The “I have no sympathy for the victims” comments are crass. But there is a legitimate question of how much law enforcement these crimes deserve.
Arizona has a stupid motorists law [1]. If a car “becomes stranded after driving around barricades to enter a flooded stretch of roadway,” the driver “may be charged for the cost of their rescue.” A similar concept for crypto may be necessary. Law enforcement will pursue. But if they catch the crooks, the cost of enforcement is deducted from the proceeds and flows straight to the Treasury.
It’s easy not to have sympathy because these folks are the ones railing against the banks and the government and the establishment and police - confident they don’t need them because they’re all in on a system the vast majority doesn’t understand the first thing about. But they’ll demean and criticize anyone who suggests their magic free money machine might not be all it’s cracked up to be. They’ve been warned so many times. Like the anti-vaxxers turning to ivermectin. It’s honestly just an episode of r/WinStupidPrizes.
Even now they’re rationalizing - US banks offer 0% interest and took $12B in overdraft! See how much worse that is? Well except the $12B is out of $18T in assets so DeFi hacks cost 1400X as much per user.
In fact 10% of all TVL in DeFi was stolen this year. That means if you’re not making a 7% return for inflation and a 10% return for risk loss, you’re losing money in real risk adjusted dollar terms invested in DeFi. 17% APR in DeFi is equal to 0% in real dollar terms.
"have fun staying poor," he said, clicking on the coin roulette, eyes never leaving his plugged in android tablet, physically hot to the touch from the max CPU load.
"i am going to retire in 5 years. have you heard of prove-your-steaks? its gonna change crypto. you can get 20% back, just lock up your starving kids Earned Income Tax Credit for a year, and you'll make $500!"
"have you heard of this new shitcoin? probably not - i know you retired from crypto! haha...anyway, it exposes you to upside leveraged of @PISSCOIN and is tethered to the stable-genius coin. its basically free Unisex-swapped tokens."
"hey. some guy on discord was helping me install a chrome plugin to manage my coins and now my $400 in life savings is gone...are you still good with computers?"
You cannot get margin called on a cash account, because you cannot make positions that are not 100% collateral covered, unless you have 25k. Then you can do that, and trade more than 3 times a week (and don't have to wait til settlement)
Pension funds don't deserve to go bust, but shouldn't be bailed out if they fail to diversify their portfolio.
There are a lot more safe-gaurds in investing, because all these games have been played before.
But those require consent too - with crypto, someone can, and will, irrevocably steal your funds without possible recourse.
.. and indeed the UK and other countries have banned the OTC sale of particularly bad ones, such as binary options. There is some effort to prevent people selling overly fraudulent or risky products to the general public, even if it's leaky.
Is that really a fact, that 10% of the value locked into DeFi was stolen this year? I would think that most of the TVL would accrue to the more blue chip protocols (Aave, Uniswap, Compound, etc.) and to my knowledge these haven't been affected much by these big hacks.
DeFi Pulse says there's just under $100B in TVL. [1] About $10B was lost and stolen this past year depending on where you look - $7.7B according to this article, but I saw $10B circulating too.
I don't think DefiPulse has everything. Here's a few more off the top of my head, though I'm sure there is more:
- $5.5 billion (TVL on Eth L2s via L2Beat)
- $4 billion (ETH 2.0 staking contract)
- $17 billion (Polkadot staking)
- $16.5 billion (Cardano staking)
- $36 billion (Solana staking)
The article's figures include the centralized Turkish exchange which made off with ~2.6B , so I don't think it's fair to consider it the same kind of thing.
> Rug pulls have emerged as the go-to scam of the DeFi ecosystem, accounting for 37% of all cryptocurrency scam revenue in 2021
So 37% of $7.7 billion is $2.849 billion.
> All in all, rug pulls took in more than $2.8 billion worth of cryptocurrency from victims in 2021.
> It’s important to remember that not all rug pulls start as DeFi projects. In fact, the biggest rug pull of the year centered on Thodex... In all, users lost over $2 billion worth of cryptocurrency, which represents nearly 90% of all value stolen in rug pulls. However, all the other rug pulls in 2021 began as DeFi projects.
The graph shows $2.6 billion was lost with Thodex. So that leaves $0.249 billion that was lost in projects that were rug pulls that began as DeFi projects.
