Hacker News new | comments | show | ask | jobs | submit login
CoinDash’s ICO Website Has Been Hacked (financemagnates.com)
209 points by seansoutpost 123 days ago | hide | past | web | 239 comments | favorite



Important information related to this incident:

1. CoinDash did not publish the address of the contract in advance of the ICO:

https://www.reddit.com/r/ethereum/comments/6nsy6x/coindash_w...

2. Allegedly, CoinDash ignored issues brought up by a software contractor / code reviewer:

https://www.reddit.com/r/ethtrader/comments/6nrxk5/never_mis...

> In reviewing their crowdsale code, I found multiple bugs and many errors. I've been ignored since I brought up the problems with the CoinDash team three days ago.


The entire point of Cryptocurrency is to step away from institutional trust, not dive head-first into it.

Bitcoin succeeds as a scarce and sovereign wealth management tool but once you give away the private keys, you lose those advantages.


Bitcoin is only scarce for late adopters, by design early adopters of BTC software generated thousands of "coins" per week for running a mining-computation node of a normal 2-3GHz CPU.

BTC's network protocol service is not unique, and thus not scarce in the least. I.E. other protocols/network designs/token-ledgers offer the same service as BTC in addition to fixing the vulnerability to BTC's hashing algorithm which has led to the ASIC attacks on the Bitcoin network which just lead to centralization by the hardware producers.


You don't understand how currency functions and you certainly don't understand how bitcoin operates.

I'll leave you to consoling yourself.


Please enlighten us.

Here are some facts:

As per the design of the Bitcoin software, payouts were made to users running standard home PCs with simple ~3Ghz processors, and as a result, the software minted thousands of BTC tokens to their accounts for the rather trivial processor cycles. As per the design of the bitcoin protocol, running the bitcoin software now on the same computer, would mint a fraction of a coin. Bitcoin was designed to favor the people who created it, and the few early users who ran the software.

The assumption that the bitcoin service is unique, rare, or scarce is just not the case. The historical records of these ponzi payouts are public record. Hundreds of alt coins with active 'networks' are running on the public Internet right now, offering the same service as the BTC network, and often improved upon features like scrypt, ZKP, or the EVM.

The divestment of digital beanie babies as I passed the hot potato of a 2.4-transaction-per-second digital message system with a horrible dev team and censor happy community currently in a civil war, to rubes who exchanged actual universally accepted fiat paper was enough to console me for a years to come.

Maybe we are all destined for the moon, as the legends go. Because a distributed database message system and expansive misinformation campaign has convinced people as much. Or maybe bubbles are temporary?


I agree with you. Bitcoin was a cool prototype with many oversights and inadequacies that got bolted to a runaway hype train. Some later cryptocurrencies have made modest improvements, but I don't think cryptocurrency will really be able to break through until a) the difficulty mechanism is fixed and b) reliable transaction confirmation is practically instantaneous.

I got into bitcoin in early 2010 right before it started to show up in mainstream news. CPU mining was already dead but I could GPU mine on my desktop and generate about 1 BTC/day. I ran this for the novelty for a few days and then turned it off. Not quite enough to get a skeptic's consolation for "years to come", but it was fun anyway. :P


Where's the news?! Why do people continue to bang heads against the wall with this madness? Unless you're a thief, how is the craptocurrency thing better than my credit card that's insured from unauthorized use and gives me a cash back?! Yeah, you can't speculate with credit cards, and get rich quick, because $1 = $1 like forever, but isn't that what the real investment tools are for?


Just to pick up on this one small point: as I understand it, the cashback you get with a credit card is more or less taken straight from the card processing fee charged to the vendor, which of course, raises prices overall and is therefore not really cashback at all. Without the fee, you would likely have just paid a lower price in the first place.

The only party benefitting from the cashback scheme is, of course, the middleman. By offering it, they give you an incentive to use the card more, which in turn gives the vendors more incentive to accept it. More card use equates directly to more money for them.

One of the hugely compelling benefits of cryptocurrencies is they entirely eliminate the necessity for such middlemen taking a cut and driving up costs for the parties actually partaking in the transaction.


That's the definition of insurance. The problem with bitcoin, if you think that's a problem, is that there's no obvious way to implement this scheme. You'd have to insure your coins to a third party but then you'd probably have to give them some control over your wallet so that you can't just "steal" your own coins and make a claim.

But clearly people want this type of guarantee so I think the cryptopunk dream of having every human being owning a bitcoin wallet aligns poorly with what real world human beings want.

Everytime I read about long term adoption of cryptocurrency by the masses I always end up asking myself the same question: "Why would a random person for whom money is not a political statement care about any of that? What's the added value?" As far as I'm concerned I still haven't found a satisfactory answer to this question.


I can think of at least two real-world uses where cryptocurrency is a better choice than fiat: (1) sending money overseas with very low transaction fee, and (2) transacting on the black market.


> sending money overseas with very low transaction fee

Except that fluctuations in the conversion rate make this very touchy, especially if you're talking about a significant sum of money. Also, sending crypto anywhere outside of a handful of developed nations is fraught with difficulty because recipients need to be able to convert bitcoin into spendable money which often involves risky in-person meetups and gigantic markups on the conversion rate.


These are market problems that are especially suited for developing nations to be able to solve themselves. I am forever impressed by the ability of local populations to work out collective solutions to scaling and trust problems.

Also, having options is better than not having them. Sure, there's the international wire system, but it wouldn't hurt to give it some competition.


I'm not saying cryptocurrencies shouldn't exist, only that they are not at this time a serious or practical alternative except for very unique scenarios that are generally outside the scope of the average citizen, especially in the developing world. In the developing world, very often, even access to computers, electricity, and internet are serious obstacles, not to mention a gap in technical literacy compared to the developed world.


Didn't developing nations already solve this with hawala?


>difficulty because recipients need to be able to convert ? bitcoin into spendable money which often involves risky in-person meetups and gigantic markups on the conversion rate.

One day there will be no need to convert to fiat.


Unlikely, but even if true, it still needs to be converted today and into the foreseeable future.


About number (1). TransferWise is affordable and it doesn't have the currency exchange scam.


> That's the definition of insurance.

The GP was talking about the marketing (cash back / rebates, discount rates, travel insurance) aspects of credit cards. These aren't insurance in any meaningful way. They are marketing expenditures designed to persuade credit card end-users to stay with a credit card brand. It's not unlike the Apple / Google / Amazon walled gardens for their {devices, paid apps, paid downloads, DRMed content}.

It's not "insurance". Banks and credit cards are regulated by government, so their offerings must meet the standards of the regulations. If cryptocurrencies become widely used for purchases, they, too, will likely become subject to tighter regulation. Additionally, contracts with other parties (cryptocurrency exchangers, retailers, etc) will need to ensure a certain amount of "insurance" of some sort in order to gain wider market acceptance.

The reason you don't get "cash back" from cryptocurrency (or cash) transactions is because there is no (hidden from the end user) 2.5%+ (sometimes 4%+) transaction fee paid by the merchant. That means the merchant passes on that cost onto the end user in the form of higher prices. Their merchant contracts with the credit card systems restrict how they can message this to the end user, so it's an opaque cost. When the Bitcoin protocol change dust settles, Bitcoin transactions will again be far lower than comparable credit card transaction fees.

The only reasonable aspect of credit card purchases that could be considered some form of "insurance" are the protections granted by state governments in the form of consumer protections for retailer purchases (in the form of returns, warranties, etc). Presumably these exist in the same form whether you purchase via cash, plastic, or cryptocurrency. The trick is that these protections are limited if you purchase anything outside of your state (like international transactions).


Does it matter as far as bitcoin's adoption is concerned though? I don't know if it works differently in other countries but at least in Europe you pay the same price whether you pay cash or use a debit/credit card, even though the shops probably prefer cash because they don't have to pay any fees on it.

Do you think thinks will be different for bitcoins? Because if I end up having to pay the same price in BTC as I would with cash or Visa and on top of that I have to pay the bitcoin fee then as a consumer I'm not exactly better off.

>if cryptocurrencies become widely used for purchases, they, too, will likely become subject to tighter regulation.

I thought the whole point was to make a currency that could not be regulated by governments? If my coins are stolen what can the government do? It's as difficult to track as cash (if not more difficult) and it's completely immaterial like a credit card number. It's the perfect tool for thieves, as this ICO hack demonstrates. If the thieves are a bit patient and take the time to split and move their money around to hide their tracks they might never be found.


>As far as I'm concerned I still haven't found a satisfactory answer to this question.

Me too. What's better: people are now trying to take advantage of this uselessness beyond money using ETH. every idea for an etherium-based app I've come across seems better served by a real institutional intermediary.


> One of the hugely compelling benefits of cryptocurrencies is they entirely eliminate the necessity for such middlemen taking a cut and driving up costs for the parties actually partaking in the transaction.

Don't all bitcoin transactions require a transaction fee in order to get processed these days?


One of the big things in the next couple of years is the development of Lightning Network, which requires the upcoming SegWit patches.

The basic protocol allows you to move bitcoins between two entities without putting every single transaction on the chain - only 2 blockchain transactions are needed for unlimited Lightning Network transactions.

Then, on top of this, there's a framework for moving money through the network - I send money to someone I have a Lightning Network payment channel with, they send it to someone they have a channel with, etc, until it gets to you. The great thing about this is that I can prove everyone isn't cheating, and if they are, I can immediately reverse my transaction - I haven't lost any money.

So the result of this is the creation of a network of payment channels which have very very low costs to process payments, aren't embedded in an industry that's difficult to get into (you or I could process payments just by joining the network), and have no ability to try and take a larger cut under the guise of a "points" or "cashback" system as you can easily switch to a different channel which takes a smaller cut.


is that the exact opposite of a ledger of every transaction? off ledger transactions? it seems like its giving up some of the idealistic poetic beauty, even if it is practical.


The ledger of every transaction has only ever been a means to an end, that end being a cryptocurrency... and it's still necessary in Lightning Network as a way to resolve fraud and as a monetary backing, it's just not used in every single transaction.

In practice, a ledger of every transaction that is copied to the hard drives of a sufficient amount of bitcoin users is a terrible idea. It doesn't scale, at all. We need better solutions. Lightning Network is one that's potentially viable in the short term - and we're seeing more people play with radically different cryptocurrency designs (e.g. Iota) in the long term.


Yes. There is no such thing as a free transaction, because payment methods and networks take work to administrate. I mean, take cash. It's expensive to make, to process, to transport, to safely store. These costs are, obviously, passed on to the users of cash in the aggregate.

Cryptocurrency transaction fees are just very direct, but it's the same deal. The difference is that clearly inefficient transaction costs, like centralised middlemen with limited competition skimming a cut from all transactions, can be eliminated. Remember that bitcoin transaction fees are a completely open market.


But the price you pay for removing those middle men is forcing the network to perform a truly astounding amount of computational work to verify the same transactions.

There's an efficiency trade-off here, and I think for at least many of the older crypto currencies, the amount of work to process transactions is literally unsustainable without some additional tech or service layer.

Which often leads us right back to clearly inefficient transaction costs.


Centralized payment networks will always be cheaper to administer than blockchains.

The only reason that Visa and Mastercard have such high fees is because it's a duopoly.


The only other reason they have such high fees is because those fees pay for dealing with fraud.

Bitcoin makes the user deal with fraud, with predictable results.


Harder to get access to a centralized payment network though, right?


I paid ~$0.60 to transfer ~$900 of Bitcoin the other day. For that amount it's not too bad, but you'd pay basically the same if you are paying for a $3 coffee.

The transaction fee is based on the byte size of the transaction, not the monetary amount, so in it's current form it doesn't make sense to use Bitcoin for low-value transactions.


I paid £0 to transfer £10000 the other day. I had to split it into two transfers of £5000 but otherwise it was free to transfer between two completely separate financial institutions.


Oooh, I forgot to mention the transfer time was approximately 3 seconds.


Here in the US, we might get a visit from the IRS and our account frozen. https://www.forbes.com/sites/robertwood/2017/04/05/91-of-irs...


Now do that to a bank account in Canada and to exchange GBP to CAD.


Hmm let's see, bank of Scotland to Royal Bank of Canada would be about 30 Canadian dollars of transfer fees.


On the other hand, they fund that ability off significant fees whenever you buy something with a debit/credit card. You rarely see those fees, but the shop does, meaning the shop has to increase prices of everything by a couple of percent to cover it - and usually don't provide a discount when you're paying by cash.


I don't have the time for sources at the moment, but I'm pretty sure there are regulations to make it illegal to offer cash discounts in most states, as it helps both credit card processors and tax collection enforcement, it was very easy to lobby for

Edit: I'm wrong, it's complicated.


At least in the UK, merchants pay very low fees to process debit card payments, to the extent that some merchants (e.g. budget airlines) do not accept or charge a penalty for using credit cards.


Merchants pay up to 1.75% (Square) to process in-person payments. Whether this cost is embedded into the prices of what you buy or whether it's made clear to you is irrelevant to that point - that you're paying this. And even when credit cards are more expensive to process - do you ever get a discount for using a debit card at the supermarket? Cash?


How long did the transfer take? I have Bank of America, and a transfer to another. And would take 3 business days.


> fee is based on the byte size of the transaction

Aren'y all bitcoin transaction really close to the same size? The amount being transferred doesn't change the size an integer contain 1 and another container 1,000,000,000 take the same amount of space (32 or 64 bits) because the spec says so.

I thought transaction fees encouraged miners to include your block in a transaction.


Yes, but also no. The trick here is that if you're paying for your £1,000,000 space rocket by transfering the bitcoins from one address, it's a small transaction.

If you're paying for your £3 coffee by transfering small amounts from many addresses, it's a big transaction.

Address fragmentation happens when your coins are distributed across many addresses, and can be caused by things like spending coins, because all transactions actually spend everything at an address and just route the "change" elsewhere. Buy two cups of coffee too close to each other and your next transaction is going to cost twice as much in fees, whoops!


The size of the transactions is mostly a factor of how many addresses are included. So moving 1BTC split across hundreds of addresses ("dust" in the jargon) is a lot more expensive than moving 1000BTC from a single address for instance.

Unfortunately it's generally advised to use a new receiving address for every bitcoin transaction to make it harder to trace how much money you have and how you earn and spend it (most wallet craft a new address for every receive transaction) so it's very common to end up with your assets split up across dozens or even hundred of addresses.


The size of the transaction can vary a lot, depending on how the source of the BTC is structured.

Imagine two wallets each with a total of 1 BTC. One wallet just received a single transaction with 1 BTC and the other is funded with 10 transactions of 0.1 BTC. The wallet with 1 BTC as an input only needs that single proof to send the whole BTC, while the wallet with 10 0.1 BTC inputs needs to submit all of those proofs to transfer the 1 BTC, effectively 10x the data.


I think you're both saying the same thing


But do they eliminate the middleman? At least for Bitcoin, it takes an hour for any confidence that a transaction is truly valid. I'm not going to wait around for an hour just to grab my morning coffee.

So obviously there's going to need to be a credit backed middle man to guarantee your transaction so the seller doesn't get screwed by a double spend.

Eth is slightly better, but it still takes something on the order of 10m to confirm a transaction, and it doesn't look like it can get anywhere near the speed needed for a coffee purchase.


Many altcoins attempt to solve the confirmation time problem. Litecoin is an early fork of Bitcoin that reduces the target block time to 2.5 minutes (probably still too slow for your coffee purchase). One that I see as having a lot of promise for retail purchasing is Dash[1]. They claim 1-second confirmations with InstantSend. I'm intrigued by the masternode network because it seems like the best compromise I've seen for gaining fast confirmations while maintaining most of the distributed and decentralized aspects of a good cryptocurrency.

Bitcoin is the largest and most prevalent, so it has become the currency most often used to exchange to fiat. Usually the transaction fees are still mostly negligible because these are larger transactions than the faster altcoins when they're used to make purchases.

[1] https://www.dash.org/


Though I feel like a lot of BTCers are not interested in this, payment networks based on top of BTC would be very interesting.

Essentially no barrier to entry, and some federation could happen.

Of course, what you end up doing is creating banks, but hey they're not regulated by the government if you are behind 5 proxies? "Hobbyist bankers" might be fun.

The ultimate frustration of bitcoin is that it can occupy the entire range of decentralization, but the community compares everything to the logical limits of "the Federal Reserve will defeat math and generate BTC" and "I don't even have to trust my own computer to do this transaction!".


Eth confirmation is on the order of seconds: https://etherscan.io/chart/blocktime


That is the time to see it is in one block, not the time to feel truly confident in the payment.


But if you're buying a coffee, I think it's safe to only wait for 1 or 2 confirmations.


If you are buying coffee who cares about confirmations at all? Once the product is in your hand you are done.

It's the seller that would care about confirmations in that case. Hopefully they do something hilarious like have a bitcoin corral for people to wait in while their payments clear.


My point is that such a limited amount of money is at stake that confirmations really aren't all that important in this example. I think most places would just accept the risk. Heck, they could have the POS alert the owners if anything fishy happens between payment time, and when you actually receive your drink if they are really concerned.

I really don't think this is as big of a problem as you are making it out to be.


I don't think I'm making it out to be a big problem, I was just pointing out that for small transactions involving physical goods, the recipient of the digital currency is the one that is going to care more about the transaction finishing.


People still wait for coffee? I order from the app; it's paid for and ready for me when I walk in the door. With a 3 minute confirmation time, this flow still works. If it doesn't confirm, then they corral me, I guess.


> One of the hugely compelling benefits of cryptocurrencies is they entirely eliminate the necessity for such middlemen taking a cut and driving up costs for the parties actually partaking in the transaction.

Without more efficient means of off-chain transactions (such as payment channels) the cost of on-chain cryptocurrency transactions is typically much more expensive than credit card transactions (except for very large amounts, as credit card transactions charge a percentage, and cryptocurrency transactions have a fee not related to the amount transacted).

For some of the cryptocurrencies those fees are currently somewhat hidden, as you don't directly pay them as transaction fees, but as miners get a block reward that contributes to inflation. If you include the miner revenue a Bitcoin transactions currently costs about $20 in average: https://blockchain.info/charts/cost-per-transaction


A bitcoin transaction costs me 2$.

A credit card transaction costs me 2$ (which is used to provide me great service, including insurance against unauthorized use): Somehow this is a bad thing?


I don't believe that's accurate, cash-banks are inter-bank processes, and I know several vendors who do actually see a reduction in their bank account when a cash-back occurs.

Yes, if the recieving bank won't honour a cash-back then it will come out of card processing fees, but that's more like insurance than anything else. I wouldn't say that insurance is without worth.

Also, BitCoin has transaction fees. Except rather than being used for insurance, they provide a (very poor) profit motive for miners to continue keeping the network hashing rate high. The reason it's clearly a poor profit motive is that the popular markets around BitCoin are secondary markets (selling graphics cards rather than doing the mining yourself).


Are you talking about a charge back? Vs a cash back credit card program that gives the credit card holder some cash on purchases periodically?


Oh, yeah I was thinking about charge backs. Total brain-fart. ;)


> One of the hugely compelling benefits of cryptocurrencies is they entirely eliminate the necessity for such middlemen taking a cut and driving up costs for the parties actually partaking in the transaction.

Which is why so many of the business “accepting” cryptocurrency do so only through a middleman who converts it immediately back to national currency for the business, charging a fee for the service.


Cash has transaction costs too. You have to store the cash in a local safe. You have to pay for counting and accounting of the cash. You have to pay for safe transport of cash from onsite to offsite. You have to pay for trust, because disappeared cash is generally unrecoverable.

As long as there is no difference between the cash price and card price, it's rational for a customer to use a card with rewards. And I have never seen anything outside of gas with differential pricing. And you know what? I just avoid those gas stations as much as possible, because I can pay a similar price at another station and get my cash back.


As someone who ran a gas station convenience store for six years, I can tell you that this is not a universal truth. We did require a minimum purchase amount to accept cards, but we most certainly did not raise our prices in response to credit card fees.


So there's a party that takes n% of a big percentage of your purchases, yet that doesn't affect the prices? How?


The majority of purchases inside the store were cash because we required a $5 dollar minimum purchase for accepting cards. Most card purchases were used for gas which was already a loss leader most months out of the year, so it made more sense to keep posted prices competitive with stations in the area in order to bring people into the store rather than charge a few more cents in order to offset the cost of cards.


I thought minimum purchase requirements were against the terms of service for most credit cards. I've bought plenty of < $1 items with my credit card. I try to use it for everything to "earn" the rewards.


Yes they are against TOS. Usually only mom and pop shops have a policy. No one enforces it, though. The reason is there's usually a base charge..like $.30 + a percentage fee like 3%.

So if you buy a $1 soda, that mom and pop store just lost 30% of their revenue, plus 3%, and maybe sold that soda at a lost to you.

For places like McDonalds, they negotiate much better credit card processing fees and I don't care - plus they make a lot of money anyways.


Maybe it was a violation of the TOS and the owner was not aware (or he was and didn't care), but this policy never caused us any trouble during my time running the store, although its entirely possible that we were just lucky enough to fly under the radar.


I seem to remember such TOS being ruled illegal many years ago.


I went to look at Visa rules and I think you are right. Here's one relevant paragraph:

> 5.4.2.3

> Minimum Transaction Amount – US Region and US Territories

> In the US Region or a US Territory, a Merchant must not establish a minimum Transaction amount as a condition for honoring a Visa Card, except for a Transaction conducted with a Visa credit Card issued in the US Region or a US Territory. The minimum Transaction amount must not be greater than USD 10 and must not be discriminatory between Issuers or between Visa and another payment network.

So, in the US, it doesn't look like there are any rules. Outside of the US, it looks like a minimum is fine as long as it's not more than $10


Am I reading this wrong or is it self-contradictory?


Because handling cash is expensive too, so the transaction cost was probably already priced in.


A few points:

1. The only party benefitting from the cashback scheme is, of course, the middleman. While prices will go up in the long term, consumers who use cash-back cards do benefit in the short term over those who don't. If you make a transaction in cash or with a debit card which you could have made with a cash-back card, you are leaving 3% on the table. I am extremely skeptical that an individual boycott will be effective. Maybe take your 3% and pool it to lobby for better banking regulations?

2. they entirely eliminate the necessity for such middlemen taking a cut - AFAIK, all cryptocurrency includes some sort of transaction fee.


Seems to me that cash back is a way for card companies to compete on transaction costs. Directly adjusting the transaction costs wouldn't do it, because merchants won't pass the difference on to the buyer. By rebating part of the transaction cost to the cardholder, they effectively reduce the transaction cost, without having to get merchants to pass on savings.

The beneficiary of this scheme, as with most schemes to lower prices to undercut the competition, is me.


Having the sender pay the fee seems like an obstacle for consumer adoption. I agree that consumers are never going to use cryptocurrency vs. credit cards to pay if:

1) It costs them money to use 2) No cashback

It would be interesting to test a cryptocurrency where the recipient payed the fee, and could optionally send cashback. I'm not exactly sure how this would work, but the incentive structure would more optimally aligned for everyone involved.


You don't need a new cryptocurrency for that. Just lower your prices for people paying with BTC/ETH/... to adjust. (Doesn't solve the potentially bigger issue of insurance though, but I think that has to involve some third party)


You can definitely do that and the end cost for the consumer would be the same, but it would result in vastly different levels of consumer usage.

edit: On second thought, you are probably right. With the right wallet ui you could just provide a simple discount or cashback that covers the transaction fee + % cashback at the point of purchase that's covered by the recipient via a contract, or via rules that the recipient publishes.


In this case the middleman actually provides a very valuable service--fraud protection.


That is correct. My wife runs a retail service that charges monthly. The percentage the business pays depends on cards. Cards like Amex, and those high end one with good rewards - charge a higher percentage in fees, and Square passes it on.

Right now she will only accept the first month payment by credit card. Cash, check, or ACH for recurring payments. ACH costs $.99. If everyone decides to pay credit card she will raise cost by $5 (almost 3% of the charge).


> One of the hugely compelling benefits of cryptocurrencies is they entirely eliminate the necessity for such middlemen taking a cut

Only if you don't count the online exchanges as middle men. Right now I still pay 3-5% to convert fiat to digital money, depending on where my fiat comes from.

The theoretical future where nobody needs to convert between digital coin and fiat isn't here yet.


Slight adjustment... there is also a fair bit of wealth transfer between people who use cash, debit cards, or have credit cards but can't pay them off each month.

So its an extra little 3% tax on the poor, or at least the less financially literate.


But at nearly every store, the price has been increased for everyone, even cash customers. So why not get my cash back if that's how it's going to be?


I'm not as negative as you are, I think this is all very interesting, from the outside looking in. It really helps understanding the pros and cons of our monetary system, the good and the bad. It's pretty educational I think.

Of course it's sad for people who invest money they can't afford to lose, but really "investing" in cryptocurrencies is more like playing roulette than anything else and they should've known better.

I really wonder what cryptocurrencies will look like 10 years from now. Will they still exist? Will they have taken over the world as some predict?

Given how easy it is to irrevocably lose your coins I really have a hard time imagining how this could become mainstream. At best I could imagine using bitcoin through some third party that would take care of your wallet for you. We'd call it a bank or something.


I don't really know why this is being downvoted, BTC and cryptocurrencies are really interesting economically. Even if they have no direct impact on society as a whole it's valuable to see proposed alternatives to our banking and financial systems put forward and discussed in detail (e.g. it really exposes what a bank / government actually provides)


I'm guessing that my snide remark about reinventing the banking system didn't really help my case but I couldn't resist.

But yeah, technically and economically it's pretty fascinating I think. The only downside is that the very high valuation makes it hard to have a reasonable discussion with people on either side of the fence. It's not longer a fun classroom experiment when billion of dollars are involved.


Everyone in cryptocurrency seems to have forgotten that the adage "the devil you know vs. the devil you don't" was a recommendation to prefer the former.


Everyone in Crypto Currencies are besotted by the "we are in at ground level of a tech revolution" idea... namely they think they saw the kids of the 80s/90s get easy low qualification required tech jobs and one man shops making 100s/millions/dollars. They are the modern prospectors. Free gold on unclaimed land.

Like any decent business thinker you don't see the rough edges of your focus. Sometimes when you do it can cripple you. But then again most business fail.


It's a cute analogy perpetuated by GenX VCs and crypto-wonks who don't see a down-side in making bold, wild claims. It's one of the many problems today in which there is no down-side risk on making extremely early predictions. No one will call you out on being wrong. I view it similar to people who have been calling for another tech bubble and the subsequent market crash even though we're still very much in the midst of consistent All-Time Highs.


My view here is that crypto-currency doesn't have to be better, but it has to exist so that fiat currencies have something to compete against, and then the users have a choice. It should be guided by normal market laws as any two financial products, e.g. if your view of insurance proves a valuable market insight, I am sure that insurers will consider doing it for crypto.

News like this are common for any emerging markets and technologies. Same amount of volatility was probably present in the first years of dollar, and same amount of insecurity was present while banks and credit cards were still being established.

I wonder how much different the crypto-currency conversation would have been if they appeared around the time when dollar lost its gold convertibility.


>because $1 = $1 like forever

Take a look at the purchasing power of the US dollar over the last century. http://bit.ly/2ushyfu

I'm not suggesting crypto is a better store of value, but there are surely better alternatives than the U.S. dollar for long term investments.

Even for short term holdings intended to transact with, wouldn't it be nice to not rely on a bloated, corrupt, violent corporation (AKA the US Gov)?


What are you talking about? The dollar loses to inflation every year. A 1990 dollar is $1.87 in 2017 dollars.


I think GP means that if you have $100 in your bank it'll still be there tomorrow, not randomly erradicated by volatile swings in the market or stolen with no way to get it back.

That said this is only true if you have faith in your government.


Right, but it can also be frozen due to the whims of the bank, garnished by the IRS, taken by wire fraud...

Obviously cryptocurrencies are sharp tools, but they're stronger financial primitives than what we have. We just need to use them to rebuild the consumer-facing components.


By which you mean, take everything provided by current currencies and monetary regulation and financial institutions assuming risk... then put a pretty fascia of your kinda UX on it, called crypto currencies.

It is a 3000 year old problem.

Trust. In short, is big business.


> but it can also be frozen due to the whims of the bank, garnished by the IRS, taken by wire fraud...

If given the choice between the whims of banks vs the whims of cryptocurrency speculators, and the potential for wire-fraud vs the potential for wholesale 'hackfraud', I think I'll take the whims of the banks please.


Obviously it's early. No reason there we can't have. Stable store of value as cryptocurrencies mature.

Regarding bank whims, if you're a properly banked person who's never had an issue, great. If you've never had trouble with the IRS or anyone else who can take your money by force- great. But that's not everyone.


You don't think the IRS can't seize your coins? They just have to demand your wallet or put you in jail. The fact that they can't drain your account isn't some magical cloak that keeps them locking you up. Or you could try and lie about the value of your wallet and perjure yourself.


Banks are not allowed to freeze your account arbitrarily. And don't pretend that the IRS won't figure out how to seize bitcoin. And, if you do get wire frauded (which crypto dorks all seem to be irrationally concerned about for some reason) you have insurance and recourse to quickly get it corrected (unlike buttcoin). So don't spread FUD.


But when has government betrayed that faith (in recent times, say after WWII)?


Like, whenever things get serious?

https://en.wikipedia.org/wiki/Nixon_shock

to give just 1 example.


No. Just ask anyone who had gone through monetary reforms, or savings account taxation, or limits on withdrawals, or stuff like that. And you may have some faith in the government, but it can still fuck you up. Many of these interventions had come out of the blue for most people throughout history.

Having hard limits on what governments can do is obviously beneficial especially for less informed people.


Tell that to your Venezuelan friends.


Meanwhile, a June 2017 ethereum is 2 etherium in July 2017 ethereum…


It's not. If you're trying to say it can be used as a unit of account, well.. okay, but same for the dollar. But it's inflationary on top of the obvious speculative swings, versus eg Bitcoin that's got a capped supplY.

EDIT: misread! Obviously ETH lost a lot of value.


I'm not sure what you mean by "it's not". Are you saying that ethereum was not twice as valuable a month ago? Or something else? I don't know how this would be connected with whether it can be used as a unit of account—obviously ethereum is only really used as a unit of account for ethereum contracts, due to its volatility.


Aha, I totally misread, sorry! I thought you said 2 were 2.


>What are you talking about? The dollar loses to inflation every year. A 1990 dollar is $1.87 in 2017 dollars.

Which is precisely why you don't leave money sitting in a 0% savings account. You invest it in equity, not a currency. Fiat is designed to lose value through inflation. Thats how the system works.

Expecting to hedge against inflation by dumping your money in another currency is insanity. The only way is through actual economic growth.


Erm, currency is the term, and it's a laudable goal, but we're not there yet. Most look at cryptocurrencies as a a hedge because of different monetary policy (eg Bitcoin), censorship resistance, or other features (Ethereum).

Bitcoin has been a great hedge for those who can access it in Venezuela.


It almost certainly never will replace your credit card. But there are other things it can replace or create. Like paying in cash for less-than-legal products or confirming, beyond a shadow of a doubt that you're not using a stolen card as a transaction can't be revoked or even as something comparable to gold as a store of value (which seems like a terrible idea as of now, but is a possible future use case). It may also provide a distributed, trustless or near-trustless way to control equity in some things, but that's yet to be proven in my opinion.

For just about everything else, cryptocurrencies are crap, just a worse version of something that already exists. They're not a panacea, you can't throw a blockchain at everything and make it better.


Well how did you get a credit card? Wasn't it by going to a financial institution and submitting some type of identification?

You understand not everyone has that privilege right? Not everybody has access, the capital, or the identification to a first-world bank.


Show me one instance of an underbanked person who achieved a line of credit thanks to cryptocurrency. Just one, please.

That's right, they don't exist, and this argument is bullshit.


> Just one, I fucking dare you.

This comment doesn't seem to jive the spirit of Hacker News.

If the poster you're replying to has a valid counter-argument you can expect him to provide it; there's no need to...threaten them to reply? Machismo is one of the least beneficial things you could contribute to this site.


I never said line of credit. I was making the point that cryptocurrencies offer another means of payment and medium of exchange that is not as restrictive as a credit card. Here’s two articles that show they actually help the underbanked:

[1] http://www.coindesk.com/united-nations-sends-aid-to-10000-sy...

[2] https://www.bloomberg.com/news/articles/2017-06-13/pot-entre...


I don't really have any bank accounts right now and pay my credit card bills with bitcoin. I guess I might be that person then?

Although, I've pretty much always been paid in cryptocurrencies so my situation is rather unique.


You have access to banks, you just choose not to use them. And you have a government identity and a credit history that you used to obtain your credit card. You aren't remotely close to the hypothetical character the OP described.


It's better if you're buying heroin online


1. I see the the current batch of crypto-currencies as an experiment and their valuation more like a bet on which currency will manage to adapt to the future.

2. Not all properties are relevant or even desirable: For example, I could live without POW or a fixed cap.

3. That being said, let me give you an example of a currency that could realistically be adopted by a government: a centrally controlled currency (the central bank is the only miner) but the blocks are validated by the citizens.

Here you could have the inflation rate specified through a smart contract (e.g. 3%). The only way to print more money would be to to ask the nodes to vote on an amount that will be included in the next block.


From my understanding a lot of people use it to transfer money between countries, you buy some bitcoins, then transfer them to your bank account in a different country, and you won't have to explain to the bank where you got the money and where you are transferring them because you could just say that you mined those coins and now cashing out. Correct me if there is a flaw in my logic


AKA money laundering? I mean, I guess if you're into wildly illegal actions, sure.


Flaw will be realized when you arrive for first day in prison.


You can't issue more dollars, but you can issue more of your token, It would be better for an app to have hacked token addresses than hacked credit card information, these tokens are usually cheap initially and its a free market, investment are always a risk. Why start a restaurant isn't that what all the other restaurants are for?


> because $1 = $1 like forever

No. $1 during the gold standard was different than $1 after we left it. Now, our central bank (the "Federal Reserve") aims to inflate our currency at +2%, every year. After 80 years (roughly a US lifetime), $1 at birth is worth $0.20 at death. And central banks can't always keep monetary policy under control.[1]

We just hit $20 trillion in US federal debt. It's set to continue to grow as baby boomers continue retiring. Congress has no spine to make large cuts in spending (for defense, discretionary, or entitlement programs). There are a handful of very large states in the same condition. The debt will continue to grow reasonably fast while the GDP of our economy has lagged.

$1 USD may say "$1" on the front forever, but the purchasing power of a dollar isn't likely to stay as strong as some other currencies. It's worth even less if large, important international transactions (like for oil/gas/weapons) are done less and less with the US dollar (@see "Bretton Woods" and "petrodollar").

[1] https://en.wikipedia.org/wiki/Hyperinflation



Try buying contraband with your credit card


Why is gold worth $5 trillion market cap? If someone steals your gold, you can't even get it back easily.


In computing there were relatively few mitigation against breach of physical security. Almost no one uses encrypted volumes, though that is growing rapidly. Even then it says nothing of on line connected access to the medium whilst the volume is mounted.

If someone steals your gold the logistical complexities are much more onerous to being caught. Again, a 3000 year problem almost entirely solved.

The risk of the medium of value is priced into the medium itself.


Greed.


Greedocurrency is a much better name, right!


Well I imagine there's no interest fees in crypto?


Good question! Why are some of the most sophisticated investors in the world investing in crypto?

If you took some time to figure out the answer, it may be valuable. Or not. You could be right.

> because $1 = $1 like forever

Correct. What about compared to a basket of good?



Cryptocurrency is not a solution for a fundamentally broken central government and this is especially true for countries like Venezuela where access to computers and reliable internet is not a given.


Where are the hordes of people wanting to sell their bitcoins and turn them into Venezuelan bolivars?

Without these people, how have Venezuelans got any chance of getting bitcoins in the first place?



Hyper deflation and hyper inflation are both extremely destructive to a functional economy.


That's a bummer since Coindash appears to have an MVP and a reasonable funding cap of $12MM. I wouldn't wish this on anyone, but it's unfortunate it didn't happen to one of the scammy ICO's instead.

On a side note showcasing the ridiculousness of some of these ICOs, [1]"Useless Ether Token" (UET) raised around $45k and literally doesn't do anything.

[1]: https://coinmarketcap.com/assets/useless-ethereum-token/

https://uetoken.com/


You do realize that everyone knows UET is a joke right?


DogeCoin was a joke too, right? I think it earned some people some money.

I actually like this about the Internet. A good joke deserves some profits.


Yeah totally. It's probably one of the most profitable jokes created if he cashes out.


No problem, just hardfork and start again


That only works when the money is tied to one of the core developers. Don't worry though, blockchains are immutable and safe from centralization.


Last time the problem was that a weakness in the contract's definition was exploited, right?

This time it's a "hack" where someone gained unauthorized access to a webpage and modified it somehow?

IMO if there were ever a case for hardforking around problems it should be for the latter and not the former. Maybe Ethereum could publicly declare itself to be a "not-too-centralized" consensus-audited-by-this-particular-committee-of-humans.


Wait what? I'm not up to date on all the cryptocurrency going-ons. What's this referring to?


One of the main Ethereum code-contracts, the DAO ( https://en.wikipedia.org/wiki/The_DAO_(organization) ) had a bug in its code, and someone exploited that bug to extract the value from it. Rather than accept that as consistent with their view of "the code is the contract", the Ethereum developers hard-forked the currency to reverse that result and give everyone their money back.


Oh good, so they should be able to do that now and give everyone there money back again. Thank goodness for decentralization! /s


IIRC this: http://www.coindesk.com/understanding-dao-hack-journalists/

tl;dr dude stole coins from ethereum creators, they decided to fork it

"A software fork has been proposed, (with NO ROLLBACK; no transactions or blocks will be “reversed”) which will make any transactions that make any calls/callcodes/delegatecalls that reduce the balance of an account with code hash0x7278d050619a624f84f51987149ddb439cdaadfba5966f7cfaea7ad44340a4ba (ie. the DAO and children) lead to the transaction (not just the call, the transaction) being invalid …"


I think he is being sarcastic. He just means that they call it decentralized except when there's a problem that affects the core developers; it's then that they allow themselves to make exceptions, like I believe it happened a year ago or so.


There was an Ethereum contract called The DAO which had a bug in it that got taken advantage of. They decided to hard fork all of Ethereum to retrieve the appropriated money.

It's seen as some as an admission that the Ethereum ethos of "the code is the contract" is unrealistic.

https://en.wikipedia.org/wiki/The_DAO_(organization)


The DAO was hacked by an unknown attacker who stole Ether worth around $50 million dollars at the time. After much debate, the Ethereum community voted and decided to retrieve the stolen funds by executing what’s known as a hard fork or a change in code.


Smart Contracts by definition aren't hackable. The "attacker" just found a loophole or unintended effect in their contract and used it. An Ethereum hack would be like, I dunno, finding an exploit in the implementation of the VM or something.


> a loophole or unintended effect in their contract

Sure sounds like a hack to me.


> Wait what? I'm not up to date on all the cryptocurrency going-ons. What's this referring to?

I am also not up to date on the cryptocurrency du jour, but I believe this is in reference to the current civil war going on in BitCoin about the block size. [0]

Basically the majority of mining power will decide which proposal is selected going forward. I only follow BitCoin tangentially, but I believe a majority of mining power is concentrated in a few mining pools, themselves controlled by a few people. So in reality "decentralized" really means "whoever can organize the biggest army"

[0] http://www.investopedia.com/terms/s/segwit-segregated-witnes...


I'm learning about Ethereum and I just read about their previous hardfork. I won't touch this (as a developer) until this kind of shenanigans stop happening.


That one was the last time ever, pinky swear.


One of these times they'll get it! Never give up, y'all.


I tend to believe that it was a scam because they refused to disclose the contract beforehand and there were some people claiming that it's a scam few months before [1].

[1] https://bitcointalk.org/index.php?topic=1905500.0


I say this without an ounce of hyperbole: I assume all ICOs are a scam until convinced otherwise.

The majority aren't outright scams (willful intent to defraud), but most are capital grabs with virtually no chance of being successful businesses.


Where does the amount in the title ("45k ether") come from? I didn't see that in the article.

EDIT: Apparently from https://etherscan.io/address/0x6a164122d5cf7c840D26e829b46dC... , which is something I don't have the depth of knowledge to assess for myself.


wow... 6 minutes ago, 1 minute ago... people are still sending this address money?


This sentiment is how normal people feel about all cryptocurrency.


Yes, it's not really being talked about anywhere because people like to keep this stuff hush hush, so crypto doesn't look bad.


A sucker is born every minute.


ETH Balance: 43,432.963 ...

is the important figure. At the bottom you can see the transactions coming in.

First incoming transaction seems to be from Jul-17-2017 01:01:21 PM. View all > last page.


Over €6,000,000 at current prices.


And over €12,000,000 at the price 2 weeks ago.

Who knows what the price will be next week, but it won't be anywhere near €6,000,000 if they try to sell that much at once.


Though, the 24 hour trading volume for ETH is $1.5 Billion USD. So it won't affect the price as much as you'd think.


$1.5 Billion, made up of many smaller transactions (~USD 15.5k on average according to this site [0]).

A number of large transactions to convert that much ETH to USD, would significantly affect speculator confidence, triggering others to sell.

0: https://bitinfocharts.com/ethereum/


I don't understand how any of these ICO companies are valued so high. If they had to raise this 12mil from VC/PE would they still be valued the same ?


Because it's not real money, most of it is just bitcoins that got converted to ethereum that got converted to coin dejur. Can you cash it out in small quantities sure, but unless something tangible comes of it you have nothing but worthless tokens.


I think that is key. It's similar to the .com boom (and bust) in the early 2000s. You had lots of examples where super-inflated company A bought company B, and paid for it with their super inflated stock. While the "values" reported won and lost where in the billions (trillions?), the fact is that relatively little of it was actually converted back and forth to real dollars.


No. On top of that, the tokens aren't usually for equity


Please please PLEASE do not buy into these ICO's. Nothing but vapor, I promise you. Crypto is going to crash SO hard if people keep giving these ICO scammers millions of dollars for each slick marketing campaign they can spin up.


For anyone wondering, 45k ETH is about 7.65M USD.


I wonder what happens if someone wants to liquidate this amount to USD immediately. Has ether got enough liquidity to handle it :)


Yep, there's more than enough liquidity. People clearing more than $70k USD worth of ETH are usually going through OTC channels, not through exchanges like Poloniex and Coinbase. OTC fees are generally higher than exchanges, but offer the advantage of legally guaranteed finality and no chance of slippage affecting your transaction (exactly what happened with GDAX when the price of ETH briefly dropped to $0.10).

When deals are large enough, sometimes they are even executed as a set of "tranches" (large set of smaller transactions over time) so the transfer isn't easily traceable and counter-parties remain largely unknown.


OTC ?


Over-The-Counter eg not via exchanges, but directly.


Check out my project, it should solve the problem you mentioned. The goal would be to stabilize the price of Ether on the blockchain so the Ether can be sold off slowly without moving the market.

Its essentially a cryptocurrency risk management system where one user takes on all the profit/loss of cryptocurrencies price change so that other user (fund) pegges their wealth to USD

https://medium.com/@mnaei/are-you-selling-50-of-your-cryptoc...


Yes, Ether has $1.5bn in trading volume for the last 24 hours [1].

1: http://coinmarketcap.com


Well, considering that this amount of ETH was worth double that 2 weeks ago, I don't put much faith in it being worth anywhere near that much if they tried to liquidate it immediately.


Eth has more than enough liquidity to handle this.


So imagine that 6 months ago you decided to get in to the whole crypto currency thing and 'invested' $1,000 in ETH.

Back then the price was ~USD 10.

One month ago, you were pretty happy because the price was ~USD 395, which meant your $1,000 was now worth ~40,000.

Today however, at ~USD 173 your $40,000 is now only worth $17,300, much better than $1,000, but you're not as happy as you were one month ago when the price was only going up.

Then you see the news that this new ICO was hacked and someone's going to be looking to offload $6,000,000 in ETH.

How many speculators in a similar position to what I describe are going to have seen the price drop significantly in the last month, see that someone is also looking to offload a large number of ETH and think "it's been a good run, $17,300 is not bad, time to get out before it all comes crashing down"?

Does ETH have the liquidity to deal with a large number of speculators spooked at losing their 'investment'?

Maybe, maybe not. We'll know in a few weeks.


Coinbase could probably do it. If there was an investigation into the theft, that would probably be a terrible idea.


I think there was a recent 20% crash in ether price. Probably a result of immediate dumping from this hack.


Token sales are risky. What do people expect? Guaranteed thousands-of-percent returns.

At this point, it probably takes good judgement to make money in crypto. You can't just throw fiat at anything & expect to walk away rich.

One of the reasons criminals are all over crypto is because they're valuable.

When Willie Sutton was asked why he robbed banks he replied: 'Because that's where the money is'.

I'd say caveat emptor.


The full title on the link is: "Breaking: CoinDash’s Token Sale (ICO) Website Has Been Hacked." This submission is disingenuous at best, as it implies the ICO contract was hacked: someone hacked the webpage and changed the token sending address.

Edit: Looks like the title was updated. :)


1) Watch out for the website. And here's another tip from Vitalik,

'Reminder: if someone makes a token sale that gives discounts to large buyers, this can be circumvented via collective-buying smart contract.'[0]

I think people are going to start understanding how to navigate the new investment waters. It's going to take time. I still don't have as many sources of info in the area as I'd like. That too -- if the market continues to develop -- will change in time.

[0]: https://twitter.com/VitalikButerin/status/886191450727297024


The 'tip' can be summarised to just 'avoid token sales, you mug'


Can it? I understood it as more nuanced.


IMO, not Vitalik's


Vitalik was talking about token sales that give discounts to large buyers. And that they can be circumvented via collective-buying smart contracts.

I got that information by reading his tweet.

Frankly, I don't know what you're talking about. I would imagine if he was trying to convey one should avoid all token sales he would have said something similar to that. Not something specific to a specific situation.

The trick I'm employing involves reading comprehension.


This seems to be the same problem that many open-source projects have, where the md5 hash to verify your download is at a single, (often the same) location.

One possible solution would be to use Twitter pinned tweet to also announce the address, however it's questionable how many people would actually cross check.


I know given the thread this is in makes it ironic, but a public blockchain would actually serve as a pretty good place to keep a check sum ;p You would check the official blockchain address for a repository and know that the checksum there has not been modified. As long as the process of creating the transaction is done correctly.


I always found that fascinating myself, serving the download and checksum from the same source.

Doesn't http have enough redundancy checks built in to make this pointless? The only time to really do a checksum isn't on a browser download, it's when you push it over some serial connection, or android adb or something else.


I suppose the "Here's the MD5 for your download" concept is useful if the file is being served from a different host than the website itself. Someone could tamper with the file server, but may not have access to the HTML rendering a link to that file server.

But you're right about serving the data & checksum from the same source. I don't see what extra layer of security or integrity it adds. Someone tampering with server file system, or the data transfer (MitM) inherently has the access they need to inject their own MD5 into the HTML.


It's useful if you have already downloaded the file from somewhere else and want to check if it's the right one without downloading everything from scratch.

Furthermore it's very much possible to get corrupt data over HTTP if you have a poor connection and download a big file.

If you want a really secure "checksum" you best bet is probably a GPG signature file from a wildly distributed and trusted key.


If someone can MITM your download, in many scenarios they could MITM twitter as well.


So it was their website that got hacked, not their cryptocurrency widget (or whatever the appropriate term is)?

I mean, not unexpected: hit the softest part of the chain, which in this case seems to be a webserver rather than the crypto/contract. Just trying to make sure my understanding is correct.


The webserver, or you know, their wordpress website (at least according to reddit).


'Hacked' - or just stolen. Who could ever know in crypto-land? I am sure the ICO contract had something about lost coins in it as well.


Neither. They hacked the webpage and wrote a different address to send money to. Similar to me sending you a letter that I am Oxfam, please send me money.

If only the crypto-currency world had laws and the institution of justice...


I think he means CoinDash themselves could have altered the address and claimed it's a hack - which would make it straightforward theft, not a real hack.


>If only the crypto-currency world had laws

A law isn't going to magic peoples coins back if they hit send to the wrong address.


It won't magic anything, the person gets caught and court makes a ruling like every other criminal action. That's like saying that laws can't magic a stolen bag of cash in a getaway car back to it's rightful owner. You're right that it's not magic, it's the justice system. And if they don't have the coins, they have to sell assets or go bankrupt.


The freedom of unregulated money!


Either the average blockchain startup is unbelievably amateurish re. security or this was an inside job. I suspect the latter but the former does not surprise me one bit.


Isn't most of the IT field unbelievably amateurish re. security? Just look at the bi-monthly releases of user lists from major companies.

This is why I think wide adoption of cryptocurrency is a bad idea. Complete computer security is nearly impossible (I want to say completely impossible but I'll end up in an endless debate about single use offline computers printing out paper wallets).


I think this is a disingenuous argument. Yes the vast majority of the IT field are not experts but if you don't hire one of these experts to secure your system, a system which is aiming to raise $12m, then you shouldn't be surprised when you get hacked.

Also, just because you're not an expert does not mean that you have any excuse to be completely clueless and make stupid mistakes.


I have seen the code of a Bitcoin startup. Believe me, security is the last thing on their minds.

Personally, I find it exceptionally naive that these startups think they can handle payment processing, payment storage, and their core product at the same time. If you're a startup, at least two of these will be ignored for favor of another. One of them makes you money/users, the others don't.


Does Ethereum not have an escrow like Bitcoin where a 3rd party can confirm a transaction first?

But also, if it's really as easy as replacing some arbitrary address with another I'm surprised Coindash wasn't more careful.


That's a simple contract, but...

If the ICO implements that, there's no protection from someone replacing the ICO address.

If buyers use escrow contracts, they have to confirm their transactions before the ICO closes, so for typical hard-capped ICOs you don't have much time to verify things. When the crowdsale's website is displaying wrong information, there's no other source, and the sale is rapidly approaching a hard cap on contributions, there's not much you can do.

A better defense against this type of attack is to use the Ethereum Name Service, and publish the address well in advance. It would also help to use crowdsale structures that don't incentivize a mad rush, such as:

http://www.blunderingcode.com/fairtokensales/


I believe that is entirely up to the contract programmer(s), and the potential buyers to vet.


I wonder if a block chain could certify websites:

1. someone writes a url to the chain

2. others post a (url/hash/date time) of the output of the url

3. then people could post an image with their face and a blockchain address. could be a form of ID.


There are various groups working toward a blockchain id system including Thomson Reuters[0], and a Microsoft/Phillips-backed company Tierion[1] -- both on the Ethereum public chain.

[0] https://blockoneid.thomsonreuters.com/

[1] https://tierion.com/


This is what the ENS (Ethereum Name System) will be doing. In face, if you see an ICO on the Ethereum platform that doesn't use the ENS, avoid it. The ENS is actually really cool.

Although, you should probably avoid all ICO's =p


This underscores the need for legitimacy and best practices around ICOs. I think CoinList (angellist company) will end up killing it in this space.


Waiting for their announcement, but this would be a great way to pull a quick scam. Make a decent looking site promising a random piece of software that seems legit, promote an ICO, setup a fake wallet, then when the ICO goes live claim your site was "hacked" and points to a fake wallet you control. Grab a few million and never have to actually write said piece of software.


This was bound to happen at some point... It'll be interesting to see how low the dip goes as a result of this ICO failure.


> CoinDash's Token Sale page was tempered...

Now reads "tampered", but "tempered [sic]" would seem to have been appropriate if really was the message sent to investors. Funny how the subheadline had the typo before as well.


This is the sort of email you don't spend a lot of time spellchecking.


Right, I was thinking more of the news site.


So you just got robbed. What law enforcement agency will you complain? Gold rush & Wild wild west.


Has anyone here played with "HYIPs" few years ago? Stories with many ICO are so similar.


Could HTTP public key pinning have prevented this at least partially?


Not necessarily, because the issue here is that the website containing the address itself was altered. If an attacker can get access to the web server then HTTP public key pinning does nothing to protect you.

What would have worked, however, would have been to pin the ICO address to the blockchain in advance. Same concept.


I should launch an ICO.



Running a P2P-ICO over a centralised server. Good job coindash. That's exactly what you deserved.


Do other ICOs do a better job distributing instructions?

EDIT: so, apart from posting the address across as many channels as possible, and telling people to cross-check, what options are there? You could announce addresses way beforehand and have them send ETH to the final address once you release it, using that as a signal.


Usually, companies conducting ICO's only release the block number in advance, the smart contract address is generally released last sometimes just hours before the ICO start time.


All ICOs are centralised. It's lots of people sending their money to one entity, never the other around.


'hacked'


[flagged]


People lost like half a million dollars and a talented immoral person got a huge reward signal for basically being a predatory jerk. Although I can see the humor, it seems unreasonable to derive joy from such a thing.


While I won't resort to posting acronyms, I'd be lying if I say I didn't do the same upon seeing the headline.

There's an old adage that you can't fool an honest man. People who lose out from incidents like this knew exactly what they were getting into. It's not that I don't have sympathy or even empathy for them, it's that I know deep down they're just gambling and the risk of losing it all due to hacking is just one of many risks they're willing to accept.


s/People/Gamblers

If you cannot afford losing everything you put into cryptocurrencies, don't do it.


I think there's a whole subreddit dedicated to Bitcoin schaudenfreude.

It's fun at first, but then you start reading about the people (presumably with undiagnosed gambling addictions, but hey, I'm not a psychologist) who dump their entire savings, their kids' college funds, etc. into Bitcoin and then lose the whole shebang. That's the kind of decision that will break apart families.


One Bitcoin is over $2000. How could someone dump everything into Bitcoin and lose the whole shebang?


Same as the stock market - by investing a lot of money right before a huge downswing.


By making mistakes: Loosing your wallet, accidentally sending it to the wrong address, having it in the wrong exchange at the wrong time, ...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: