Crypto really is a golden age of opportunity for hackers. When else in history could you rob a bank anonymously from your mom's basement for $570M. Cashing it out without getting caught is a little on the tricky side, but not impossible, especially if you live in, or cash it out in an untouchable jurisdiction like Russia.
Reading Satoshi's writings and comments I often got the impression that his intentions were pure. But it is and should be painfully obvious that the only things crypto has principally enabled or made efficient are sophisticated scam work/ransomware, background sex work, and drug trade. To really top it off: it was all at the expense of a small country's carbon footprint.
So I keep having this thought that if Satoshi really is worth his salt, he would transfer his existing funds (of about 50 billion USD) to an assortment of charities because such an action would be quite the statement in declaring that the crypto experiment has been an abject failure and it's time to stop wasting our time and move on. Better he make this impactful statement, better him the person who started it all be behind the action to finish it, than to have to continue in this painful and agonizing path we are on.
This tells me that you misunderstood Satoshi's motivations completely, filling in your own ones instead. His goal was to create uncontrollable and indestructible money, not "save the world" or create "morally just money for puritan purposes". And he did do just that.
Satoshi would have been content with the current state of crypto, being a de facto vehicle for ransomware, serving as a tool for pushing society down the toilet drain?
Consider his unease when Wikileaks started soliciting funds in BTC. If he were all about uncontrollable money he would not have sounded unhappiness about his ballgame being used by Wikileaks.
> But it is and should be painfully obvious that the only things crypto has principally enabled or made efficient
how have you quantified that, and how would you go about doing so? It isn't obvious to me. It also seems like your standard is quite flexible, like even if you quantified that use and didn't find the results you wanted, you would say that the subset of transactions that did fit your results were "enabled" and "made efficient".
- Number of scams/crimes enabled by crypto in the last decade: a ton
- Number of constructive, noncriminal use-cases observed in the last decade: zero
By "constructive", I mean a use-case for which it is the best solution, which rules out every single blockchain use that is not a cryptocurrency. And the cryptocurrencies are the ones enabling the crime and scams.
What if he lost it all? I bet satoshi generated tons of bitcoin while testing his miner that went straight to /dev/null and just kept that blockchain when going live because of why not
This is not what happened. The genesis block is the first publicly mined block, by definition. Nothing which happened before it is part of the blockchain.
Which he obviously isn't; Le Roux was nothing more than a crime boss, thought to be more technically adept than what a sober look at things would suggest (E4M's source code was stolen from his earlier employer).
I am really curious why Le Roux has been ruled out even by the author of the book about him "The Mastermind" by Evan Ratliff - quite a good read.
Le Roux seemed like a good candidate to be Satoshi -
a Windows C++ programmer with serious crypto knowledge(most other crypto oldschoolers were on Linux/BSD),
as the book states he liked adopt other persona on forums,
he obviously had a strong anti-government bent,
so far that is not much but more importantly he was dealing with his real life crime empire and had baskets of money laying around the house.
it is hard to imagine Satoshi not spending some money once BTC got over $1 - unless he was really really not worried about money.
Of course he could have just lost the keys...
There has to be some crucial detail which book does not mention why Le Roux is ruled out so conclusively.
I'd be curious if any code similarity analysis has been done on old LeRoux codebases and original Bitcoin code.
Satoshi and Le Roux both coded C++ but the code they wrote is very different, stylistically and otherwise (tabs vs. spaces, commenting style, approach to things like RNG). Linguistics tics are different in writings. Satoshi has an academic streak to him, he's probably some unknown dude in Germany. La Roux sometimes made grammar/spelling mistakes, Satoshi was pretty much always perfect. It's also strange that Le Roux, being a criminal kingpin with lots of operations, never implemented BTC use in any of his enterprises... why did he choose not to?
When the Dorian saga happened, Satoshi posted on p2pfoundation to clear up that Dorian wasn't him with his original account, I think Le Roux was in prison at that time. He's still in prison, he's been cooperating with the US government. US is definitely not letting him go anywhere for the shit he's done, everything from drug cartel work, helping Iranian and North Korean governments acquire weapons, etc.