I do believe the medium-term inflation goal of 2% will be reached, and that this is simply a function of supply chain disruptions. I was using the most recent CPI data. You can also get a 7% yield on treasury Series I bonds. [1]
The exact value of inflation this year is controversial and depends a lot on how you measure it, but you can replace it with 6 or 8 or whatever you think the correct value is without altering their point.
Technical hacks against the protocol and implementations are fair game, and is the implicit incentive that balances the market.
Social engineering and financial hacks are not fair game, and are "illicit" in the sense that crypto is obviously an international martial zone.
Exhaustively brute forcing a keyspace is valid, making your username an XSS to steal funds from an insecure page/downstream app is not valid.
Finding and leveraging an exploit in a contract is valid, both a paper/legal contract and a literal codified Eutherem contract. Flashing incorrect token prices on CoinMarketCap.com to take advantage of (unauthorized? grey) downstream screenscrapers and rugpulling affected tokens is NOT valid, but, admittedly murkier.
Fair game and valid according to whom? You cannot legally rob a bank just because they left it unlocked and unmanned. It might be possible to take crypto due to a bug in a protocol, and arguably justifiable, but that doesn’t mean it would hold up in court if you were identified as the one using the exploit.
> You cannot legally rob a bank just because they left it unlocked and unmanned
Nobody suggested making crypto crimes legal. Just metering the degree to which law enforcement, a public good, is put to use pursuing it. Why should a law-abiding saver bail out what in many cases looks like a gambler’s foray?
> Why should a law-abiding saver bail out what in many cases looks like a gambler’s foray?
Because having an idea about how these frauds are committed are helpful for society as a whole. Law enforcement investigating such crimes is the first step towards meaningful laws and regulations.
Acting as though these crimes never happened because they're not enshrined somewhere in the criminal code is cutting off one's nose to spite the face. The negative externalities will still be there, and they will land squarely at society's doorstep. We will all have to foot the bill one way or another.
Everyone's a rugged individualist until they get rugpulled.
I am not sure what you mean by “bail out”. When something gets stolen from you, the government doesn’t repay you for the actual amount. They do pay to litigate/make litigation possible. That is part of the societal contract - if you own something and someone takes it from you, the court system exists so you have legal means of restitution. I don’t really care about whether that’s good or not to apply to crypto, I am merely pointing out that it does.
Socially acceptable. Because I am not going to acknowledge or respect a Turkish summons. Although I would expect a Turkish hit squad.
>You cannot legally rob a bank just because they left it unlocked and unmanned.
Exactly - because it isn't a bank, it is a bunch of cash on the street, if it was unlocked and unmanned.
And even if there was a clear Sticky Note with foreboding text, you would be in the clear to pocket a stack of cash sitting on the sidewalk, left unattended, guarded only with a sticky note.
The steelman and strawman are nearly identical - a bugged contract or implementation isn't a bank, it is a bunch of cash on the street. It stopped being a bank once a bug was found.
> And even if there was a clear Sticky Note with foreboding text, you would be in the clear to pocket a stack of cash sitting on the sidewalk, left unattended, guarded only with a sticky note.
That's not true, and not true globally. Unattended valuables being taken is still theft. Though prosecution is rare, it still happens [0].
It's not a matter of whether it's theft. Of course it is.
But if you leave your valuables in the street unattended and then come back shocked to discover that they aren't where you left them, this is not a problem that requires new legislation to solve. The solution to preventing this from happening to you in the future is quite obvious and doesn't involve the government.
And if the government manages to catch the thieves, great. But if they don't, c'est la vie.
No, because keys for a car and keys for a wallet are wholly different, and even then, picking a lock (bruteforcing a keyspace) isn't comparable, because the value, intent, and purpose of a car is not in its properties of being able to be transferred, transmitted, and it's future value increasing (although that last one is true incidentally), but it is primarily used to get from A to B.
If you found a gift card with the PIN in the street, it would entitle you to a moral inhibition. If you went through a stack of discarded gift cards and found ones with change, you would be less morally wrong, but just as legally right.
Finding a debit card in the street with the PIN is akin to finding someone's wallet.dat file on their github. That is stealing, so no comparison.
Thanks for these analogies. People unfortunately want the new technologies to be an exact replacement of the status quo. There’s no reason for it to be the case and the way these technologies work may make it infeasible to enforce the rules of the status quo.
It's a bit unfair to make that comparison. Most technical hacks are always present until somebody abuses it, to make a fair comparison the bank would have to _always_ be left unlocked and unmanned
The guarantee that a bank gives is not the same guarantee that a smart contract gives you. the bank guarantees the safety of your money, the smart contract guarantees that it will as stated in the code.
It's on the the contract dev to write the correct thing and on the contract user to determine if the does what is "says on the thin"
You obviously don't understand basic contract law. US Civil courts routinely apply the principle of equity when interpreting written contracts. Loopholes and errors are disregarded when they violate the clear intent of the agreement.
Nothing annoys me more than arrogant ignorance. It's like, pick one! You speak as if these are handled as federal matters, and they are not. Contract disputes are handed as local matters, usually in a local district court.
Furthermore, when you talk about the court you're talking about a Judge. The Judge gets final say and they can take their sweet time, regard or disregard anything they want. In local matters, Judge's act without restraint. Appellate court, the state bar, the judicial qualification board, federal court, all gets involved so rarely they can be ignored. Additionally, these Judges are no stars of the legal profession: cohorts of lawyers will often rig elections and appointments to favor a well-connected but bad lawyer, because being a judge is actually really easy.
So, yeah, it mostly depends on who the judge likes better, and whether society is better or worse if this dispute is decided this way or the other way. I can't stress enough the arbitrariness, and supreme unaccountably, of a local judge's decisions.
You'll have to back this up with evidence. You can file complaints about local judges to judiciary committees, administrative judges, you can appeal their decisions, and if you actually go to trial you get a jury unless you specifically waive it (along with all other parties).
I don't see how they're unaccountable, or how contract disputes mostly depend on a judges disposition.
> I can't stress enough the arbitrariness, and supreme, unaccountably, of a local judge's decisions.
Exactly. Code-contract signers hate this, and go out of their way to avoid the possibility of this interference.
Judges should tell crypto cases to get rightfully fucked.
If I appear and sue a drug dealer for giving me fake 100's, I'd get laughed at.
Considering crypto is just an massive abstraction layer to hide the online drug trade, the courts should similarly laugh at these _technical_ exploits, in the context of Euth-shit code. Because it's sole explicit purpose of existence is to conduct business without arbitration.
> If I appear and sue a drug dealer for giving me fake 100's, I'd get laughed at.
Is that actually true? On the criminal side, I served on a grand jury, and a lot of the cases we saw were criminal-on-criminal crime. I guess the idea driving the crime was that criminals make easier targets as they're less likely to go to the police. But some did.
Fine, make crypto outside the legal system. Gains can't be taxed and failure to apply AML/KYC can't be prosecuted, but you get no protection from the courts for theft. I'd take that bargain.
If that were true, it would not be possible to run a sustainable business in any industry. Legal systems need to generate consistent results with respect to contract law in order for commerce to be successful and efficient.
Cite? No, the way it works is that you pay lawyers who know enough to play it out in their heads and determine who has to pay whom to make it go away. If one side is stubborn and ignorant, then they pull the trigger and the years-long, extremely expensive lottery play has begun.
Your assumptions about the law, about judges, and about rationality, rhetoric, and the justice system in general are about to be destroyed. The lawyers know the high variance of court and generally want to avoid court like the plague.
(The justice system is badly broken, obviously. The core issue is that it takes far too long to judge a case, and a big reason for that is a) the rules are too complicated and b) not adopting better tech. We should have trials that start a week after filing, with online juries, online judges, and real-time access to data. The attorneys can finally earn their ridiculous wages by learning how to fly through information and present it in a compelling way.)
The median lawyer salary is $122K. Whether that's ridiculous is a matter of opinion, but it's only a little higher than software developers. And the average lawyer has more education.
Some civil court hearings are already conducted online.
It is how it works. The rules don't matter; the attorneys know what words to say to give a judge reasons to either admit or reject application of any rule. The coin that remains in a case is likeability and making the judge's life easier.
The net result is a system where attorneys are falling over themselves to prove who is more obsequious to all the judges. If you become a problem in one case, you will suffer in your other cases, too, so individuals with legit complaints against the court can and will be ignored.
The net result is a court that ignores all but the most mechanical rules (and loves to stall on those when it can, because it approximates the appearance of "work"), and has no mechanism for correction. I'm sorry, but the rules don't really matter, to anyone.
