Hacker News new | past | comments | ask | show | jobs | submit login
94k Bitcoin (1B USD) transferred from unknown wallet to unknown wallet (twitter.com)
1430 points by jonkratz 10 months ago | hide | past | favorite | 680 comments



I'd take issue on two points. First, "wallets' don't exist in the Bitcoin protocol. Second, the tool being used is not sophisticated enough to list the inputs and outputs, giving the false impression that something unusual is "unknown." Try this link to get details:

https://blockstream.info/tx/4410c8d14ff9f87ceeed1d65cb58e7c7...

There are numerous inputs and a single pay-to-script-hash (P2SH) output.

The relatively high fee is due in part to the large number of inputs. ~400 satoshis/byte is high by today's standard but not too unreasonable as early as 2017.

We can't tell anything about the identity of the owner(s) of the new coin from the block chain alone.

Making a transaction this large is a security risk. It effectively establishes a billion dollar bounty for any party who can rewrite enough blocks to erase it. Now that the value resides in a single coin, any subsequent transaction faces the same risk. Plunking this much value into a single coin seems like an odd strategy at best. Not to mention the destruction of privacy in combining all those inputs into a single transaction with a single output.

I can think of one reason you might want to do this. A consortium/trust has formed in which individuals pay into a common pool of money. That money is then protected with a multi signature script (consistent with the P2SH type). Given a threshold of signatures, the money can be spent, subject to other constraints. These will remain unknown until the first payment is made. At that point we'll know the number and identity of all the eligible keys and the threshold needed to make payment.

If so, this transaction can be thought of as a kind of digital charter for the consortium in that it defines how the money can be spent going forward.

Edit: to be clear, the "bounty" I'm talking about can't be directly claimed just by mining some blocks. Instead, it would have to be claimed as part of a double spend of either the transaction in question or as subsequent transaction of the now-enormous output. Most likely, there would be collusion of some kind between a miner and the owner of the keys. I'm not saying this will happen, but the bigger the transaction, the greater the risk.


> It effectively establishes a billion dollar bounty for any party who can rewrite enough blocks to erase it.

I don't really agree with that statement. Yes, someone could mount a 51% attack to rewrite that block. However, it would be pretty straightforward to see what was happening (and which nodes were the malicious actors). If that did happen, the possible outcomes would be:

1. The value of bitcoin would fall to basically 0. The reason bitcoin has any value at all really has to do with trust - belief that the protocol is secure and can't be broken. In this case, an easily detectable spending "override" would cause faith in the protocol to evaporate.

2. Note I don't believe #1 would happen. The response would be all the other miners who do have a vested interest in bitcoins success would put all their resources in ensuring the original block was maintained.

I.e. the options aren't between one address getting the billion+ dollars or another address getting a billion+ dollars. The options are one address getting a billion+ dollars or everyone's bitcoin going to 0.

Edit: Another likely possible outcome is you could get what happened to Ethereum when the DAO was hacked: a fork to Ethereum vs. Ethereum Classic. But it's still important to note Ethereum Classic is worth a teeny fraction of what Ethereum is.


the amount of trivialization and conflation irks me

1. "51% attack" is not a thing as in "one has to have 51% of hashpower to perform it". it's just that with 51% of hashpower it becomes relatively cheap to perform such attack. one can throw enough money at the problem and get lucky to perform large reorg with just 10% of hashpower. the lower the number - the more lucky attacker has to get.

2. "rewriting a block" or "billion dollar bounty" as the GP put it are just conveying wrong ideas. there is zero chance for that $1B to get stolen even if attacker gets 100% of hashrate. all they can do is revert the transaction so that money goes back to original owners by generating a fork in the chain that doesn't include said transaction.

even that is not enough because competing miners (assuming attacker doesn't really have all 100% of hashpower) will still eventually include the transaction because it pays lucrative fees.

the trick here is that in Bitcoin parties agree to finalize the deal only after certain number of confirmations (blocks created after the one that includes the transaction). general rule is to wait for 6 confirmations.

if there indeed was some $1B deal where 94k BTC changed hands i wouldn't be surprised if their agreed upon number of confirmations was ~500 blocks (half the value of transaction in question in miner rewards), which is roughly 3 days wait.

ultimately though i'm pretty sure this was some kind of cold-storage consolidation so no BTC actually changed hands.


There is a danger of theft, and the risk is to everyone, not just the parties to this big transaction. The risk is this:

1. A malicious syndicate gathers a billion dollars of bitcoin and sends it to themselves

2. In a short period of time, like a few days, the syndicate exchanges that bitcoin for non-bitcoin assets

3. The syndicate spends tens or hundreds of millions of dollars to fork the chain, backing up the ledger, so that they own the billion dollars of bitcoin again

So anyone accepting bitcoin for non-bitcoin assets for the next week or so is at risk. It doesn’t have to be a single transaction, though; this danger occurs whenever the transaction volume on bitcoin gets above the cost of mining.


If someone could fundraise a billion dollars, using it to steal another billion dollars (not great ROI considering all the security risks of bitcoin ecosystem) at the expense of shattering worldwide faith in Bitcoin (which also devalues the stolen coins), seems a really bad bet. It only makes sense if it was a government or some group spending a billion (semi illiquid because Bitcoin) dollars with the goal of destroying the Bitcoin ecosystem.


> so that they own the billion dollars of bitcoin again

which is now worth zero :)


> it's just that with 51% of hashpower it becomes relatively cheap to perform such attack

The qualitative difference is that with 51% of hashpower you can sustain the attack indefinitely. Other miners might get the occasional block and temporarily take the lead but in the long run you'll always have the longest chain using only blocks you've mined yourself.

With less than 50% there's a chance that you can revert a transaction temporarily by mining two consecutive blocks (one to omit the transaction and another to make your chain longer than the original) in less time than it takes the main network to reach the same block height, but the odds of maintaining the attack drop by at least half with each additional block. The main network will always win eventually.

In any case no one controls anywhere close to 51% of the hashpower right now. There are pools which approach that size but they aren't monolithic entities; if the pool operators attempted to leverage their position as coordinators to carry out a sustained attack then miners would leave the pool.


That assumes that every other miner all mines the old chain. If you and ‘dumb’ miners that just use the longest chain add up to 51% then luck is enough.


No, I was assuming that the other miners continue the longest chain, not the old chain. But they'll include the transaction(s) you were trying to suppress in their blocks; they're not on your side. Each time they mine a block you have to start the attack over again, and the odds are not in your favor. You control under half the hashpower and you need to stay at least one block ahead of the main network. It's not a race you can win in the long term, even assuming a certain amount of luck.


If those transactions are larger than the wallets remaining funds that can’t happen. Aka wallet A moves coins to wallet B on the old chain and moves all it’s funds into wallet C in the new chain. In that case the A>B transaction is invalid on the new chain.


That isn't quite how Bitcoin works. Transactions use specific unspent prior transaction outputs (from the "UTxO" set) as inputs; there is no concept of "remaining funds". However, you're mostly right: if the attacker controls the private keys related to the original transaction then they can insert a conflicting transaction and make the original one permanently invalid on that chain. However, an attacker who does not have the private keys to sign a conflicting transaction cannot prevent the transaction from eventually being confirmed unless they control over 50% of the hashpower.

If you're concerned that the person you're receiving funds from might be willing to attempt a double-spend then you should wait for a suitable number of confirmations before considering the funds successfully transferred. However, if they control over 50% of the hash rate then there is no suitable number of confirmations that would make the transfer safe.


you're right, 51% represents a certain barrier when the attack becomes much more destructive, but it's still a spectrum. you can destroy faith in the system and value of bitcoin by performing multiple long reorgs with less than 51%.


Your math is off here. Block rewards are 12.5 BTC per 10 minutes and total fees per day are about 25-75 over last month. To get half of 94k BTC you'd be waiting quite a long time at 1,850 BTC per day total rewards + fees per day. 25 days, not 3.


Thanks, you’re right.


> 1. The value of bitcoin would fall to basically 0. The reason bitcoin has any value at all really has to do with trust - belief that the protocol is secure and can't be broken. In this case, an easily detectable spending "override" would cause faith in the protocol to evaporate.

That seems a little out there.

(1) There is something like 1 person who uses bitcoin to move billions of dollars around. The small-time users (<$1,000,000 per transaction) wouldn't have any reason to lose trust in the system. If some company loses $1 bil in dollars, I really don't care; I don't live in a world where it affects me personally. Nobody is ever going to put serious resources into stealing from me because I'm just not that important.

(2) If they re-write the block, that doesn't mean that they've gotten away with it. Most countries have a legal system that would sit up and take notice if someone signs up for a billion dollar transaction, takes the goods and welches on paying.


"Most countries have a legal system that would sit up and take notice if someone signs up for a billion dollar transaction, takes the goods and welches on paying"

Yes, but why bitcoin then?


First they came after those with 1b$, but I didn't stand up for them... :D


>The value of bitcoin would fall to basically 0

Yes indeed. There are a number of very interesting game-theoretic feedback loops built into bitcoin that enhance security. This is one of them.


I disagree, because historically major cryptos have allowed known attacks to succeed if they targeted a member of the public at large, and have defended only if they targeted named insiders.

The expectation, at this point, is that defense will only occur if you are an elite insider. An unknown user may or may not be such an elite, and thus may or may not get defense.


> I disagree, because historically major cryptos have allowed known attacks to succeed if they targeted a member of the public at large, and have defended only if they targeted named insiders.

Surely you aren't going to make such a statement without examples! I can think of examples where things were attacked, including some of the largest value destructions, and insider status didn't help. For example, the multisig thing that happened to Gav Wood (the second time).

If your lone example is the Dao attack, that looked like successful governance to me.


> the multisig thing that happened to Gav Wood

I wasn't sure what you were referring to, but it looks like maybe https://cointelegraph.com/news/parity-multisig-wallet-hacked...


