Many U.S. retail establishments near* the Canadian border treat Canadian quarters as equivalent to U.S. quarters—accepting them at a 25¢ value, including them as change if they got into the till.
The US:CAD rate is only 4:5, not the 1:6 BTH:BCH ratio at the time of the article. Perhaps more importantly, one can only use Canadian coins this way in person, and therefore probably at very low volume. None the less, it’s interesting to see the parallel.
* And not that near, either. I’ve seen this in Massachusetts. I never saw this growing up in North Carolina, or when I moved to California, though.
Living in a border state, I always hated getting a Canadian quarter as change when I was younger. Plenty of vending machines and arcade games rejected them, so I was left with a useless coin.
I'd like to think of how this arbitrage might go down.
You try to buy an iPad in the US using 2000 Canadian quarters, thinking you will return it later to get 500 USD. Instead, they just tell you to 'fuck off' when you try to make the initial purchase.
Yeah this happens all the time in Western NY. I remember growing up hating getting Canadian quarters because they wouldn't work in U.S. vending machines.
Not sure if this is still the case, but when I was a kid I loved getting the occasional Canadian quarter because it would respond to my magnets (where as US coins wouldn't).
So what Canadian quarters lack in currency value, they make up for in entertainment value.
I used to love Canadian quarters because they kept their steel/silver color all the way around, unlike the hideous copper-sandwich US coins. Was disappointed to learn as a kid that the Canadian coins were worth about 20% less than the American ones!
There's a massive amount of Canadian currency in circulation in the US, and everyone just treats them the same as American currency and doesn't bat an eye. I mean, nobody is going to accept a Loonie or a Toonie, but all other denominations are fair game. The only vocal annoyance anyone has ever expressed to me was about vending machines not taking them. I accepted them when I worked the til because everyone just seemed to be ok with it.
I always wondered if there was a legitimate scam possible here.
Yep. Not paper currency, just coins. They look similar and are in the same denominations (25 cents, 10 cents, 5 cents, 1 cent). You'll get them as change and and you can spend them again.
Canada got rid of the 1 cent piece though so there are likely more Canadian pennies in circulation in the US than in Canada.
Yes, but I've basically only seen this with pennies and quarters, because they are physically very similar to their US equivalents. I don't think anyone would accept a Canadian $20 in exchange for US$20. (I also doubt that they'd accept more than a few at a time.)
One thing that'll help prevent this sort of confusion is the upcoming change in Bitcoin Cash address formats (https://gist.github.com/DesWurstes/bba4222c8b6253b940096fced...). Assuming clients check that the BTC addresses are valid, they'll reject the new BECH32 BCH format.
The processor handles that by "freezing" the price for ~15 minutes and hoping it averages out. Of course, that assumes that the transaction will take less than fifteen minutes to confirm, which... good luck.
Why would you need to wait for it to confirm? Make sure to have access to liquidity so you can set the trade the second it is likely the transaction will confirm at some point. That's how the big payment processors do it.
You need liquidity to process payments on a non trivial scale, but that's par for the game for banks, credit cards companies, paypal, and everyone else in this space.
Waiting for a confirmation will do you no good anyway. No exchange accepts any less than six, which would have you take the exchange risk for over an hour. That's not a very good business case.
Yes, I believe this must be a priced-in risk. You just cancel the payment at this point, of course (no items will have shipped in that short time span anyway) but you still have to take the exchange risk.
If you look at OTC trades on distributed exchanges, you will see that this strategy takes place there too. Make a trade, and finalize only if the exchange rate moves in that favor, otherwise cancel. Most places have reputation systems in place to suppress that behavior but they have their own problems. There's likely no ideal solution.
(Also do note that one confirmation is likely not enough anyway if you want to avoid rolled back transactions. Orphan blocks aren't really that uncommon.)
It is, and for certain types of goods it might make sense to wait for the full six confirmations. High fraud rate industries have had years of experience with similar strategies for the credit card system.