That comment is just deranged. I assume you had a bad experience with legal system at some point but you clearly don't understand how it actually operates, especially at the appeals levels.
And they routinely admit that some cases are not clear cut. But crypto has no grey zones, by design - you either have the keys, or you don't. And that is the explicit agreement code-contract signers agree to when they go out of their way to DeFi their agreements.
Obviously legal precedents and statutes are not fitted for this purpose yet, because they are reactive, not proactive.
The flipside of that is that the effective capital markets we have depend on a level of trust which could easily be eroded. There were weeks this year where I saw advertisements all over London for DeFi products and cryptocurrency trading portals. I don't think the majority of people putting money in there had any idea whatsoever what they were doing.
That's a bit circular though. I mean, to be clear I don't agree with the upthread point that we should deemphasize crypto crimes. But that said... the trust in the DeFi economy is being eroded right now, and for some very rational reasons.
It's certainly not the government's job to jump in and prop up financial systems in which it's not involved. Its interest is in protecting its own citizens from criminality, not in the level of "trust" in "DeFi".
It is, and I've had a nagging suspicion for a while now that this is the flaw at the heart of cryptocurrency and related phenomena. It's all built on the premise that the answer to "we can't trust existing institutions" is to try and design systems that don't require us to have trust in any actor, but as Sharlin noted, it's difficult to impossible to do anything transactional that doesn't require some level of trust. Perhaps "trust no one" is not actually the right solution to the problem.
It's the same as open source software, most people don't personally look at the source code of the Linux Kernel, but they trust it more than Windows because they know many thousands of others have looked at it and haven't found issues.
Open systems lead to less trust required, because anyone can verify and report issues. Open finance leads to less trust required because anyone can verify and report issues with the smart contracts.
Many are upgradeable, though it's the common libraries that people use that matter. The Ethereum ones have been battle hardened over years of exploits so you can use them just like you can build on common Unix primitives to avoid mistakes in new projects.
The real problem is that if you don't trust the existing system, the normal solution is to patronize a different one. Go trust a bank in Japan or Switzerland or India or Brazil, which has a decent enough reputation but does things differently.
But the existing system latches onto any point of centralization in any kind of alternative and uses it to impose the same problematic constraints of the existing system that the alternative was intended to redress. Hence the desire for decentralization. The lack of those pressure points.
It would work well enough if we would just have multiple banking systems and let them compete with each other without international pressure to conform to a uniform set of defects, but that isn't what we have. So how do we fix that, if not with this?
That's the core semantic confusion at the heart of this issue. Cryptocurrency protocols eliminated the need for trust for cryptocurrency transactions. So you can exchange BTC or ETH all day and night and always know who you're paying and no one can get in the middle and mess that up.
But it does nothing for transactions outside of that world. The core idea behind the "DeFi economy" is making things happen in the real world (by financing business ideas, buying 230 year old documents, etc...). And that part requires that the crypto resources be given to some kind of real actor in the real world who's going to do something real with them.
And those actors are people, and they cheat. Hence the new term of art "rugging". You can cheat people in the crypto world, in some sense, more easily than you can regular consumers precisely because they got fooled into thinking they didn't need to trust you.
No, it is not trustless, it simply shifts trust from central authorities to more nebulous entities such as anonymous developers, shady mining cartels, unregulated exchanges, and even yourself to not lose your private keys. Which you consider to be better is essentially a political decision.
The obvious solution is to have both and then make sure that people understand what they're getting into.
Traditional banks should exist and be regulated and insured etc. People with a low risk tolerance should be encouraged to use them.
People with a higher risk tolerance or who are trying to do something innovative or disruptive should have a system that works for them too. People with a low risk tolerance are not required to use it. People with a high risk tolerance will be exposed to a high risk, as requested.
> Just like with any kind of criminal, stopping deceptive crypto scammers isn’t ‘coddling’ people at the expense of everyone else.
It is if you're trying to stop these scams by putting greater constraints on, say, the fiat on- and off-ramps.
I mean, how exactly are you going to stop the average investor in doing something dumb like dumping their money into a shady project, without placing additional hurdles on everyone else? The whole point is that you're allowed to move, manage, and spend your assets as you see fit, without any government's ability to freeze your assets or block you from accessing financial services via sanctions -- for better or for worse, of course. And yes, the freedom to manage your assets as you see fit includes the freedom to make stupid financial decisions -- as you see fit.
> The whole point is that you're allowed to move, manage, and spend your assets as you see fit, without any government's ability to freeze your assets or block you from accessing financial services via sanctions
That’s a selling point advanced by crypto advocates.
Frankly, it’s ok to make that point. What is not ok is pretending that crypto isn’t also a high risk environment full of scams.
I’m not trying to police anything. I can’t stop crypto advocates claiming it’s a good place for regular people to invest.
> What is not ok is pretending that crypto isn’t also a high risk environment full of scams.
I don't pretend that at all. Like I've said elsewhere in this thread, "caveat emptor." I am sorry if others have told you that is not the case about crypto. Unfortunately, I cannot do anything about them.
> I’m not trying to police anything. I can’t stop crypto advocates claiming it’s a good place for regular people to invest.
Then we are in full agreement. As I said elsewhere, the average Joe who cannot remember their own passwords should not be using crypto, IMO. With freedom comes the freedom to shoot yourself in the foot, and unless you understand basic digital safety procedures, you are best off not shooting yourself in the foot.
Yes let's keep making weird incentives for law enforcement like asset forfeiture. I want police to be like an American ambulance and run my credit card before saving my life.
> let's keep making weird incentives for law enforcement like asset forfeiture
I hate civil forfeiture. That’s why I specifically suggested the proceeds flow to the Treasury. Not the law enforcer’s budget.
There is also a world of difference between taking something you legally possess, and taking a cut of things returned to you at the expense of the public purse.
If you loose you crypto in a dex hack you have my sympathy, if you got rugged with a "double your crypto" kind of scheme or some mooncoin, there is no sympathy for you. The same applies for fiat. This does not make you a victim, it make you a greedy target.
a large majority of those people fall into the greedy category not the victim
These sorts of rug-pulls blur the line between legal and illegal though. Take the "Save the Kids" token [1]. In this case, they hyped up this token, their audience bought into it thus jacking up the liquidity, and right around the top all the folks that were hyping the token sell off and everyone is left with a token that's basically worthless.
When we talk about law enforcement stepping in, I struggle to see what they could possibly help with in scenarios like this. TBH the FTC or SEC needs to step in and investigate these instances.
Find out how much money we can get policing crypto. We can even charge a greater percentage of potential funds recovered to extract an amount that would make it worth our while. At any rate, with that data we could determine if the money is better spent policing tax cheats.
In short if we're going to get paid well, we should help. If not? Well, sorry crypto bros. Sucks to be you.
I mean, why not both? There's an entertaining subgenre of police blotter reports where people report their illegal drugs stolen. If people report crypto assets stolen (which they very rarely do), maybe have a look at how they acquired them and whether it was reported to the revenue first.
I agree. They are not unreasonable. They are crass. If a child is told not to touch a stove and then burns herself, I may consider them stupid, but I can still have sympathy for the pain they are experiencing.
100% of Crypto "investors" are speculators looking for a quick buck by investing in a system that is pumping needlessly huge amount of carbon into the atmosphere. They're not well-meaning victims who stumbled into the bad part of town, they are greedy thoughtless people in search of free money.
They may be in search of outsized returns, but I think people can absolutely be victims of the ‘have fun staying poor’ meme. The implication is that if you don’t buy into crypto your assets will be decimated by inflation. I think it’s reasonable to consider that it’s not ‘greed’ but rather fear of being left behind that is driving many victims.
>Stop trying to shame people for expressing a common, reasonable and fair opinion that you don't like.
I realize the dangers of posting something remotely pro-crypto on HN, but I have to say this is a pretty rich comment. Shame is all that is doled out to the many people who have reasonable and fair opinions about cryptocurrency that you don't like (such as thinking some cryptocurrencies are reasonable or worth speculating over).
They are only victims of their own greed and ignorance. It's like ending up in the hospital because you chose not to get vaccinated against COVID: People have been trying to warn you for years, but you wouldn't listen, and now you are paying the price.
Arizona has a stupid motorists law [1]. If a car “becomes stranded after driving around barricades to enter a flooded stretch of roadway,” the driver “may be charged for the cost of their rescue.” A similar concept for crypto may be necessary. Law enforcement will pursue. But if they catch the crooks, the cost of enforcement is deducted from the proceeds and flows straight to the Treasury.
[1] https://en.m.wikipedia.org/wiki/Stupid_motorist_law