68% of total Ethereum transaction value controlled by one system(blog.cyber.fund) |
68% of total Ethereum transaction value controlled by one system(blog.cyber.fund) |
Given the other things Paragon has paid big bucks for (anything you can imagine, from paying Youtubers 5 figures per video to get their subscribers to 'invest' in them to paying for mass reddit vote manipulation to buying very expensive ads and sponsorship programs to lying about their company model, CEO, etc), it seems really out of place to me that this article links to them as the first link.
I figured I'd check and just let you be, figuring I'd not get involved.
So, I went to Google and entered, "Paragon ICO complaints Reddit."
In two minutes, probably less, I'd confirmed that they were as bad as you claim. I spent about a half hour and read a bunch. If anything, you didn't even mention some of the biggest issues.
The whole thing is shady as hell. They mysteriously went from two to five 'programmers' retroactively. Not only will they not name the programmers, they won't show any of their previous work, such as a GitHub account. The owner probably isn't the owner, but is her husband and he has a storied past that makes me question his ethics.
And it goes on and on. It's like the Equifax of crytocurrency, with regards to a continued stream of negative results. One of the complaints is that they are just in it for the money. Well, yeah... I can see that. I can even rationalize that. But, instead of sticking with their agreed pre-sale amount, they sold like five times as many coins.
How the heck is this even legal? I bet US currency was involved and it has been shown before that that's all it takes for the US Feds to get involved and go stomping across borders.
Seriously, how is it legal?
You didn't even exaggerate! They appear worse than your claim!
As for how they ended up on that site and as the top-most link, I find it hard to give the benefit of doubt. It took me one single search to confirm what you said. I only spent the additional time because I like a good train wreck.
I will give them some credit, their balls must need a cart to carry them around. This kind of money attracts strong enemies, regardless of the legality. There is no way in hell that this is legal.
As far as legality goes, it's difficulty to say. I think that a project like this is likely paying lawyers good money to make sure they stay 'in the green', but lawyers can only do so much to protect you when you do the things that they're doing. We all know that projects like Paragon and many others are the reasons why regulations will come even harder in these areas.
As for to what extent the law needs to protect investors from making terrible investments, I'm not sure, the game changes a lot when companies start completely lying to their investors, and that does seem to me (as a non-lawyer) like one of the many good places where lines can be drawn.
Legal? That's Big Government! Crypto is freedom, no gods, no masters! We know better than 300 years of banking, investing, and laws!
/s obviously
Also the ReplaySafeSplit and related contracts were due to the ETH/ETC split, you had to move your coins to be safe.
I see no evidence of a "mixer" being the cause.
I don't understand how the author could group all temporary addresses, see the top inputs/outputs as all exchanges, and then claim some nefarious mixer was responsible.
Ethereum should allow sending directly to 0xAddr#input where input could be kind of tag that is used to identify you.
Normally this is used for function calls to contracts. An exchange could make a contract that lets the user put in their userId when sending eth, and then everybody would be sending to the same address while still being identifiable. It would even be possible to reject deposits which do not include the userId, or which have an unknown userId.
I think the main reason exchanges don't do this is that they deal with lots of cryptocurrencies, so they use the simplest method that works for all of them: just make a unique deposit address for each user.
Please see Vitalik Buterin response to this before reading.
https://medium.com/@VitalikButerin/i-think-this-article-real...
You pay the exchange x euro, the exchange gives you y ether to adress (temp) E, then you transfer from E to your own wallet K
Is this mixing somehow involved with a scheme to pump the price?
First, Ethereum was found to be the perfect Ponzi scheme platform by dubious “ICO“ initiators.
Then, early investors made a huge bunch of money on these ICOs.
Then the price skyrocketed, as more people wanted some of that easy ICO money.
This in turn made the mixing services insanely popular, as all of those ICOs had to cash out, and knowing that their business was of dubious nature, many decided to obfuscate the target addresses of their ether via mixers to protect either OTC buyers or their personal accounts on exchanges from being linked with the ICO addresses.
So, if you buy a stock at $10 and it goes up to $100, your CGT liability is a certain percentage of $90 ($100 - $10) upon liquidation.
If you buy a stock at $100 and it goes down to $10, you end up with a $90 (generally carry forward, some jurisdictions allow carry backwards) loss that can be used to offset other gains.
https://etherscan.io/chart/address
It's going to screw up a lot of analysis.
The first analysis about temporary addresses makes sense. Addresses used only for one hour. But what bearing does "transaction value" has? The real metric of a mixer controlling a currency would have been number of transactions. Mixing is about spreading the transactions far and wide and across many addresses to make it difficult to trace. When you look at the graph below, the mixer accounts for barely 11% of the transaction volume.
If I go further and read about the core and shell, the analysis falls apart even more.
The idea proposed is that the shell accounts are the ones responsible for generating output and inputs to external accounts like the exchanges and also talk to core which consists of 90% temporary accounts. Fair enough.
"In the end, it turned out that the total amount transferred into and out of the core is 4 times higher than the total that entered and left the shell and the core taken together." How is this even possible?
If assume flow of 1 ETH ignoring fees. Poloneix -> Shell -> core -> Shell -> Kraken
From the statement "total that entered and left the shell and the core taken together" = 1 ETH into shell + 1 ETH into core + 1 ETH out of core + 1 ETH out of shell = 4ETH
Total for core is 2 ETH - 1 in and 1 out. If shell is there to interact with the core, how is core doing 4 times the amount. Unless of course the confusion is dividing the total in and out of 4 by actual transaction of 1 ETH.
All exchanges need to segregate customer amounts to ensure everything works smoothly. Let's assume I have 1 ETH, then sent it to Kraken. No trades done and simply withdrew the ETH. Here's what will happen:
Me -> Kraken Temp account + network fees (mostly pool accounts ~ 0.0002) -> Me + Kraken account for withdrawal fee ie 0.005 + network fees (again pool)
In which case, two scenarios can occur:
a. Kraken temp account is tagged - So my account and pool accounts can be considered to be the shell. The in and out total for me is 1.9946 worth of ETH (1 ETH out + 0.9946 ETH in after Kraken and network fees). On the block fees side, in and out of the shell is 0.0004 ETH. Total is 1.995 in and out of the shell. While Kraken is doing 0.005 ETH.
b. The worse case scenario - Kraken temp account is unmarked. In this case the temp account becomes the shell while my personal account and pool becomes the so called core. Now this happens: Core transaction volume - 1.995 ETH Shell or Kraken temp account - 0.9998 In (after fees) + 0.9946 out (after Kraken and network fees) = 1.9944 ETH Kraken - 0.005 ETH
Actual volume is 1 ETH but counting the transaction volume blows this thing up.
Deposit addresses aren't shared across accounts. The re-shuffling of the coins is for the exchanges security and accounting
Tracking the bill doesn't help, because as soon as it's in the bank, what happens to it (and how it's exchanged), is hidden from you. Mixers work the same way.
1. Your transaction goes into their address
2. Their address is always transferring money to accounts.
3. Sometime after you pay them, some amount, not quite the same, leaves their address to an address you control, but which has no established connection to you.
So an observer can see:
1. That you put money into the mixer.
2. The full list of addresses the mixer payed 'out' to (very long).
Which allows them to say if an address has "mixed" money but not to determine which account is connected to which person. If you're careful and you don't transfer any coins to addresses linked to your 'real world' persona, it becomes difficult to trace the account containing the 'mixed' coins to you (though trivial to identify it as coming from the mixer).
A --> B
A --> B --> C --> ...--> Z
Are there alternatives to BTC and ETH that have inherent privacy?
How do Feds not crack down on these "mixers"?
In my opinion XMR/Monero are the only implementation to do it all the way through, so it's what I prefer but as with all things, you should research what the differences are and which is better for you. ZCash has a higher value per coin right now and is probably more accepted than XMR/Monero.
There are going to be some regulatory changes coming down the pipe, I think. They don't have to try to use tech to prevent the use of cryptocurrency, they need only make it against the law and make use of discretionary prosecution. That's probably one of the weaker tools in their arsenal.
I figured if I was doubtful, other people might be doubtful. Rather than have you be dismissed, it seemed to me that confirming your post was the prudent thing to do.
I was pretty shocked. That's fodder for a whole HN link and thread. I really figured you were blowing it out of proportion. Nope... Hell, the list of complaints goes on and on.
I'm reminded of when drones were gaining in popularity and people, notably on Slashdot, were saying all the things they were doing and how nobody could stop them. I told them that is how you end up with draconian regulations. I was moderated quite heavily in the downward direction. Fast forward a few years and they are complaining about draconian regulations.
Which is to say you're right. They are going to end up coming down on this, and coming down on this hard. I'm sure some rebels will say it can't be prevented, but laws don't work like that. They don't prevent anything. They'll just make cryptocurrency illegal, use and possession, and selectively prosecute the offenders.
That's worst case scenario, I guess. They may just regulate ICOs heavily and stop the regular person from investing. I doubt that will bother the wealthy and established players much. Even better, they'll be doing it 'for your own protection.' Those sound bites will appeal to the masses.
By the way, this is one of those times I wish an HN poster had been wrong.
So maybe companies like Paragon will get in trouble with the SEC for their dealings, even if they do not sell 'securities'.
Didn't the SEC publish a report declaring their stance as ICOs = securities? Doesn't seem that difficult to go from there.
Neither requires re-shuffling. It's just for convenience and what be even more convenient if every blockchain tx included who they are trying to deposit to providing inputdata even for regular transfers. Like a tag, "these 10 eth for personal_Hash=abc123"
So I'm pretty certain even if it were supported, individual addresses would still be the better choice due to ease of use.
In reality, you probably need to batch a few customers together: 10 customers putting in 1 BTC, 1 customer putting in 10. But these don't need to be long-lived groups, if the mixer has the volume. So "their address" would only be the same for a few customers. An attacker would need to constantly make transactions to determine the addresses involved.
Most mixers give you completely "clean coins": That is there's no transaction chain from your inputs to your outputs. So they are probably doing some sort of system similar to what I describe.
The only person you would ever have that conversation with would be the IRS (or your local tax authority outside of the US), and they are bound by confidentially.
Monero's less theoretically secure, and indeed, there's no info on how to safely "launder" coins through Monero. Ringsize is very small, at 5. But it seems to be a proper community effort and probably the best contender right now.
Dash is mired in mishaps, from its inception and instamine as Darkcoin. A single user or group of users hold magical keys that can undo 24 hours of blocks. They have centralized nodes and the mixing scheme isn't even theoretically secure.
There is no "official" recommendation of how to securely launder coins in Monero. What you can do is to send the coins to yourself a number of times using the default ringsize or "churning".
" We at the Lab previously thought that one possible solution to knacc's described attack would be churning, where one sends funds to oneself multiple times before using at a merchant. Unfortunately, this leads to chains of self-referential transactions, which leave an undesirable and identifiable statistical signal. "
Now the follow-up I've gotten says that this just means you can't churn too quickly. There is still no analysis of how often to churn, how long you need to wait, and on and on, until you're safe. The Monero wallets offer no way to manage your inputs either, so if you ever re-use a wallet (exchange->WalletA->WalletB a couple times) you'll leave even more of an trace.
So the number one idea that springs to mind, Exchange->Monero->Exchange, might be a worst-case scenario where you can easily be linked with a high probability. Especially when the approximate input time is known.
For instance, if you know a target exchanged Bitcoin in a certain transaction, you can simply trace all possible chains from that output and see when one hits an exchange, prioritizing shortest first: if an exchange output goes right back to an exchange, that's probably enough to get a warrant or targeted investigation.
Furthermore, an attacker could make a bunch of transactions so other transactions use known inputs, reducing effective ringsize even more. This wouldn't be very expensive at current volumes.
Even still, Monero still seems far ahead of competition. My biggest concern is that they don't put any sort of disclaimers, and incorrectly state it's untraceable. This will get people into trouble. The Tor Project does a far better job of being clear with the risks and shortcomings. The Monero community, mostly, seems to just advertise as if everything was solved. That plus the ridiculously low ring sizes feel rather irresponsible.
I buy 10oz of gold for $1000 (this was a while ago), this week I exchange my gold for a different 10oz of gold (less a small commission to the exchange) currently worth $10,000 - is that a taxable transaction? I suspect yes
From your answer, you sound very knowledgable in this area - could you advise some good resources to learn more?
https://monero.stackexchange.com/questions/5682/how-do-i-use...