Yep, that's the one.

The astounding, insane decision to use "libraries" aka delegate call in any immutable smart contract always boggled my mind. The amount of space saved is so ludicrously small as to beggar belief. Hope the 10k or whatever worth of space savings (about 20 transactions worth) was worth it.

Anyway, he didn't get a roll back, and the $200m in value that disappeared didn't either.


wonder if he got to claim that as a loss on a tax form somewhere... hmmm.


Well he's not a US citizen and unless he's insane, his corporations are offshored in a 0% domocile. It's really only a problem for Americans; everyone else who has their shit together can stick their corporate shell on Cayman or whatever.


You assume the value of bitcoin is somewhat logical, the Etc 51% attack proves otherwise; in the short term holders would rather sustain the delusion.


This is an important perspective. Many BTC investors are unsophisticated retail investors, and are often "true believer" and magical thinking types. They're this decade's version of gold bugs.


I think gold bugs are this decade's version of gold bugs, and heavily overlap with "unsophisticated retail investors" but not necessarily bitcoin enthusiasts.

I note that my emails from seekingalpha recently have ads saying "Vote <you-know-who> in 2020! Free Gold Victory Coin For Supporters - Claim Yours Now".


To borrow a phrase from Walter Sobchak-- 2500 years of beautiful tradition from the Lydian Stater to the American Gold Eagle, you're goddamn right I'm a f*ing gold bug!


The Mayan civilization lasted 3000 years


Well, it doesn't _prove_ it; it's just a data point.

The Bitcoin and Ethereum ecosystems are rather different.


Does the time it would take to spin up enough compute to carry out a 51% attack decrease its likelihood? I.e more blocks are being written every day, so you need to do additional work to create the alternate chain?


Yep, but the timer potentially resets every time this money is moved.


So, if I were a hedge fund, I can effectively short Bitcoins and spend a piddly amount to build a datacenter to carry a 51% attack. If the attack fails, I can re-purpose my datacenter


Repurpose it how? You'd need ASICs to mount a 51% attack. Using a few quickly googled numbers, you'd need ~56EH/s to double the network and mount a 51% attack. An S9 does 14TH/s, so you'd need ~4 million, at $3k each.

So around $12 billion (plus the datacenter, operations, etc). You'd pretty much send BTC to being worth $0...and then you're stuck with $12 billion in useless hardware.


94EH and close to 50TH for top of the line equipment.

Even if we were extremely generous would be a billion in hardware at the very least (I am assuming $500 manufacturing cost)


The Market Cap of Bitcoin is $184,000,000,000

Theoretically, I can spend that much to make it's value go to $0. (yes, there are liquidity and other concerns, but you get the point)


No, you couldn't because you'd need to borrow the entire float, which is impossible, practically and theoretically.


Can anybody explain to me why would anybody try to make their alt-coin ASIC-resistant? They claim it is do decrease centralization but like parent says it just makes 51% attack possible with cloud computing and 0 investment in hardware or logistics.


The issue with ASIC mining is the the barrier to entry is extremely high so only a small number of people have the means to produce the chips. Economically it might not make sense to sell them and, to make the situation even worse, patents can prevent competitors being able to use the same innovations.


The first ASIC company can just keep the ASICs for themselves.


Well aren't there BTC futures on CME?


If my goal is to re-purpose, I would use a General Purpose Computer

The Market Cap of Bitcoin is $184,000,000,000

I have plenty of money to play with.


If your plan is to use general-purpose computers for mining then Bitcoin has nothing to worry about. You'll never manage a 51% attack that way, no when all your competition is using ASICs.

Moreover, to gain $184B by shorting Bitcoin you'd need to find someone willing to loan you $184B worth of Bitcoin, and then somehow sell all of it without crashing the price or drawing unwanted attention to your activities. Of course if the price doesn't react the way you expect you could end up paying a lot more than $184B to buy it all back to repay the loan. You shouldn't assume that even a successful (but expensive, and obviously temporary) 51% attack will drive the price down to zero.


It all depends on who is doing the attacking. If the attacker is a state government or someone with billions of dollars and compute to spare, ASICs aren't going to fight this losing battle. Heck, you can buy off the ASIC miners for a few million dollars (all we have to cover is their net profit, which is pretty low)


The cost of mounting the attack with general-purpose computers would be orders of magnitude higher than the US$12B calculated above, just from the energy bill. Check out https://en.bitcoin.it/wiki/Mining_hardware_comparison; the ASIC AntMiner S9 gets 10 billion hashes per joule, while on https://en.bitcoin.it/wiki/Non-specialized_hardware_comparis... you can see that the most efficient GPUs get 2–3 million hashes per joule, 3000 to 5000 times less. So instead of spending US$12 billion on hardware and US$4 billion per year on power, you'd be spending US$12 trillion per year on power. No state has such a large budget; that's more than half of the US GDP, and about 15% of world GDP. That's more than the amount of marketed energy produced in the world.

That is, the attack you're proposing would require commandeering 15% of the world economy and more than doubling world electrical generation capacity.

Bribing or backdooring ASIC miners is a far more likely vulnerability.


Are ASICs totally useless for non Bitcoin computing?


Yes, that's what the “AS” stands for.


To be a bit more specific, the ASIC is a computation built in hardware. It can do that computation and that computation alone. The algorithm in Bitcoin does absolutely nothing useful -- you are just hashing a random number and seeing if the result is below a certain value. Since you can't change the computation on the ASIC, it's absolutely useless for anything except mining bitcoins.


Maybe this is dumb/naive, but I've wondered for quite a while - what if you take the latest deep learning/AI techniques and try to train a system to predict the approximate size of the hash from the input number? Has anyone seriously tried and failed?


A different angle from the sibling comment's: the hash functions used here are meant to approximate pseudorandom functions, which are functions that, while deterministic, literally have no structure at all relating their inputs to their outputs in any way.

Hash functions used in the real world haven't been proven to have this property (and there are various theoretical limits on how readily they could be proven to have it, and maybe on the extent to which they could actually have it), but in order to be widely adopted, a hash function has to pass every available statistical test for approximating pseudorandomness, and also has to resist mathematical analysis aimed at finding useful structure. That means that ordinary human intelligences fail to find a practical recipe for predicting properties of the output from properties of the input.

In the same way, we would expect that deep learning systems fail to find such recipes too.

On the other hand, it's not absolutely impossible that there are some kinds of regularities that a deep learning system might discover. If so, they would be considered very serious flaws in the hash function in question. But deployed cryptographic primitives have sometimes had problems like this. The best example that I know of is the RC4 cipher

https://en.wikipedia.org/wiki/RC4#Security

where there have been a series of statistical biases (which are often forms of correlation between input and output, which should not exist if RC4 approximated pseudorandomness well). Some of these were apparently discovered experimentally by researchers with some kind of hypothesis testing tools, as opposed to based on theoretical abstract reasoning about the mathematics of RC4. This makes me think that some kinds of deep learning systems might also have been able to discover those correlations, although I'm not sure that they would have been the most efficient methods for doing so. (An interesting test might be to try to use deep learning to find new correlations in RC4 that aren't yet known -- which seems plausible since researchers have repeatedly found new ones over time.)

I think there are interesting problems about what kinds of correlations and structures deep learning systems can or can't learn efficiently, and whether those are the kinds of correlations and structures that are likely to exist as genuine flaws within deployed hash functions. I definitely don't know enough about the mathematics of deep learning to appreciate how to begin answering this question; I only know that if it turned out to be useful in some case, it would mean that the application of human intelligence and existing statistical tools to assessing hash functions' security had dramatically fallen down on the job.


This is correct.


If you could do it, you'd be famous for more than BTC. It would mean that you could factor numbers in polynomial time. Long story short, calculating the hash for BTC is intended to be a non-polynomial problem. If you can find a method (any method) that will reduce the search space of the answer such that you can calculate it in polynomial time, then you have proved that NP=P (If you can find a way to solve any non-polynomial-time-hard problem in polynomial time, then it means that all NP hard problems can be solved in P time). This would completely break all current encryption.

Most people think that this is impossible, but it has not been proven yet. Unless you had some reason for believing the technique would work, it's probably not worth the effort to try.


One minor correction to this (although I agree with you conceptually) is that there are no formal security proofs of the complexity class of hash function attacks for actually-existing hash functions. So there is no guarantee that the most efficient way to break a hash function security property is a generalizable attack on NP problems! It might just be that the specific hash function is weak in a previously unknown way.

A sort-of precedent for that kind of problem which I mentioned in my sibling comment is the correlation weaknesses in RC4. While they're not the most powerful possible break of RC4, by any means, they are unanticipated flaws in the structure of RC4 specifically, and they might well have been discovered by software tools that can't solve NP problems in general. It seems to me that we don't have security proofs for symmetric cryptography at all, including for block cipher security properties as well as hash function security properties, and so while your observation is totally right in general, in any specific case it might just turn out that the cryptographic primitive we were using was weak in an unanticipated way that's specific to that class of functions.

Compare https://en.wikipedia.org/wiki/Random_oracle (although reading that article reminds me of how much I don't understand about this topic)!


In some ways you are correct, but you have made some errors.

As schoen pointed out, no common hash function, including the ones used in Bitcoin, has a proof of NP-completeness.

Moreover, none of those hash functions involve factoring numbers, and factoring numbers is also not known to be NP-complete, although it is also not known to be tractable in polynomial time. One reason commonly-used proof-of-work functions do not involve integer factorization is that, while integer factorization is not known to be doable in polynomial time, there are a number of algorithms that require subexponential time, so an integer-factorization-based proof-of-work witness would be much larger than an equivalent hash-function-based proof-of-work witness.

Also, it is not the case that efficient integer factorization would completely break all current encryption. Not only do no commonly-used hash functions depend on it, neither do any commonly-used symmetric ciphers (such as AES), and the currently-most-popular asymmetric cryptosystems also do not depend on the difficulty of integer factorization; instead they depend on the difficulty of the elliptic-curve discrete logarithm problem.

ECDLP is also not known to be NP-complete, but the currently-known algorithms for it are much worse than currently-known algorithms for integer factorization, so elliptic-curve cryptosystems require much smaller keys and less computation to resist the known attacks than integer-factorization-based cryptosystems.

As little as ten years ago, algorithms that could be broken by better integer factorization algorithms were relatively much more important than they are today, because elliptic-curve cryptography was much less widely used. Many vulgar accounts of the situation intended for the ignorant are not up to date.

Finally, it is not true that a proof that P=NP would "completely break all current encryption", for two reasons. First, it might not be a constructive proof — it might show that a polynomial-time algorithm for factoring integers, solving ECDLP, or computing hash preimages exists without actually telling you how to compute it. Second, even a constructive proof of P=NP might not provide an algorithm that was adequately efficient — if it takes O(n²) time to encrypt and decrypt, where n is the size of a key, but O(n⁸) time to break a message or a key, you might be adequately safe with, say, RSA-4096. But an O(n⁸) algorithm for 3-SAT would definitely be a constructive proof of P=NP.

(Shor's algorithm on a quantum computer can break RSA, because it does depend on integer factorization, in O(n³) time, if quantum computers can exist, which they probably can. This would not make it impossible to do RSA encryption securely, but it would require much larger keys than are currently used.)

However, your fundamental point is that a successful attack on Bitcoin's hashing algorithm, using artificial neural networks or anything else, would be very surprising and have major implications, because that proof-of-work scheme is designed to require exponential work, and as far as anyone knows, it does. And that fundamental point is correct, even though you have made a number of errors in your supporting points.


the "AS" in ASIC stands for Application Specific.

SO these machines are made to specifically mine bitcoin, other ASICs do other jobs, but individual units cannot transfer from one job to another and cannot be re-purposed.


Right, the ASIC in your DVD player that does MPEG-4 decoding is useful for something other than Bitcoin mining. But it's not useful for Bitcoin mining at all. Similarly for a motor-controller ASIC, an HDMI encoding ASIC, a GPRS radio ASIC, and so on.


It doesn't matter if the US government is doing the attacking, they're not winning with general purpose hardware. ASICs are literally thousands of times faster with lower power consumption than GPUs. Also, any state attacker worth their shit would have the ability to develop their own ASICs so I don't know why you're hung up on using general purpose hardware.

Finally, you certainly cannot buy off the ASIC miners with a few million, not least because they own billions of dollars worth of ASICS that can't do anything but mine Bitcoin, and a successful state-orchestrated attack on Bitcoin would make all of them worthless. I don't think a state government taking down Bitcoin by its own rules is completely impossible, but you don't seem to have any grasp of the scales involved.


State governments have simpler and more reliable ways to attack the system. Like armies. Buying off the miners would require at least a few hundred million dollars—you'd need to buy the hardware to pull off an attack like that, not just rent it for a while. And you still wouldn't manage to get anywhere near the full market cap by shorting Bitcoin while you do it. You'd never find anyone crazy enough to loan you that much. A small fraction, perhaps. Not enough to cover your expenses.

And in the end, after your massive investment, the community would just make some trivial change to the protocol and completely ignore the attack. Really, if this sort of thing was so easy then everyone would be doing it. You're certainly welcome to try.


You're ignoring diplomacy. An army is a very unsubtle attack that might have unwanted geopolitical consequences.


First of all hardware is a bottleneck, so likely the state needs to procure or manufacture their own. Which delays the start of the attack, during which time the network will continue to grow. The state cannot just magic ASIC devices from nowhere.


https://www.crypto51.app/

Bitcoin has long since passed the stage where you could 51%-attack it for piddly amounts of money.

Most other altcoins, though...


Those numbers are pretty inaccurate, though, for cases where the NiceHash capacity is well below what is needed to mount an attack. I.e. the $768k for an hour of bitcoin attack actually vastly under estimates the cost, because to mount that attack you would need to purchase the hashing power large enough to mount that attack.


Yes. Also, an attack would be fairly obvious and miners invested in the future of the blockchain (i.e. everyone using ASICS, which is everyone that matters) would increase their hashrate to mount a defense, increasing the cost by some hard-to-predict but significant amount.


How can anyone increase their hash rate? They're dependent on getting supply from ASIC manufacturers. That takes time.

Or are ASICs capital expense cheap and available and already over provisioned compared to operational costs, like dark fiber optics?


Kind of. ASICs aren't exactly super available, but the manufacturers are also players, so if the attack is severe enough to be an existential threat to Bitcoin, I expect Bitmain (largest ASIC manufacturer) will fire up their unsold inventory which amounted to more than a billion dollars worth as of last year.

Separate from the manufacturers, relatively easy courses of action I can see are buying hashing power from marketplaces like nicehash, and temporarily concentrating their machines on BTC and not mining BCH. This can only get you so much though since BTC hashrate dwarfs BCH hashrate.


Hash rate is 90+m terahash and increasing, good luck R&Ding the chips and obtaining enough to achieve. Retail pricing is around 3k per 50 TH/s, and that is just for hardware.


[flagged]


This level of civility falls short of the standards we attempt to maintain on this website.


Sure, naked shorts are bounded, but a naked short is not the only way to profit from the decline of an asset.

And really, if you’re talking about limiting cases, you’re bounded by what your counterparties are good for, and by what your relevant regulators will let you get away with (or, depending on who your counterparties are, how far you can go before you end up in a ditch somewhere)


Ever heard of derivatives?


> It effectively establishes a billion dollar bounty for any party who can rewrite enough blocks to erase it.

To do what exactly?

Nobody can redirect the transaction to themselves and the best they can do is erase it. 51% attacking the network will cost you a lot, and you won't actually win anything in your attack.

Even if the owner of the coins is the attacker, you can only win by double-spending the transaction by reversing a payment to someone else. Of course if we're talking about such a large transaction you should wait for more confirmations, making the double-spend attack so much more difficult to pull off.

Anything you would get in return, like a bank transfer or parts of a city, would have a much longer settlement time. Being afraid of your Bitcoin transaction being reversed should be the least of your worries.


If the liquidity is enough, 1) Short Bitcoin to the tune of several Billion dollars. 2) Do a 51% attack and essentially prove it's worthlessness. 3) Profit


If you have amassed enough hashpower to be able to do the 51% attack you have far more to gain economically from continuing to mine for the network than to somehow short it (impossible to find a counterparty for a transaction that large) and then have billions of dollars of hardware that is now worthless


Also if multiple parties attempt to mount a 51% attack then they will have to compete with each other which makes the attack impossible.


Are the sort of places willing to sell options on BTC the sort of places that would honor such a contract if the price went to 0?


Contracts are established between market participants; the issuer is just a facilitator. LedgerX options are fully collateralized so you could certainly reap the entire value if you bought a put and the price dropped to 0. Liquidity is not very deep though, so you wouldn’t be able to buy much. Margined products (such as Deribit’s options) would probably be force-closed long before the price hit 0.


I feel like LedgerX bragging that they are both an exchange and a clearing house does not inspire confidence in their risk management department, although I'm sure the bright minds at the SEC have done their due diligence as they always do.


Such is Bitcoin's continuing rediscovery of all of finance, now including the 2008 Global Financial Crisis.


Being able to erase a billion dollars gives you a colossal amount of power to blackmail the owner of that billion dollars.


With only six confirmations it's extremely hard (in practice impossible) to reverse, which happens in around an hour. Just wait a few hours, or even a day, and the risk is basically non-existent. There are a million other things to worry about at that point (including someone hitting you with a wrench until you send them money).

The transaction now has 572 confirmations. Nobody will ever reverse that.


You can't erase the bitcoins, just the transaction. If you did that, they'd still be in the source wallet.


> Making a transaction this large is a security risk. It effectively establishes a billion dollar bounty for any party who can rewrite enough blocks to erase it

... accomplishing exactly nothing as all that would do would be returning the money to original spenders. Really, the amount of misinformation floating here is unexpected.

> Now that the value resides in a single coin, any subsequent transaction faces the same risk.

Non sequitur. A rollback of such a block would, by significance be somewhere between "mildly annoying" and "introducing suspicion that future transactions could also be rolled back." In any case, coins would end up where they are supposed to, and no theft can be done. There would be increased risk of double spends, but worried parties could always invest in more (legit) hashpower.

> A consortium/trust has formed in which individuals pay into a common pool of money.

Speculation, but reasonable. It makes business sense.

> That money is then protected with a multi signature script (consistent with the P2SH type). Given a threshold of signatures, the money can be spent, subject to other constraints. These will remain unknown until the first payment is made. At that point we'll know the number and identity of all the eligible keys and the threshold needed to make payment.

Speculation, but too wild. Basically wishful thinking.

> Edit: to be clear, the "bounty" I'm talking about can't be directly claimed just by mining some blocks. Instead, it would have to be claimed as part of a double spend of either the transaction in question or as subsequent transaction of the now-enormous output. Most likely, there would be collusion of some kind between a miner and the owner of the keys. I'm not saying this will happen, but the bigger the transaction, the greater the risk.

Again, wild speculation. So the theory is that someone collected $1B in BTC just to pull off a massive double spend stunt? At that level, it's likely that rubber hose cryptanalysis would resolve the issue quite efficiently.


You really misused the term "coin". In Bitcoin protocol you don't "put value" into something named a "coin". "Wallet" is far more widely used and well-defined.


I think 'address' is better. The value has been assigned to an address on the bitcoin network.

The value of the address is denoted in 'coins'

The holder of that 'address' is the owner of the coins.

Multiple 'addresses' controlled by the same owner would exist in a 'wallet'


The OP didn't misuse the term "coin". In Bitcoin it refers to the value of a single input or an output. When the OP says "Plunking this much value into a single coin seems like an odd strategy at best" they mean "Plunking this much value into a single unspent transaction output seems an odd strategy".


"Wallet" is widely used and well-defined, but it doesn't refer to something that can be observed in the blockchain. In the blockchain we can observe keys and scripts; a wallet is a usually-encrypted data file containing a potentially large number of keys.


Bitcoin operates on transaction inputs and outputs, which work like coins in that their denomination do not change during spending.


LocalBitcoins pinged me and said I need to establish 2FA or move my funds due to an inactive account,

I wonder if they finally swept all those inactive accounts out.

I started using it back in the $50 days, so some thousands of bitcoin may have been a lot less of a deal when they got deposited


The point about a wallet not being a thing in Bitcoin makes zero sense as anyone understand what the tweet means.

Your second point makes even less sense. A bug bounty on what exactly? Why would anyone attempt to erase this transaction when it can be resubmitted?


> Making a transaction this large is a security risk. It effectively establishes a billion dollar bounty for any party who can rewrite enough blocks to erase it.

This is incorrect. It creates a billion dollar bounty only for the sender if they want to commit fraud by effectively reversing the transaction and trying to double-spend the coins by sending them elsewhere.

Anyone with 94k BTC would probably be harming themselves by simply driving the value of BTC to almost 0 by performing such an attack. It would be extremely obvious to everyone once this transaction was reversed due to a chain reorg.


why does this make it a bounty? even if you are an alien and have any power to game with bitcoin, such as doing a 51 percent attack, finding private keys, etc. you still have the whole blockchain of bitcoin to play with and probably you would start with many small transactions to go unnoticed. Anyway, what makes the value of bitcoin is its security, knowing that it can be hacked or gamed will make it worthless.


What do you mean by "a single coin"? Do you mean a single transaction?


the mean a single address, which contains all the coins (94k in this case)


That's what I figured. Weird to call it a coin. There are no coins in bitcoin.


Coins are just the metric used to quantify the amount on an address.


No. That's called the balance. "Coins" are not a thing. That term is not in any of the bitcoin glossaries or used on any exchange.


Someone just announced the existence of Blackbeard's buried treasure


I can count maybe 5 people in the crypto space that would have that much BTC, but none of them would be dumb enough to put it all in one wallet. Most likely some large institutional investor decided to re-key their cold storage wallet.


It's probably the DOJ. They raided BTC-e and stole 2 billion during the Ukraine War.

BTC-e was the longest running bitcoin exchange and the single most reliable. I had more money than I'd like to admit stolen from me. Their statement was only people who participate in tax evasion use btc-e.


BTC-e undoubtedly had a ton of legitimate users, like yourself, but also a lot of fraudulent users. And most importantly, it was established and operated by its founder as a money laundering scheme. He used it used to launder all of the stolen funds from the Mt. Gox hack (worth several billions, depending on when you measure the value), among other things.

BTC-e was a cover to help criminals steal from Bitcoin exchanges and safely dilute the funds.

It sucks that you lost your money, but it was wrapped up with billions of dollars of dirty money, and it's probably tough for investigators to distinguish the two.


>He used it used to launder all of the stolen funds from the Mt. Gox hack (worth several billions, depending on when you measure the value), among other things.

It was not. Coins going in and out of btc-e were labeled making laundering through btc-e difficult at best.

>BTC-e was a cover to help criminals steal from Bitcoin exchanges and safely dilute the funds.

BTC-e was around longer than those exchanges.

The thing about BTC-e is every time bitcoin crashed btc-e would chug along just fine without going down. All other exchanges would become unresponsive. This made, at that time, btc-e the only "safe" program trading bitcoin platform. (Of course, in hindsight, with the us gov coming in and stealing all that money, safe is a bit of an over statement.)


It was, though. Vinnik created it as a way to help people launder stolen / illicitly-gained cryptocurrency, perhaps in addition to providing standard exchange services. Cryptocurrency from large hacks appeared in Vinnik's personal BTC-e account on several occasions, for example.

BTC-e was perhaps "safe" in that it seemed to be operated competently from a technical standpoint, and it didn't appear to attempt to scam its users (both of which may not be true of Mt. Gox), but it didn't really need to worry about costs due to the absurd amount of profit they were making from their laundering hustle.

It wasn't that they merely turned a blind eye to the laundering. Vinnik personally assisted in the laundering, presumably by working with some of the exchange hackers.

>BTC-e was around longer than those exchanges.

I should've said "a cover to help criminals launder illicitly gained cryptocurrency". There were plenty of reasons to launder cryptocurrency before any large exchanges existed. He didn't help just with exchange hacks. But when exchange hacks started happening, business was certainly booming for him, since that was the easiest way to steal a lot of cryptocurrency at once.

The US government may have inadvertently stolen your money, and other people's, but they did it to reappropriate billions of dollars money stolen from citizens around the world, including American citizens. Vinnik helped intentionally steal money from ordinary people who used Mt. Gox and other exchanges, and pocketed a lot of it for himself. Hopefully some of the money the US government seized will be returned to their rightful owners one day, but who knows.


If either you or the posters above linked to primary sources it would help a lot. Anyone can make proclamations but where are the references??


That's a good point.

The court case is starting in a little over a week, so Alexander Vinnik (the one accused of the MtGox hack, who was a technician working at btc-e) has yet to be found guilty or innocent.

>On 25 July 2017, suspected BTC-e operator Alexander Vinnik was arrested at the behest of the United States Justice Department while vacationing with his family in Greece.[8][9] Wanted for money laundering by both France and Russia, in addition to the US[10]. Vinnik agreed to be returned to Russia, where he was charged only with fraud.[11] In October 2017 the extradition request by Russia was approved by one Greek court, but the request by the United States was approved by another.[12] The decision to extradite Vinnik to the United States was upheld by the Greek Supreme Court on December 13, 2017.[11] However, in July 2018 Greece agreed to extradite Vinnik to France instead,[13] giving precendence to the European warrant.[citation needed]A final ruling is scheduled for September 19,[14] though Vinnik's lawyer claims that "the decision on Vinnik's extradition to Russia has been made".[15]

source: https://en.wikipedia.org/wiki/BTC-e

It's good that he didn't end up going to the US. The US, while legitimate in many ways, has a history of corrupt court practices. If it's in the government's interest to keep the 2 billion, which it is, they will do everything they can to throw him under the bus.


> The US, while legitimate in many ways, has a history of corrupt court practices.

I don’t know how can anyone with straight face compare US court system to Russia’s and not conclude that US is orders of magnitude more fair and less corrupt. Are you being serious right now? Russian court system is literally proxy for Putin’s decisions.

EDIT: disregard that, i somehow assumed extradition to russia was a sure thing already


it seems he is comparing them to french courts?

it may surprise you that france is not a province of russia


yeah, you're right, i think i got confused by the last statement. it's not final yet where he's being extradited. greece's ruling party's flirting with russia in past couple years makes me quite skeptical and pessimistic.


Between a Russian court an American one, do you think he'll be safer in a Russian one?


He's being extradited to France, which probably has less bias, but still a bias. I doubt the US will get involved behind the scene in France, because they've phrased their reasoning for the heist as btc-e's users were money laundering, so even if he is found innocent, the US still gets to keep the money and not look bad.

Russia may have a bias, I'm uncertain. I'm not sure how happy Russia was about btc-e. BTC-e may have been in the Ukraine, but Russia implicitly requires neighboring countries to follow Russian law. Did BTC-e break Russian law? I have no idea. But because he is not being extradited to Russia, we'll probably never find out what Russia thinks.


If Putin holds private keys at the end of this transaction, then - yes :)


>> The US government may have inadvertently stolen your money, and other people's, but they did it to reappropriate billions of dollars money stolen from citizens around the world, including American citizens. Vinnik helped intentionally steal money from ordinary people who used Mt. Gox and other exchanges, and pocketed a lot of it for himself. Hopefully some of the money the US government seized will be returned to their rightful owners one day, but who knows.

So the US stole money that was stolen and... might give it back?


Yes. Just like with Madoff, and other huge scams and fraud schemes.


I can't believe I'm only now hearing of this.


You lent that money to a shady organization. Once you lent it, it was no longer your property. You then became a creditor of that organization and your coins became their assets. The organizations assets were seized due to systemic criminal activity and they could no longer repay their debts to their creditors. Just like any other financial institution.

Some quote about bitcoin enthusiasts rediscovering the reason for regulations in the financial markets one loss at a time.


Regulations is what made proverbialbunny lose the money; it would probably not have happened had BTC-e been allowed to continue the alleged criminal activities. Of course, that might be worse for the rest of society.


Regulations and criminal law are two different things.

If btc-e were part of a well-regulated financial system, they would have gone through a liquidation process and creditors would have been paid some % on the $ what they were owed.

This is what happened with BCCI when it was raided and shutdown for massive money laundering.

https://en.wikipedia.org/wiki/Bank_of_Credit_and_Commerce_In...

>Just a month later, BCCI's liquidators (Deloitte, PWC) pleaded guilty to all criminal charges pending against the bank in the United States (both those lodged by the federal government and by Morgenthau), clearing the way for BCCI's formal liquidation that fall. BCCI paid $10 million in fines and forfeited all $550 million of its American assets – at the time, the largest single criminal forfeiture ever obtained by federal prosecutors. The money was used to repay losses to First American and Independence and to make restitution to BCCI's depositors.


I hadn't heard about this. Do you have sources about the DOJ theft?



Thanks for posting this. I don't understand how the US can go in and decide BTC-e was a money laundering op and then confiscate bitcoins and put people in jail. Who decides who gets those bitcoins? Surely many other countries have money laundering laws. What makes the US so special that they can go flip a business operating in the Ukraine?