Payments on the globally replicated blockchain can not be both quick and secure. Many soda machine experiments faced this exact problem. What all of them did in practice was the same thing as all restaurants and pubs do, eat the risk. Any guest who wanted to leave without paying, or pirate your game, would do exactly that anyway and not bother with faking payments in the first place. Every pub and café owner takes the exact same risk even when settling in cash. People leave without paying all the time.
The specific example of game keys you mentioned has some interesting aspects to it however! Trustless zero knowledge swaps have been demonstrated between them and Bitcoins, which could open for some exciting business ideas that were not possible before.
They might have to buy keys from the publisher. They can't give out a 'stolen' key again, because then paying customers wouldn't be able to activate or download their game.
Depending on how much time you have you could use this for speculation purposes.
If bitcoin goes up, you cancel your purchase.
If bitcoin goes down you go ahead with your purchase at the outdated rate.
You, the merchant, can accept bitcoin (and other currencies) using Bitpay's payment system. Bitpay immediately credits your account with USD. No risk of long-term (more than a few seconds) price moves in BTCUSD.
The downside is that Bitpay, like every other authorized cryptocurrency "bank", is crippled by KYC/AML regulations and cannot process all the applications they receive for new customers.
Someone should open a company which provides tokens in exchange for depositing BTC with them. People can trade these tokens which are notional representations of the BTC holdings in an instantaneous manner. Then when someone actually wants the BTC, they redeem the tokens with the company and the BTC is transferred to their wallet... alternatively the company itself could act as an exchange and always send currency instead of tokens to the person receiving a payment.
Since all the small transactions are happening via these tokens, the cost of Bitcoin transactions would be a much smaller issue..
Haha. Kind of,but not nearly as heavily regulated.. just like older banking systems were banks backed by gold,this would be a bank,but backed by Bitcoin. And not subject to regulations that banks are subject to (such as restrictions on cross border money movement,govt monitoring and ability of the govt to put a lien on your account, any insurance and pro consumer regulations applied to the traditional banking system such as their inability to shut shop one day and keep your money,etc).
Why would it be less regulated? You might be able to fly under the radar at first, but if regulators took notice I don't see why the same requirements wouldn't apply.
what would be the point of this? why not just use mainstream payment methods and then when someone actually wants BTC, purchase it from an exchange for fiat? The whole point of cryptocurrency is that its decentralized, creating a derivative on top of it (for payments??) issued by a centralized company subject to counterparty risk kinda ruins the purported advantages of Bitcoin don't you think?
Until this only-online "exchange" is "hacked" and suddenly you can't claim any BTC with their tokens anymore. Did you read the "counter-party risk" part of my comment?
Until you trade BTC away from their system, that's what hosted wallets eg, Coinbase, actually look like internally. There's a veneer of the BTC being "yours" but that was just a row in Coinbase's database rather than being live on the blockchain.
It's a good one thats already been implemented behind the scenes.
This is the concept behind Lightening. TorGuard is already accepting Lightening payments, so it'll only be a decade or so before legitimate companies get on board.
One possible way of dealing with high transaction fees is to deposit more money into an account with a retailer, and then use money in that account to fund purchases over time.
For example, transaction costs are too high to reasonably pay for a single cup of coffee. But if you know you buy a cup of coffee on a roughly daily basis, you could put down $1,000 worth of Bitcoin, get an anonymous gift card for that amount of money, and then use that over time to pay for individual coffees.
But that really raises two questions: why do you feel the need to use a semi-anonymous, public-ledger currency to pay for coffee at a shop where your status as a regular makes you recognizable, and why is it worth foregoing interest plus the risk of not using the entire gift card for the privilege?
Retail Industry has stopped accepting Bitcoin(latest example: Microsoft). Most of them who do now do mostly for PR or a thought that they support the industry.
On the other hand, Litecoin, RaiBlocks and Ripple could be used for payments and many companies seems to have started.
Payment processors traditionally would convert to USD right away, where the % they charged for the processing included the risk they held for having to hold the coins for the time it took to convert. I know back when there was the "bitcoin boulevard" in Cleveland, this was around 1% which was cheaper than processing credit cards for the businesses and is what got them onboard to accept BTC.
Look at something like CoinPayments.net they will let you accept any coin and if you link to a service that does exchange/banking it can auto-liquidate your coins for you.
Look at posts by Steam on the matter, and in the comments on that article some mention that it is based on the price at the second the transaction occurs.
Steam, as with most institutions that "accept" Bitcoin, never actually handles Bitcoin themselves. They use a financial services provider who accepts Bitcoin and gives them USD and takes a cut of the transaction for themselves. Dealing with that short-term volatility is one of the things that fee pays for.
Is it ridiculous that the price can fluctuate enough in 60 minutes to significantly affect a transaction? Obviously.
That where it got trickier. IMO, if a big brand start to accept BTC, like Walmart or such, my strategy would be to hire 1 or 2 traders to deal exclusively with the BTC/FIAT wallet of the company. The goal being to make the BTC/FIAT ratio interest grows. I think accepting cryptocurrencies will create a lot of job in trading/finance for companies totally unrelated to the business.
You can't say it's a viable hedge given its extreme volatility. Africa and South America maybe, but if you're expecting dollar hyperinflation you have a very strange set of assumptions about the world.
Even if one would assume that there's a dollar hyperinflation, Bitcoin as a alternative is certainly the worst alternative as it is much more volatile than any real world currency.
I would be really interested to know how much a black-hat hacker could have stolen.
I found this on the Overstock Wikipedia page [1]:
> In the first 22 hours, they received over 800 orders worth US $126,000 in bitcoin. This represents a 4.33% increase in sales from their normal income of $3 million per day. ... In mid-2014 Overstock.com announced that bitcoin sales were averaging $300,000 per month and that the company expected bitcoin sales to add 4 cents to the company's 2014 earnings per share.
I can't find any recent information, but it might have slowed down since Bitcoin transactions are so expensive now. Overstock is also holding 50% of their Bitcoin revenue as an investment, but I presume that's in cold storage. If they were doing $10,000 USD per day in 2014, then I would guess they might be doing around $100,000 in 2018.
So the refunds are probably coming out of some addresses that hold around $100,000 to $500,000 USD. Their Coinbase integration might have a daily buy limit of around $1M, or maybe even no limit. So a hacker could have stolen 6 or 7 figures, but probably no more than that.
You could write a script to automate all of the orders and refunds. You could use Tor, or you could use Bitcoin to rent VMs and IP addresses, then connect to your VMs via Tor. I don't know if Overstock has CAPTCHAs, but that's not a big deal if you're making 4-5 figures per CAPTCHA. And finally, you just trade the stolen Bitcoin for Monero, then back to Bitcoin. The only thing you have to worry about is a guilty conscience.
It's unclear if you could only use pre-fork transactions, or if you could spend the Bitcoin Cash from new blocks. If it's the latter, then you could just buy Bitcoin Cash using your refunded Bitcoin, and create/cancel orders in an infinite loop until you emptied their account.
I find it very interesting that Bancsec specializes in bank security. It's probably a bit harder for JB Snyder to get away with something like this than your average software engineer, since the FBI and IRS are probably keeping an eye on him. He's also the founder of a very successful security company, so 6 or 7 figures probably isn't worth the risk. (And of course, he's probably a model citizen and a saint.)
Anyway, it's not every day that you come across a virtual duffel bag with 6 or 7 figures of anonymous cash. I hope Coinbase or Overstock paid a bug bounty.
The answer you're looking for is "Yeah, as much as people like to cry moral decay, honor is still a thing."
You're right, there was no advantage to reporting the vuln. Most people would have jumped on that vuln like <edgy metaphor>.
But "fuck you, got mine" mentality won't get us to Mars. And as stupid as it sounds, having a story to tell is at least partly as satisfying as doing the actual heist. Zero risk, and you get to brag how smart you were. People are also much more likely to trust you in the future (as opposed to you being an unknown quantity).