One more delicious detail: Le Roux in a letter to SDNY judge wrote that he wants to invent ways to mine BTC efficiently. Really it comes down to the fact that Le Roux was involved with a whole bunch of stuff, and when you have this much surface area to scan you'd think you could come upon with just one strong piece of evidence... but there is nil, he's just another criminal warlord, luckily now in the custody of the US government: https://www.govinfo.gov/content/pkg/USCOURTS-ca2-20-03410/pd...
Its also a golden age for people who understand code and smart contracts and are willing to take advantage of others without breaking any laws. A few of the major "hacks" lately have simply been taking advantage of errors in how smart contracts were coded.
When the international organization can point directly to you as now holding $100M+ worth of crypto tokens and you're in a "jurisdiction like Russia," then the international organization isn't who you should be worried about.
I missed Kramer. And yes, they will probably "write it off", I wonder if only BNB is going to be affected or if their stacking platform is also halted.
I got an email that is made to appear as if it's from Binance today, having never interacted with Binance in any way. The email looks like it could potentially be an actual Binance email someone has copied and modified.
The actual sending domain for the email is sg.djamo.ci. Most of the links in the email are bit.ly redirects to https://bina-defi.net/markets/. Whois lookup for this domain only results in "Whois record is unavailable at this time." The server IP appears to be hosted in Germany at a hosting provider called Xsserver Gmbh. Links to "Binance.com", Unsubscribe, etc. in the email point to sg.djamo.ci and don't work (either that or my Pi-Hole is blocking them).
Everything on the web site prompts the user to connect their wallet. I can't tell if this is an elaborate phishing attempt to drain people's wallets, or a legitimate site that's set up in a way that look suspicious.
Edit: The footer of the email says the following, in spite of none of the links in the email going to the legitimate Binance.com site
Kindly note: Please be aware of phishing sites and always make sure you are visiting the official Binance.com website when entering sensitive data.
I have an ignorant question, which will demonstrate my ignorance of both crypto and fiat.
Was money "Stolen", or "additional tokens generated"?
What I mean by that is: If I have a chair, and you come and take my chair, you've stolen my chair.
If I am carrying $200 in cash, and you take my $200 in cash, you've stolen my cash.
(if I write a nice piece of music, and you copy it, you've performed "copyright infringement" and we can discuss whether that is "theft" or not in legal vs semantic / colloquial terms)
In this particular case, were specific tokens/crypto/something taken out of someone's wallet, OR were additional seemingly-valid tokens generated "out of thin" air? Was it a transfer or generation issue? Was some entity directly negatively affected through a specific loss, or were many entities affected by subsequent inflation due to tokens being generated?
This smart contract holds coins. A bug allowed someone to forge transactions with the result that they could move coins off of the contract and into to wallets that they control.
No, those are definitely bugs. The program was obviously not intented to allow forged transactions, just like so many I/O layers were not intended to incorrectly accept malformed malicious input.
Even actual human laws have bugs and exploitable vulnerabilities. We simply call them loopholes instead. There's even a very lucrative market for them, dominated by professionals like lawyers and accountants.
So you’re saying you want a… oracle? Perhaps a human one? For this decentralized peer to peer future of finance with no overlords? Come now. Surely you jest.
In these cases, stolen usually means that existing tokens were moved around in some way. In this case, it looks like they hacked a bridge connecting one tokens protocol to another 'chain' and redirected tokens there - not sure if they were swiping them out of a wallet at rest or redirecting trades people were doing.
Question makes perfect sense. My understanding is that hackers could forge transactions and send money to their wallet. So they took the money from many wallets and moved it to one (or many) of their wallets.
Nobody can cancel those transactions, even if everyone can see them. That's by design (and that's what makes it great for criminal use-cases, among other things).
Wait, maybe not. Seems like it was taken from the BNB chain. Not sure if that's "created out of thin air", though... maybe closer to printing money from the central bank? Not sure xD
Thanks - no, my question was in this instance specifically, were existing tokens moved out of specific wallets thus immediatelly injuring specific entities, or were they generated and thus in a more diffused and deferred way hurt entire ecosystem.
Imagine creating a financial system that incentivizes some of the smartest folks in the world to legally spend nights and weekends robbing those that are less intelligent.
5. Find some sketchy guys who charge ~20-30% to go crypto -> wire transfer and don’t care about source of funds
6. Work with those guys to come up with documentation to placate compliance officers
This may not work forever because Dubai is probably going to have a big crackdown due to getting put on the FATF greylist. This also works in some Eastern European countries.
I thought Tornado Cash already spits out untraceable crypto. So it's not enough to use a mixer? Would you not be able to slowly withdraw from Tornado Cash and just exchange for fiat?
The government will ask you where you got the crypto from. This is why NFTs became huge. It's conceivable enough that you bought some for $100 and sold them for $10,000. When in reality you're just wash trading between your clean and dirty wallets.
Imagine you steal 10,500 ETH. Then you deposit it into Tornado Cash. Then a year later a new address withdraws exactly 10,500 ETH from Tornado Cash (100 ETH at a time). That would look pretty suspicious.
Exactly you should slowly withdraw from Tornado. But you cannot use companies like Coinbase Gemini et al because they will ask about source of funds after a certain amount which you obviously do not want to reveal and coins that pass through Tornado are tainted now due to Tornado getting put on the OFAC list so they may freeze your accounts. So that’s where the sketchy people come in.
all you need is plausible deniability . If the govt. cannot prove you stole, then they cannot just prosecute you for using tornado cash (as far as the US is concered). Of course, exchanges may refuse to accept your coins if they are tied to tornado cash.
Any US person who has interacted with Tornado Cash after the OFAC designation has commited a felony (IEEPA violation). That means all funds tracable to it can be subject to forfeiture, and if you are directly receiving amounts of money from Tornado that substantially exceed your income for the past couple years you make the governments forfeiture case even easier. You are right that they may not be able to charge you with the initial crime. That is why you would want to leave the US for a jurisdiction that doesn’t care about those kind of things and work with people who aren’t regulated.
My understanding is that exchanging crypto that's gone through a mixer, especially Tornado Cash, is getting more and more difficult. The major exchanges don't want anything to do with coins that have gone through a mixer. That's where a sketchy guy who charges a large percentage comes in.
Even if you manage to hide your tracks digitally on the chains, you still have millions of dollars you have to get out of a KYC off-ramp. You could possibly setup some sort of web service that offers something for crypto, but you'd have to believably falsify tons of customers and what you sold them. Again, this is assuming you've managed to perfectly hide the digital tracks and there's not an aggregated clear migration of the flow between the stolen funds and amounts ending in your account. Shady art and real estate deals are used in "real life", so maybe you could have some sort of NFT or metaverse thing going on. It'd be very difficult to pull off even over a long period of time, and you'd have a lot of people from all walks of life watching those funds, waiting for you to make a single mistake.
I would assume they'll try and push as much value into a currency that's meant to be untraceable (such as Monero or Zcash), move the money around a few wallets for safety, then start drip feeding to exchanges and claiming they got into the currency early by mining and are cashing out.
At least if I was going to risk a heist like this it's roughly what I would do.
If they are smart enough to pull this off, they are probably smart enough launder it. And you don't need to launder all of it. Just $20 million is enough to live like a king for the rest of your life.
The Bitfinex hack shows that this is not always the case. I get the impression that the two nitwits did the hack perfectly but just assumed that mixing with alphabay would be enough. Then they transferred BTC into exchange accounts under their real names.
If it is totally non-fiat, where you can buy housing, food, fuel, devices, luxury items, etc., etc., etc., you would not need to cash out to fiat.
But seriously, in the current world, if we have a half-billion dollars "worth" of legitimate (or laundered) cryptocurrency, what can you do with it in the real world, especially contrasted to what we can do easily if we have a $$half-billion in legit $, €, £, or ¥ deposits?
I don't think we could even buy a Tesla or a pizza anymore. Maybe some things on Craigslist that take crypto?
The entire crypto ecosystem seems insane to me. So for your money to be safe - you need to be sure that largely anonymous devs wrote bug-free code on some of the most complex parts of implementing already complex logical proofs. Oh and the Red Team has hundreds of millions of dollars of incentive to line-by-line your code and exploit it. Yeesh.
Writing programs that work is indeed hard. I suspect that the folks writing code for space exploration are good at their job. But it is different dealing with adversarial behavior.
> But it is different dealing with adversarial behavior.
That's your opinion. Integration tests on another planet are just as hard as integration tests across a crypto bridge. One can even argue that an integration test on another planet is more difficult.
Right - but I'm not personally trying to orbit Mars and 0% of my net worth is tied up in NASA contractors getting their units right, so that code quality doesn't impact me at all. Also no hopelessly conflicted VCs are underwriting Superbowl ads to get me to store my money with the next Climate Orbiter.
Early days of the internet, people were afraid to put their credit card into a website.
The main reason we are not afraid to do this today is because we usually get a refund if there is an issue. This is subsidized with the profits the credit card companies make from that 16%+ APY they charge people with revolving debt.
Credit card companies do all sorts of silly advertisements and cards get hacked all the time...
We can go in circles on these comparisons all day long. We have a choice... either keep the status quo, or try to work towards a future where we don't have to give up our privacy and information in order to just buy something on the internet so that we can have ads follow us around.
Whether cryptocurrencies are that solution, is irrelevant... the part where people are working on these sorts of things at all, is what I care about. I personally, would rather be able to provide liquidity and take out a loan without having to ask permission first.
This is because such bridges rely on proofs derived from other blockchains over which validators have no visibility. These add a huge amount of complexity and increase the attack surface. Simpler bridges such as capitalisk-dex https://github.com/Capitalisk/capitalisk-dex (written with only 5K lines of code including dependencies) have a lot smaller attack surface. The principle behind it is to rely on the security of underlying blockchains instead of adding a separate proof mechanism on top; DEX validator nodes have direct visibility over participating blockchains and work directly with on-chain data so they can verify everything directly using each blockchain's native cryptographic clients.
Isn't this the purpose behind tech like State Proofs on the Algorand network, i.e. trustless cross-chain activity is basically solved at this point + deprecates the need for any intermediary trusted bridges:
There is no silver bullet, every approach has benefits and drawbacks.
One of the drawbacks of the Algorand approach is that both participating blockchains involved a swap need to be aware of each other's block signers/validators in order to be able to verify each other's proofs.
These validator lists need to be kept up to date on both blockchains and this adds performance costs (since block validators can change over time).
A blockchain which serves as a hub for many other blockchains (such as the Algorand mainchain) would have to keep track of the state of validators on many different blockchains.
Recurring fees need to be paid in order to keep track of validator lists. This is not suitable for low-volume markets with low fees since trading fees need to be sufficient to cover the ongoing blockchain fees.
The Algorand approach is only suitable for certain blockchains where the block validator list is relatively stable and predictable, it's not suitable for a broad range of consensus mechanisms including proof of work.
With Algorand, the proof-generation Algorithm should ideally be baked into the blockchain consensus mechanism (this adds complexity and performance costs/fees to the blockchain).
Aside from having the proof algorithm baked into the blockchain's code, the alternative approach is to have a separate federation of 'proof validators' on each chain which are distinct from block validators...
This setup has essentially the same security characteristics as a standard multi-chain federated bridge (whose validators have visibility over both participating blockchains) except it has more complexity (risk/attack surface).
The benefit of the Algorand approach (assuming that the proof-generation is baked directly into the blockchain logic) is that it offers the maximum degree of decentralization (which matches that of the underlying blockchains). Though this is at the cost of higher fees. Markets based on it would have to have good volume in order to make it viable.
Finally, in practice, most smart contracts are controlled and can be updated by certain multisig wallets (and their members) so they're really just federations behind the scenes.
If memory serves, BNB itself was originally created and distributed to Binance customers as part of an attempt to make them whole for BTC losses from a hacking incident.
cross chain bridges, from my understanding, are layer 2 protocols that live on 2 chains at once using validators. Basically, you have nodes staking coins on both chains and they attest that the coins coming out of one side of the bridge are matched by coins going in the other side of the bridge
So for example you send some $FOO tokens to a contract on the ethereum side then get out $WFOO (wrapped foo) tokens from a contract on another chain.
I've been interested in these protocols for a while as a possibility of making crypto actually scalable and not a pyramid scheme (basically, imagine a network of interoperable chains powered by stable tokens like USDC, and using inter-chain protocols to transfer USDC between them as needed for load balancing).
That said, reality hasn't quite met my expectations, not yet anyways.
the bridges operate on the same general principle as proof of stake (mutual distrust of nodes through a protocol that involves staking coins)
The difference of course, is that if there's a flaw in proof of stake generally it means one person might control transaction flow and collect some transaction fees; if there's a flaw in a bridge then someone prints money and destroys bridge ecosystem
Proof of stake comes with a number of issues but let's put that apart.
PoW and PoS are means to achieve distributed consensus. It works for cryptocurrencies because writings to the blockchain are performative (what's written is true because the act of writing it makes it true). This can only work inside a given blockchain and only for its own cryptocurrency.
Which means it cannot be used to ensure anything that happens outside that blockchain. In particular all blockchain usage for certifications, traceability, of NFT-like things are essentially nonsensical. Similarly, I don't see how it could work for writings that happens on other blockchains. Whatever is written on blockchain A cannot be considered true in blockchain B without breaking the security model of blockchain B by making blockchain A a trusted third-party.
Where does a distributed consensus mechanism comes into play here?
Maybe it would be clearer with an example? Let's say someone wants to move X tokens from blockchain A to blockchain B, and that at the time of the move, X A-tokens are equivalent to Y B-tokens (trusting the exchange rate in itself is all another problem, but let's put it aside). How would that go?
> Whatever is written on blockchain A cannot be considered true in blockchain B without breaking the security model of blockchain B by making blockchain A a trusted third-party.
To be more specific, when I said "like proof of stake", what I meant is that there's a trusted pool of validators but the individual validators are not assumed to be trustworthy (only the pool in aggregate), and the validators use a adversarial staking model to punish dishonesty.
In the case of bridges, that pool is external to the chain. So yes, there is external trust happening.
I'll try to address your example, but I've researched this a while ago so I'm sure I could be off the mark.
For your example, lets say we're moving A-token in A-chain to wrapped A-tokens in B-chain, so we can easily assume it's a 1:1 exchange rate by construction. User moves 100 A-tokens in A-chain to a bridge smart contract and as data passes the address of their B-chain wallet.
A subset of validators in the trusted pool (chosen via some distributed protocol) together sign a multi-sig transaction that authorizes the bridge contract in B-chain to mint 100 wrapped A-tokens and send 99.9 of them to the destination address that the bridging user, and collect 0.1 of them as fee.
(If transaction were dishonest, a larger subset of validators would together sign a transaction purging those validators' stake in the pool; so the subset of validators chosen are honest out of desire to keep their staking capital and earn the 0.1 fee)
That's at a high level how it works. If you want the full details I recommend finding a technical writeup for a popular trustless bridge.
Thanks a lot for taking the time to write all this to explain clearly :).
As I feared, these mechanisms do break the assumptions that would make a blockchain useful in the first place. So it is not actually possible to move tokens from a blockchain to another in the security model that this technology exists for.
> that would make a blockchain useful in the first place
This is generally a matter of opinion :) But you are correct that it has a completely different security / trust posture compared to the underlying chain, so you can't simply say "ethereum works and solana works, therefor this bridge from ethereum to solana works"
> the bridges operate on the same general principle as proof of stake
Quick amendment here - most of the bridges operate on these principles. There are hundreds of cryptocurrencies, trading pairs and L2 chains that have zero accountability whatsoever. It's not written anywhere that these bridges have to operate without trust, and many of them straight-up don't.
Binance’s BSC chain implementation is not open source, however - it would be relatively straightforward for them to make a new release that arbitrarily rewrites history (like ethereum did).
It’s not like the people running the BSC daemon are critical about the code. It’s a blockchain run by a central dictatorial authority, if there is a “critical update release” then the nodes will upgrade.
Who was the victim? Were additional BNB minted? So everyone (every holder of BNB, that is) suffered some loss through inflation in proportion to their holding, theoretically?
just a slight supply inflation (binance smart chain deflation is greater than this over any month time span), about $80 million was successfully moved to censorship resistant blockchains but as they ran out of liquidity they had to move into censorable stablecoins, which were frozen for their addresses
all validators on binance smart chain disabled all block production and have subsequently updated to freeze the minting function and also disable the hacker's address
Is this stealing or double spending? The original concept was that double-spends were impossibru because proof of work.
Then someone pointed out hilariously the origins of BNB "token" in the first place - because ETH 2.0 PoW edition (not Ethereum Classic (ETC) that's a whole different boondoggle) recently migrated to PoS...
- Not a problem. It is a write-off for them.
- How is it a write-off?
- All these big companies do it - they just write it off!
- Write what off? You don't even know what a write-off is!
- Maybe I don't but they do. And they are the ones writing it off!
https://www.youtube.com/watch?v=XEL65gywwHQ