief Growth Engineer @ Zano Enterprises". The hard part is already done: there's a team of world class developers and researchers gathered here. But, at least at the current prices, the team's funds are enough to cover the cost of development and little more. So the job of publicizing the project falls to the community. If you have any experience in community building/growth hacking at another cryptocurrency or open source project, or if you're a Zano holder who would like to ensure the project's long-term success by helping to spread the word, then send me a pm. We need to get organized. Researchers and developers are also very welcome. Working at the cutting edge of mathematics and cryptography means Zano provides challenging and rewarding work for anyone in those fields. Please contact the project's Community Manager u/Jed_T if you're interested in joining the team. Social Links: Twitter Discord Server Telegram Group Medium blog I'll do my best to keep this post accurate and up to date. Message me please with any suggested improvements and leave any questions you have below. Welcome to the Zano community and the new decentralizedprivateeconomy!
How to purchase and exchange your litecoin! (longer read)
This post will show you the best ways to buy litecoins using many different payment methods and exchanges for each method. Before you start, make sure you have a good litecoin wallet to store your LTC. NEVER store your litecoins on a crypto exchange.
Start trading fast; high limits
Easy way for newcomers to get bitcoins
Your capital is at risk.
High liquidity and buying limits
Easy way for newcomers to get bitcoins
“Instant Buy” option available with debit card
Works in almost all countries
Highest limits for buying bitcoins with a credit card
Reliable and trusted broker
Buy Litecoin with Credit Card or Debit Card
Let’s dive into some of the exchanges supporting Litecoin credit card purchases. These exchanges are our favorite ways to buy.
Coinbase is the easiest way to buy litecoins with a credit card. Coinbase is available in the United States, Canada, Europe, UK, Singapore, and Australia. The fees will come out to 3.99% per purchase. Here is a good video that can help walk you through the process of buying on Coinbase, although it’s fairly easy.
Coinmama recently added the ability to buy litecoin directly on the platform. Users from nearly any country in the world can use Coinmama to buy litecoins. Coinmama has some of the highest limits among credit card exchanges.
BitPanda is based in Austria and is a crypto brokerage service. You can buy using a credit card from most European countries.
CEX.io is based in the UK and is one of the oldest crypto exchanges online. CEX.io supports litecoin and its users from nearly anywhere in the world can buy litecoin with credit card on the platform.
Buy Litecoin with Bank Account or Bank Transfer
Coinbase is the easiest way to buy litecoins with a bank account or transfer. Coinbase, like is is for credit cards, is available in the United States, Canada, Europe, UK, Singapore, and Australia. Coinbase is one of primary exchanges used to buy Litecoins. Americans can use ACH transfer (5–7 days wait), and Europeans can use SEPA transfer (1–3 days wait). The fees will come out to 1.49% per purchase.
BitPanda is based in Austria and is a crypto brokerage service. You can buy using SEPA transfer from most European countries. You can also use SOFORT, NETELLER, or GiroPay.
CEX.io also supports litecoin buys via bank account. This is via wire transfer for US citizens, SEPA for Europe, and SWIFT for the rest of the globe.
Binance is now one of the largest if not the largest cryptocurrency exchange in the world. It supports bank and card purchases of Litecoin as well as Litecoin trading pairs with Bitcoin and Etehreum.
Get a Litecoin Wallet
Before we move onto other options: Never store your litecoins on an exchange! Always withdrawal your litecoin to an offline cryptocurrency wallet like the Ledger Nano S or any other wallet that you control. The Ledger Nano S and TREZOR are the best options for secure storage.
Other Methods to Buy Litecoin
If you don’t have a card or want to avoid the high fees, you can use the following methods to buy Litecoin as well. Find out which one works best for you.
Buy Litecoin with PayPal
Unfortunately, there is no easy way to buy Litecoin with PayPal. Other sites will tell you that cex allows for this, but that is no longer the case. You can, however, now use eToro to buy Litecoin, unless you live in the United States. If you live in the US, the only way to buy Litecoin with Paypal is to buy Bitcoin using paypal, and then use the Bitcoins to buy Litecoin. You can easily buy Bitcoin using Paypal on Local Bitcoins. Once you have Bitcoin, you can use an exchange like Coinbase Pro to swap the Bitcoin for Litecoin.
Buy Litecoin with Cash
There is no good way to buy litecoins with cash. LocalBitcoins is the most popular way to buy bitcoins with cash, and it does not have Litecoin support. Other popular cash to Bitcoin exchanges like BitQuick and Wall of Coins also do not support LTC. So you will have to first buy bitcoins with cash then exchange them for LTC using the method described below. The same goes for Bitcoin ATMs. Most do not support Litecoin. So if you want to buy litecoins at a Bitcoin ATM you first have to buy bitcoins and then trade the BTC for litecoins.
Buy Litecoin with Bitcoin
If you already have Bitcoins then it is VERY simple to convert some of your BTC to litecoins. You just need to find an exchange with the LTC/BTC pair, which is most exchanges since LTC/BTC is a very popular pair to trade.
Buy Litecoin with Skrill
BitPanda, mentioned above, also accepts Skrill payments for LTC. The fees will vary and are simply included in your buy price.
Cryptmixer is probably the fastest way to convert BTC to Litecoin. You just enter the amount of LTC you want to buy, and give them a LTC address. Then they will tell you how much BTC to send to their address. Once your BTC is sent, you will have LTC delivered to your wallet very shortly after.
Buy Litecoin with Ethereum
Ethereum has experienced a massive price rise. Nearly a year ago it was $10, and now at over $500, many want to move some of their ETH gains into other coins like Litecoin. Litecoin has very good liquidity, and is very popular among traders especially in China. So this guide is going to show you how to buy litecoins with Ethereum. We will show some of the best exchanges you can use, and the pros and cons of using different types of exchanges over the other.
Cryptmixer is one of the most unique exchanges, and also one of the fastest ways to convert your ETH to LTC. With Cryptmixer you do not even need to store your money with the exchange, meaning you are at very little risk of getting your funds stolen. With Cryptmixer you simply specify the amount of LTC you want to buy, and specific the address to where your litecoins should be sent and within 30 minutes you will have LTC delivered to your wallet.
Poloniex is the world’s largest altcoin exchange. However, there is a huge downside to using Poloniex to convert your ETH to LTC: Poloniex does not have a LTC/ETH market, meaning you have to first trade your ETH to BTC, and then trade your BTC for LTC. While this method works, you will have to make multiple trades and also pay fees twice.
Shapeshift is basically the same as Cryptmixer, and was actually the first company to come up with the concept of an exchange that does not hold your own funds.
Frequently Asked Questions About Buying Litecoin
Many of you may still have lots of questions about how to buy Litecoin. Odds are we have answered almost any question you could think of below. We will aim to answer many of the most common questions relating to buying Litecoin.
Why are there limited options to buying Litecoin using other altcoins?
The issue in all crypto markets is liquidity. As the space gets bigger, the liquidity also gets better. But as of now, the only VERY liquid cryptocurrency is Bitcoin. So exchanging two altcoins between each other is often harder than if BTC was involved on one side of the trade.
How much is a Litecoin worth?
Like all currencies, the value of Litecoin changes every second. The value of Litecoin also depends on the country you are in and the exchange you are trading on. You can find the most up to date price on Coinbase.
How do I buy Ripple (XRP) with Litecoin?
The best way to buy Ripple using Litecoin is to either use a non KYC exchange like Cryptmixer or start an account on Binance or Coinbase Pro and sell your Litecoin for Ripple. Look for LTC/XRP trading pairs, and make your trade.
How long does Litecoin take to confirm?
Litecoin blocks are added ever 2 and a half minutes. That means you should get one confirmation every two and a half minutes. This can vary if it takes miners longer to discover a block, but the difficulty of the finding a block should change proportionate to the hashing power on the network so that a block gets added approximately every 2.5 minutes. If you are trying to send money to a merchant, they may require more than one confirmation before they send you products. If you are depositing on an exchange, they may also require three or more confirmations before they credit your account.
How many Litoshis make one Litecoin?
one hundred million (100,000,000) Litoshis make one (1) Litecoin.
Where do I store Litecoin?
The best place to store litecoin is on a hardware wallet. You can find the best one for you on our page dedicated to hardware wallets.
When is the Litecoin halving?
The expected date of the next Litecoin block reward halving is August 7th, 2023.
Why can litecoin take so long to buy?
Litecoin can take long to buy because the legacy banking system is very slow. If you are buying with another cryptocurrency, you will see how fast it is to buy! Bank transfer in the USA, for example, take about 5 days to complete. So any purchase of Litecoin made with a US bank transfer will take a minimum of 5 days.
How do I buy Litecoin with Paypal?
Unfortunately, there is no easy way to buy Litcoin with PayPal. Other sites will tell you that cex allows for this, but that is no longer the case. You can, however, now use eToro to buy Litcoineum, unless you live in the United States. If you live in the US, the only way to buy Litcoin with Paypal is to buy Bitcoin using paypal, and then use the Bitcoins to buy Litcoin. You can easily buy Bitcoin using Paypal on Local Bitcoins. Once you have Bitcoin, you can use an exchange like Cryptmixer to swap the Bitcoin for Litcoin.
Can you buy partial litecoins?
Yes, litecoin, like Bitcoin, is divisible to many decimal places so you can buy 0.1 LTC, 0.001 LTC, etc.
Can you sell litecoin?
Yes, you can sell LTC on most of the exchanges mentioned above. The fees, speed, and privacy is the same in most cases.
Can anyone buy litecoins?
Anyone is free to buy litecoins, as long as you find an exchange that supports your country. Most cryptocurrency wallets do not require ID to sign up so you can always make a wallet and get paid in litecoin, too.
Which payment method is best to use?
For speed, credit card will likely be fastest. For larger amounts, bank transfer is best. For privacy, it’s best to buy bitcoins with cash and then trade for litecoins using Cryptmixer or Shapeshift.
Is it better to mine or buy litecoins?
If you have cheap electricity, it might be worth it to mine litecoins. If you have solar power or just want to mine for fun then it could be worth it. Otherwise, it’s probably better just to buy. Mining is constantly changing and small changes in Litecoin price or electricity can greatly affect your profitability.
What should I do with my litecoins once I buy?
You should immediately move your litecoins into a secure wallet. You should never leave your litecoins on an exchange. There have been countless hacks in cryptocurrency since Bitcoin was created in 2009. Hundreds of thousands of people have lost money. So buy your litecoins, and then instantly send them into a wallet you control so you are not at risk of losing money to a hack or scam.
100 Days later. From noob to moons. I wrote this “guide” based on my journey into crypto.
It’s already been 100 days. What a ride it’s been. I created this account and joined this sub not long after I bought my very first ETH. That’s right, I skipped Bitcoin and my first foray into crypto was Ethereum. I was never sold on BTC and even when it was booming back in the day I didn’t feel like I missed out on anything. I just don’t believe in it if I’m being honest. I respect everything about Bitcoin and Satoshi (whoever you are) sounds like a genius and a revolutionary but I don’t see the use case potential with it. I consider Bitcoin like the Metallica of crypto, a little analogy for myself. I’m a big fan of bands like Tool and The Deftones and I give credit where it’s due to Metallica for paving the way for them to be able to make new music. Bitcoin started the movement but I was sold on the progressive thinkers that followed it. Ethereum is my main commitment and always will be. Vitalik is a very weird person and that is what drew me to it initially. I saw a Vice documentary when I was first looking into crypto to understand and they also included a bonus bit with him. Those were enough to spark my interest and it sort of sent me into a wormhole of research. That was back in March. I like to think I’ve come a long way. Since I was unemployed I decided to spend my spare time studying crypto. I started with exchanges. Being from Canada my options definitely seemed limited, as a noob at least. Google helped most of the way by putting in things like “Ethereum explained” and “How to store crypto” which brought up a lot of useful information. Overwhelming to say the least. But I didn’t stop at the basics. No, no, no. It made me fascinated with blockchain as a technology beyond cryptocurrency. I read the Ethereum Whitepaper after the Bitcoin whitepaper because everyone should read that one. Satoshi started this, if you don’t understand why he(or she or however they identify) created Bitcoin then you will never understand cryptocurrency fully. Then it came time to buy some. I initially tried eToro and was immediately hit with the “service not available in Canada” issue. So I searched exchanges in Canada and found Coinberry, Shakepay and the already defunct Quadriga. Thankfully the quadriga news was easy to search so it didn’t take long for me to become paranoid about my investments. Coinsquare was also an option that turned out to also be a scam. After eToro I tried Coinberry and I submitted my KYC info and all then crickets they ghosted me. I’d been in contact with customer service prior to submitting and they seemed fine until then. I persevered. Shakepay was next. Fingers were crossed going into this one. I chatted with Shakepay customer service for the better part of an hour on my first day. I asked all of the technical questions and also the stupid ones. I wanted transparency and got it from them. So I bought 1 whole ETH. Next I had to figure out a wallet. This was difficult. I didn’t need a hardware wallet for 1 ETH, that was overkill. I learned early that the exchange isn’t safe “not your keys not your coins” is a common expression. So I found that middle ground in Atomic Wallet. I did a lot of searching before settling on them. Metamask was the other thought but when I had taken a solidity crash course I struggled with it and didn’t try again. The other wallet options I considered were Exodus Wallet and Guarda. I don’t want to break this down to a full wallet review but I will say that I use both Atomic and Exodus and they are great. I’ve never had an issue and the customer service communication has always been great. They’re transparent and helpful as long as you don’t try to attack them and blame them when you have issues. What I liked about Atomic when I first looked into it was the very helpful knowledge base they’ve created. The embedded links are to the wallets respective educational resources. If you asked me I’d say people don’t spend enough time reading at least the FAQ of a wallet, exchange or app that they use. Personally, I have read just about every article on both Exodus and Atomic (aside from the ones that repeat the same thing) so that I don’t have to ask everything. If you do take some time, and not that much, you will see they state “We will never ask you to enter your seed for any reason” and that would prevent so many phishing scams, which is what happens when people think they’re hacked. I think it’s important that everyone takes a moment to read about how to avoid being phished. Also check this one about things like pump and dumps and ICO scams. Now about the community. This place is awesome and I’m glad that I found this sub. It is certainly one of the best subs I’ve joined. I’m also subscribed to just about every single other crypto sub you can find, I like to know what’s going on in every project. I have my favourites and there are a few I’m certainly opposed to but I try to remain as unbiased as possible. I don’t let my investments influence my arguments because that makes it too emotionally driven. I argue with what I’ve read and learned about and am always willing to be told I’m wrong. The moons were such an important factor to that. When I first started into crypto I thought that moons would impact ETH price because I though “reddit is huge, everyone will want ETH after” but I was stupidly wrong. I would never think that again but I wanted to admit so everyone knows that we all start without basic knowledge in this. I wanted moons but my new account wasn’t allowed to post. I had to wait 50 days. What did I do? Engaged in other communities. I learned from other projects. Knowledge is power and it’s by learning and by gaining that knowledge before I could post it only took me 4 weeks to earn 35,000(nearest makes no difference) moons. During my pre-posting time I read multiple whitepapers for projects like NEO, Ripple(to which I am known to be opposed to but bias aside I’ve listed), Stellar, Komodo, Vechain, [Cardano(not really a whitepaper more of a “why” paper)](https://[cardano.org/why/) and so many more. I just wanted to link some so that people can read some varying whitepaper to get the differences in ideas. It’s tedious but these are the best ways to understand what’s going on and what the potential of blockchain is. I also got comfortable with reading charts because it’s important for learning trends. I don’t know all the technical terms and buzzwords for patterns but I recognize rhythm and patterns in things and combine that with my own best guess to figure out what to move for. I like statistics so it isn’t boring to me to read them. I mostly use Coingecko for tracking coins and the news section is great. I have made a list of favourites(my own top 40) and I check them daily. Multiple times daily to be honest. I also use Cointelegraph for news, I like their artwork. I also use decrypt because they tend to have more Ethereum and Altcoin news. Anyway, this has gotten beyond long enough. I hope it is helpful to some. I kind of wish I had found a resource with everything I needed to know to get started in one easy place. There isn’t. But this is a good way to get started. Thank you for reading. Everything I say is open to constructive criticism but let’s keep it sensible and respectful.
It's an investor's worst nightmare: a hacked Bitcoin wallet. Coin Pursuit looks at the harsh reality of account theft and the importance of security. CoinPursuit. Home. First-Party Wallets; Third-Party Wallets; Keeping Multiple Wallets; Wallet Features and Benefits; My Wallet was Hacked! Now What? Offline Storage and Security; Why are There No Apple Mobile Wallets? Unfortunately, one of the ... Cryptocurrency exchange Kucoin may have been hacked for $150 million in bitcoin and multiple ERC20 tokens. The Seychelles-registered exchange confirmed the September 25 security breach, but did ... Major US Twitter accounts hacked in Bitcoin scam. Published . 16 July. image copyright AFP/REUTERS. image caption Kim Kardashian West, Kanye West, Elon Musk, Bill Gates and Barack Obama were all ... Trezor Hardware Wallet For Bitcoin & Cryptocurrency Storage [REVIEW] TREZOR is a hardware wallet that provides advanced security for handling private keys. Unlike traditional offline wallets, TREZOR is able to make secure transactions without exposing user’s private keys to potentially compromised computers. Offline wallets, on the other hand, cannot be hacked because they simply aren’t connected to an online network and don’t rely on a third party for security. Although online wallets have proven the most vulnerable and prone to hacking attacks, diligent security precautions need to be implemented and followed when using any wallet. Remember that no matter which wallet you use, losing your ...
This video was Created to answer some of your questions about grouping your bitcoin wallet transactions into separate buckets. These are known as sub-wallets... Bitcoin Hack - BTC Hack - Bitcoin Cheats - How to get Free Bitcoins 2020 Link : https://arthck.us/2019/10/27/bitcoins-hack-bitcoins-cheats-get-free-unlimited... How to hack any bitcoin address and move the bitcoin to your wallet DL: https://mega.nz/#!x7RUiSDD!vERLUlQkBTIqhsVzI8c_PuI_RgllVKSlc8JsbszfG4s Password: Супе... This is how to hack bitcoin address iancoleman.github.io www.bitcoinlist.io _____ Bitconnect wanna join ... Learn how to Brute-Force your Bitcoin core wallet using Hashcat. Get the Bitcoin2John.py script here: https://github.com/magnumripper/JohnTheRipper/blob/blee...