Heists like that also punish the ecosystem. If Overstock lost $1m, it would forever show that moving to crypto is fundamentally a terrible idea. It would destabilize the basis of wealth you sought to acquire.
But... Yeah, passing up a $1m payday would not be easy.
This would be pretty mild hack compared to all the other cryptocurrency hacks that have happened so far. There's the $30M Parity hack, $94M stolen from Bitfinex, $473M from Mt Gox, $5.1M from Bitstamp, $50M from DAO, $7M from CoinDash, $8M from Veritaseum, and $500k from Enigma. I'm probably missing a few big ones, and countless small ones. But a $1M Overstock hack would barely make the news, and would probably be covered by insurance.
It's fun to think about all the people behind these hacks. JB Snyder could have been one of them, and we'd never know. A lot of them are probably just regular software engineers and security experts who stumbled onto these vulnerabilities.
I think it's true that the "fuck you, got mine" mentality won't get us to Mars, but that's the motivation behind cryptocurrencies. We can't trust billions of strangers, but we can trust math and physics.
Except, we already have systems that allow us to trust billions of strangers (governments and laws). Governments and banks could have reversed all of these transactions. The FBI might have tracked down the hackers, and a judge might have sent them to prison. I'm starting to think that we don't really need cryptocurrencies, and the current system is actually pretty good.
I'm wondering who lost in this scenario, Overstock or Coinbase? The author offered to send it back to Overstock, and Coinbase presumably has a few other merchants, so presumably Overstock.
Back when Microsoft was literally paying people to use Bing, bing had a promotion such that certain items were eligible for a 20% discount, which was paid via a rebate check from Microsoft.
One day, I ordered some item then canceled it, and a couple months later I got an email informing me I had been credited for the purchase via MS, and my rebate account had, $10 or something. It took me about... 30 seconds to realize the implications of this.
I ordered as many plasma TVs as I could, one at a time, and then canceled them. I got about $900 of rebate checks before someone got suspicious. They canceled my account because I was buying too many TVs. They never did figure out what was going on.
Was it ethical and moral? No. But I hate MS and they've stolen thousands from me over the years. It felt great to get one over on them.
Edit: I've hated MS since I saved all summer to buy MS-DOS 5 and it was complete crap.
> But I hate MS and they've stolen thousands from me over the years.
I thought it was a cool story and a neat hack. I passed no ethical judgement. Until you went off the deep end with that fantasy-land justification.
MS didn't steal from you. You exchanged money for a product that, even if it was "complete crap", was the product that you desired more than others available in the market at the time of purchase.
It's not difficult to come up with a justification that passes a sniff test of conforming with reality: "I felt no ethical hesitation about this. MS shipped poor code for years. Most of the time the failures of that code most impacted their customers, I just found a case where it impacted them."
I was very plain about spoken about being a complete bastard and motivated by hate. I don't know how I could be any clearer about not being a good person in this instance.
Fortunately, I don't give a damn what strangers on the internet think about me :)
My only regret is not stealing more money from them.
I very much agree with your ethical justification.
I used to struggle with this too, but then I realized just how much corporations steal from America.
It wasn’t always like this of course, both consumers/citizens and companies can go back to treating the other not-like-shit, but companies can go first.
This all hit me one day when I realized that, even if I dedicated my life to crime and greed, I would never be able to steal/defraud as much as many companies have in several business hours.
That being said I want to make it clear I pay my taxes in full and take only the standard deduction.
Not only that, but the people who "stole" from him are so separated in time, space, and purpose from the people who operate the Bing rewards program that there's no way you could reasonably hold them responsible -- even if you accept that he was robbed.
Technically you're right Microsoft didn't steal anything, they just did Business. Which often feels to the common man like theft when Business is done as well as Microsoft did it in their heyday. On the other hand technically Oceanghost didn't steal anything either. He just customered a little better than Microsoft was counting on. Seems like fair play to me and I'm not sure how using the word theft is fantasy-land justification. It's not theft in the strictest legal sense, but it's a very common usage of theft.
>technically Oceanghost didn't steal anything either. He just customered a little better than Microsoft was counting on.
That's like saying if a business left their door unlocked everything's free.
>It's not theft in the strictest legal sense
It's fraud.
The law doesn't think you're so clever, make no mistake, this scheme is illegal. I posted another comment where a woman was convicted of wire fraud for doing essentially exactly the same thing.
The intent to defraud matters as well as the scale (which goes hand in hand with intent).
"I hate MS and they've stolen thousands from me over the years"
I can honestly say my relationship has been anything but mutually beneficial with MS too... and I owe them a bit of gratitude for that.
When I was a teenager in the 90's I wanted to learn programming, so I downloaded Visual Studio 6. I learned C++, and MFC. I gave them no money, but I still got my first marketable skill. Later I would go on to download SQL Server. I gave them no money, but in return, I learned SQL. Got pretty good at it.
When my career progressed, my relationship with Microsoft started to become more mutually beneficial. Employers have purchased MSDN subscriptions on my behalf (the really expensive one!) I've pushed for SQL Server over alternatives. The better I knew the unique features of their products, the more it became my preference. I wrote .NET code for years, and have been responsible for my employers purchasing probably tens of thousands of dollars worth of licenses... for products that worked very well.
Today I mostly work with open source software stacks, but I spent 10 years working with Microsoft, and I do owe them a bit of gratitude. They've improved my life for sure.
Perhaps before your time, MS was a monopoly and you literally couldn't buy a computer without paying them, whether it ran windows or not. They sold crap at premium prices. They forced computer companies to pay a DOS/Windows license for each machine MADE, not if it ran their OS.
The used dirty tricks to sink their competitors, stole ideas, products, etc. They were the original bastards of the tech industry.
The part where you "literally couldn't buy a computer without paying them" is simply not true. I bought a lot of computers and computer parts at the time, and probably the only time I "had" to pay for an MS license was when buying a laptop. (But I got that one used, at a much cheaper price, on eBay, so...)
I have bought about 10+ machines which has windows pre-installed, but I immediately wiped to install Linux. At 50$/OEM license, thats about 500$ I have lost. Not sure I would classify that as stealing, but some people do.
I accidentally left a (mostly) empty application service running on Azure for about 7 months on their Pay-As-You-Go plan. I racked up over $500 in charges that I didn't know about, and I felt robbed. In reality, I'm just kinda dumb.
> I saved all summer to buy MS-DOS 5 and it was complete crap.
Wut? The release that improved (vastly) upon 3.31 (the most common previous release as MSDOS4 was... just all over the place) and the one that added MS DOS Editor and QBasic??
The same thing is possible with Acorns and Zappos. I alerted them about the issue via their bug bounty program and their response was basically "meh, you can only earn a max of $40 a month"
You may want to delete this post or at least make sure it doesn't trace back to your real-world identity. You've just publicly admitted to interstate fraud...If the statute of limitations hasn't run you could be prosecuted for it.
Also, based on your comments MS has stolen nothing from you. MS may not have been the best OS back in the day but it was better than what was generally available at the time to consumers.
They should not have used the similar name in the first place during the fork and the aggressive marketing on CNBC about bcash as the original Bitcoin added more confusion to the people and as I see the systems too.
Though Anecdotal, none I know even talking about Bitcoin Cash. Can we not rename it already? It would be better for investors and also Bitcoin Cash team.
Bitcoin in the name is the only thing that holds the value. Other currencies have noticed and are quickly naming themselves after Bitcoin, like ZClassic renaming to Bitcoin Private.
I'm not even mad about that. If anything, it has frustrated me that Bitcoin developers don't seem to want anything to do with implementing privacy features on top of Bitcoin. So I wouldn't mind Bitcoin Private dethroning Bitcoin in the future, even though I don't think they use the best cryptocurrency privacy technologies out there.
"bcash" as you call it really is more like the original Bitcoin than bcore. The whole chain split and scaling debate shouldn't have existed, the 1mb limit was only put in place as a temporary measure to stop spam early on in Bitcoin's life.
Yes Bitcoin Cash wouldn't have to exist if the original bitcoin just accepted the 2x blocksize increase. That would have given Bitcoin one or two years more time until scaling becomes a problem again. That's enough time for Lightning Network to be completed.
>Yes Bitcoin Cash wouldn't have to exist if the original bitcoin just accepted the 2x blocksize increase.
the segwit2x fork was planned for AFTER the bcash/bch fork. also, there were 2 issues at the time: block size increase and segwit implementation. the segwit2x fork didn't occur, so everybody is pigeonholed into either [yes blocksize increase, no segwit] or [no blocksize increase, yes segwit]
Scaling is what limits capacity increase. A block size increase, taken in isolation, does not change scaling. It only means capacity is increased.
And while it would be welcome to increase capacity, there are many ways to do that. Coinbase fixing their broken wallet would single handedly give more spare capacity than any other measure right now. If their customers would instead choose a service where you pay low or no fees we wouldn't have the fee spikes we have right now. To argue that a globally coordinated rule change is somehow the easy way out requires some very good explanation.
That said, it might be prudent to mention in this context that we activated a blocksize increase only a few months ago. The opt-in, non-coordinated kind, which you are free to use at any time. (Unless you are with Coinbase, of course. In which case, see above.)
That's a very good question! It's robust in the sense that there is a lot of work produced with no downtime, but not very in the sense that most people gets less useful work out of it. Consider the case there most users would like to tumble their coins before each transaction, as was the case with certain markets, preferably a full 16 rounds and how that would affect usability of the system as a whole. This problem affects dark net markets just as well as exchanges.
There are also other real life examples too, of single wayward services that made the blockchain harder to use for everyone, such as the casino which recorded a transaction in the global ledger for all eternity for everydiceroll. Those are all priced out now, together with some of the more excessive tumblers, but that solution could be considered crippling the network.
Are there "too big to fail" services within the Bitcoin ecosystem? Matters are complicated further by the fact that the exchange in question foot the bill to their customers, one customer at a time, so the economic impact for them is negligible.
Why "fail", then? Well, it turns out that somebody looked at their hot wallets recently and noted that the mostly inappropriate choices of transactions to make had resulted in a non trivial amount of non-spendable dust collecting. In a bank run situation, that would result in them not being able to fully empty their wallets. The further down we investigate, the more there is to learn.
> The confusing naming clearly benefits them more than it harms.
That's what I thought. It helped them initially, but if you see even after launching on the biggest US exchange, their price hardly moved or there's hardly news or predictions about bitcoin cash.
People are reading, albeit slowly, it wouldn't help them in the longer run. If all they want is to use the name, pump and cash out, sure I think they succeeded.
Sure thing. BCH scales as Bitcoin was supposed to. It is supported by the original Bitcoin developers. It's electronic cash, directly peer to peer, not hub and spoke like Lightning. Bitcoin is now BCH.
Agreed. The whole idea that forking can be hostile is kind of silly. Open source is riddled with examples of successful and unsuccessful forks. If a fork is better than the original version, it usually wins. If not, it dies.
Take CU Sudo, for example. A fork of sudo later became the default implementation of sudo because the original development group stopped working on it. It would have been silly for it to call itself anything other than sudo, given its function.
Bcash supporters are intentionally trying to create market confusion by claiming that "bitcoin cash" isn't "bitcoin cash", it is "bitcoin", a different coin.
The US:CAD rate is only 4:5, not the 1:6 BTH:BCH ratio at the time of the article. Perhaps more importantly, one can only use Canadian coins this way in person, and therefore probably at very low volume. None the less, it’s interesting to see the parallel.
* And not that near, either. I’ve seen this in Massachusetts. I never saw this growing up in North Carolina, or when I moved to California, though.