> Surely many other countries have money laundering laws. What makes the US so special that they can go flip a business operating in the Ukraine?

Likely what makes the US special in this instance is that they did it first, and as long as other countries aren't going to make a stink about it (i.e. the US backs up its claims to some degree or the other countries don't want to question them), then it will get away with it.

Rule of law is for people. Countries operate on a mixture of laws, norms, and consensus building. If every country but one decided to raid that one country, and they had the power (as in economic and military power) to do so, what's to stop them? Not a law, which they my nature can just rewrite.


Ostensible justification: some trivial amount of money laundering could be traced to the US (iirc a few thousand dollars worth).

Real justification: Extraterritoriality is a thing you get to do when you're an empire.


> Real justification: Extraterritoriality is a thing you get to do when you're an empire.

This is exercise of extraterritorial jurisdiction, which is not the same thing as (though also not unrelated to) extraterritoriality.

And everyone gets to do it, it has nothing to do with being an empire (actual extraterritoriality beyond what is normal for, e.g., diplomats might, but this isn't that.)


  Trivial amount of money laundering

  BTC-e 
haha?


Read the indictment for yourself. Namely page 16 and 17 which account for charges 3-21 of the indictment (the vast majority of it).

The only company within US jurisdiction that BTC-E did business with is a company called "tradehill". The amounts of money moved were small, ranging between $12.60 and $17,000. Less than $100,000 was moved overall and all of it was moved in early 2012.

The US doesn't care about tracking down the $12.60 that you laundered on 24 January 2012 like it says in the indictment. The US is just using that as an excuse to impose it's money laundering laws outside of it's jurisdiction. The indictment is a pretext for extraterritoriality. Extraterritoriality is a thing you get to do when you're an empire.


Not really sure how you're making the "empire" qualification. An empire by definition is not an entity which gets to make extraterritorial moves with impunity.

Just seems silly to try and cast the US as an "empire" here when all you're really saying is "the US is a very powerful nation".


That's not what extraterritoriality means -- it refers to having your citizens/property be immune to local laws in foreign countries, not applying your laws to foreign citizens/property in foreign countries.


> What makes the US so special that they can go flip a business operating in the Ukraine?

Because no one is able to stop them.


To quote: “...because we’ve got the bomb. Two words. Nuclear fucking weapons....”


Shut up and sing the song, pal


They don't have a right to do it, but there's nothing to stop them.

A foreign power can have any law it wants, and no other foreign power has to respect it. You can try to sue them, but sovereign immunity, and foreign sovereign immunity, stops almost all of these attempts. The exceptions generally are human rights abuses (by the same state doing the suing...) and commercial transactions.

In this case, the USG stole from money launderers in a foreign country. So not only can people in the US not sue the USG over it (sovereign immunity), people in the Ukraine can't sue the USG over it (foreign sovereign immunity). The thieves would have the best claim, but it doesn't work out well when you claim your illegal business was stolen from. And since it's a foreign power, if the US balks, it would be covered under international law, and guess who enforces international law?


If your property is wrongfully seized by the government due to some criminal activity, you can file a claim to get it back. This happens all the time when a criminal is caught with stolen goods. The thieves do not have the best claim.

It may take some time and effort to get the property back, but there is a process.


Assuming the govt took the money under the auspices of a criminal forfeiture (which I assume because the company was supposedly for money laundering), you would basically need to prove a paper trail to show what specific part of the money they seized was yours, and even then who knows if there isn't a loophole that allows them to basically not respond if the forfeiture was of a foreign company on foreign soil. They took it from a non-US entity, so they may not have any responsibility to give any of it back, because it was not being held by someone in the US [with rights in the US].

(note: IANAL)


What makes the US so special that they can go flip a business operating in the Ukraine?

It looks like the man behind it was arrested while holidaying in Greece - a US ally.


Haven't you heard? The USA owns the Internet.


Do you now understand why we need something like Bitcoin? (Even if it's gonna a be a newer version of it in the future, or something even more private etc.)


Doesn't this instead just show the Realpolitik nature of currency, that it doesn't matter the technical implementation when a government can still just step in and seize the asset using traditional force?


Yes but the key difference is with cryptocurrency the person that owns the wallet still has to sign the transaction, there is no other way. It's a push model instead of pull. Compare this to traditional banking where a 3rd party (the bank) can aquiesce to a government request without your knowledge or approval.


They could prevent you from spending the coins, though, by threatening anyone who accepts a transfer of the 'seized' coins.


Enforcing illegal torrents failed. I think a cryptocurrency ban would be similar. Also, the US made it illegal to hold gold between 1933 and 1974 but almost nobody turned in gold to the feds. https://en.m.wikipedia.org/wiki/Executive_Order_6102


They enforce it when you buy something real with the coins. A torrent is the thing you want, it isn't a currency to buy the thing you want.


Both are essentially electronic systems of information on a computing system, a format and a protocol of communication through the internet. In terms of technical difficulty to enforce them it would be very similar.


Does the crypto community actually stop people from spending stolen coins? No, they send off alerts but the coins still get used.


I'm pretty sure that "They" was meant to refer to the Government. The Government could most certainly pass laws (or enforce existing laws) that put people in jail for accepting stolen or "dirty" coins. (Just like the Government could pass a law or re-interpret existing laws to make making owning bitcoins illegal.)


That doesn't stop them from shutting things down. The result is the same: You no longer have it. An offline wallet would help, if you can avoid jail.


So you're basically saying that it works with an offline wallet? Wasn't that the original point?


Offline wallets have limited utility. Once you want to do anything at all with the money it becomes vulnerable.


I feel confident that any major state actor could completely disrupt the bitcoin market. In traditional banking the government wants to maintain the value of its fiat currency. But the government doesn't care one iota about the value of Bitcoin except potentially for its own nefarious purposes.


This is assuming that Bitcoin wasn't invented by a government in the first place. Cryptos have a strong benefit to central authority in that they are simple to track flows of money, it's impossible to play a shell game if you can check the block chain. It becomes very easy to check the full transaction history of someone if you find out their addresses. Here is an NSA paper on cryptocurrency that came out in 1996 https://groups.csail.mit.edu/mac/classes/6.805/articles/mone...


It cannot if you own your own keys. "Not your keys - not your crypto". Of course if you let some other entity to hold your keys, you're basically just using a bank, which has its own benefits, but I was talking about the unique ability to handle your keys, which crypto provides, as opposed to any other electronic money system to date.


Ok, but what if the government says "anyone who accepts a payment from this wallet will have their assets seized"

At some point, someone will want to do something in the real world with this money, and the government can step in there.


Doesn't this just show that Bitcoin is worthless in comparison to a state-backed fiat currency? It doesn't matter if you have all the bitcoin in the world, the US government has more violence at its disposal than you could ever buy, and ultimately violence is the only thing that ensures the ownership of anything. If a government wanted something from you they could just take it, that's the real reason that the money they print has value.


Fortunately those of us who live in the United States also have the protection of the U.S. Constitution, which provides a glimmer of hope that we can seek restitution when the government deploys its violence illegally. Who knows how much longer that will hold up though...


The Constitution is a piece of paper, it does nothing and protects no one. The real thing that is protecting you is the same thing that always has: the good will of your common man. The real power has always lied in the beliefs of the people and always will, and if you can’t have faith in that you can't have faith in anything. We all live at each other’s mercy. Any system that doesn’t have trust in each other as its fundamental basis simply can’t last.


So that the DOJ can steal it?


What evidence leads you to believe it was the DOJ? There are many banks and institutional investors with this much buying power.


Can you show where the US Government seized this Bitcoin?

What I seem to remember is that they plastered their logo on a website and the servers just launched another frontend under a different url

I saw that they imposed fines

I didn't see that they actually seized any


This is the part which confuses me about Bitcoin the most. It's meant to be anonymous, yet with some diligent data mining, it can become pretty clear who's who from their spending patterns by observing the ledger. How is that remotely anonymous?


I don't think it was really "meant to be anonymous". The original whitepaper at https://bitcoin.org/bitcoin.pdf has a section on privacy, which mentions that public keys can be kept anonymous but acknowledges that all transactions are announced publicly:

> The traditional banking model achieves a level of privacy by limiting access to information to the parties involved and the trusted third party. The necessity to announce all transactions publicly precludes this method, but privacy can still be maintained by breaking the flow of information in another place: by keeping public keys anonymous. The public can see that someone is sending an amount to someone else, but without information linking the transaction to anyone. This is similar to the level of information released by stock exchanges, where the time and size of individual trades, the "tape", is made public, but without telling who the parties were.

> As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.

Recently there are newer cryptocurrencies like Monero and ZCash that focus specifically on anonymity/privacy.


There’s a lot of different veils to privacy in transactions.

There’s the IP record of the user hitting the server that processes their request (it might be your own box if you’re storing the whole chain yourself but most people use thin clients). Then there’s the list of inputs (cryptonote based currencies like monero use ring signatures which provide obfuscation but not binary privacy). Then there’s the list of outputs, which may be able to be linked to inputs revealing the transaction graph (zcash helps solve this with their circuit proving technology, but it’s limited in temporal scope by the fact that there’s a transition between transparent and hidden addresses). Then there’s the amounts of a given transaction (modern cryptocurrencies use range proofs to conceal the amounts but older currencies don’t).

To recap, there’s access information like IP, transaction information that can be used to reassemble the transaction graph, and balance information which, again, can be used to reassemble the transaction graph. The broad point is that if you can assemble the transaction graph, any additional information, like a list of known addresses, will severely deprecate the privacy of the entire system.

There are potentially ways around this, but they all involve breaking transaction linkability, which is fraught with peril for a variety of reasons (such that no currency has actually achieved this in a meaningful way so far).


> Recently there are newer cryptocurrencies like Monero and ZCash that focus specifically on anonymity/privacy.

There's also zero knowledge proof contracts on Ethereum that provide privacy, like the mixer tornado.cash


> It's meant to be anonymous

Unfortunately, Bitcoin (BTC) is not anonymous, as you pointed out. It never was; and with tax laws requiring copious transaction information, it is particularly easily traceable.

That's the idea behind Monero & Co., which tries to mix things up a bit (literally). The anonymity is still not perfect, especially against state-level actors.


>The anonymity is still not perfect, especially against state-level actors.

With PirateChain it is, but true anonymity brings with it other technical challenges.


It also brings legislative challenges, such as 'prove that your money did not come from running an international assassination ring'.


I haven't heard of PirateChain. However, the state-level threat model includes things like taxes, where (e.g.) people in the US have to report every transaction they make.

If most people report their PirateChain transactions, amount in, amount out, then the problem is that unreported transactions would stick out and would probably be associable with wallets. Am I getting this wrong?


As long as transactions are in the right categories, you can group multiple similar transactions and report the dates as 'various'.


A requirement to report taxes is not normally thought of as a threat to privacy coins per se. And the whole privacy coin thing is modelled on the belief that the state has no business knowing all your financial details.


I think it should be, when the tax reporting requirements are so granular; and in such cases, the effect is analogous to a timing attack.


What are the laws requiring reporting of every transaction?

I know it's necessary to report transactions which establish the cost basis for capital gains, but doesn't mandate report of all transactions.


The IRS considers Bitcoin an asset. Every time you buy/sell goods with Bitcoin or just plain buy/sell Bitcoin, you have to report that as if you were buying/selling any other asset, like stocks. So most Bitcoin transactions will be subject to capital gains tax.

https://www.investopedia.com/articles/investing/040515/are-t...


Please correct me if I’m wrong — does this fact not imply that any attempt to actually use cryptocurrency as a currency to buy and sell goods (I.e. how we currently commonly use USD) is completely impossible, since the capital gains taxes will cause everything to cost substantially more?


The tax is only on the gains of the worth of the spend Bitcoin. If you buy a Bitcoin and immediately spend it on something, there will be no gain, so $0,00 taxes.

If you bought a Bitcoin when it was $5000 and you spend 0.2 Bitcoin today (now they're ~$10000 a piece) you would need to report $1000 of capital gains.

You could argue that would make your 0.2 Bitcoin / $2000 purchase cost more, because you have to add the tax. On the other hand, if you sell those Bitcoin later, you would have to pay those capital gains tax anyway.

The story does become a bit more complex when you factor in long-term vs short-term capital gains tax.


In the US, all transactions to/from a financial institution of $10,000 or higher (including cash) must be reported. Same applies if multiple transactions on the same day reach that limit. So all attempts to cash out will be hard to avoid tracking. Also, attempts to structure transactions to avoid this, like $9999 per day, is illegal with jail and fines applied.


Bitcoin can be anonymous though in certain use-cases. You can create a new bitcoin public/private key pair on a computer that has never (and will never) touched the internet. Once you send the coins from an address to this new address, the network will now know the IP address of the sender, but it won't know anything about the unknown recipient.


It knows that in some way/shape/form the old address is associated with the new address, so most likely it is the same entity, or a transaction partner. Bitcoin is not supposed to be anonymous, and very unsuitable for use-cases where you want any kind of anonymity guarantee.


>Bitcoin is not supposed to be anonymous

But it can be used anonymously and probably in some industries is still used anonymously. A counterparty that is willing to swap anonymously acquired and sent altcoins for Bitcoin can provide a privacy conscious individual with anonymous Bitcoins.

If using proxy-chains, Tor, or a real person in another country to broadcast your trade isn't your cup-of-tea because you don't trust them, there is still another less practical way. If you secretly give someone your Bitcoin private key (for example: written on a small piece of paper), you can give or trade those Bitcoins to someone without the network knowing about the transaction.

>so most likely it is the same entity, or a transaction partner.

Conceivably, the transaction could be broadcasted from an important individual's hacked phone or computer without a trace. This is where being innocent until proven guilty becomes important.


> A counterparty that is willing to swap anonymously acquired and sent altcoins for Bitcoin can provide a privacy conscious individual with anonymous Bitcoins.

Not if amounts are tracked, rather than addresses. "oh look, this gal X just lost 5.3876BTC and gained 3.76549ALTCOIN, and this other dude Y just gained 5.3876BTC and lost 3.76549ALTCOIN. Geeze, I wonder if they traded."

And with the proper graph theory tools, much more complex interactions could be tracked.


The first problem here is that there is no link between the identities across the two currencies. You don't know that X lost some BTC and gained some altcoin. You just know that some BTC was transferred from X to Y and some altcoins were transferred from Z to W—completely different addresses. You also don't know precisely what exchange rate was used, and a privacy-minded service would round to a small number of significant digits (5.4BTC for 3.8ALT) rather than using exact, traceable figures. A proper mixer would probably also use fixed denominations and send each piece to a different address over a randomized timespan.

It's still not immune to tracing, obviously, but it's a much harder problem than just looking for symmetric transactions.

The simplest system, though, is probably just to spend some BTC renting time on a mining rig. It doesn't have to be profitable, just break even. Newly mined bitcoins have no official history to show who paid for the mining.


> It's still not immune to tracing, obviously, but it's a much harder problem than just looking for symmetric transactions.

"And with the proper graph theory tools, much more complex interactions could be tracked."

> The simplest system, though, is probably just to spend some BTC renting time on a mining rig. It doesn't have to be profitable, just break even. Newly mined bitcoins have no official history to show who paid for the mining.

That is a good idea.


> "And with the proper graph theory tools, much more complex interactions could be tracked."

So you've said, and I already agreed that it isn't impossible. But do you have any real-world examples where someone followed reasonable OPSEC (fixed denominations, mixers, randomized timing) and still had their transactions successfully traced via these "proper graph theory tools"?


Who would have published such an example? When we deal with opsec, we have to consider what is possible, rather than what has been done in the past. We have to do better than merely "locking the house after the thief has gone".


> Who would have published such an example?

Typically that would be either the academic researcher attempting to prove that their investigation technique works, or the prosecutor looking to use the results of such an investigation as evidence in a trial.

> When we deal with opsec, we have to consider what is possible...

Anything is possible. Even ideal encryption algorithms—other than one-time pads—have some non-zero probability of being broken within a reasonable timeframe by a brute-force search, but that doesn't make them useless. As long as it's not cost-effective to trace the transfer, that's enough. It doesn't need to be mathematically impossible.


Maybe this is where we diverge.

> or the prosecutor looking to use the results of such an investigation as evidence in a trial

I'm inclined to believe in the possibility of parallel constructions being used to cover up the best sources of intel.

> Anything is possible.[...] As long as it's not cost-effective to trace the transfer, that's enough. It doesn't need to be mathematically impossible.

And here, I think it is probably cost-effective to come up with that technology, because it would allow tracing people and transactions that might otherwise be impenetrable. And, if that were the case, I don't have a hard time imagining that it would be of utmost importance to keep such technology under wraps.

But again, at this point it seems like we're comparing pessimism to optimism.


> I'm inclined to believe in the possibility of parallel constructions being used to cover up the best sources of intel.

So am I, to a point, but even if they prefer not to disclose their actual methods (and are willing to commit perjury) they can't exactly hide the results. And others wouldn't have any incentive to keep their successes hidden.

> ...I think it is probably cost-effective to come up with that technology...

This isn't a matter of "technology" where some R&D spending up front is likely to lead to a method of cheaply tracing funds. If such a method existed then the system would indeed be broken; it would be akin to finding a critical weakness in an encryption scheme. Barring design flaws, however, the idea is to make all the transactions look the same so that even using your best graph theory tools you can't narrow down the possibilities enough to reasonably investigate all of them. That's what I meant by "not cost-effective": When there are 50 transfers that fit the parameters then you can investigate them all, but if there are 50,000 plausible trails to investigate then that effort would only be worthwhile in very high-profile cases.


> If such a method existed then the system would indeed be broken

Yes, I think that is the fundamental problem with depending on 'mixers' against state-level actors. We both agreed earlier that the tech is theoretically possible. It seems like we're disagreeing about whether someone exists who is motivated enough to build the tech, and whether that person is also motivated to keep their tech under wraps.

> they can't exactly hide the results

It's a known method that US law enforcement has done in the past. Parallel construction is absolutely a thing. https://en.wikipedia.org/wiki/Parallel_construction

> the idea is to make all the transactions look the same so that even using your best graph theory tools you can't narrow down the possibilities enough to reasonably investigate all of them

I just don't get the impression that it's successful. There's a lot of 'metadata' that could be used to narrow the candidates down: geography, time, transaction amount, method of accessing the exchange (API / browser / desktop app ), age of wallets - I don't know which is specifically relevant here, but there's a lot of similar information which could be used to narrow the possibilities down, and most of it could probably involve 'fuzzy logic'. I just don't think that a threat model which includes state-level actors should ignore the possibility that transactions could be traced through mixers.

By the way, I'm really enjoying this discussion. Thanks for playing. :)


Bitcoin isnt anonymous, and doesn't claim to be.

If you want an anonymous currency check out something like Zcash or monero. They use some fancier crypto to obscure transaction inputs and outputs, which gets you a bit farther towards being anonymous.


It's pseudonymous.


Far less anonymous than using a bank.

Bitcoin has and always will be a way to cut down transaction costs, cutting out the middle man ie cutting out the banks. To do that, everyone has to be able to audit every transaction and verify authenticity of a transaction. In this way bitcoin is anti anonymous, always has and always will be.


Bitcoin isn't anonymous.

The entire history of every transaction between every wallet is visible. This means if someone knows your wallet ID (i.e. you bought something from them and shipped it) they know exactly how much bitcoin you have in that wallet.

Some people try to be anonymous on it, but as some of the drug dealers on Wall Street Market found out, that's pretty hard to do. Law enforcement was able to track down some of them by tracing their bitcoin transactions.


>It's meant to be anonymous, yet with some diligent data mining, it can become pretty clear who's who from their spending patterns by observing the ledger. How is that remotely anonymous?

It's not anonymous anymore. Transactions are being tracked to the ip addresses they originated from. This tracking has been going on since 2014[0]

From the article:

>But there is no top-down coordination of the Bitcoin network, and its flow is far from perfect. The Koshys noticed that sometimes a computer sent out information about only one transaction, meaning that the person at that IP address was the owner of that Bitcoin address. And sometimes a surge of transactions came from a single IP address—probably when the user was upgrading his or her Bitcoin client software. Those transactions held the key to a whole backlog of their Bitcoin addresses. Like unraveling a ball of string, once the Koshys isolated some of the addresses, others followed. >

>Ultimately, they were able to map IP addresses to more than 1000 Bitcoin addresses; they published their findings in the proceedings of an obscure cryptography conference. ....

[0] https://www.sciencemag.org/news/2016/03/why-criminals-cant-h...


I think Satoshi wanted to make Bitcoin anonymous, but didn't know how to (and Bitcoin was still a pretty big achievement).

Today Monero or maybe ZCash is leading the privacy department and they do offer the anonymity you're after (with some weaknesses of course).


BTCP can be a good example of BTC + Zcash like (ZCL) , but it hasn't recovered yet from ashes ;)


Bitcoin is open and transparent by design, people think it's anonymous because it was used for dark markets before the Feds caught on.

Monero, and to a lesser extent, Zcash are coins that were designed to be anonymous (Although Zcash has opt-in privacy, whereas Monero is default)


It isn't anonymous.

Having a public transaction record makes it possible, even easy to identify and track behaviors of anyone.

Everyone you give money to knows exactly where all of that money has been and presumably who you are.

You can make it more anonymous by doing some things, but then it's just ordinary money laundering, but honestly, more difficult.


A key feature of Bitcoin is its transparency, because it's an open ledger accessible to anyone. The intent of Bitcoin is not to be anonymous, it's not a feature the designers were trying to a achieve.


it’s a common misconception: bitcoin is NOT supposed to be anonymous (it has a full ledger), but pseudonymous.


if I have a wallet on my computer and send it to your wallet on your computer that would be anonymous.

it's when you connect the transaction to some bank (like, when you transfer from the wallet on your computer to Coinbase where they have your tax ID number, then withdraw to your real-world bank) that it can be so easily traced.

but if you just keep some btc in a wallet and do business out of that it's effectively cash. even if you bought bitcoins on Coinbase then transferred to your local wallet, once it leaves Coinbase the wallet ID itself doesn't have anything tying it to the laptop in your friend's basement in Brazil. from there who knows where it goes, I just bought pizza with it officer idk what the guy who sold me the pizza spent it on

a transaction ledger itself isn't inherently identifiable. otherwise we would know who just transferred $1B+ in this article and not have a bunch of comments wondering who it is lol


Bitcoin was never meant to be anonymous. It was designed to be stateful. The only information that is visible is the wallet address. And if you work at it long enough you can tie that back to the owner. It’s more anonymous through obscurity.

Now, there true anonymous cryptocurrency but bitcoin isn’t one of them.


Bitcoin enables privacy when used properly, but privacy is not an inherent feature.


In what way does it do that?

Or in other words, what makes that sentence more true than sentences replacing the word Bitcoin with the words phone/email/pigeon carrier/etc?

Genuine question, not rhetorical - I don't really follow bitcoin.


Those alternatives require a durable namespace for 'targeting' your communications: a phone number, email address, physical location the pigeon arrives, etc.

Bitcoin can be used with novel targets (receiving addresses) for each uniquely received transaction: i.e. instead of having one bank account with all your transactions, each transaction is in its own anonymous bank account. By doing this, outsiders cannot know that two transactions are owned by the same person without that owner otherwise revealing the association via co-mingling funds or revealing ownership off-network (ex. sending to exchange that does KYC+AML).


You can be careful to not comingle funds or participate in KYC, but you have no forward security --- the person you paid (or their successor payees) can always comingle funds or participate in KYC. At which point, they may recall you paid them.

Also, I can't imagine it's very convenient to manage a large number of separate keys.


> Also, I can't imagine it's very convenient to manage a large number of separate keys.

You can have one secret master key and then derive many keys from that [1]. Without the master key you cannot tell that they are linked. [1] https://en.m.wikipedia.org/wiki/Key_derivation_function


> Also, I can't imagine it's very convenient to manage a large number of separate keys.

A computer can do that for you.


I find the more things I do with a computer, the more there are to manage, not less.

...what is a "system administrator" anyway, and why is my computer telling me to ask them for help?


The ledger does not record in person transactions. Theoretically, I can hand you a USB stick containing BTC and no one would know until it is sent to another wallet.


That is not a secure method of transfer. Giving someone a copy of your private keys just makes you joint owners, where either one can spend the money.

The recipient would be wise to immediately spend the coins to an address only they know, unless they have absolute trust in the giver.

As they say: not your keys, not your bitcoin...


you must be joking. Only a person who has no understanding of bitcoin would accept that type of transaction.

The person "Paying" the other person could have backed up the private key and simply recovered it at a later date to send to another wallet.

Bitcoin is not gold, so don't think of it like gold.


Bitcoin is not anonymous. It does not require a third party to authorize transactions.


BTc is not anonymous but pseudonymous from the start (e.i. the white paper)


> I can count maybe 5

How could you possibly know?


Not for sure, but it’s not uncommon knowledge who the bitcoin early adopters who held their coins are.


Wouldn’t a bank or institutional investor also spread this up into multiple wallets? Doesn’t take a genius to diversify risk of a wallet breach.


From the top twitter comment: > 0.06BTC in fees? Why so expensive?

Just gotta say, its pretty amazing we live in a world where 1 billion dollars can get transferred pseudo-anonymously in a reasonable time frame, only costing the transfer party $600. As a really stupid, non-real-world comparison, Western Union has a transfer limit of $2500 per transaction, and a $20 fee per transaction. If you were to initiate a $1,000,000,000 transfer it would take something like 400,000 transactions costing you something like $8 million dollars in fees.


International wire transfers between USD accounts usually cost about $25 regardless of the amount.

There's a lot of dollars moving around in the global financial system quickly and affordably, Bitcoin advocates just don't seem to know about it for some reason.


International wires are a bad example because they charge a huge FOREX spread. For a high-ticket transfer, you'd need to use a brokerage for the exchange first, which is also very cheap, but a bit more than $25 ($20 per million at InteractiveBrokers). Then a very cheap domestic wire for the last mile. Or, for small-ticket transfer TransferWise is around 0.85% for the whole exchange.


International banks are happy to open USD denominated accounts if you're a business or a private customer with a bit more than just paychecks and bills coming and going. Then you can send and receive USD with no exchange fee.

If you need to spend it locally, you still need forex at some point — but that's a much more predictable proposition than going from the wildly volatile BTC to local currency.


No they don't, if I shift $500m from a US bank (in USD) to a swiss bank (in USD) it attracts no FOREX and barely any cost.


Depending on the regions, you can do tricks with your investment account too— Norbert's Gambit is the famous one for cheaply moving a lot of money between USD and CAD:

https://medium.com/young-wild-and-cheap/the-norberts-gambit-...


Is Norbert's Gambit anything but theoretical? It sounds like a guaranteed way to lose money.

Given the tick size, crossing the spread with this ETF is going to cost you around 10bp alone. Never mind that this ETF only holds $45m in assets - you're only going to be able to get a very small amount without eating through price levels. On top of all this you have to carry 3 days of currency risk?

I'm sure other online discount brokers are similar, but I checked Interactive Brokers, since I'm a customer, and they charge max 0.2bp fees, the spreads are around 1bp and there's no currency risk.


Are you in the US? While I've never personally done Norbert's Gambit my understanding is that it's extremely popular for Canadian investors to do if they want to get USD. Might not be vice-versa.

The most common use case I'm familiar with is within RRSPs, as there is sometimes a tax advantage to using US-listed ETFs within them. Most brokerages charge 1.5-2% to do currency conversion so it would be a lot better deal to do Norbert's Gambit to get USD trading funds.


I'm not in the US but there are probably even more online discount brokers operating in the US and Canada so maybe it's a tax efficiency thing?

Paying 1.5%-2% for FX conversion between two major currencies is very expensive unless the sums are small. The last time I converted currencies using a discount broker - including all costs I was charged less than .1% compared to the mid-market rate at the time.


That's weird? Why is paying the ETF spread twice cheaper than paying the CAD/USD spread once?


For some reason, people think the cost of buying and selling a security is equal to the explicit commissions and fees, I guess.


Given some weird structure of fees and spread, paying the ETF spread twice might very well be cheaper. I have no clue.

I was just wondering, what weirdness must be going on to make that so.


How is that comparable at all? The original transaction is BTC->BTC. Why are you comparing to a currency exchange?


Fair point!


You'd probably be best served to just go through an investment bank. FX market is relationship driven unlike the stock market. You don't have any of the trading relationships with the huge players in the market, and probably never will. The cost in time and money to participate in these markets vastly outweighs the paltry sum the traders are making on your transaction. Solicit quotes from multiple counterparties, pay attention to the institutional rates, and make sure you aren't getting screwed too badly.


okay then. domestic wire transfer. we done yet?


Did you miss the part about it being anonymous(pseudonymous)? Also did you consider the fact that it circumvents any government regulations / oppression / sanctions that parties involved in the transaction may have been subjected to?

Bitcoin advocates know very well that centralized systems are faster and more efficient, that’s just the trade off of actually owning your assets. Right now you own nothing but some promise in some database controlled by bunch of potentially corrupt individuals governed by potentially repressive institutions.


>Right now you own nothing but some promise in some database controlled by bunch of potentially corrupt individuals governed by potentially repressive institutions.

Are you describing Bitcoin or fiat currency?


you don’t understand how bitcoin works if you have to ask this question.


To be fair, people[1] have raised the question of whether bitcoin is manipulated by people who have printed other types of currency without limit, which implies practically nobody understands how bitcoin works.

[1]https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3195066


Also Tether is special case - it’s not unrelated altcoin, it’s supposedly stablecoin bound to BTC.

“Supposedly” because no proper audit of tether assets and liabilities was done and there is little transparency.

Counterargument is that if tether is insolvent, it would affect Bitcoin but only to some degree.

Here’s the logic: if tether was printed without backing to buy and prop up price of bitcoin then somewhere somebody is sitting on a pile of USDT which they will want to get rid of. You can get rid of USDT by asking tether to buy them back from you for USD or you can trade them on the market for BTC. Assuming tether goes dark USDT owners will be forced to sell USDT at discount creating even more buy pressure for BTC. The whole thing will be a huge debacle and incur some damage to BTC but ultimately it’ll be perceived like one more exchange scams - not your keys not your Bitcoin, trusting that USDT can keep USD parity is purely on you.

Bottom line is - people are being manipulated, not Bitcoin. Bitcoin will continue to live up to its promise - distributed open ledger and transaction platform, solving consensus problem via proof of work and there will only ever be 21 million of them.


That’s like manipulating value of USD by printing more Euros. Sure it has effect because economies are interrelated by it can’t be sustained - Euro will be worth nothing eventually.


But not all international transfers are USD to USD. Anytime there is an exchange of currency the banks involved take their own cut on the exchange rate.

Many people cannot access bank accounts that allow this sort of transfer and thats why Western Union etc exist, they charge a % of the value being transferred as well as a flat fee.


I think you're confusing the real-world version of you that has to pay $20 per transaction with a hypothetical billionaire version of you. People moving large amounts of money around don't do 400,000 transactions at $20 a pop.


  As a really stupid, non-real-world comparison


No one gets to escape the real world.


Do you really think people use 400,000 transactions costing $20 apiece to move large amounts of money? If you keep a billion dollars in a bank account (!) you can simply call your private banker and have it done with no fee.


  As a really stupid, non-real-world comparison


Private bankers aren't free though.


My US bank account has zero transaction fees and if I had this kind of money I do not see why I could not transfer for zero fees (don't see a limit anywhere). And if making smaller transactions, apps like Venmo can transfer money both instantly and free (unlike Bitcoin).


Banks typically have limits on how much you can withdraw or transfer with any given method in a day.


Banks typically treat billionaire customers differently too, it's absolutely ludicrous to think they'd have to use hundreds of thousands of transactions (let alone pay for them!).


Maybe. Having worked in the wire room before, that is not inaccurate. That said, transferring one billion would require advance knowledge, multiple signoffs, and adjusting permissions for people. Depending on the institution the payments may have to be split, but odds are the bank would eat the cost to maintain that relationship.


> That said, transferring one billion would require advance knowledge, multiple signoffs, and adjusting permissions for people.

This is largely a feature, not a bug, as various Bitcoin exchanges have discovered.


I run a VC fund. We move store money around in large amounts (6-7 figure transfers, 7-8 figure balances). Our bank loves us and doesn't charge us any fees for anything ($0 wires etc). Having millions parked with them allows to lend the money which is how they make their revenue. They don't care about fees.


In the case of China, hundreds of thousands of transactions is too many, but it is apparently routine for transfers of money outside China to be done in a large number of small transactions due to the legal per-person limit on transferring money outside. (And yes, since it's a per-person limit, not only do you need to do a large number of transactions, you need a new cooperator to put their name on each one.)


Well if I were to show up at the bank wanting to transfer $1bn I am sure I would get all kind of stares, but can not see a technical reason why they would not be able to do it. Difference with Bitcoin is you can do it completely anonymously, for all the good and bad things that go with that.


> completely anonymously

Except we're all out here talking about this and no one knows what other $1bn transactions have occurred in the banking system today so we're not talking about those.


He means anonymous from bank actors and state actors obviously. When you transfer money with a bank or wire service they know who you are and who you are transferring money to. Nobody afaik, knows who either of these wallets are held by.


No dollars were transferred. If you want to convert it to actual things you can spend you have to pay an exchange at least 1% on either end. You're comparing moving around intermediate representation to something you can actually use, like a bank moving bits around in its internal ledger. WU is not a good comparison for large-quantity FOREX, InteractiveBrokers is one of your many options, and they charge a commission of $20 per million, which is at most a $20K fee not an $8M fee.

With that in mind you seem to be conflating a FOREX transfer with a bank-to-bank transfer which you can use a $30 (or as cheap as free) wire to more the whole billion instantly.


> No dollars were transferred. If you want to convert it to actual things you can spend you have to pay an exchange at least 1% on either end.

Actually, this isn't true. That's the lowest-cost way of converting the bitcoins to actual things. But if you don't want to interact with an exchange, you have enough BTC that you can easily find someone who will just take your payment in BTC and take on the job of going through the exchange themselves.


It still has to exit and you can’t discount that cost. Nobody will sell you a house for BTC and not exchange them for dollars. That means nobody will sell you the house for face value. You’re still going to have to discount the sale price to cover the exit costs unless you have data that shows otherwise.

For instance, if you came to me and offered me either $500K in dollars or $500K worth of BTC at today's prices (good luck defining that with volatility) I'd say sure, for $550K worth of BTC and I'll exit it immediately. Well, probably not, because I'm sure that BTC is either dirty or avoiding taxes and that's not a conversation I want to have with the IRS/FBI, but that's why you'd have to pay me so much more.


They overpaid big time, fees of approximately $33 would've been sufficient for the transaction to confirm just as fast.


Big time?? Who cares about a few hundred dollars when it’s a billion dollars.


yeah if you look at https://jochen-hoenicke.de/queue/#0,1w , you'd see that anything above 20 satoshis/vByte would be overpaying[1]. the transaction in question paid 400 satoshis/vByte.

[1] ie. anything at that rate or greater would confirm in the next block, so there's no difference in paying more


do they have to pay anything? or let's assume they just want to pay $1, and they don't care about how long it takes. would it eventually happen?


It might. It depends on the status of the network at the time. If there is a significantly large unconfirmed transaction pool backlog and a transaction is made with a low enough fee then the miners may simply ignore the transaction for long enough that they let it expire and drop it completely. Theoretically, that transaction still could be confirmed at any time in the future, but, practically, it won't be. So, most wallet software will stop displaying an unconfirmed transaction after a number of days, returning to a pre-transaction available balance.


This got me thinking. I believe I saw last year where there was something like over 200k unconfirmed transactions on the blockchain. Right now it says 5000.

So, what is the minimum amount you could send with a proper transaction fee? Could someone flood the network with millions of unconfirmed transactions?


you could but if you wanted them to stop others from using the chain it would be pretty costly. if you didnt provide a fee then they go to the bottom of the list to get mined and some miners might not even bother


Yeah, looks like $1 would've probably been enough fees for this transaction to be confirmed within a reasonable timeframe (less than 10 blocks, ~a few hours).


No human being would ever transfer 1B through 'Western Union'. I am sorry, but that's not a legit comparison.


  As a really stupid, non-real-world comparison


And yet, they wrote it anyway, knowing it was stupid.

So, people are continuing the theme of redundant comments initiated by the original.


I’ve seen $1B wires. Not accounting for FX spread, the cost is the same as sending a $50 wire.


>Just gotta say, its pretty amazing we live in a world where 1 billion dollars can get transferred pseudo-anonymously in a reasonable time frame, only costing the transfer party $600.

I'm quite sure the banking system could do the same, no problem. These are not technical limitations, they are regulatory. It's controversial enough whether any human actually needs a billion dollars, let alone the freedom to move/spend it however they want with zero oversight. But that's just me.


You don't pay the official consumer fee for such transactions, and you don't pay the stated exchange rate for exchanging $mm for other currencies.


I don't have any experience with billion dollar transactions, but I am confident that people who do them as a matter of course don't incur 400,000 $20 fees each time.


Help me understand, was 1 billion dollars actually transferred?

Wouldn't a normal bank wire of the same amount cost less than that, say $25?


I am not sure how bank handle such large transactions (100 milion+), but transferring millions is very cheap or for free - at least with standard IBAN within EU.


A large corp-to-corp (or even person-to-corp) transfer does have a lot of money involved (accounts to figure out taxes, lawyers if it's for buying or selling major assets, possibly international tax experts, maybe even an escrow service if it's between say a EU company and a Chinese company where they might not trust the other nations court systems).

And then the bank might charge a fee too, although I suspect with accounts that large, banks would do what they could to minimize fees since that much capital helps them with loads/interest.


And these other costs would not apply in bitcoin world?


My bank charges a percentage for wires over a certain amount.


$1 Billion USD at current prices. Having said that in the current SWIFT or any other legacy payment rail, there is no finality in transactions until 30+ days.

Not only that, is that you would have the Eye of Sauron quickly looking at you for moving such quantities especially if it were a private individual or some smaller group that isn't all registered with the powers that be.


Yes and yes. A bank wire is the opposite of pseudo-anonymous though, especially with this kind of amount you'd have all sorts of eyes on you.


Yes, if your time -- needed to provide the thorough documentation for such a huge transfer -- is worth nothing.


The actual people who transfer $1 billion between each other (financial institutions, large corporations, and private investment vehicles) don't pay any fees either.


Honestly they probably have specific pricings for Billions but yeah 600$ is on the extreme low side of the spectrum.


When you move $1B from one financial instution to another, the receiving end will pay you to choose them over their competitors, as well as provide other incentives.

There's simply no comparison.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: