Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 01-15-2022, 06:18 AM   #121
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2008
Posts: 5,671
https://arstechnica.com/information-...pto-last-year/

So if crypto theft is frequent how many people are being burned?

Would it reduce demand if enough people who were victimized decide to stop trading crypto?
explanade is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

The Cryptocurrency Thread 2
Old 01-15-2022, 09:57 AM   #122
Thinks s/he gets paid by the post
Markola's Avatar
 
Join Date: Nov 2013
Location: Twin Cities
Posts: 2,872
The Cryptocurrency Thread 2

^^^^ “Until the cryptocurrency industry figures out how to secure itself against those hackers—or to prevent their coins from being laundered and converted into clean bills—the Kim regime's illicit, ethereal revenue stream will only continue to grow.”

The risks and frictions entailed in owning cryptos directly certainly do dampen demand. That’s part of the opportunity. This is still a brand new asset class that is undergoing capitalist creative destruction toward simpler and safer trading and storage methods, ultimately resulting in ETFs that handle it all for average investors at cheap expense ratios. For example, 2020 it became possible to own a few different cryptos extremely simply on Venmo, PayPal and Square Cash App.

The trade off is, once all the kinks and risks are ironed out, much of the early, asymmetric opportunity will have been enjoyed by those who jumped in earlier. Very early Bitcoin pioneers who somehow managed to retain their coins, keys and wallets and survived various disasters like the Mt. Gox exchange theft, and North Korean looters, are sitting on some life-changing stashes that the rest of us buying now at $43,000 can only dream of. My bet is that future buyers ten years from now will think those of us wading through the swamps to buy Bitcoin at $43,000 will also look pretty good - if we don’t sell and if our various storage methods work out. If it goes to zero, well, I haven’t bet enough to hurt me. YMMV.
Markola is offline   Reply With Quote
Old 01-15-2022, 10:45 AM   #123
Thinks s/he gets paid by the post
 
Join Date: Aug 2006
Posts: 1,554
This about the funniest thing I’ve ever seen. This is a real project, not a parody, but I don’t think a parody video could actually be more ridiculous. I’ve watched about a half-dozen YouTube videos digging into the details of this.

Cryptoland

This is the Fyre Festival of Crypto-



Caveat Emptor baby!
Hamlet is online now   Reply With Quote
Old 01-15-2022, 10:46 AM   #124
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 13,269
Quote:
Originally Posted by explanade View Post
https://arstechnica.com/information-...pto-last-year/

So if crypto theft is frequent how many people are being burned?

Would it reduce demand if enough people who were victimized decide to stop trading crypto?
This is an interesting article. How can this happen if Crypto is secured by Block Chain tech that can't be broken/faked/side-stepped by bad guys?

Here's an interesting quote from the article:

Quote:
One reason the hackers have focused on cryptocurrency over other forms of financial crime is no doubt the relative ease of laundering digital cash. After APT38's Bangladeshi bank heist, for instance, the North Koreans had to enlist Chinese money launderers to gamble its tens of millions at a casino in Manila to prevent investigators from tracking the stolen funds. By contrast, Chainalysis found that the groups have plenty of options to launder its stolen cryptocurrency. They've cashed out their gains through exchanges—largely exploiting ones based in Asia and trading their cryptocurrency for Chinese renminbi—that have less-than-stringent compliance with "know-your-customer" regulations. The groups have often used "mixing" services to obscure the money's origins. And in many cases they've used decentralized exchanges designed to directly connect cryptocurrency traders with no intermediary, often with little in the way of anti-money-laundering rules.
__________________
The worst decisions are usually made in times of anger and impatience.

Self proclaimed President for Life of Outliers United.
Chuckanut is offline   Reply With Quote
Old 01-15-2022, 12:01 PM   #125
Thinks s/he gets paid by the post
Markola's Avatar
 
Join Date: Nov 2013
Location: Twin Cities
Posts: 2,872
Anyone can have custody of Bitcoin, just like anyone can have a suitcase of $100 bills. If you don’t want North Korea to steal it from you, you are gambling that your chosen custodial method isn’t sloppy and can’t be hacked. The encryption and protection of the underlying Bitcoin itself is a different matter altogether, and relies on a vast Proof of Work system that you’ll have to read up on, such as in the Alden article from post #33 above.
Markola is offline   Reply With Quote
Old 01-15-2022, 06:26 PM   #126
Recycles dryer sheets
 
Join Date: May 2010
Posts: 365
Quote:
Originally Posted by Chuckanut View Post
How can this happen if Crypto is secured by Block Chain tech that can't be broken/faked/side-stepped by bad guys?
The Blockchain is more like impossible to counterfeit currency. You can not duplicate it or create a fake version. (Forking might be another discussion)

But is not impossible to break into the 'bank', cut through the 'vault' door and escape down the secret tunnel with the cash.

In these cases of crypto theft someone left the 'bank' unlocked to some degree. Sometimes this is straightforward password security but can also be a software design oversight/error that leaves a way for hackers to get into the code and send off the tokens to another address.

Even though it is hackers creating the blockchain transaction, the transaction itself "can't be broken/faked/side-stepped" In the same way that someone robbing the bank does get real money.
captain3d is offline   Reply With Quote
Old 01-16-2022, 08:21 AM   #127
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 2,180
Kosovo cracks down on mining...

Used To Free Electricity, Kosovo's Bitcoin Miners Are Now Facing Difficult Times After Ban
January 12, 2022 16:25 GMT
https://www.rferl.org/a/kosovo-bitco.../31651114.html
jim584672 is offline   Reply With Quote
Old 01-16-2022, 10:01 AM   #128
Thinks s/he gets paid by the post
 
Join Date: Aug 2006
Posts: 1,554
Quote:
Originally Posted by captain3d View Post
The Blockchain is more like impossible to counterfeit currency. You can not duplicate it or create a fake version. (Forking might be another discussion)

But is not impossible to break into the 'bank', cut through the 'vault' door and escape down the secret tunnel with the cash.

In these cases of crypto theft someone left the 'bank' unlocked to some degree. Sometimes this is straightforward password security but can also be a software design oversight/error that leaves a way for hackers to get into the code and send off the tokens to another address.

Even though it is hackers creating the blockchain transaction, the transaction itself "can't be broken/faked/side-stepped" In the same way that someone robbing the bank does get real money.
The difference being that if the bank is robbed, you are generally still getting your money back.
Hamlet is online now   Reply With Quote
Old 01-16-2022, 05:00 PM   #129
Thinks s/he gets paid by the post
Markola's Avatar
 
Join Date: Nov 2013
Location: Twin Cities
Posts: 2,872
Quote:
Originally Posted by Hamlet View Post
The difference being that if the bank is robbed, you are generally still getting your money back.


It the depends on the storage method. Coinbase had a breech this fall, when someone was able to scam some Coinbase clients out of their text-based two factor authentication codes and stole some coins that were sitting in trading exchange accounts. Coinbase pledged to make the clients whole and encouraged clients to use 2fa authentication apps instead of texts. They also have FDIC insurance for any cash sitting on the trading exchange.

Clients who instead move their coins from the trading platform into the Coinbase Vault are, we hope, far more secure, because the vault is not connected to the internet. It’s the difference between putting a swarm of hornets in a locked cave under a glacier, rather than letting the hive stay under the roof of your barn and hoping something bad doesn’t happen. Digital asset owners have to take responsibility for their credentials, actually very much like Vanguard clients do, in my experience.
Markola is offline   Reply With Quote
Old 01-16-2022, 05:07 PM   #130
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2008
Posts: 5,671
Quote:
Originally Posted by Markola View Post
It the depends on the storage method. Coinbase had a breech this fall, when someone was able to scam some Coinbase clients out of their text-based two factor authentication codes and stole some coins that were sitting in trading exchange accounts. Coinbase pledged to make the clients whole and encouraged clients to use 2fa authentication apps instead of texts. They also have FDIC insurance for any cash sitting on the trading exchange.

Clients who instead move their coins from the trading platform into the Coinbase Vault are, we hope, far more secure, because the vault is not connected to the internet. It’s the difference between putting a swarm of hornets in a locked cave under a glacier, rather than letting the hive stay under the roof of your barn and hoping something bad doesn’t happen. Digital asset owners have to take responsibility for their credentials, actually very much like Vanguard clients do, in my experience.

Wait, so the thieves had access to their SMS numbers and were able to get into their accounts?

Because they must have had their emails and passwords as well.
explanade is offline   Reply With Quote
Old 01-16-2022, 05:10 PM   #131
Administrator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Land of Florida Man
Posts: 35,992
Coinbase FDIC insurance needs to be understood. They do not hold the cash in customer accounts (Coinbase calls them fiat balances). Instead, Coinbase aggregates these balances and deposits them in real banks. If one of those banks goes under, the deposits are FDIC insured on a pass through basis. Coinbase, however, is most definitely not FDIC insured.

Their statement on insurance does not inspire me to entrust my assets with them. https://help.coinbase.com/en/coinbas...inbase-insured
Quote:
Coinbase carries crime insurance that protects a portion of digital assets held across our storage systems against losses from theft, including cybersecurity breaches. However, our policy does not cover any losses resulting from unauthorized access to your personal Coinbase or Coinbase Pro account(s) due to a breach or loss of your credentials. It is your responsibility to use a strong password and maintain control of all login credentials you use to access Coinbase and Coinbase Pro.
The way I read that statement, if all of Coinbase is hacked, their insurance will pay up to the limits of the insurance, but if my account is hacked, I’m SOOL.

Also, the way I read it, if I have cash in a Coinbase account that’s not bundles into an FDIC bank and it’s lost by Coinbase, I’m once again SOOL.
MichaelB is online now   Reply With Quote
Old 01-16-2022, 06:01 PM   #132
Recycles dryer sheets
 
Join Date: Apr 2007
Posts: 492
Quote:
Originally Posted by explanade View Post
Wait, so the thieves had access to their SMS numbers and were able to get into their accounts?

Because they must have had their emails and passwords as well.
I think it had something to do with an exploit in the code that related to changing the 2FA choice on the account.
joesxm3 is offline   Reply With Quote
Old 01-16-2022, 06:07 PM   #133
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: May 2008
Posts: 5,671
Quote:
Originally Posted by joesxm3 View Post
I think it had something to do with an exploit in the code that related to changing the 2FA choice on the account.
So Coinbase was hacked, not some customer who had their login and password and their phone number compromised?

That's worse for Coinbase's reputation.
explanade is offline   Reply With Quote
Old 01-16-2022, 06:11 PM   #134
Recycles dryer sheets
 
Join Date: Apr 2007
Posts: 492
Markola,

I think your view of how Coinbase handles your bitcoin might be a bit off. Originally I thought along the lines you seem to be following. That is, that when I bought a bitcoin on Coinbase there was a key related to that that Coinbase held on my behalf.

I may be wrong, but I don't think it works exactly like that. Your bitcoin on Coinbase is more accurately thought of in the same way as your FIAT dollar in a bank account. Your bank account balance is a liability of the bank rather than dollars in a vault. In the case of the bank, you are an unsecured creditor and at the bottom of the pecking order in a bankruptcy (maybe protected by FDIC up to the per account limit).

With Coinbase, you have an IOU for the amount of bitcoin in your account. The actual trading is just numbers within the Coinbase database. For all I know, they may be running some sort of fractional reserve banking and loaning out bitcoin that is deposited to places like Celsius that pay yield on crypto.

When you want to withdraw, they have to come up with some bitcoin to send you in the same way that your bank has to come up with some physical dollars. One forum that I follow had complaints of withdrawals of Solana from Coinbase taking much to long and it was posited that Coinbase may have had to scrounge up the Solana for the withdrawal.

In the case of the Coinbase "vault", I don't think that they actually move "your" bitcoin to cold storage. Coinbase probably keeps a large percentage of its bitcoin in cold storage as part of their corporate risk management strategy, but "your" bitcoin in the vault is just an IOU the same as in your regular account.

I may be wrong, but I think that the vault feature is simply a time delay process on withdrawals from your account rather than a process for securing your particular bitcoin.
joesxm3 is offline   Reply With Quote
Old 01-16-2022, 06:21 PM   #135
Recycles dryer sheets
 
Join Date: Apr 2007
Posts: 492
Quote:
Originally Posted by explanade View Post
So Coinbase was hacked, not some customer who had their login and password and their phone number compromised?

That's worse for Coinbase's reputation.
Here is a cut-past from the coindesk article. I am not pasting a link because my anti-virus popped up while I was doing the Google search for this article.

It seems that it was a combination of using social engineering or phishing to get the email or credentials and then exploiting the SMS 2FA flaw.

Reading between the lines here I think it may have been fake web sites that people logged into. I saw a forum warning recently about a site called "coinbase pro dot com" that was fake.

[article text follows]

A vulnerability that allowed hackers to bypass Coinbase’s multi-factor authentication SMS option has affected at least 6,000 of the exchange’s customers, according to a notification letter sent to affected customers that the company has filed with the California state attorney general offices.

Between March and May 20, the hacker or hackers used a flaw in Coinbase’s account recovery process to get the SMS two-factor authentication token to break into customers’ accounts and transfer funds out of them.
The bad actor or actors also had access to the email address, password and phone number associated with each Coinbase account. Coinbase believes that the hacker stole those credentials through a phishing scheme and noted in its letter to the California AG that it has not found evidence of the hacker getting this information from Coinbase itself.

“We took immediate action to mitigate the impact of the campaign by working with external partners to remove phishing sites as they were identified, as well as notifying the email providers impacted,” a Coinbase spokesperson said via email. “Unfortunately we believe, although cannot conclusively determine, that some Coinbase customers may have fallen victim to the phishing campaign and turned over their Coinbase credentials and the phone numbers verified in their accounts to attackers.”
Coinbase said it is compensating customers for the stolen funds, but it’s unclear whether those payments are being made in fiat or crypto.
The exchange recommended that users switch to a more secure version of multi-factor authentication such as a hardware security key or authentication app.

This appears to be one of the largest breaches to have affected Coinbase. Other notable breaches included a password glitch in August 2019 that stored 3,500 customer passwords in plain text on an internal server log, although outside parties didn’t take advantage of the vulnerability. In the same month, Coinbase revealed the details of a sophisticated attack that was blocked by Coinbase but that resembled what would normally happen in a nation state-sponsored attack.
joesxm3 is offline   Reply With Quote
Old 01-16-2022, 07:43 PM   #136
Thinks s/he gets paid by the post
Markola's Avatar
 
Join Date: Nov 2013
Location: Twin Cities
Posts: 2,872
Quote:
Originally Posted by joesxm3 View Post
In the case of the Coinbase "vault", I don't think that they actually move "your" bitcoin to cold storage. Coinbase probably keeps a large percentage of its bitcoin in cold storage as part of their corporate risk management strategy, but "your" bitcoin in the vault is just an IOU the same as in your regular account.

If you can find something definitive, I’d be interested. What Gemini of Binex or other exchanges may do differently is not relevant to me, or do I wish to maintain my own cold storage wallet. Here’s a typical discussion of the Coinbase Vault.

https://financebuzz.com/is-coinbase-vault-safe
Markola is offline   Reply With Quote
Old 01-16-2022, 07:58 PM   #137
Recycles dryer sheets
 
Join Date: Apr 2007
Posts: 492
Quote:
Originally Posted by Markola View Post
If you can find something definitive, I’d be interested. What Gemini of Binex or other exchanges may do differently is not relevant to me, or do I wish to maintain my own cold storage wallet. Here’s a typical discussion of the Coinbase Vault.

https://financebuzz.com/is-coinbase-vault-safe

I doubt that I can find specifics. But the way it seems to me is that the vault is similar to a gold bu!lion storage facility where they offer both general and segregated storage. With general, you send them a coin and you get a coin back, not necessarily the one you sent in. With segregated you get a container to hold your specific coin. My guess is that Coinbase free vault is like common storage. Just think how complicated it would be to generate private keys for each customer and to maintain and back up those keys.

The article said 98% of your vault was offline. If it had a personal private key, would it not be 100%.
joesxm3 is offline   Reply With Quote
Old 01-16-2022, 10:21 PM   #138
Thinks s/he gets paid by the post
Markola's Avatar
 
Join Date: Nov 2013
Location: Twin Cities
Posts: 2,872
Coinbase Vault works for me at present. I like the added encryption and ease of use, and my judgment and research indicates they are trying to be a reputable public company that stays in business long-term. When some coins were stolen from the trading accounts with a phishing scam (that could happen to any regular brokerage, too), Coinbase compensated the account holders. If anyone is a fan of the the NPR podcast “How I Built This,” there is an episode with founder Brian Armstrong you might enjoy.

Everyone who wants to own digital assets has to choose a solution that works for them. No solution is perfect, either. If you decide to take personal custody in a cold storage wallet, for example, the device could be stolen, broken, lost, burned up or the same could happen to the keys and seeds. If you take custody in one of the many hot wallet services, what happens if they go bankrupt? Same for the storage device gadget companies. Who is to say they will still be around and supporting their apps, websites and devices in 5-10 years? And there are lots of exchanges with people’s assets that surely will not survive the test of time. What if some exchange registered in some offshore haven just winks out one day with everyone’s coins, a la Mt. Gox? Or, a person could buy a derivative, such as GBTC or Micro Strategy stock, with all the fees and stock risks entailed. It is truly caveat emptor.

I wonder what Fidelity Canada’s solution is for its ETF.
Markola is offline   Reply With Quote
Old 01-17-2022, 08:25 AM   #139
Thinks s/he gets paid by the post
Markola's Avatar
 
Join Date: Nov 2013
Location: Twin Cities
Posts: 2,872
Anyone going to Bitcoin 2022 in Miami Beach? Looks amazing.

https://b.tc/conference/
Markola is offline   Reply With Quote
Old 01-17-2022, 10:01 AM   #140
Thinks s/he gets paid by the post
Mr._Graybeard's Avatar
 
Join Date: Apr 2011
Posts: 2,491
A local newspaper has a "troubleshooter" column that readers can turn to if they can't get satisfaction from a business or government agency. In last week's column the reporter was asked to help someone whose Coinbase account apparently was getting unauthorized use. The reader was getting no help from Coinbase. The columnist tried to intercede but also got stonewalled by Coinbase. https://madison.com/wsj/news/local/a...me-top-story-1
__________________
Tick tick tick tock goes the clock on the wall as we're dancing the evening away -- Tick Tock Polka
Mr._Graybeard is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 10 (3 members and 7 guests)
finnski1, Hamlet, kwright396
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


» Quick Links

 
All times are GMT -6. The time now is 11:51 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2022, vBulletin Solutions, Inc.