How do I export my private keys from my Bitcoin-Qt client ...
How do I export my private keys from my Bitcoin-Qt client ...
How to export all private keys from Bitcoin core? : Bitcoin
Wallet import format - Bitcoin Wiki
Running Bitcoind – BitcoinWiki
Keys.lol Cryptocurrency private key database with ...
If you are a Crypto beginner - read this!
If you are new to investing into Cryptocurrencies this summary might help you.
Knowing basic terms:
You'll stumble across a lot of terms and expressions some are of technical & some of financial nature, for example:
What actually is the blockchain, how does Bitcoin work under the hood, what is proof of stake...?
It's also important to know what are some basic terms concerning investing in general:
marketcap, volume, liquidity, dollar cost average...
Following Crypto News:
May it be our beloved cc, twitter, big new-sites like cointelegraph - stay up to date. Knowing what is going on in the sphere can give you an edge but also mind the saying "buy the rumor, sell the news"!
Having an investment strategy:
Strategies will help you to control your emotions - act as rational as possible.
Define goals at what pricepoint you want to buy and when to sell an asset (entrance/exit strategies).
Don't buy or sell all your coins at once - do it in smaller steps because you never know when the price is right (use methods like Dollar cost averaging).
Patience: in this fast reacting market everybody chases quick money but if you wait for a strategy to pay off, or that a price recovers to recoup losses it can take weeks, months, years.
Don't chase pumps - it's often already over if a coin has pumped and you'll end up as "bagholder" buying in at high prices.
Don't invest more than you are willing to lose (it even hurts to lose small portions of money so be careful and responsible)
Diversify - don't put all eggs in one basket. Split your investments up into Coins that already are etablished, like BTC, ETH, add some promising Altcoins and only a small portion of moonshots for gambling...
Be prepared & don't get scammed:
Use apps like blockfolio or coinstats to track prices on your mobile device or visit webpages like coingecko and coinmarketcap.
Use Hardware wallets like Ledger & Trezor to store your assets safely - remember not your keys not your coins...
Don't leave too much money on exchanges.
Write always down your passwords, passphrases and seed words (best on paper away from your computer). You'll regret if you don't.
Never ever send someone those private information, don't reply to uninitiated chats or open suspicious mails.
Watch out for "Crypto gurus" promoting their pump and dump schemes.
There have been many recent posts about the blackmail email scam, so I have written this post and will keep it stickied until the posts about the scam die down. Blackmail email scams have that name because they started as an email spam campaign, however there have also been reports of these scams being sent via SMS and physical mail. If you are reading this because you have received one of these emails and you are worried, you can stop worrying. The blackmail email scam is a spam campaign that is sent out to thousands of addresses at a time. The threats are lies and you do not have anything to worry about. In many cases, the emails will contain some sort of privileged information about you such as your name, part or all of your phone number, and your password.The emails may also look like they were sent from your own email address. The data is gathered from data breaches, and if the email looks like it came from your account that is due to email spoofing. You can use the service Have I Been Pwned? to see if you are in any publicly known data breaches. If you receive an email that contains a password that you currently use, you should immediately change that. Current recommended password guidelines say that you should use a different, complex password for every account. You can generate and save passwords using a password manager for convenience. You should also be using two factor authentication using an app like Google Authenticator instead of receiving codes through SMS. Here are some news articles about this scam. Here is a story from Brian Krebs, and here is a story from the New York Times. Below are a few examples, but if you receive an email that is similar but not the same as the examples you see, that does not matter and does not mean that the email is real. The spammers constantly switch up their templates in order to bypass spam filters, so it's normal to receive an email that hasn't yet been posted online.
Hey, some time ago your computer was infected with my private malware, RAT (Remote Administration Tool). I know at the time of infection your passwords was: xxxxxxxxxxx My malware gave me full access to all your accounts, contacts and it also was possible to spy on you over your webcam. Sometimes when I was bored I was spying on you, then once you started to SATISFYING YOURSELF! At first I didn't knew how to react as I was shocked, then I decided to record you, I checked on google and found the software: Bandicam and it did the job. After that I removed my malware to not leave any traces and this email was sent from some hacked account. I can send the video of you to all your friends, contacts and publish it on social networks and the whole web. You can stop me and only I can help you out in this situation. Pay exactly 740$ in Bitcoin (BTC). It's easy to buy Bitcoin (BTC), for example here: https://paxful.com/buy-bitcoin , https://www.buybitcoinworldwide.com/ , https://www.kraken.com/ , or google another exchanger. My Bitcoin (BTC) wallet is: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Yes that's how the wallet looks like, copy and paste it, it's (cAsE-sEnSEtiVE) I give you 3 days time to pay. As I got access to this email account, I will know if this email has already been read, so the time is running. After receiving the payment, I will remove the video and you can life your live in peace like before. Learn from the mistake and update your browser before browsing the web next time! I know XXXX is one of your password on day of hack.. Lets get directly to the point. Not one person has paid me to check about you. You do not know me and you're probably thinking why you are getting this email? in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean). When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam. immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account. after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you. Best solution would be to pay me $1004. We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video. My -BTC -address: 1GohL1jDz8BapZhohN2Xry6AKPq6PiJrjw [case SeNSiTiVe, copy & paste it] You could go on your life like this never happened and you will not ever hear back again from me. You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google). if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too. I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid. if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on. Nevertheless, if i do get paid, i will destroy the recording immediately. If you need proof, reply with Yeah then i will send out your video recording to your 8 friends. it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message. I know xxxxxxxxxxxx is one of your password on day of hack.. Lets get directly to the point. Not one person has paid me to check about you. You do not know me and you're probably thinking why you are getting this email? in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean). When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam. immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account. after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you. Best solution would be to pay me $1013. We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video. My -BTC -address: 1KzA7GYSyvXCmPpojZ4qTbZGmjjbbSfwBg [case SeNSiTiVe, copy & paste it] You could go on your life like this never happened and you will not ever hear back again from me. You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google). if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too. I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid. if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on. Nevertheless, if i do get paid, i will destroy the recording immediately. If you need proof, reply with Yeah then i will send out your video recording to your 8 friends. it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message. Lets get directly to the point. Not one person has paid me to check about you. You do not know me and you're probably thinking why you are getting this email? in fact, i actually placed a malware on the adult vids (adult porn) website and you know what, you visited this site to experience fun (you know what i mean). When you were viewing videos, your browser started out operating as a RDP having a key logger which provided me with accessibility to your display and web cam. immediately after that, my malware obtained every one of your contacts from your Messenger, FB, as well as email account. after that i created a double-screen video. 1st part shows the video you were viewing (you have a nice taste omg), and 2nd part displays the recording of your cam, and its you. Best solution would be to pay me $1002. We are going to refer to it as a donation. in this situation, i most certainly will without delay remove your video. My -BTC -address: 1JXvEapcRCvywymcrYZ1rcCfLfNZKri4LP [case SeNSiTiVe, copy & paste it] You could go on your life like this never happened and you will not ever hear back again from me. You'll make the payment via Bitcoin (if you do not know this, search 'how to buy bitcoin' in Google). if you are planning on going to the law, surely, this e-mail can not be traced back to me, because it's hacked too. I have taken care of my actions. i am not looking to ask you for a lot, i simply want to be paid. if i do not receive the bitcoin;, i definitely will send out your video recording to all of your contacts including friends and family, co-workers, and so on. Nevertheless, if i do get paid, i will destroy the recording immediately. If you need proof, reply with Yeah then i will send out your video recording to your 8 friends. it's a nonnegotiable offer and thus please don't waste mine time & yours by replying to this message. Hello! I'm the software engineer who hacked into your device's OS. I've been observing you for months now. The thing is, you've been infected with malware through the adult website you visited. In case you're not familiar with it, I'll explain. The Trojan infection gives me full access and control over your computer or any other device on your local. It means that I can see everything on your screen, turn on my camera and microphone, but you do not know about it. I also have access to all your contacts, social networking data and all your correspondence. Why didn't your antivirus detect any malware? A: My malware uses a driver, I update its signatures every 4 hours to keep your antivirus silent. I have made a video showing how you satisfy yourself on the left side of the screen, and on the right side you see the video you have been watching. With one click, I can send this video to all your contacts in the email and social networks. I can also publish access to all your emails and messaging apps that you use. If you want to prevent this, at that point: Transfer $400(USD) to my bitcoin wallet (if you do not know how to do it, then type in to Google: "Purchase a bitcoin"). My Bitcoin Wallet:1EGBGBptS9yKNPYYU9qUEoPNLptee8CEq9 After getting the payment, I will destroy the video and you won't hear from me again. I will provide you 50 hours (more than two days) to pay. I have a notice that you read this email and the timer started you opened it. Don't attempt to answer me. It doesn't make any sense (the sender's address is generated by random). Filing a complaint somewhere doesn't make sense, because this email cannot be tracked, and neither can my bitcoin address. I don't make mistakes. If I find that you shared this message with someone else, the video will be distributed immediately. Good luck with that. And here are some common keywords used in the email so that this thread can be found by people Googling the email: "Marlware, international hacker group, No person has compensated, very own video clip, software on the adult, porno sitio, one of your pass word, .br, specific pixel, sexual content web portal, a malware on the adult, a malware on the, double-screen, is a reasonable price tag for our little secret, you have a good taste lmao, I placed a malware on the adult vids, your browser began operating as a RDP, had been abusing yourself in front of computer display, you are one of those people that downloaded the malicious, I made a split-screen video, While you were watching the video, your web browser acted as, malware on the porn website and guess what, an unique pixel, you jerked off while watching an online video, When you pressed the play button the virus begins saving all the things thru, ja.scr, My malicious soft started your front cam, and also send the video link to all of yourfriends, I infected your gadget with a malware and now, AnywaysI downloaded all contacts, my program quickly got into your system, To a time where you jerk off watching","For the present moment I have at my disposal all, When you arouse sexually watching porno, In such a way all needed compromising material and contact, All information to yours SNSs user accounts, You watched sexual content portal and toss","Hello! WannaCry is back! All your, in front of the screen browsing adult stuff, As you flog the dummy watching, U are going to be offered 5 days after checking this notice, RAT 68006, the damnific malware, pastime and entertainment there, not my single victim, beat the dummy, buff the muffin, choke a chicken, front camera capturing video, with you frigging, with you chaturbating, with you masturbating, web digicam, U are going to have 5 dayss, i utilize just hacked wi, pressured this trojan to, glue a pair of videos, glue two videos, the RAT, if you want me to destroy this whole video, downloaded all contacts from your computer, your list of contacts or relatives will, I made a video that shows how you masturbate, hacked you through a virus in an ad on a porn website, my illiteracy, nоt mind on my illiterаcy, I рilfered all рrivy bаckground, videоtaре with yоur masturbаtion, my delеtеrious soft, cаmеra shооt the videоtaрe, you sеlf-аbusing, Differently I will send the video to all your colleagues and friends, your front-camera made the videotape with you self-abusing, RAT 98390 malware, the minute you went to one adult page, information to contact info I discovered on your devices and remember there is a lot of these, not including Double VPN As a result, I forced my malware to hook up to a mic, web camera and catch the video from it, poisoned a number of adult sites, video clip to fit on a single tv screen, This letter has invisible monitoring program inside and i will be aware of when you are going to check, doing ur stuff and a clip u jerked to, the investigation will last, I uploaded our malicious program on your device, furthermore malware saved exactly the video you chose, its a record with your wanking, friends will see u taking proper care of yourself, Your system is controlled by the malicious program, If you were more careful while playing with yourself, that whacking off to adult web-sites is, adult website which was poisoned with my malware, nor i think that jerking off to porn sites is really a gross thing, so I dgf lmao, proof just reply to this email with, if you want me to destroy all this compromising evidence, will send your video to 5 contacts, amount in Usd that can cope with this scenario, You are welcome to contact your local authorities, If you want proof, reply with, i pride myself in being apart of an internet group, so i dgf, I take good care of my being anonymous, information related to the RAT virus, been able get in to all ur units, to all of your contacts including, search engines like goo, case sensitive, so copy,, and at this moment I, It is a non-nego, don't waste my perso, thi s mes, back while visiting, showe ring, what should you do ?, porno webpage, this embarrassing situation, navigated to the page, bare-assed, on well-known websites and publications, I got an order from someone to kill you and your family, immediately kill your family, is an explosive device, My mercenary is, explosive device detonates, triggered your webcam, piquant websites, my exploit downloaded, replenish btc wallet, instantaneously erase, actual recorded material, neglect this email, my RAT trojan, video you jerked, I used keylogger, your disk dump, malware intercepts, installed a malware, remove your video footage, RAT onto your computer, greasy stimulating actions, excentric preferrables, porn web-page, to your Tax Department, network will be DDoS, friends, WannaCry, building a protection policy, in Tax Departament, Yours service going, we pass CloudFlare, hear fake-experts, backuped phone, -1663, of your joys, digits your phone, (porno), BIG pervert, both files and scale, naughty video clips, Soy un hacker, I installed spyware, n website with teen, malware on the porn website, very own recorded material""Marlware, international hacker group, No person has compensated, very own video clip, software on the adult, porno sitio, one of your pass word, specific pixel, sexual content web portal, a malware on the adult, a malware on the, double-screen, is a reasonable price tag for our little secret, you have a good taste lmao, I placed a malware on the adult vids, your browser began operating as a RDP, had been abusing yourself in front of computer display, you are one of those people that downloaded the malicious, I made a split-screen video, While you were watching the video, your web browser acted as, malware on the porn website and guess what, an unique pixel, you jerked off while watching an online video, When you pressed the play button the virus begins saving all the things thru, ja.scr, My malicious soft started your front cam, and also send the video link to all of yourfriends, I infected your gadget with a malware and now, AnywaysI downloaded all contacts, my program quickly got into your system, To a time where you jerk off watching","For the present moment I have at my disposal all, When you arouse sexually watching porno, In such a way all needed compromising material and contact, All information to yours SNSs user accounts, You watched sexual content portal and toss","Hello! WannaCry is back! All your, in front of the screen browsing adult stuff, As you flog the dummy watching, U are going to be offered 5 days after checking this notice, RAT 68006, the damnific malware, pastime and entertainment there, not my single victim, beat the dummy, buff the muffin, choke a chicken, front camera capturing video, with you frigging, with you chaturbating, with you masturbating, web digicam, U are going to have 5 dayss, i utilize just hacked wi, pressured this trojan to, glue a pair of videos, glue two videos, the RAT, if you want me to destroy this whole video, downloaded all contacts from your computer, your list of contacts or relatives will, I made a video that shows how you masturbate, hacked you through a virus in an ad on a porn website, my illiteracy, nоt mind on my illiterаcy, I рilfered all рrivy bаckground, videоtaре with yоur masturbаtion, my delеtеrious soft, cаmеra shооt the videоtaрe, you sеlf-аbusing, Differently I will send the video to all your colleagues and friends, your front-camera made the videotape with you self-abusing, RAT 98390 malware, the minute you went to one adult page, information to contact info I discovered on your devices and remember there is a lot of these, not including Double VPN As a result, I forced my malware to hook up to a mic, web camera and catch the video from it, poisoned a number of adult sites, video clip to fit on a single tv screen, This letter has invisible monitoring program inside and i will be aware of when you are going to check, doing ur stuff and a clip u jerked to, the investigation will last, I uploaded our malicious program on your device, furthermore malware saved exactly the video you chose, its a record with your wanking, friends will see u taking proper care of yourself, Your system is controlled by the malicious program, If you were more careful while playing with yourself, that whacking off to adult web-sites is, adult website which was poisoned with my malware, nor i think that jerking off to porn sites is really a gross thing, so I dgf lmao, proof just reply to this email with, if you want me to destroy all this compromising evidence, will send your video to 5 contacts, amount in Usd that can cope with this scenario, You are welcome to contact your local authorities, If you want proof, reply with, i pride myself in being apart of an internet group, so i dgf, I take good care of my being anonymous, information related to the RAT virus, been able get in to all ur units, to all of your contacts including, search engines like goo, case sensitive, so copy,, and at this moment I, It is a non-nego, don't waste my perso, thi s mes, back while visiting, showe ring, what should you do ?, porno webpage, this embarrassing situation, navigated to the page, bare-assed, on well-known websites and publications, I got an order from someone to kill you and your family, immediately kill your family, is an explosive device, My mercenary is, explosive device detonates, triggered your webcam, piquant websites, my exploit downloaded, replenish btc wallet, instantaneously erase, actual recorded material, neglect this email, my RAT trojan, video you jerked, I used keylogger, your disk dump, malware intercepts, installed a malware, remove your video footage, RAT onto your computer, greasy stimulating actions, excentric preferrables, porn web-page, to your Tax Department, network will be DDoS, friends, WannaCry, building a protection policy, in Tax Departament, Yours service going, we pass CloudFlare, hear fake-experts, backuped phone, -1663, of your joys, digits your phone, (porno), BIG pervert, both files and scale, naughty video clips, Soy un hacker, I installed spyware, n website with teen, malware on the porn website, very own recorded material, ιs yοur ραssρhrαse, after seeing the video of you jerking off, τhιηκ οf ιτ αs α dοηατιοη, split-screen video, 𝐄𝐧𝐭𝐢𝐫𝐞 𝐯𝐢𝐝𝐞𝐨 𝐜𝐥𝐢𝐩 𝐮𝐧𝐝𝐞𝐫𝐭𝐚𝐤𝐢𝐧𝐠 𝐫𝐚𝐮𝐧𝐜𝐡𝐲 𝐦𝐚𝐭𝐭𝐞𝐫𝐬, 𝐚𝐜𝐭𝐮𝐚𝐥𝐥𝐲 𝐞𝐧𝐭𝐞𝐫𝐞𝐝 𝐭𝐡𝐚𝐭 𝐩𝐨𝐫𝐧𝐨 𝐢𝐧𝐭𝐞𝐫𝐧𝐞𝐭 𝐬𝐢𝐭𝐞, 𝐇𝐨𝐰 𝐰𝐢𝐥𝐥 𝐲𝐨𝐮 𝐩𝐮𝐭 𝐭𝐨𝐠𝐞𝐭𝐡𝐞𝐫 𝐭𝐡𝐞 𝐩𝐚𝐲𝐦𝐞𝐧𝐭"
*These questions are sourced directly from Telegram Q: When you say RenVM is Trustless, Permissionless, and Decentralized, what does that actually mean? A: Trustless = RenVM is a virtual machine (a network of nodes, that do computations), this means if you ask RenVM to trade an asset via smart contract logic, it will. No trusted intermediary that holds assets or that you need to rely on. Because RenVM is a decentralized network and computes verified information in a secure environment, no single party can prevent users from sending funds in, withdrawing deposited funds, or computing information needed for updating outside ledgers. RenVM is an agnostic and autonomous virtual broker that holds your digital assets as they move between blockchains. Permissionless = RenVM is an open protocol; meaning anyone can use RenVM and any project can build with RenVM. You don't need anyone's permission, just plug RenVM into your dApp and you have interoperability. Decentralized = The nodes that power RenVM ( Darknodes) are scattered throughout the world. RenVM has a peak capacity of up to 10,000 Darknodes (due to REN’s token economics). Realistically, there will probably be 100 - 500 Darknodes run in the initial Mainnet phases, ample decentralized nonetheless. Q: Okay, so how can you prove this? A: The publication of our audit results will help prove the trustlessness piece; permissionless and decentralized can be proven today. Permissionless = https://github.com/renproject/ren-js Decentralized = https://chaosnet.renproject.io/ Q: How does Ren sMPC work? Sharmir's secret sharing? TSS? A: There is some confusion here that keeps arising so I will do my best to clarify.TL;DR: *SSS is just data. It’s what you do with the data that matters. RenVM uses sMPC on SSS to create TSS for ECDSA keys.*SSS and TSS aren’t fundamental different things. It’s kind of like asking: do you use numbers, or equations? Equations often (but not always) use numbers or at some point involve numbers. SSS by itself is just a way of representing secret data (like numbers). sMPC is how to generate and work with that data (like equations). One of the things you can do with that work is produce a form of TSS (this is what RenVM does). However, TSS is slightly different because it can also be done *without* SSS and sMPC. For example, BLS signatures don’t use SSS or sMPC but they are still a form of TSS. So, we say that RenVM uses SSS+sMPC because this is more specific than just saying TSS (and you can also do more with SSS+sMPC than just TSS). Specifically, all viable forms of turning ECDSA (a scheme that isn’t naturally threshold based) into a TSS needs SSS+sMPC. People often get confused about RenVM and claim “SSS can’t be used to sign transactions without making the private key whole again”. That’s a strange statement and shows a fundamental misunderstanding about what SSS is. To come back to our analogy, it’s like saying “numbers can’t be used to write a book”. That’s kind of true in a direct sense, but there are plenty of ways to encode a book as numbers and then it’s up to how you interpret (how you *use*) those numbers. This is exactly how this text I’m writing is appearing on your screen right now. SSS is just secret data. It doesn’t make sense to say that SSS *functions*. RenVM is what does the functioning. RenVM *uses* the SSSs to represent private keys. But these are generated and used and destroyed as part of sMPC. The keys are never whole at any point. Q: Thanks for the explanation. Based on my understanding of SSS, a trusted dealer does need to briefly put the key together. Is this not the case? A: Remember, SSS is just the representation of a secret. How you get from the secret to its representation is something else. There are many ways to do it. The simplest way is to have a “dealer” that knows the secret and gives out the shares. But, there are other ways. For example: we all act as dealers, and all give each other shares of our individual secret. If there are N of us, we now each have N shares (one from every person). Then we all individually add up the shares that we have. We now each have a share of a “global” secret that no one actually knows. We know this global secret is the sum of everyone’s individual secrets, but unless you know every individual’s secret you cannot know the global secret (even though you have all just collectively generates shares for it). This is an example of an sMPC generation of a random number with collusion resistance against all-but-one adversaries. Q: If you borrow Ren, you can profit from the opposite Ren gain. That means you could profit from breaking the network and from falling Ren price (because breaking the network, would cause Ren price to drop) (lower amount to be repaid, when the bond gets slashed) A: Yes, this is why it’s important there has a large number of Darknodes before moving to full decentralisation (large borrowing becomes harder). We’re exploring a few other options too, that should help prevent these kinds of issues. Q: What are RenVM’s Security and Liveliness parameters? A: These are discussed in detail in our Wiki, please check it out here: https://github.com/renproject/ren/wiki/Safety-and-Liveliness#analysis Q: What are the next blockchain under consideration for RenVM? A: These can be found here: https://github.com/renproject/ren/wiki/Supported-Blockchains Q: I've just read that Aztec is going to be live this month and currently tests txs with third parties. Are you going to participate in early access or you just more focused on bringing Ren to Subzero stage? A: At this stage, our entire focus is on Mainnet SubZero. But, we will definitely be following up on integrating with AZTEC once everything is out and stable. Q: So how does RenVM compare to tBTC, Thorchain, WBTC, etc..? A: An easy way to think about it is..RenVM’s functionality is a combination of tBTC (+ WBTC by extension), and Thorchain’s (proposed) capabilities... All wrapped into one. Just depends on what the end-user application wants to do with it. Q1: What are the core technical/security differences between RenVM and tBTC?A1: The algorithm used by tBTC faults if even one node goes offline at the wrong moment (and the whole “keep” of nodes can be penalised for this). RenVM can survive 1/3rd going offline at any point at any time. Advantage for tBTC is that collusion is harder, disadvantage is obviously availability and permissionlessness is lower. tBTC an only mint/burn lots of 1 BTC and requires an on-Ethereum SPV relay for Bitcoin headers (and for any other chain it adds). No real advantage trade-off IMO. tBTC has a liquidation mechanism that means nodes can have their bond liquidated because of ETH/BTC price ratio. Advantage means users can get 1 BTC worth of ETH. Disadvantage is it means tBTC is kind of a synthetic: needs a price feed, needs liquid markets for liquidation, users must accept exposure to ETH even if they only hold tBTC, nodes must stay collateralized or lose lots of ETH. RenVM doesn’t have this, and instead uses fees to prevent becoming under-collateralized. This requires a mature market, and assumed Darknodes will value their REN bonds fairly (based on revenue, not necessarily what they can sell it for at current —potentially manipulated—market value). That can be an advantage or disadvantage depending on how you feel. tBTC focuses more on the idea of a tokenized version of BTC that feels like an ERC20 to the user (and is). RenVM focuses more on letting the user interact with DeFi and use real BTC and real Bitcoin transactions to do so (still an ERC20 under the hood, but the UX is more fluid and integrated). Advantage of tBTC is that it’s probably easier to understand and that might mean better overall experience, disadvantage really comes back to that 1 BTC limit and the need for a more clunky minting/burning experience that might mean worse overall experience. Too early to tell, different projects taking different bets. tBTC supports BTC (I think they have ZEC these days too). RenVM supports BTC, BCH, and ZEC (docs discuss Matic, XRP, and LTC). Q2: This are my assumed differences between tBTC and RenVM, are they correct? Some key comparisons: -Both are vulnerable to oracle attacks -REN federation failure results in loss or theft of all funds -tBTC failures tend to result in frothy markets, but holders of tBTC are made whole -REN quorum rotation is new crypto, and relies on honest deletion of old key shares -tBTC rotates micro-quorums regularly without relying on honest deletion -tBTC relies on an SPV relay -REN relies on federation honesty to fill the relay's purpose -Both are brittle to deep reorgs, so expanding to weaker chains like ZEC is not clearly a good idea -REN may see total system failure as the result of a deep reorg, as it changes federation incentives significantly -tBTC may accidentally punish some honest micro-federations as the result of a deep reorg -REN generally has much more interaction between incentive models, as everything is mixed into the same pot. -tBTC is a large collection of small incentive models, while REN is a single complex incentive model A2: To correct some points: The oracle situation is different with RenVM, because the fee model is what determines the value of REN with respect to the cross-chain asset. This is the asset is what is used to pay the fee, so no external pricing is needed for it (because you only care about the ratio between REN and the cross-chain asset). RenVM does rotate quorums regularly, in fact more regularly than in tBTC (although there are micro-quorums, each deposit doesn’t get rotated as far as I know and sticks around for up to 6 months). This rotation involves rotations of the keys too, so it does not rely on honest deletion of key shares. Federated views of blockchains are easier to expand to support deep re-orgs (just get the nodes to wait for more blocks for that chain). SPV requires longer proofs which begins to scale more poorly. Not sure what you mean by “one big pot”, but there are multiple quorums so the failure of one is isolated from the failures of others. For example, if there are 10 shards supporting BTC and one of them fails, then this is equivalent to a sudden 10% fee being applied. Harsh, yes, but not total failure of the whole system (and doesn’t affect other assets). Would be interesting what RenVM would look like with lots more shards that are smaller. Failure becomes much more isolated and affects the overall network less. Further, the amount of tBTC you can mint is dependent on people who are long ETH and prefer locking it up in Keep for earning a smallish fee instead of putting it in Compound or leveraging with dydx. tBTC is competing for liquidity while RenVM isn't. Q: I understand correctly RenVM (sMPC) can get up to a 50% security threshold, can you tell me more? A: The best you can theoretically do with sMPC is 50-67% of the total value of REN used to bond Darknodes (RenVM will eventually work up to 50% and won’t go for 67% because we care about liveliness just as much as safety). As an example, if there’s $1M of REN currently locked up in bonded Darknodes you could have up to $500K of tokens shifted through RenVM at any one specific moment. You could do more than that in daily volume, but at any one moment this is the limit.Beyond this limit, you can still remain secure but you cannot assume that players are going to be acting to maximize their profit. Under this limit, a colluding group of adversaries has no incentive to subvert safety/liveliness properties because the cost to attack roughly outweighs the gain. Beyond this limit, you need to assume that players are behaving out of commitment to the network (not necessarily a bad assumption, but definitely weaker than the maximizing profits assumption). Q: Why is using ETH as collateral for RenVM a bad idea? A: Using ETH as collateral in this kind of system (like having to deposit say 20 ETH for a bond) would not make any sense because the collateral value would then fluctuate independently of what kind of value RenVM is providing. The REN token on the other hand directly correlates with the usage of RenVM which makes bonding with REN much more appropriate. DAI as a bond would not work as well because then you can't limit attackers with enough funds to launch as many darknodes as they want until they can attack the network. REN is limited in supply and therefore makes it harder to get enough of it without the price shooting up (making it much more expensive to attack as they would lose their bonds as well). A major advantage of Ren's specific usage of sMPC is that security can be regulated economically. All value (that's being interopped at least) passing through RenVM has explicit value. The network can self-regulate to ensure an attack is never worth it. Q: Given the fee model proposal/ceiling, might be a liquidity issue with renBTC. More demand than possible supply?A: I don’t think so. As renBTC is minted, the fees being earned by Darknodes go up, and therefore the value of REN goes up. Imagine that the demand is so great that the amount of renBTC is pushing close to 100% of the limit. This is a very loud and clear message to the Darknodes that they’re going to be earning good fees and that demand is high. Almost by definition, this means REN is worth more. Profits of the Darknodes, and therefore security of the network, is based solely on the use of the network (this is what you want because your network does not make or break on things outside the systems control). In a system like tBTC there are liquidity issues because you need to convince ETH holders to bond ETH and this is an external problem. Maybe ETH is pumping irrespective of tBTC use and people begin leaving tBTC to sell their ETH. Or, that ETH is dumping, and so tBTC nodes are either liquidated or all their profits are eaten by the fact that they have to be long on ETH (and tBTC holders cannot get their BTC back in this case). Feels real bad man. Q: I’m still wondering which asset people will choose: tbtc or renBTC? I’m assuming the fact that all tbtc is backed by eth + btc might make some people more comfortable with it. A: Maybe :) personally I’d rather know that my renBTC can always be turned back into BTC, and that my transactions will always go through. I also think there are many BTC holders that would rather not have to “believe in ETH” as an externality just to maximize use of their BTC. Q: How does the liquidation mechanism work? Can any party, including non-nodes act as liquidators? There needs to be a price feed for liquidation and to determine the minting fee - where does this price feed come from? A: RenVM does not have a liquidation mechanism. Q: I don’t understand how the price feeds for minting fees make sense. You are saying that the inputs for the fee curve depend on the amount of fees derived by the system. This is circular in a sense? A: By evaluating the REN based on the income you can get from bonding it and working. The only thing that drives REN value is the fact that REN can be bonded to allow work to be done to earn revenue. So any price feed (however you define it) is eventually rooted in the fees earned. Q: Who’s doing RenVM’s Security Audit? A: ChainSecurity | https://chainsecurity.com/ Q: Can you explain RenVM’s proposed fee model? A: The proposed fee model can be found here: https://github.com/renproject/ren/wiki/Safety-and-Liveliness#fees Q: Can you explain in more detail the difference between "execution" and "powering P2P Network". I think that these functions are somehow overlapping? Can you define in more detail what is "execution" and "powering P2P Network"? You also said that at later stages semi-core might still exist "as a secondary signature on everything (this can mathematically only increase security, because the fully decentralised signature is still needed)". What power will this secondary signature have? A: By execution we specifically mean signing things with the secret ECDSA keys. The P2P network is how every node communicates with every other node. The semi-core doesn’t have any “special powers”. If it stays, it would literally just be a second signature required (as opposed to the one signature required right now). This cannot affect safety, because the first signature is still required. Any attack you wanted to do would still have to succeed against the “normal” part of the network. This can affect liveliness, because the semi-core could decide not to sign. However, the semi-core follows the same rules as normal shards. The signature is tolerant to 1/3rd for both safety/liveliness. So, 1/3rd+ would have to decide to not sign. Members of the semi-core would be there under governance from the rest of our ecosystem. The idea is that members would be chosen for their external value. We’ve discussed in-depth the idea of L<3. But, if RenVM is used in MakerDAO, Compound, dYdX, Kyber, etc. it would be desirable to capture the value of these ecosystems too, not just the value of REN bonded. The semi-core as a second signature is a way to do this. Imagine if the members for those projects, because those projects want to help secure renBTC, because it’s used in their ecosystems. There is a very strong incentive for them to behave honestly. To attack RenVM you first have to attack the Darknodes “as per usual” (the current design), and then somehow convince 1/3rd of these projects to act dishonestly and collapse their own ecosystems and their own reputations. This is a very difficult thing to do. Worth reminding: the draft for this proposal isn’t finished. It would be great for everyone to give us their thoughts on GitHub when it is proposed, so we can keep a persistent record. Q: Which method or equation is used to calculate REN value based on fees? I'm interested in how REN value is calculated as well, to maintain the L < 3 ratio? A: We haven’t finalized this yet. But, at this stage, the plan is to have a smart contract that is controlled by the Darknodes. We want to wait to see how SubZero and Zero go before committing to a specific formulation, as this will give us a chance to bootstrap the network and field inputs from the Darknodes owners after the earnings they can make have become more apparent.
Vechain in the last 30 Days: Apotheosis, Blockchain X, BMW, University partnership, DApp ecosystem, BitOcean ICO, Carbon banking, Live use cases, Early adopter rewards and more
This post is for those who are new to Cryptocurrency or want to find out more about VeChain. The text "VeChain" has been banned in this subreddit for the last 30 days. For more details about the ban itself, please visit this cryptocurrencymeta post.Changes have been made and official channels of communications have been opened up to prevent this from happening in the future. All feedback is welcome, and all discussion is encouraged, but please no moon-posting, ridiculous price speculation or baseless FUD. Looking forward to answering any questions you guys have :) VeChain Foundation COO Kevin Feng is holding a Business AMA with Boxmining today, so new information is coming very soon.
VeChain is more than a supply chain solution
VeChainThor is a global enterprise level public blockchain platform
Focus on enterprise & government level adoption
Focus on safety and security
New DApps: VeVid, VeVOT and VeSCC - Foundation layer for new ecosystem
New ICO: BitOcean - Fiat/VET on-ramp
New partners: BMW, Yida Group, Australian 188 Business Alliance Association
New VeResearch partner: Awaiting formal announcement from University
New initiative: Carbon Bank alongside DNV GL, Tsinghua University, and government agencies
It has loads of useful information and a well produced introduction video. I would highly recommend reading through the website to get an idea of the scope of what VeChainThor is trying to accomplish.
"We are controlled by the few, the powerful and the greedy. We should be free. Free to choose, to trade, to create. It is time for a new world, a world founded on safety and security. A world where everything you do creates power, power for all. And you, you will decide the shape of this world. The power to change the future, is in your hands. VeChain." VeChain Introduction Video
What is Blockchain X?
Blockchain X is a global enterprise level public blockchain platform. VeChainThor is referring to their network/protocol as Blockchain X, to differentiate it from Bitcoin (Blockchain 1.0) and Ethereum (Blockchain 2.0 = Blockchain 1.0 + Smart Contracts).
Blockchain X = Blockchain 2.0 + IoT + AI + VET/VeThor = A living digital ecosystem
IoT = senses - touch, vision, taste, smell, sound (collect real world information from RFID/NFC/QR etc.)
VET/VeThor = bone marrow/blood - generate blood & circulate (value transfer on the network)
AI = brain - information synthesis (automation of network with deep learning)
VeChainThor: the top candidate for enterprise and government level adoption of Blockchain
VeChainThor has an extremely strong development plan geared towards enterprise and government level adoption. If successful in their execution, I see VeChain being the leading cryptoasset comparable to Ethereum in size. The reasons I believe they will succeed are due to their ecosystem development, innovative governance model, robust economic model and strong strategic partnerships. The evidence of their success is snowballing with each new enterprise level partner and client.
DApps & Ecosystem development
The infrastructure layer has adoption in mind at the very core. Governments and enterprises will prioritise safety and security before venturing into blockchain adoption. (Mentioned in the introduction video.) The core DApps, VeVID (Verified identity, KYC/AML), VeVOT (Voting, Governance tool) and VeSCC (Smart Contract Certification, Regulatory compliance) provide the safety and security that governments and enterprises will demand. Blockchain X will have built-in KYC/AML, Governance and Regulation compliance. This sets it apart from other protocols and ICO platforms.
The governance model is a balanced mix of decentralisation and centralisation. With problems such as Bitcoin's scaling debate, it appears that a purely decentralised governance structure may be inefficient. VeChain will use a new model of a decentralised system through centralised channels. The final decisions will be made in a decentralised democratic process through VeVOT by stakeholders with voting authority. I believe this model will be more widely adopted as it retains some of the efficient centralised channels that enterprise & government are familiar with, while still giving overall control to the network participants via a democratic voting system.
The two-token economic model splits the value in the network into VET and VeThor. VET's primary function is to generate VeThor. VeThor represents the underlying costs of using the VeChainThor blockchain. All smart contract execution and transactions will require payment with VeThor. Through the dynamic rate of VeThor generation, the fiat value of VeThor can be kept relatively stable. For example, if the VeThor price was too high due to an increase in enterprise demand, the VeThor generation rate can be increased, which increases supply, and brings the price back down. The opposite is also true if the VeThor price is too low. The way I see VET is a store of value, a representation of ownership of part of the network and the right to use the network. Whereas VeThor is the perfect medium of exchange and a pure utility token. By using a two-token system, VeThor can have a stable fiat value over a long period of time. A company will be able to calculate how much VeThor will be needed for a consistent fiat value year after year and will be able to budget for this. This is extremely useful for enterprise and government level adoption since it removes the inherent price volatility from a nascent market like crypto. VeChain also has a Node system, whereby holding VET generates additional rewards. Nodes of different levels will generate up to 200% additional VeThor compared to the base rate. This encourages long term staking in the network and decreases volatility. See the Apotheosis Part II article and X Series Node article for more information. A portion of VET supply will be locked up when nodes activate. Long term VET holders will not sell and downgrade their status. This decreased supply will lead to price increases. Early adopters (Deadline to stake: Before 20th March 2018) will be rewarded in the new X Series Node system. Features include exclusive participation in VeChain ecosystem project whitelists. (Something I'm excited about since I believe there will be a handful of reverse ICOs from traditional enterprise clients)
The three strategic partners each play a key role in VeChainThor's expansion. PWC has clients which make up 85% of the Fortune 500. DNV-GL is the preferred provider of those Fortune 500 companies for management systems certification services. PWC and DNV-GL will serve to introduce their enterprise clients to VeChain and increase adoption. BitOcean is positioning itself as a Fiat on-ramp for Crypto in Japan through physical ATMs and online exchanges, with approval by Japan's Financial Services Authority. BitOcean also plans to operate in China when regulations are finalised. BitOcean represents a Fiat/VET pairing that may serve to decouple VET/BTC and lead to independence of VET from the whims of BTC price.
Evidence of adoption to date: Existing clients & Investors
VeChain currently has 180 business opportunities in their pipeline for 2018 (compared to 4 use cases in 2016 and 22 in 2017). They have real uses cases and existing clients that range from medium to large enterprises. Revealed clients include Chinese Government Gui'an New Area project, BMW, Groupe Renault, DIG, Kuehne + Nagel, China Unicom, NRCC - State Tobacco, MLILY, Sunshine culture, Hubei Sanxin Cultural Media, Fanghuwang, YIDA future, Madeforgoods and iTaotaoke. Each of these partnerships deserve a detailed post on their own, they are all available on VeChain's Medium page. Taken together, it becomes clear what type of Ecosystem VeChainThor is trying to build. Jiangsu Printed Electronics and Xiamen Innov Information Technology are technology partners and I suspect will be mass producing the RFID/NFC chips. Breyer Capital and Fenbushi capital are the two featured investors on VeChain's website. Jim Breyer generally makes some pretty smart investment decisions. His only other crypto investments are Circle and Ethereum. Bonus news: This week they are presenting with DNV-GL a cold chain supply chain solution at the Global Food Safety Initiative conference 2018. Zoom in and you'll see VeChain Intelligent Control Display System. DNV-GL have also launched their new digital assurance solution, My Story™. Four top Italian wine producers are using My Story™ under supervision of the Italian wine authorities. Twitter and DNVGL link.
China is widely known to be anti-cryptocurrency but extremely pro-blockchain. China's "13th Five year plan 2016-2020" focuses on moving up in the value chain by abandoning old heavy industry and building up bases of modern information-intensive infrastructure, with blockchain and Smart Cities being a key technological focus. VeChain has achieved approval from the Government of the People's Republic of China with Gui'an New Area project, multiple mentions on state owned media (CCTV) and deals with state owned enterprises (China Tobacco). China will not fall behind in the international Blockchain race, they will finalise regulations and adopt Blockchain rapidly in the coming years. VeChain appears to be one of the leaders in the field, with their largest office in Shanghai and existing government connections.
Leader in the field
Last but not least, VeChain is leading the field in a number of areas.
Environmental responsibility: Carbon bank initiative with DNV-GL
In the interests of balanced discussion, I will update this section with skepticism I find in the comments below.
VeChain are working on a Whitepaper as part of their Q1 2018 goals. Information normally found in a Whitepaper has been made available through the development plan. I'm actually not too fussed about not having a whitepaper. For me evidence of enterprise adoption is a more useful indicator of how successful VeChainThor could be.
"No official wallet" "No Mainnet"
VeChainThor has been operating as a private blockchain since June 2016. Public VeChainThor Blockchain Launch, VeChain Wallet with VeThor Forge Function will be released in Q2 2018 according to the roadmap.
"VeChain are dumping their VET on the open market"
False FUD. Addressed by VeChain Foundation directly in the Official Telegram channel.
"Vote manipulation" "Shilling" "Brigading" "You're a paid shiller"
In the past VeChain Telegram Moderators wilfully participated in brigading, leading to the ban on the word "VeChain" for 30 days in cryptocurrency
It is difficult to differentiate manipulated behaviour and organic behaviour on Reddit, the moderators here do an amazing job getting rid of spam and detecting vote manipulation
The Official VeChain Foundation has stepped in to help Reddit moderators prevent VeChain vote manipulation
Official Telegram Rules: Brigading & Reddit links: We have a new policy regarding Reddit and 'brigading'. No brigading of any kind will be allowed. If you want to post a Reddit link, do so with the "np." prefix added to its URL, for example "np.reddit.com /CryptoCurrency". No spamming for upvotes, as it hurts both of our communities.
This is strictly enforced by Telegram moderators and results in a warning then an insta-ban for repeat offenders
The importance of being mindful of security at all times - nearly everyone is one breach away from total disaster
This is a long one - TL;DR at the end!
If you haven't heard yet: BlankMediaGames, makers of Town of Salem, have been breached which resulted in almost 8 million accounts being leaked. For most people, the first reaction is "lol so what it's just a game, why should I really care?" and that is the wrong way to look at it. I'd like to explain why everyone should always care whenever they are part of a breach. I'd also like to talk about some ways game developers - whether they work solo or on a team - can take easy steps to help protect themselves and their customers/players. First I'd like to state that there is no practical way to achieve 100% solid security to guarantee you'll never be breached or part of a breach. The goal here will be to get as close as possible, or comfortable, so that you can rest easy knowing you can deal with problems when they occur (not if, when).
Why You Should Care About Breaches
The sad reality is most people re-use the same password everywhere. Your email account, your bank account, your steam account, your reddit account, random forums and game websites - you get the idea. If you haven't pieced it together yet the implication is that if anyone gets your one password you use everywhere, it's game over for you - they now own all of your accounts (whether or not they know it yet). Keep in mind that your email account is basically the holy grail of passwords to have. Most websites handle password changes/resets through your email; thus anyone who can login to your email account can get access to pretty much any of your accounts anywhere. Game over, you lose.
But wait, why would anyone want to use my password? I'm nobody!
It doesn't matter, the bad guys sell this information to other bad guys. Bots are used to make as much use of these passwords as possible. If they can get into your bank they might try money transfers. If they get into your Amazon account they might spin up $80,000 worth of servers to mine Bitcoin (or whatever coin is popular at the time). They don't care who you are; it's all automated. By the way, according to this post (which looks believable enough to be real) this is pretty much how they got into the BMG servers initially. They checked for usernames/emails of admins on the BMG website(s) in previous breach dumps (of which there are many) and found at least one that used the same password on other sites - for their admin account! If you want to see how many of your accounts are already breached check out Have I Been Pwned - I recommend registering all of your email addresses as well so you get notified of future breaches. This is how I found out about the Town of Salem breach, myself.
How You Can Protect Yourself
Before I go into all the steps you can (and should) take to protect yourself I should note that security is in a constant tug of war with convenience. What this means is that the more security measures you apply the more inconvenienced you become for many tasks. It's up to you to decide how much is too much either way. First of all I strongly recommend registering your email(s) on https://haveibeenpwned.com/ - this is especially important if your email address is associated to important things like AWS, Steam developer account, bank accounts, social media, etc. You want to know ASAP when an account of yours is compromised so you can take steps to prevent or undo damage. Note that the bad guys have a head start on this!
You probably need to have better password hygiene. If you don't already, you need to make sure every account you have uses a different, unique, secure password. You should change these passwords at least once a year. Depending on how many accounts you have and how good your memory is, this is your first big security vs convenience trade-off battle. That's easily solved, though, by using a password manager. You can find a list of password managers on Wikipedia here or you can search around for some comparison articles. Some notable choices to consider:
1Password - recommend by Troy Hunt, creator of Have I Been Pwned
LastPass - I use this at work and it's generally good
BitWarden - free and open source! I use this at home and in some ways it's better than LastPass
KeePass (and forks) - free, open source, and totally offline; if you don't trust "the cloud" you can trade away some more convenience in exchange for taking full responsibility of your password security (and backups)
Regardless of which one you choose, any of them is 100x better than not using one at all.
The problem with all these passwords is that someone can still use them if they are found in a breach. Your passwords are only as strong as the website you use them on. In the case of the BMG breach mentioned above - all passwords were stored in an ancient format which has been insecure for years. It's likely that every single password in the breach can be reversed/cracked, or already have been. The next step you need to take is to make it harder for someone else to login with your password. This is done using Multi-Factor Authentication (or Two-Factor Authentication). Unfortunately not every website/service supports MFA/2FA, but you should still use it on every single one that does support it. You can check which sites support MFA/2FA here or dig around in account options on any particular site. You should setup MFA/2FA on your email account ASAP! If it's not supported, you need to switch to a provider that does support it. This is more important than your bank account! All of the big email providers support it: GMail, Outlook.com, Yahoo Mail, etc. The type of MFA/2FA you use depends on what is supported by each site/service, but there is a common approach that is compatible on many of them. Most of them involve phone apps because a phone is the most common and convenient "thing you have" that bad guys (or anyone, really) can't access easily. Time-based One-time Password or TOTP is probably the most commonly used method because it's easy to implement and can be used with many different apps. Google Authenticator was the first popular one, but it has some limitations which continue the security vs convenience battle - namely that getting a new phone is a super huge chore (no backup/restore option - you have to disable and setup each site all over again). Many alternatives support cloud backup which is really convenient, though obviously less secure by some measure. Notable choices to consider:
Authy - probably the first big/popular one after Google Authenticator came out (I think) - NOTE: They let you use it on your desktop/browser, too, but this is TOO much convenience! Don't fall for that trap.
LastPass Authenticator - conveniently links up with a LastPass account, some sites support extra features (like not needing to type a code, just answer a phone notification)
Yubikey - A real physical MFA device! Some models are compatible with phones, too.
Duo - this one is more geared towards enterprise, but they have a free option
Some sites/services use their own app, like Blizzard (battle.net) and Steam, and don't allow you to use other ones. You will probably have a few apps on your phone when all your accounts are setup, but it's worth it. You'll definitely want to enable it on your password manager as well if you chose a cloud-based one. Don't forget to save backup codes in an actual secure location! If you lose your backup codes and your auth app/physical key you will be locked out of accounts. It's really not fun recovering in that situation. Most recommendations are to print them and put in a fireproof safe, but using some other secure encrypted storage is fine. There is such a thing as bad MFA/2FA! However, anything is at least better than nothing. A lot of places still use SMS (text messaging) or e-mail for their MFA/2FA implementation. The e-mail one has the most obvious flaw: If someone gets into your email account they have defeated that security measure. The SMS flaws are less obvious and much less likely to affect you, but still a risk: SMS is trivial to intercept (capture data over the air (literally), clone your SIM card data, and some other methods). Still, if you're not a person of interest already, it's still better than nothing.
What Does This Have To Do With GameDev?
Yeah, I do know which subreddit I'm posting in! Here's the section that gets more into things specific to game development (or software development in general).
Secure Your Code
Securing your code actually has multiple meanings here: Securing access to your code, and ensuring your code itself is secure against exploitation. Let's start with access since that's the easier topic to cover! If you're not already using some form of Source Control Management (SCM) you really need to get on board! I'm not going to go in depth on that as it's a whole other topic to itself, but I'll assume you are using Git or Mercurial (hg) already and hosting it on one of these sites (or a similar one):
First, ensure that you have locked down who can access this code already. If you are using private repositories you need to make sure that the only people who have access are the people who need access (i.e. yourself and your team). Second, everyone should have strong passwords and MFA/2FA enabled on their accounts. If 1 person on the team does not follow good security practices it puts your whole project at risk! So make sure everyone on the team is following along. You can also look into tools to do some auditing and even automate it so that if anyone's account becomes less secure over time (say they turned off MFA one day) they would automatically lose their access. Additionally you should never commit secrets (passwords, API keys, tokens, social security numbers, etc) to your code repository. Probably 90% of cases where people have their AWS/Google Cloud/Azure accounts compromised and racking up huge bills for bitcoin mining is due to having their passwords/keys stored in their git repo. They either accidentally made it public or someone got access to the private repo through a compromised account. Never store sensitive information in your code repository! Next topic: Securing your code from vulnerabilities. This one is harder to talk about for game dev as most engines/frameworks are not as susceptible (for lack of a better word) to these situations as others. In a nutshell, you need to keep track of the following:
Is my code doing anything "dangerous"? (system-level stuff, memory access, saving passwords anywhere)
Could someone get the keys to the kingdom (API key, server password, etc) by just opening Cheat Engine and looking at memory values? Or doing a strings/hex edit/decompile/etc on my game executable?
Am I using outdated libraries/framework/engine? Do they have any known security bugs?
Secure Your Computer
I'm not going to go in depth on this one because at this point everyone should have a handle on this; if not there are limitless articles, blogs, and videos about the how/what/why. In summary: Keep everything updated, and don't open suspicious links.
Lock your computer when idle - use a password (or PIN or face unlock or whatever your OS uses) - no one should ever be able to walk up to your computer and use it if you're not looking, nor should they be able to get in if they grabbed your closed laptop off the table at starbucks (thanks u/3tt07kjt for reminding me of this one)
Use full disk encryption (especially on laptops)
Update your OS for security updates ASAP
Use anti-virus (yes, Windows Defender is fine) and keep it updated
Update your web browser ALWAYS (this is your 99% chance attack vector, so don't postpone it!)
Don't install browser extensions that you don't need - a LOT of extensions are either malware from the start or become malware later (my favorite emoji extension started mining bitcoins, FFS!) - check reviews regularly after extensions update
DO use adblock and privacy extensions - ads are a common attack vector - I recommend uBlock Origin and Privacy Badger at a minimum (note that some legit sites can break and so you'll have to fiddle with settings or whitelist)
Don't open suspicious or unknown links on e-mail, social media, discord, etc (be sure to hover over the links in this post before clicking them)
Don't open attachments, ever - unless you were expecting it from that person at that time
Don't fill out ANY forms (comments, login, registration, etc) on websites that don't have HTTPS (secure) connection - your browser will show this in the address bar, usually
In general, be suspicious of everything that comes from people you don't know - and even from people you do know if it was unexpected
E-Mail is (probably) the least secure form of communications ever invented - so try not to use it for sensitive things
Secure Your Website
I will have to add more to this later probably, but again there are tons of good articles, blogs, and videos on these topics. Hopefully the information in this section is enough to get you on the right track - if not feel free to ask for more info. Lots of guides can be found on Digital Ocean's site and they are relevant even if you don't use DO for your servers.
Use HTTPS (SSL/TLS) secure connections - it's FREE and EASY thanks to Let's Encrypt
KEEP EVERYTHING UPDATED - automate as much as you can
If you have control over the server, you MUST update the OS, the web server, and any backend application servers/languages/frameworks involved. Equifax breach was due to having out of date server software. BMG breach was worsened by having out of date server software. YOU MUST STAY UPDATED, ALWAYS
Don't store sensitive personal information - it's a huge pain to be PCI compliant, it's a huge fine if you mess it up - avoid storing any customer information that you don't actually need (see also: GDPR )
Do not allow access to SSH/Remote desktop/Database services from the whole world; the general public should only ever be able to reach ports 80 and 443 on your web server (and 80 should permanently redirect to HTTPS)
Use SSH keys instead of passwords on Linux servers
Don't run your own email server - it's just not worth it; use google apps for business, office 365, zoho, or something else for business email
Secure your domain registrar account! Don't lose your domain to a bad password or lack of MFA/2FA or an old email address! If your registrar doesn't support actual security then transfer to one that does. (namecheap, namesilo, google domains, amazon aws route53, even godaddy, the absolutely worst web company, has good security options)
A lot of this will apply to your game servers as well - really any kind of server you expect to setup.
That's it, for now
I ran out of steam while typing this all up after a couple hours, but I may revisit it later to add more info. Feel free to ask any questions about any of these topics and I'll do my best to answer them all.
TL;DR (y u words so much??)
Use a password manager so you can have different, random, secure passwords on every account on every website/service/game
Use MFA/2FA on every account, if possible
Lock your computer when idle/away
Use full disk encryption on laptops
Update your operating system (we all hate Windows Update, but it really is for our own good)
Use anti-virus (Windows Defender is fine)
Update your browser
Use good adblockeprivacy blocker browsers extensions
Don't use browser extensions that you don't really need (they could be a trojan horse of bitcoin mining later)
Don't trust anything sent by anyone, unless you were expecting it and know it's safe
E-mail is the least secure form of communications in use these days; don't trust it for sensitive things
Use source control for your game code (git, mercurial, etc)
Lock down access to your source code
Don't put secrets (passwords, API keys/tokens, social security numbers, credit card numbers) in your code repository
Don't do dumb things like store your AWS keys in your game for players to just find with simple tools
Check your code dependencies for security bugs, update them when needed
Use HTTPS on your website
Update your web server OS and software
Use secure password storage (don't reinvent this wheel, it's been solved by way smarter people)
Use SSH keys instead of passwords for Linux servers
Use a firewall to block the world from getting in with SSH/Remote desktop/database direct connections
Only allow your own IP address (which can change!) into the server for admin tasks
Don't run your own email server, let someone who knows what they are doing handle that for you
Secure your domain registrar account, keep email address up to date
... in general... in general... in general... I sure wrote those 2 words a lot.
Why Should I Trust This Post?
Hopefully I have provided enough information and good links in this post that you can trust the contents to be accurate (or mostly accurate). There is certainly enough information to do some searches on your own to find out how right or wrong I might be about these things. If you want my appeal to authority answer: I've been working at a major (network/computer) security company for almost 7 years as a software developer, and I've had to put up with pretty much every inconvenience brought on by security. I've also witnessed the aftermath of nearly every type of security failure covered in this post, via customers and the industry at large. None of the links I used are related to my employer or its products. Edit: Fixed some typos and added some more links More edit: added a few more points and links
All of the AMA questions/comments from the darkoverlord re: 9/11 insurance leak extortion here
Q: This doesn't seem like something a group that uses the darkweb would do in public. A: This is something we do. We can't speak for the others. This is our modus operandi. We like to do everything we can to squeeze every last coin out of our victims. We're financially motivated. For everyone else asking why we're not dumping it all, we have. It's available to torrent. Our official Press Release with more info is available here: pastebin.com/4F5R8QyQ Q: 9.8 gigs seems a lot for just documents. Does it include videos or audio recordings? A: We're withholding anything that isn't text-readable for now. Q: who did 9/11 in your opinion based on the docs? A: We don't really give a fuck. We want internet money. We've already released a select few documents to serve as proof of our claims. We're about to change the fucking world. Edward Snowden's NSA leak will be pale in comparison. Q: (ID: QYsiPYKc) A: When we deal with clients who have PoF, we provide such presentations. We're quite wealthy, earning hundreds of BTC per year in profit from our systematic cyber-extortion. GCHQ coined that term for us. You can read their advisory about this organisation. Q: Hi, thedarkoverlord, Have you considered that information may well be used crash the monetary system you hope to be compensated in? A: Fantastic question, mate. We're not concerned about that as we receive our payments only in internet money like Bitcoin. The monetary crash will be your problem. We always advise our clients to diversify and acquire different convertible currencies. Q: Explain attack vector that lead to initial shell. Web based? Misconfigired service? Well known exploit? A: Nice try, Mandiant. Q: How? You stated that your intent was to sell it to the highest bidder. That just means that it will get buried. A: We're financially motivated. We're not motivated by saving the planet. Q: Waiting for overlords dead man switch A: We have several layers of 'dead man's switches' deployed. This is why the entire archive we'd plan to release is freely downloadable now. We're sitting on our high entropy master encryption keys that can be released through even a failure of the organisation. Q: The thing is, I (and few others) are willing to pay. Provided that OP understands at least basics how such trades are executed. A: We're highly reputable, having sold hundreds of BTC worth of intellectual property, R&D, databases, and more. Our official contact details are in our office Press Release. Please contact us using PGP. We'll happily conform to your requirements to substantiate our loot. Q: if you DO get paid then we can assume the world's not save because you'd not release them right? A: That's correct. We're not here to save the world. We're here to get paid internet money. We're not motivated by ego or charity, only money. Q: Hey thedarkoverlord, give us something for free you poofters. A: We already have. Pay attention, fag. For everyone speaking about the hack of a global insurer, you should understand how sophisticated litigation works. We're sitting on SSI and SCI from TSA, FBI, FAA, USDOJ, and others. Refer to our official PR for more information. Q: Thoughts on Cicada 3301 and WikiLeaks? particularly who is behind Cicada? A: We don't speculate on other organisations. We focus on ourselves. Q: Do you have a timeline you can disclose for releasing each layer? A: There is a timeline, but we can't share details about that. Q: Your group could have chosen to privately auction this info to the same exact bidders you will likely get through these public antics. That makes me question your timing. Why disrupt our system of things and way of life now ( assuming your I do is as world changing as you state)? Why now? A: Tis the season. Q: I don't give a shit what he wants I'll kick in 20 bucks for anything that peaks my interest one single doc to prove it's not a nothing burger with no strings attached I've been sitting on btc since 50 btc blocks. A: Ff you'd like to be the first person to purchase a single file or two from us, you're welcome to. We'd happily sell you something right now. Our Twitter has our e-mail on it. Get in contact, mate. Q: what would anyone who is selling world shattering documents for millions of dollars try selling them on 4chan? A: We're not selling anything on 4chan. We're working SEO right now. Google 'thedarkoverlord' and see for yourself. It's driving a tremendous amount of traffic to our content. This is all calculated and pre-arranged. Q: Fuck yeah based hackerman. I read the release, make those fuckers pay for breaking the deal. They should pay extra just for being so stupid to let you find anything in their network in the first place. Too easy probably, IT people are lazy as fuck. Get paid. A: We've probably hacked your company too. Q: I'd be willing to chip in with others to see it if I was sure it would be world shaking info. Not something the average person would change the TV when it came up on the news. On a scale of 1-10 how system breaking is the info? A: You're the smart one here, asking the right questions. We'd say it's a 7.5, all things considered. Snowden may have been a 5.5, maybe a 6. More people care about 911 than USA spying. Now, our next release about UFOs, yeah, that's a 10 mate, but it's going to wait until we're done here. If you'd like to buy 911 documents from us, read the answers above. Anyone can see ample proof on our official PR and our official Twitter @tdo_h4ck3rs. This is quiet real. We'd like to top Edward Snowden. Everyone saying they're coming for us: we know. GCHQ has published advisories about us and the Billings Gazette news publisher leaked the fact that the CIA and NSA event attempted to locate us last year in October after we closed down 50.000 students and 36 schools in an entire region of Montana for 7 days. This is readily available news. Q: Actually appears legit. On a scale of 1 to 10, how likely do you think it is that your leak could cause a former-sitting president to get lynched? Also, hope your DMS shoots to a Blockchian. A: We'd rather not say, for fear of his safety. We'll be sharing a few new screencaps momentarily, to stir the pot a bit. Q: why are you doing ransom instead of exploiting this information for insider trading A: We're experts in systematic cyber-extortion, according to GCHQ. We do what we're best at. Q: Do you have anything really damaging on Hillary or Obama? A: We're unwilling to answer this question. Q: Holy kek, FreeBSD is one of the most insecure OS, no joke. A: We utilise Windows Embedded. Q: That's a bit of a lame answer. Why pick a risky strategy like cyber extortion, when you can stay under the radar, and do insider trading from a beach in Asia? A: We don't discuss out TTPs in public. Q: So given your financial motivation, is it safe to assume you’re “group” is more anarchy than order? That is to say, are you looking to shift power,take power, or destroy power? A: We're not interested in power, only internet money. Q: Their answer here will actually clue in their degree of technical competency. I'd add - justify why it will reach this price. A: We haven't shared a price, at all. Depending on what a buyer would like, we adjust our offer. Q: Iron Mountain is a military base. Why is a WTC Insurer shredding documents on it? A: Great question. We'll direct you to ur official PR which details it. We'll quote the issue for you below: "When major incidents like the WTC 911 incident happen, part of the litigation must involve SSI (Sensitive Security Information) and SCI (Special Compartment Information) from the likes of the FBI, CIA, TSA, FAA, DOD, and others being introduced into evidence, but of course this can't become public, for fear of compromising a nation's security, so they temporarily release these materials to the solicitor firms involved in the litigation with the strict demand they're destroyed after their use and that remain highly protected and confidential to only be used behind closed doors. However, humans aren't perfect and many of these documents don't become destroyed, and when thedarkoverlord comes along hacking all these solicitor firms, investment banks, and global insurers, we stumble upon the juiciest secrets a government has to offer." Q: Hey do you take hack requests? I have a couple of bitcoins... A: Visit our official Twitter @tdo_h4ck3rs where our contact details are readily available. We operate on a strict protocol and often times require bonding. Q: why leak on new years eve A: Because it forces about a dozen Fortune 500 companies in the UK and USA to build damage control and COA plans on their New Years holiday, robbing them of any pleasure and bringing in their new year at a new low. Q: if i purchase the doc's, whats stopping me uploading it everywhere? will you guys get annoyed? A: Once we're paid, they're yours. You do as we you wish. We couldn't care any less. Q: yeah has there been any strange shit happening that makes you think they're on to you or that you've being targetted already? A: Other than them telling victims to pay us because it's the best move to save their arses, we sleep like babies. Q: Likes,kind of a career ending big heist, don't you think? A: We already live like the ending of a great heist movie, on warm beaches with loads of internet money. We're quite happy. Q: Why do you care about their pleasure or them starting new year at all time low, thought this was all just business? A: It's all business. Psychologically, they're most vulnerable when this process is used and it resutls in higher success rates for us. Q: Apparently the guy they caught was in Serbia. A: A complete random stranger. Q: The question about crypto was good, do you have any predictions about BTC next year and do you think it's still the best currency to invest in? A: We predict we'll earn even more BTC. As our clients are paying us while we have them bent over a barrel, we always advise them to buy up for their personal portfolios. Q: Do you have a deadman set up A: We do.
#HEX Snapshot WARNING : 2 weeks! December 2nd 0:00:00 UTC
UPDATE : Sunday, November 17th, 2019. The time of the HEX snapshot has finally been announced!!! Below is the official announcement quoting Richard Heart. ∞ The HEX.win snapshot will occurDecember 2ndat thefirst Bitcoin blockminedafter 00:00:00 UTC. You musthave access to the private keys to your Bitcoin addresshaving a balance at that exact blockheightto be able to submit a claim after. If you have a normal or segwit bitcoin address, you are very likely to be eligible to claim. https://www.timeanddate.com/countdown/generic?iso=20191202T00&p0=1440&msg=HEX.win%20Bitcoin%20Snapshot&font=sanserif To read more about which addresses are eligible, please visithttps://hex.win/techspecs.html. The HEX contract will be targeted for launch at 00:00:00 UTC the next day after the snapshot. You will have a day to gather up ETH and convert BTC into ETH to join the Adoption Amplifier on day 1. This way you can both FreeClaim and then transform the BTC to ETH to transform into HEX via the AA system. If you don’t already have BTC it’s very likely you will make much more HEX buying ETH to send to the AA system, than by buying BTC just to FreeClaim with it. The math is here:https://hex.win/adoption-amplifier.html https://preview.redd.it/4c4x95k9n7z31.png?width=1782&format=png&auto=webp&s=05c83554f473d91ae62300f619391b3b409045a5 ∞ That’s it! Get ready! 2 weeks! Remember to use my referral link if I helped you to learn about HEX! We both benefit more! https://hex.win/?r=0xF8656b3f2c0D0bEd70d7276fdEC6BD082263437A ••• Read further if you are interested in the fundamental reason you want to be involved with HEX. https://hex.win/?r=0xF8656b3f2c0D0bEd70d7276fdEC6BD082263437A If I am bringing you HEX now for more or less the first time and you are convinced of the fundamental reason after you have read this article that you should get involved with HEX then kindly use my referral link because, after all, I brought it to your attention, plus you not only I benefit! You get an extra 10% HEX when you claim using a referral link versus not using one. So how does it work. Basically, anyone holding Bitcoin at the exact time and blockheight of the Bitcoin blockchain of the HEX snapshot will be able to claim free HEX ERC-20 tokens into an Ethereum address you own. Without referral bonuses and all the rest of the bonuses the ratio is 10000 HEX : 1 BTC. I don’t care how much BTC you have or how little you think you have, you must claim or you will be crying later I guarantee it. Free will exists of course, and not paying attention does have consequences. However, there is absolutely nothing to lose by claiming HEX which you will only have a certain amount of time from the snapshot to claim (51 weeks) and the longer you wait, the less HEX you are able to claim designedly so. If HEX is successful it will be #2 next to Bitcoin in a few years. I will explore speculative possibilities of this later on. I will help everyone be sure to be able to claim on Day 0 to maximize our bonuses. HEX is the most brilliant project in all of cryptocurrency. I don’t care if anyone claims otherwise, for what more common financial service or product is there in the whole world besides currency? Certificate of Deposit, aka Time Deposit, which is essentially the ability to “stake” capital for a contracted length of time, and in exchange the counter-party bank compensates you for your “risk” or your “investment” into their centralized system, by “guaranteeing” interest paid in return to you as per terms and conditions of aforementioned contract. HEX is a stroke of genius that has gone largely unrecognized in the crypto space. Mainly I surmise because some people deplore Richard Heart for how successful he’s been in the past, plus how generally right he’s been about many things which particularly unintelligent people hate and fail to appreciate, and how idiots defined as idiots because they don’t even examine the project objectively because they just can’t stand Heart for whatever stupid reason. They think Richard Heart is arrogant? No, it is they that are arrogant that deny the tremendous possibility HEX represents and may accomplish. So they refuse like close-minded people do to even consider the possibilities of such a project as Hex. People like that deserve to stay broke or get broke. Why is HEX so brilliant? Well first have a review of what is a traditional Certificate of Deposit. https://everipedia.org/wiki/lang_en/Certificate_of_deposit Who needs a traditional fiat-based Certificate of Deposit anymore? It makes zero sense now that we have the smart-contracted trustless-interest functionality enabled by cryptography and inimitably clever game theoretics, a novel invention that will rapidly enough emerge and burst onto the theater of crypto, HEX. Well how much money in the world is currently bonded up into contracts, these so-called Certificate of Deposits (more accurately called time deposits)? According to Richard Heart the number is $7 trillion between the United States and China alone! Wait a minute, what was the market cap of Bitcoin when it was $20k in December 2017? Well not even half a trillion. Pathetic! Remember when? So why am I mentioning Bitcoin’s previous ATH marketcap? Because to imagine the fullest possibility of HEX we have to imagine the fullest possibility of Bitcoin. Obviously Bitcoin when going down for ages everything else sinks incalculably faster! On the other hand when Bitcoin is in a bull run for multiple years culminating in an explosion of energy which it blows off at the “top” everything else is rising and exploding also like fireworks, the sounds of millions at once getting REKT, by the so-called dumping of whales of their favorite “shitcoins” on their frightful heads as they are left eternally weeping over heavy bags chanting “how did the government let this happen!” The point is Bitcoin will continue as it has in the past in cycles, which is part and parcel of the design of it by Bitcoin’s creator, Satoshi Nakamoto, profound genius, probably deceased. If we can imagine that Bitcoin will as Trace Mayer calls it as “a blackhole on the world’s balance sheet” to continue to function as such, it will voraciously proceed to eat every single fiat currency of the world out of existence. Bitcoin is an intelligence test and a solution to the problem of power. Where power can corrupt, it must corrupt, because power corrupts only those that love having it most, and obviously, who enjoys most working to possess more and more power? Think just what am I advocating for? To what principle or philosophy is my devotion, or am I just a loyal slave to the “hand that pays my salary I shall not question”? Cryptocurrency is ultimately about FREEDOM. We’ve already won this is what few understand. How does the saying go, “first they deny and laugh at you, then they fight you, and then you win.” Bitcoin is destined to be valued at, in today’s dollar terms, trillions upon trillions of dollars. Anyone who suggests otherwise just don’t get it, because perhaps they just can’t get it. https://www.bitcoin.kn/ https://digitalik.net/btc/sf_model What’s the speculative highly approximated math? 18,000,000 Bitcoin * $1,000,000 = $18,000,000,000,000 Is that possible? Definitely. How soon, who knows. Why is this relevant to HEX? Because I am trying to imagine what the marketcap of HEX would be 5 years out, 10 years out, 15 years out. And how am I supposed to do that except to use Bitcoin as a basis? I don’t care in the slightest what the marketcap valuation of HEX is in terms of U.S. Dollars. Who cares? Do you really expect the US Dollar to still have the same purchasing power it does today in the near to far future? The answer is simply that it will not for reasons you can learn from Andreas Antonopolous, a gifted patient educator on the beauty and elegance of the invention of bitcoin and its implications on the world. Now, these speculations are necessary to estimate the potential marketcap of HEX. We know there exists $7 trillion in conventional CDs between the United States and China. That’s the market demand in other words strictly in terms of US Dollars and not even including all the other currencies. Obviously all of that isn’t going to dump into HEX overnight. However, long term that is definitely the potential. What’s going to happen as the dollar loses global hegemony? What is going to be the value of those conventional CDs then? Will the market, i.e. the demand, just disappear? Of course not, it will just find the next best thing, which will just so happen to be HEX, which is designed to specifically replace those CD’s by a technologically superior mechanism that decentralizes the same functionality offered by banks. Not to mention the fact that people who would have otherwise been privy to CDs but couldn’t because of certain stupid limitations imposed on them by the banks will now have the same opportunity permissionlessly available to them via HEX. I think Bitcoin can easily be $1,000,000 in the next 10 years, but what about 15 years, maybe $10,000,000? Why 15 years? Because with HEX you are given the option to set your trustless-interest yielding time-deposits for up to 15 years! And all I care about at the end of the day when my stakes have completed the set time is not the value of HEX in terms of dollars but in terms of Bitcoin. How many satoshi’s is 1 HEX? My argument or suggestion is just this : Given the market that HEX, as an innovative technology which obsoletizes traditional CD’s, dares to claim and probably even exceed by far, it is not unreasonable to speculate that HEX could very well become #2 next to Bitcoin in the future. HEX Time-Deposit trustless-interest functionality will make CD's obsolete. What am I saying here? I’m saying in the future, we won’t be measuring different cryptos against each other in terms of their dollar values but rather in terms of their satoshi values, or bitcoin values. And I think HEX at that point will comprise anywhere in a range of 5%-15% the marketcap of bitcoin itself, for the value of HEX in terms of bitcoin will be such that it is as IF 5%-15% of the bitcoin marketcap was locked in HEX. Obviously HEX is its own currency, however what is it measured against? The answer can only be bitcoin. So if I want to know what the marketcap of HEX in bitcoin would be in 15 years, I just have to guess what the marketcap of BTC will be in 15 years. As aforementioned, BTC if would be $1,000,000 implies a marketcap of very roughly $18 Trillion. 5%-15% of $18 Trillion is $0.9 Trillion — $2.7 Trillion. How soon would Bitcoin be $1,000,000 though? Who knows. The time is the unknown variable, we already know the potential, the question isn’t how or what, is when. But I’d estimate less than 10 years. With HEX, stakes can be set for up to 15 years. Daresay Bitcoin could be valued at $10,000,000 in 15 years? That would be equal to roughly $180 Trillion. Could it? Supposing it would for imagination’s sake, what would the marketcap in % of Bitcoin’s marketcap be the value of HEX? 5%-15% of $180 Trillion is $9 Trillion — $27 Trillion. Conclusively the argument is clear, simply that HEX has the potential to fulfill an incredible demand for time-deposits in the near and distant future as slowly CD’s become antiquated and laughably inferior in terms of profitability versus the technologically superior alternative that is a crypto no one requires any permission to use and can be anyone, anywhere, anytime. Not only that, it also unlocks the capacity for absolutely everyone to come online and use a tool that does not discriminate against anyone. No accreditation required. No permission necessary. All you need is capital, a trustless contract, and patience, and now you have the ability to make time your friend. https://hex.win/?r=0xF8656b3f2c0D0bEd70d7276fdEC6BD082263437A ••• #HEX #cryptocurrency #time-deposit #trustless-interest
QuarkChain (QKC): Why I'd Rather Burn my Money than Contribute to this ICO
Taken from: https://satoshi.blog/2018/05/24/quarkchain-qkc-burn-money/ At least in this case i’ll be responsible for my loss of money. For me this is not a worthy ICO but that doesn’t mean it’s the same for you. Do your own research as usual. If you haven’t heard about QuarkChain (QKC) by now(I doubt it!), it is yet another blockchain promising a very high throughput. The key difference of their blockchain compared to the already existing ones? QuarkChain adopts the divide-and-conquer idea to separate the two main functions in two layers with the goal of a better scalability while guaranteeing security. The network thus has two layers of blockchains:
The Sharding layer (shard)
This layer contains an elastic number of blockchains (shards). Each shard processes a portion of all transactions independently. This process increases the system capacity. The Casper Protocol being built for Ethereum to scale the network will be using sharding.
The Root Blockchain (rootchain)
The rootchain’s responsibility is to confirm all blocks from sharded blockchains. 📷 Their blockchain would supposedly be able to support cross-chain transactions since the transaction from another blockchain could be implemented by converting the tokens by an adapter. The QuarkChain Network should also be able to support smart contracts via Ethereum virtual Machine. This is the big picture of the project, i’ll let you go through the white paper if you want more information. I’ll concentrate my efforts on the multiple red flags i’ve encountered while trying to make sense of the project.
The Red Flags
You can see the token distribution below. First, 2B QKC are available for investors. Participants of the private sale get 75% of it with a 25% bonus while ICO participants get 25%. Classy. There is a slow release of tokens but only 7 months after the sale, private sale participants will have been able to dump all of their tokens. The mainnet is set to be released in Q4 2018(it will probably be later than that since most projects have difficulties respecting schedules) So private sale participants will probably have been able to sell their entire stack before the product is even released to the public. Makes perfect sense, right? 📷 📷 Then the other 80% of the total supply is, as we can see on the picture above, divided between the team, the foundation, the advisors, mining(Oh we need tokens to mine now?), community and marketing. I don’t know about you but I think it’s pretty vague and when I invest in a project I like to know where the money will go. As mentioned before, the community will get some of the tokens. To be able to get in the ICO, it is kind of a lottery system where participants get a rating based on:
Timestamp of Telegram join date
Understanding of the project
Contribution to the project
The last part is a bit ridiculous because it creates an incentive for potential investors to portray the project only in a good light in order to maybe be able to get a piece of the pie. Also, I think it’s important to mention that Ian Balina participated in the private sale. I’ll just leave it at that. He’s in it for the technology, right?
Potential attacks on the network
In the whitepaper it is mentioned that the root chain has a significantly large portion(over 50%) of hash power over the whole network. A malicious miner only needs 25%(50% * 50%) of the hash power to perform an attack on the network. What if the hash power on the root chain is even lower? It seems like attacking this network would be way too easy. We have seen recent events of 51% attacks on Bitcoin Goldand Verge. The number of different blockchains is going up at an alarming rate so the total available hash rate is spread around, making this kind of event even more likely for new projects. Blockchains just can’t tolerate the fact that someone with 25% of the hash rate can perform a malicious attack on the network.
GitHub and transactions per second (TPS)
They have a GitHub profile but it is private. Why would they do R&D, say that they have a good prototype but not show anything about it? In the whitepaper, they say the network will be able to do 100 000 TPS. Okay, and then on their website it is mentioned that for their latest testnet trial run they obtained a number of 2279 TPS. Where’s the logic behind this? Investors have no way to know what they’re investing in since the whitepaper is vague and the technology behind the project is not well explained.
The token will be used as fuel for the network, like most blockchain platforms do. Even after reading the whitepaper, incentives to hold the tokens are not clear. Apparently, and I quote
The essence of the virtual currency is the value carrier, which is the most important attribute of QKC.
How can the main value of a brand new cryptocurrency be attributed to its ability to carry value? In my previous article How to Analyze ICOs I mentioned I don’t analyze a project in its entirety if there are too many red flags. I’m out.
Hello, I am going to run through some of the more prominent disinformation that has been thrown around in regards to Julian Assange and Wikileaks since the middle of October. This mega thread will hopefully dispel some of the more prominent and recurring arguments that have popped up over the last few months. If there is something here that needs to be added or was discussed incorrectly please let me know in the comments.
Eta Numeris Through exhaustive research I have found that the origin of the eta numeris key dump is from the chans. Reliability of information from the chans is often questionable. Sometimes they come up with something significant because you can't easily prove who posts something. So far nothing meaningful has come from these keys. There has been some research into them including some questionable translations to a language that Julian doesn't even know. It's likely these were posted by someone who was just larping. The very first time these were posted was here which can be considered non-credible information especially considering nothing has come from these "keys" since being released.
This is an obvious confusion promoted by the black-PR campaign against WikiLeaks and those it has manipulated. Pre-commitment hashes are not the same as download hashes. The pre-commmit hashes were issued in a completely different manner and are applied on decryption not before. So the "usual" argument is an obvious falsehood. It also makes no motivational sense. Why would anyone publish obviously bogus hashes? The whole point is that they can be easily checked. Link to quote
Riseup Canary The Riseup canary not being updated is definitely still a concern. However, its relation to Wikileaks is less of a problem. While they have a Riseup e-mail associated with their twitter account they also have what appears to be a wikileaks e-mail address. For a group like Wikileaks it would be trivial for them to setup their own private e-mail server and most likely use some form of PGP or other encryption to communicate safely. If the CIA/FBI/NSA/GCHQ took down Riseup to gain access to their twitter it sounds like a roundabout way to do it. They could simply ask Twitter to help with an investigation. So far there is no evidence that their twitter has been compromised. Julian himself mentioned the Riseup canary in the latest interview as well. Explaining that they assume all e-mail services are compromised. Here is a good article explaining everything to do with Riseup.
PGP signed documents Wikileaks provides a public editorial PGP key for leakers. This is an added security on top of their own submission page for leaking. Only those within Wikileaks will be able to decrypt it. This key is not used for signing documents and there is no evidence that it has ever been used to sign a document or file. Julian said himself that no leaks are released from the Ecuadorian Embassy. This suggests that he himself does not have access to the PGP key which would pose a real risk for himself. He has to do whatever Ecuador asks him in order to keep his assylum there. That is the only thing protecting him right now.
If anyone bad was in control of WikiLeaks submission key and I was under duress they could produce such a message providing fake assurance. So useless. But we also do not use our submission key like that and nor would it be appropriate to change how we secure such keys. Link to quote
Insurance Files The insurance files are released to "Protect future publications" as Julian said, "Wikileaks as an organization does not want to fail." The insurance files are created to protect the contents of future leaks and publications. In the event ALL of Wikileaks is under a serious and severe threat the keys may be released. The reason these files are not released immediately is because they have either not been confirmed or are not ready for public release. The Stochastic Terminator Algorithm is designed to release the documents at the most impactful time. Here is a tweet talking about protecting future publications.
Hannity interview The Hannity interview used some questionable video angles that lead some people to think that it was fake. I worked out the camera angles in that room that explains the strange sizes of Hannity and Julian. here is an image that explains the most likely position of the cameras, Julian, and Hannity. The issues of lighting is understood when you realize that the room likely has the room lighting as well as the production lighting. This would produce conflicting shadows. The painting on the mantle is just sitting on top and not hanging so the object to its left casts a shadow in behind the painting.
Snowden tweets The Snowden tweet contained a hash to a file so that the receiving party can verify that it is the proper file. It just so happens that the hash also leads to the wallet address for a bitcoin wallet. This is not really a strange revelation. Some discussion on it can be found here.
WikiLeaks in tweets Tuesday morning alleged that U.S. Secretary of State John Kerry had asked Ecuador to stop Assange from publishing documents about Clinton last month during peace negotiations in Colombia with the FARC rebel group.
Fox reports arrested October 18 in matter of hours The main stream media often makes mistakes. The clip talking about Julian being "arrested maybe in a matter of hours" is the sort of click bait headline that most news organizations try to use to get viewers attention. It was a mistake and they most likely pulled the story form a random thread online without verifying their source first. They have not gone back to retract that statement nor would they considering it was meant to garner attention to the story. Most likely to bring attention to the fact that his internet has been cut out. Video showing proof that FOX did state that Julian will be arrested in a matter of hours.
Changed timestamps to 1984 Changing the timestamps to 1984 is interesting but is not something specific to Octobers events. Archived copies of the website show the same date as far back as 2015 and perhaps earlier as well. The only thing to take away from it is that Julian is in isolation inside the embassy and most likely feels like he is in Room 101. The amount of pressure on him and to keep him in isolation is reminiscent of room 101 from 1984. While not being directly tortured he probably feels like room 101 is the next step from where he is right now. He probably feels like he is in the ministry of love right now and room 101 is where he's going to end up next unless the situation changes. Here is a link to archive.is showing that Wikileaks has had the 1984 date since June 2015.
DDOS The massive DDOS attack on October 21, 2016 was largely aimed at the United States. Most of the US internet went down on that day and was later claimed by Anonymous although this has not been confirmed. Anonymous claims that it was in retaliation for removing Julian Assange's internet access in the Ecuadorian Embassy.Here is a link discussing the massive DDOS attack in October
Missing Podesta e-mails The missing Podesta e-mails are not terribly suspicious. There were releases all through November from the Podesta e-mails and yes there is some missing. When the files were removed from file.wikileaks.org it's likely they were working on updating a full archive of all of them. They may have also received an order preventing them from hosting the information either on their site or some of their mirror sites were asked to take them down. Most of the e-mails are still readable on the main site and accessible by searching. Perhaps there's still more to come.
XKeyscore The evidence we have on XKeyscore suggest that it is capable of viewing information sent online. There is nothing to suggest that it can be used to intercept and censor information in real time. I have verified this myself. There are some transactions in the bitcoin blockchain that contain links to illegal content from 2013. These links are not viewable on https://cryptograffiti.info nor are they on https://bitcoinstrings.com/ However they are still on https://blockchain.info although encoded as hex. The idea that xkeyscore can find something and remove it in real time is not likely and the amount of power required to do so is incredible and not currently attainable. One has to remember that the most advanced technology we have is being researched and not applied by our intelligence agencies just yet. There may be something they have that we don't know about but it's not likely. The best technologies are in the hands of the scientists developing it right now.Here is an article discussing XKeyscore.
Anonymous Videos The Anonymous videos are questionable. It's trivial for anyone including a CIA/FBI/NSA operative to create one to form their own narrative. Anonymous is just a mask anyone can put on and anyone can be part of at any time. So anyone can make a video discussing what they want under the Anonymous name. A good example of this is the @YourAnonCentral twitter account which until 2 years talked about Julian Assange in good light but has recently stated they "don't give a shit about Snowden." Article talking about the change in YourAnonCentral
Blockchain key release There is no evidence to suggest that the keys have been released in the blockchain. I have helped build tools to search for almost everything in the blockchain and have had many people, including myself, search with these tools. The tools are still a work in progress but have not shown anything thus-far that would suggest the DMS has been released in it. It's possible the keys could be put there in the future. There are weaknesses in Bitcoin explained here. From reading and researching the Bitcoin Blockchain I have not seen a reasonable way to interrupt a transaction. You can flood the mempool but there's 72 hours in which to make the transaction go through. With a reasonably priced transaction fee of $1 right now, which is rather high for some, to guarantee the transaction unless you control all of the miners and tell them not to accept Wikileaks transactions it will go through. This is fundamentally impossible though as there are many decentralized miners who stay anonymous. Controlling 51% of the mining power doesn't have as much power as some might suggest either. A true DMS would not trigger once, it would trigger multiple times and confirm that it has been released. That would eliminate the issue of a transaction potentially not going through.
Cloning Since there are a few people asking about cloning I will discus. There is no evidence that Julian Assange has been cloned. These are high level conspiracies that have no reliable evidence.
This has been bugging me for a while so thank you for endulging my rambling. TL;DR at the end. I'd like for everyone to just think about what we're trying to do here. Don't forget what the ultimate goal is. Anyone remember? Is it to make a profit? No, that's a secondary goal. The primary goal is to develop widespread adoption of cryptocurrency as an alternative to fiat currency. Anyone remember this lofty goal or did we all forget this while chasing 30% daily price swings. We're trying to complete with USD, GBP, EUR, and CNY, remember? This is EUR vs. USD. You'll note that this is all data (or click on "All" button on the bottom), going back to 1993 through today. What do you notice? You'll notice an open of $1.22 to €1. After a few months, it fell about 10%, then rose up 24% over the next two years only to drop about 40% over seven years and then almost doubling over eight years only to drop about a third in the last ten years to where it is today - almost where we were 25 years ago (approximately). This is BTC vs. USD. You'll note that this is all data going back to 2011. During the last seven years it has... oh my God are you kidding me?! This is LTC vs. USD. Let's not forget what we're talking about. We're talking about currency. For currency to be used, it needs to be relatively stable. Now compare the charts above. Let's say we created a new country called Cryptonia. Which of these would you like to use as currency? EUR? BTC? LTC? My money is on EUR. Why? Because it's relatively stable. Now let's fast forward a bit and pretend that Cryptonia has adopted Litecoin as its official currency. Our largest trading partner is the US. How would transactions between merchants work in this scenario, taking into account the last few days. I'll use the following prices:
Let's run through a transaction: 1/16
Cryptonian citizen C1 is selling a widget at 1 Litecoin to an American citizen A1
A1 pays $227 and C1 gets that converted to 1LTC
C1 is also selling another widget to A2 on the same day for 1LTC and has 2LTC total
A1 decides that they don't want the item and would like to return it. C1 issues refund of 1LTC. A1 gets $163. A1 loses $64 or 28.2% on the return.
C1 now has 1LTC
A2 is decides to do nothing.
A2 decides to sell the widget to C2 for 1LTC
C2 says the price is fair since it was 1LTC a few days ago and buys it
A2 gets $194, a 19% profit from two days ago
A1 is pissed
C1 is happy since they made one sale
A2 is happy since they made a 19% profit
C2 is happy since they have a widget at a fair price
This works both ways as far as you can do the math in USD vs. LTC to see how this screws over at least one party due to the wild price swings. Note: fiat currency does the same thing with one key difference explained later on. Don't forget that this is all within 3 days. Now sure, obviously the last few days isn't something that happens every day ... but doesn't it? Look at the examples of EUR:USD. Any sharp spikes or drops have taken months to execute - enough time for relative prices to adjust. Look at cryptocurrency prices - the swings (from a percentage basis) are wild on a regular basis. In short, cryptocurrency isn't acting like currency. It's acting like an asset and not just an asset but a highly speculative one. The IRS is right to treat it like an asset because if it looks like an asset, and it acts like an asset, then it is an asset. Where do I believe this should go? I believe cryptocurrency market needs to mature. I believe these drastic price swings need to stop. When will this happen? I believe it'll happen when the cryptocurrency market reaches a happy plateau where the market cap has reached a point where the buyers and sellers mostly eliminate one another and the relatively large price swings - from a percent point of view - are as boring as Mr. Stein. EUR vs. USD went up 0.03% today. 0.03%. In LTC-speek, that's going up $0.58 for the whole day. Oh and it was a wild ride too. Why it went all the way down to $1.21697 and all the way up to 1.22645. I know, I know - tie me down because I'm out of control. Is this the only problem? No. Cryptocurrency has another problem and that's the sheer number of types of coins available. How many coins are available? 1,448. Nearly 1,500 coins all competing with each other for market share. We have Bitcoin at about $200b all the way to something like Digital Money Bits (DMB, an appropriate acronym). What is it? Who cares, it's worth $3,832. Not $3.832 billion or million but literally $3,832 with a volume of $35,509 today and hey, just this June, its market cap reached an all time high of $62,000! You missed the recent run-up though and boy did you miss it. On January 1st, its market cap was worth almost five hundred dollars! Yep, about two Litecoins! But look at it now - it went from $500 market cap to $3,832 in less than three weeks. Clearly this one is shooting to the moon. This is a problem. Decentralization has an unfortunate side effect of - duh - nobody being in charge. There's no real clearance for these and some people with a little bit of money can literally copy and paste a whitepaper and have this chart and have a serious valuation of almost $17b from $140 million in literally 30 days. This doesn't act like a currency either. This is a problem. Don't forget, this isn't like the dot-com era. We're not launching IPO's and .com companies that have different ideas. Amazon isn't like Ebay, or Google, or Yahoo, or Facebook or anything else. They all have different ideas for different segments of the population. We are in the cryptocurrency market. The world today has 180 fiat currencies. Cryptocurrency market is approaching 1,500. We need to trim the fat and the outright forgeries. Market cap isn't enough to weed them out. There needs to be something, a stabilizing force, that should act as a clearinghouse for launch of new cryptocurrencies. The market has failed to destroy shitcoins. Heck, it rewarded them based on lies, paid endorsements, FOMO, and FUD for other coins. This doesn't help the cryptocurrency market. It helps a few people get really wealthy really quickly and you are left holding the bag, so to speak. Should coins only be allowed to be introduced when its network reaches a certain hash rate? Isn't that the only objective point of value we have - number of mathematical calculations and power used in those calculations? You can't fake that. What's another problem with cryptocurrency? It's what it represents. The governments don't see crypto as a positive force. After all, it directly competes with their own currencies. Can the governments shut this down? No - this is the Internet, after all. But they can kill it in other ways. I don't know how many people here remember but my first brush with Bitcoin was the ransomware viruses which wanted $300 in Bitcoin to unlock files. Bitcoin was seen as something tied to illegal activities. If governments - and let's say the US, South Korea, and China in particular - ban Bitcoin and cryptocurrencies in particular then what they'll really do is make transactions illegal. What's the on-ramp and off-ramp to/from crypto? The banks which are already regulated. Now let's say you're in the US, your bank account is tied to your Coinbase account and you have some cryptocurrency. US issues a regulation which states that trading cryptocurrency is now illegal. It issues orders to all US banks to shut down related accounts. The following things will happen: cryptocurrency prices will tank and everyone is going to scramble taking money out which would likely overload the system, causing massive delays. But let's say you're left holding your crypto and it's been a month. What can you do with it? Not much. Crypto isn't accepted in enough places yet. You can continue holding, hoping the price and ability to extract will come back one day. After all, you can't get your money back. Your bank closed your related account. You can open another one at any new bank but they'll either ban you from connecting your account to Coinbase or they'll confiscate any money coming from Coinbase and charge you with a crime. Now have the governments banned crypto? No - you can use and trade crypto all you want since it can't be traced. But have they effectively? Yes. Ironically, it's the banks that'll save us and I think that's why Ripple blew up. After all, if you have a cryptocurrency that sucks the bank's [censored] and plays along, you can get:
tied to various governments, i.e. no ban, little competition
and use the banks money for lobbying to make sure the governments don't ban it
I think that's why something like Ripple blew up - because it doesn't care much about regular people, it wants to be the speedy highway for bank<->bank transfers. What's a solution to this problem? More regulation and playing nice with the governments. Crypto isn't going mainstream if you shut out all governments. It needs to be connected. This means working with regulators to make sure that KYC laws are followed, that people report and pay money on any gains, and that - to a point - there's some supervision and tracing of transactions in a way that if you're robbed, you can get your money back. This will create a new job field, which - considering our current growth - will create a whole slew of high-paying white-collar jobs. Considering the high-level of transactions, banks would start this, followed by private companies, governments, and law-enforcement agencies. A good way to start this is what CBOE and CME have started to do - legitimize the currency. This is a foot in the door to the real holy grail: FOREX markets. When it's legitimized and not in serious competition with governments, it'll be embraced and its availability - along with instant transfers and low fees - will be widely supported by serious platforms. Until these problems are fixed, the cryptocurrency market will remain what it is today: a speculative asset and not a currency. During the time it's taken me to write this post, Litecoin has gone up 2.6%. Euro remains at 0.03% gain. Thanks for reading! TL;DR
We're supposed to be creating a new type of currency - cryptocurrency - as opposed to chasing profits. To do this, we need to have stable charts and not wild price swings.
We need to dump most coins on the market and focus on serious ideas that have potential. Market cap has failed to reign in fraud with large, multi-billion dollar shitcoins flooding in. Network hash rate and power usage is a measure we can use to determine objective worth.
We're competing with governments and until we find a way to work with them, the governments can choke the life out of the entire cryptocurrency markets. This should start with KYC implementations and interoperability with the markets such as FOREX.
Creating a Bitcoin Address Private Key Generation. Private keys can be any 256 bit (32 byte) value from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140. ¹ ... But there he starts with a private key in hex format Stack Exchange Network Stack Exchange network consists of 176 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Each key is a bitcoin address or hex-encoded public key. If [account] is specified, assign address to [account]. Returns a string containing the address. N addnode <node> <add/remove/onetry> version 0.8 Attempts add or remove <node> from the addnode list or try a connection to <node> once. N backupwallet <destination> Safely copies wallet.dat to destination, which can be a directory or a path ... There are two variations of the original bitcoin program available; one with a graphical user interface (usually referred to as just “Bitcoin”), and a 'headless' version (called bitcoind).They are completely compatible with each other, and take the same command-line arguments, read the same configuration file, and read and write the same data files. A private key in the context of Bitcoin is a secret number that allows bitcoins to be spent. Every Bitcoin wallet contains one or more private keys, which are saved in the wallet file. The private keys are mathematically related to all Bitcoin addresses generated for the wallet. Because the private key is the "ticket" that allows someone to spend bitcoins, it is important that these are kept ...
BITCOIN DUMP TO $6K!? Ethereum Dump BELOW $200!? WATCHOUT ...
Keep your Private Keys safe: https: ... #Bitcoin #BTC #Crypto. Loading... Autoplay When autoplay is enabled, a suggested video will automatically play next. Up next BITCOIN PRICE DUMP EXPLAINED ... After the first Bitcoin Halving in November 2012 the price of Bitcoin crashed more than 80% a couple months later. How likely is such a Bitcoin dump after th... 🔴 BITCOIN PUMP LIVE : BTC OVER 9000! 🔴 Ep. 967 Crypto Technical Analysis Mitch Ray 795 watching Live now "The truth about mobile phone and wireless radiation" -- Dr Devra Davis - Duration: 1 ... Wallets in cryptocurrency work in a weird way. They also have some weird properties like: they can be created offline and be used directly. Whut? Let's see h... Guess My Bitcoin - Decode the private key & Win 1/2 a bitcoin. Good luck! The Bounty: PUBLIC ADDRESS: 1qkCBiEjY4GAUFBcrsDXqyM6EPbZKTqCW You can check to see ...