Imagine if every person you interact with could "be their own bank", and define the logic between your transactions. It's fully transparent, so you can audit it as much as you want to - but still, that's the amount of headache you'd have to deal with, to fully trust the other part.
There are lots of upsides to this, but there's no shame in saying: No, I'd rather not. I'll keep trusting the trust-based system I've been using since forever.
Also it seems strange to hold most of it in aETH, wouldn't you want to diversify a bit?
I don't understand why a startup working on aircraft design is linked to crypto at all. If you have $100M in ETH, the first thing to do is to convert it to USD and put it in a bank, preferably a large one. Then use the money to run your startup. Why would you keep your money in a crypto wallet? Why would you model your startup as a DAO?
Not really, it seems like the usual being extra flattering to earn favours (or worse). The first two messages would have raised several red flags with me.
> He's currently working at Ubisoft and offers to help with 3D design and animation
Like if I worked for Ubisoft I'd have time to do 3D design for free for some other company.
Why is that so hard to believe? It's like suggesting that no professional software engineer would ever contribute code for free into an open source project in their free time. My basic assumption if somebody send a patch to an open source project is not that I'm being social engineered -- it is that they're either using the software or interested in the domain.
No doubt this is often genuine goodwill, but it's also an effective technique for recruitment (it's longstanding practice for evangelical religions and MLMs), and it creates a situation where a lot of self-interested people looking to get rich quick are mingling in an environment where it's perfectly common to make generous offers with no expectation of return.
It's like going to a tech meetup where there are a lot of people working on startups, and who might buy a few rounds at the bar afterwards in exchange for maybe attracting an interested investor or cofounder, but where there's a chance that drinking a seemingly normal beer might give them access to your bank account.
I love that he wasted 2 weeks of these scumbags and exposed them. I hope they can trace their email address and nab the real people.
This part wasn't a guess, it's publicly available information known from the outset
-invite Thomas to a private Airbus VTOL demo day in another city
-buy him first class ticket
-offer to send a limo to the airport
-send a limo with a big guy holding a wrench
-instant $100mil profit
If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it. Note this one:
"Avoid [...] generic tangents."
At least there are uses for ETH
In case it helps: the first two comments you posted with this account (a couple weeks ago) were much more substantive and much more along the lines of what we're looking for.
the world is not anymore the way it used to be, mm mm NO NO No! Bitconeeeeeeeeeeeeeeeect wooo bitconnect! We are coming and we are coming in waves. We are starting and to actually go all over the world. We all built the entire world.
Me? Im just out there fiat mining, stacking sats…
I'm calling them out for that -- perhaps in a way that's too terse, but at least I'm not completely derailing the conversation like they're doing. But thank you for prompting a longer response from me.
There's too much money in the system now for it to all be from mom-and-pop marks. That's just not a viable explanation at these market capitalizations. That's not to say that average people aren't going to find out that they're long crypto - but it'd be in the way they found out they were long real estate.
Yes, Coinbase, Binance and other big exchanges offer OTC trading where you can trade pretty large amounts without impacting the market at large.
It's not difficult if the source of your cryptocurrencies is legitimate, while difficult if you have a hard time explaining how it's legitimate. I think the system works as intended.
At $100M you would want to split trade across exchanges and probably some defi too, but yeah, you could. Eth has about $10M/-2% on major exchanges.
Not that you would need to convert to fiat. If you ran your own island, just pay for goods and labor in Bitcoin or Ether directly.
And aside from KYC issues, another recently posted article pointed out that when a single individual tried to unload around a 1500 BTC (%0.03 of the coins in circulation at the time) it caused a liquidity crisis that crashed the market by 20%.[1]
In this case the individual in the Twitter thread has an amount of ETH of that magnitude.
Basically because crypto is performing the job of a speculative asset it results in the liquidity issues that you would see in things like company stock.
[1]: https://blog.dshr.org/2022/02/ee380-talk.html?m=1 (see footnote 11. The gist is that this sale put enough pressure on the order books that a lot of leverage positions cascaded into selling as well causing the flash crash)
I'm neither. I treat it as a protocol like HTTP, use it where it makes sense, don't use it where it doesn't make sense.
When I say the "system", I'm referring to the system of centralized currencies. Banks have always wanted to know where large sums come from, and where they are going to, as the government will ask them questions about it and they like to be prepared.
> And aside from KYC issues, another recently posted article pointed out that when a single individual tried to unload around a 1500 BTC (%0.03 of the coins in circulation at the time) it caused a liquidity crisis that crashed the market by 20%.[1]
Not sure what KYC issues you're referring to. They are only a issue if you're having a hard time explaining where the money comes from. If you have a legitimate source for your funds, it's a couple of emails with some attachments to pass the KYC/AML checks that the major exchanges perform. Same thing will happen with you bank, and they normally will accept the same amount of evidence you send to the exchange.
And yes, if you try to offload 1500 BTC on the open market the market will correctly adjust. That's why I wrote about the OTC offers in my initial message, that's normally how you want to offload/purchase a large amount, as it's not gonna change the pricing on the open market, as you manually match buyer/seller.
1. Immutability
2. Decentralization
3. Cheap, fast, secure cross-country money transfers
4. Protection against inflation
5. Independence of banks or arbitrary freezes of your funds
6. Access to a vast variety of financials services
7. Is quite likely the replacement of money
The fact that people still don’t get that in 2022 is astonishing.
>2 is increasingly untrue
That’s also incorrect, Ethereum has become more decentralized every year
> 3 and 6 aren't inherent benefits of Ethereum and 5 aren't true Yes they are. Ethereum is deflationary and will became three times more inflationary later this year.
> 7 is speculative and begs the question.
No speculation here, check here yourself for just a small overview https://www.defipulse.com/
2. No one is responsible for anything, you'll never get any support, and one day the decentralized consensus might be to abandon the whole system.
3. It takes 16 seconds for a transaction to post and the average transaction fee [a] is over $2. Cross-country money transfers (assuming you mean international) benefit money launderers and criminals a lot more than me.
4. I never understand this sentiment. Thousands of tokens have been invented to create hundreds of billions of dollars. If the federal reserve told everyone they could print their own fiat and have it accepted at the bank, what do you think would happen? Inflation, right? Think of it another way. If the liquidity for the market is fixed in the sense of the amount of fiat people are willing to bring in, then every token mined or minted is diluting the value of anything you're holding.
5. This is at the risk of losing your keys and your life savings. No thanks. Also, banks act as a backstop for a lot of things people don't even think about. They won't let you wire your life savings to Nigeria without trying to make sure you won't get scammed. The indemnify you from the risk of fraud if you're using a credit card. Money you give them is backed by FDIC (or similar) insurance, so if the bank fails your money is still there.
6. Like?
7. Yeah. I'm sure the super elite that control almost all of the money and assets on the planet are going to sit by and watch as the crypto community anoints themselves as the new rulers of the wealth.
And what happens in this utopia where everything can be anonymous and governments have lost control of the money supply? Does everyone stop paying taxes? Who funds the schools, hospitals, and all other infrastructure? Do you think the rich are going to suddenly become charitable and start funding everything? They already contribute as little as possible, so it's difficult to imagine a world where they'd contribute $1 if they aren't forced to do it?
> The fact that people still don’t get that in 2022 is astonishing.
We don't get it because it doesn't make sense. It might make perfect sense for those of you that mined millions of (on paper) dollars of crypto currency, but it's not a good deal for anyone else. It's objectively worse in terms of stability and predictability and the best outcome for us is to get a different set of wealthy elite that control everything.
a. https://ycharts.com/indicators/ethereum_average_transaction_...
Crypto already has replaced money in several countries, especially third world countries where it has replaced money for 30% of the population that have protected their funds against inflation thanks to the inherent scarcity of respective cryptos.
2/14*3600 = 514MB per hour
514*24 = 12.3GB per day
12.3*30 = 369GB per month
How many nodes will there be if ETH hits $0? What will happen to the services like ENS?
1. https://www.bitrates.com/guides/ethereum/how-many-ethereum-a...
Is the above accurate? Wikipedia says the whole network is 1TB, so that doesn't quite add up for me.
People will continue to run nodes regardless of the price of ETH, just like Bitcoin.
ENS is a smart contract protocol, so I don’t see how it’s related.
Thomas's wallet is public and advertised on Twitter via his ENS domain. He had $100M+ in aETH, a derivative token provided by Aave when you lend out your assets for interest. The aETH is redeemable for the underlying asset.
The scammers created a fake NFT project associated with space and drones, and proceeded to give Thomas a free one, but asked that he stake it (or deposit it into a smart contract), to earn yield in the form of Armstrong ETH, a token they made up that had the same acronym as Aave's (aETH).
The catch was that when he went to stake his NFT, they asked for an approval for spending aETH from his wallet. Approvals such as this are normal when interacting with smart contracts, since the contract has to be "delegated" responsibility over the tokens in order to move them. However, what wasn't normal is that the approval was actually for Aave ETH.
If he had only looked at the front end of the scam site, it wasn't obvious what was going on. However, a quick glance at Etherscan revealed that he had signed off on an unlimited spend approval for Aave ETH.
Luckily, he had done so on a fresh wallet and not his main wallet that has $100M in aETH. When the scammers tried to get him to stake a second NFT from his main account, he got suspicious and discovered the truth.
This scam was specifically targeted at Thomas, and orchestrated over multiple weeks, for the specific assets in his primary wallet.
Couple takeaways:
- divide your assets across multiple wallets. New wallets are free. Don't put all your eggs in one basket.
- use a hardware wallet or an audited battle tested smart contract such as Gnosis Safe for storing significant sums of money.
- always verify your transactions
- avoid associating your public identity with your main wallet / vault address
- be careful, scammers are getting more creative and advanced in technique including standing up professional front end websites to give the appearance of legitimacy
To think that any of this would then be used to build a trustworthy ecosystem for non-developers to use, seems delusional to me. And building a VTOL taxi airline on top of it seems like it puts the cart 3 miles uphill from the horses.
Billion!
Since this is an allegation, we must presume innocence. However I still cannot imagine what planet would entrust 10 figures to her control. Witness her rap.
https://www.youtube.com/watch?v=7jlSHGAem6g
But I also realize reading this Twitter thread I do not understand the world of crypto at all.
stay away from all of it.
It's the same thing as reading the terms and conditions.
Smart contracts on a general computing platform can enable anything, including the reversible payments and reliance on trusted third party delegates that you see in traditional banking, so as a consequence of this maximally expansive design space, I assume they will eventually lead to a financial system that offers a much better set of trade-offs than that of any other financial system.
No mention of the person or the Arrow company on the internet previous to this episode seems to exist. Other than looking at the chain records, how should we believe that any of these stories are true?
- People don't read what's in front of them.
I've seen this emerge in a vast array of fields. No matter how much we highlight specific details, for all our efforts in red-flagging irreversible actions, folks will often blitz past a confirmation dialog, nag screen, or notification message, without internalising the details or the risks. For those in financial technology, as in this specific example, irreversible actions also extend the attack surface for fraud.
Even the brightest minds can be lazy (some might even say it's a feature, not a bug) and one should never rely upon the opposite. We consequently face a design choice, for all irreversible (or hard-to-reverse) actions, the most common options being:
a) allow a grace period;
b) redesign, if possible, to make it user-reversible;
c) build a forcing function for diligence[1]; or
d) expect support tickets about that feature.
The default is (d), and the helpdesk won't thank us, since the workload generally scales linearly with growth at a high opportunity cost.
OTH I'm pretty sure that if the mark had been using such systems years ago, he wouldn't have $100m+ worth of ETH now ; )
Also here in Belgium, plenty of people are getting scammed by wire transfer, and no way to get their money back.
I think you have overly optimistic view on banks or the court system giving your money back.
I could find literally thousands of other stories like this in a minute scraping the web.
The fact is wires can also be irreversible and you cannot use the court system as a blunt instrument outside your jurisdiction. The value transmission medium isn’t the problem here.
I'm a reasonably technical dude (senior data engineer at GAMMA/FAANG/whatever we're deciding to use nowadays), yet I don't have a damn clue what this means. And that's not an indictment of your communication. How on earth could I expect my wife, my brother, my parents, my kids, any of my friends, etc., to understand this?
On the other hand, all these people understand the concepts of bank accounts, credit cards, fiat currency, etc.
I'm open to learning more and having my views changed, but I'm so far convinced that there's absolutely nothing about crypto that is a simple, reliable, demonstrably real solution to a problem that isn't already handled by our current financial instruments.
Ideally wallets would have better UX where concepts like this could be handled safely and in an accessible manner. I think crypto isn't really ready for general consumption yet.
I’m interested to know whether the con artists could have realistically nabbed $100M, or if there was effectively never any chance of that due to other precautions. I would hope it’s the latter, but crypto’s strangeness stopped surprising me.
Fabulous comment, by the way. Easily one of the top ten in the last month. Thank you for the breakdown.
He could have approved a malicious contract to drain the lot.
But I'm not worth $100m so I guess the joke's on me.
Hell, given my distaste for crypto, if I were more unethical I may even attempt such scams, but I’d balance it out by donating the stolen money to environmental initiatives to combat global warming (after giving myself some fair compensation, I don’t have the skills to get away with hiding $100+ million).
Unless you flex with your $100M in aave on your main with an ENS name, how will your victims know you are rich and worthy?
It seems like this is becoming the minimum standard for scam operations. For example, there is currently a BTC phishing scam going around that tries to convince the user they've accidentally received an email meant for someone else, which just happens to include a link to a million dollars worth of BTC. The website looks legitimate, albeit amateurish, to the point that it could even be convincing to another web developer. The rest of it is much like the OP's scam.
It starts with an email from the hacked account of a real bank manager in an Italian town, and is addressed to a real self-proclaimed stock market "guru" from the UK, now living in the US. The email states that 19 BTC has been deposited into an account that was created for them on a site called Coinlux, and they provide the username and password for the account. The Coinlux name was even used by an actual company at one point, so searching for any of the names or details surrounding the scam generates very real and convincing results.
Upon visiting the page, you're presented with a moderately professional-ish looking site that asks which fiat currency you want to use and lets you login. You're then prompted to enter a phone number to "secure the account" which, surprisingly, initiates an actual phone call from a number in the UK using a Twilio-like service. After confirming the verification number, you're allowed to view the account, which has some realistic dummy transactions in the history and other features that make the site somewhat believable (it even has a fake chat system and working account recovery).
After initiating a withdrawal of any amount, it provides a warning that you should make a small test transaction first (of 0.0001/$4), to ensure that you're sending to the correct BTC address -- after all, you wouldn't want to send 19 BTC to the wrong place and lose it all. It takes much longer than a normal transaction (likely because the scammers are manually initiating them), but it does eventually go through, and they've now succeeded in convincing the user that there is real BTC in the account and you can actually withdraw it.
However, if you try to make a larger withdrawal (or a second one at all), you're now presented with an error stating that you're not withdrawing enough, because of a "minimum withdrawal amount" defined when the account was created. This minimum amount happens to be 19.01 BTC, or 0.01 more than is in the actual account currently. So you've successfully withdrawn ~$4, but you have to deposit ~$400 if you want to access the entire 19 BTC.
As if it weren't obvious enough at this point, checking the address[1] which sent the 0.0001 makes the entire scam plain as day. This means that anyone with any amount of tech knowledge is probably not susceptible to the scam, though I do think that certain personality types could get caught up in the excitement of potentially "stealing" a million dollars. On the other side, non-techies will likely fall for this in droves, and the transaction history on that address does show there have already been successful victims -- though this particular person's scam has been massively unsuccessful so far, and they may actually be in the red overall.
[1] https://www.blockchain.com/btc/address/bc1qt80xra3r2df8gvzr0...
This shit isn't ready for the mainstream, and some of these architectural decisions are indicative of engineers who are in over their heads (but that's almost all code nowadays, even mine).
They build a mechanism that enables me, at the click of a button, to give away control of my fortune, and they designed the system so that anyone can design whatever interface they like to get you to sign any transaction they like. It's laughable. I'm in disbelief. And this is web3? No thanks, I think I'll stick with bitcoin or whatever, keep it simple. At least I can tell what a bitcoin transaction does without having to learn a programming language.
The thing that struck me about it is the scam didn't work for a few reasons:
1. He typically had a practice of not using his main wallet for things like this.
2. He got wary and actually read the smart contracts.
This is a level of technical competence required that's going to mean most people have to offload this to a trusted intermediary. And then what's the point of all the decentralization ideology? Because we just re-invented banks.
There's nothing wrong with centralized services built on a decentralized network. Take a look at the web. Sure you can use a centralized service like facebook to make a facebook page, but if you want you can host your own website.
It is a systemic failure that most users must "fail over" to a centralized service to publish on the web.
The conceptual improvement enabled by blockchain is that the data layer is a neutral plane and this theoretically gives users portability. But, to say that centralization is fine because it has happened on the web and that was also fine is rationalizing a bad thing as good actually.
The real takeaway from this is that it's dangerous to break your moral compass and sense of reality to the point where you think helping out people who are pushing an obviously fraudulent business, is ok and normal.
Scammers ripping off scammers.
Why would you waste time with open source aircrafts. Aircrafts are a regulated thing. Nobody wants to fly in your science project. Put some of that 123 million into starting an actual company. DAOs are bullshit.
Yeah, start an actual company so you can raise billions with no profits and then IPO and dump on retail traders
If you legitimately wanted to develop an aircraft taxi service, you do not need to involve crypto in any way. Even if you wanted to accept it for payments it's an auxiliary component that merely accounts for it and converts to fiat at some point.
The DAO or whatever crypto bullshit is intertwined with it is absolutely a scam.
I don’t think this is legit at all.
The most reasonable conclusion is that the hacker was sent from the future to try to avert the creation of DAO-controlled flying cryptodrones.
It's just the Trust Problem all over again. Decentralized reliance on automatic software still requires trust that the authors of the software won't scam you. It all comes down to trust. And I trust banks, mostly. Who in their right mind trusts contracts someone sends you on Discord? And yet...
Worth noting, though, that for all the fancy footwork the point of failure for the scam is him being willing to work with his main wallet rather than a one-off, and when he showed hesitation, they got too impatient. Good security practices were still the answer.
This seems to be the common factor among scams, cons, and social engineering strategies. Rushing people will have them bypass protocol, training, and security practices. It's a universal "hack" for our brains; we do things we otherwise wouldn't when rushed. Security practices are like a rituals, standards of behavior that we just don't have time for right now.
"The funds are only available for the next hour"; "You will be prosecuted if you don't do X"; "Per the CFO, we need to spend these funds before end of day."
Great story though. I never realized these smart contracts could be so obtuse and malicious. That needs to be fixed.
It's still pretty impressive how competently these scammers were able to discuss and deliver the VTOL work, the Space Falcon game, and entrepreneurial strategy.
While NFTs probably have some useful purpose that will emerge eventually, for now you should consider any proposal or offer that involves the term 'NFT' as having about the same value as any offer involving the term 'Nigerian prince'.
Certainly not a great look to have >$100 million in an asset sitting in a single account of any form, though.
Just one example, but this entire thread is Greek to me. What the hell is “staking an NFT”? I am feeling so left behind by this crypto nonsense. Is this what getting old is like? (I’m not yet old)
My really basic understanding after reading very slowly is he got some crypto asset from scammer, and he needed to approve lending it out to get some sort of crypto interest on it. But approving the "lending X out" action apparently looks exactly like the same as the "give Y away" action if you don't look closely at the contract.
Maybe it's just ignorance, but the whole system seems like a mess to me.
As far as I understand, it's just a synonym for "lending" here. They even use the word "leasing" for the people on the other side.
Whether that’s cryptocurrency or a sandwich.
You’re probably right though. But if you ever find yourself near Lake St Louis, MO, feel free to raid our fridge.
Social engineering is so much easier when you engage in faceless, voiceless communication. This could've been shut down so much more easily if they put a real human being to match the messages. When things actually matter, I need more than just a Discord avatar and a handle to identify someone.
This kind of scam just wouldn't work on BTC. You're passing tokens around. At fanciest you're time-locking wallets or using M of N signatures. You're not like, installing arbitrary code in your bank account.
I find ETH very technically interesting but it feels like it's full of sentient foot-guns.
If I had to read the source code of all my wire transfers, I'd probably just barter my services for some milk and bread, it definitely seems smarter.
That's probably more secure than crypto, where click of a button can siphon it all away. At least with physical money you have to be able to carry it, and physically present to steal.
I'm sure there are strategies like using multiple wallets etc, but overall it will never be mainstream if you put the onus of security on the individual. Literally just typo-ing an address can disappear all of your money.
Second scam is the wrong word. A confidence scam originally mean the mark had to bring a suitcase of cash to give confidence to the scammers that he had the means to join their get-rich scheme - and of course he would walk away with a suitcase of old newspapers.
But this is almost a new kind of crime - he did not present or move his money, he did not give away any keys. it is the very mechanism of money transmission that is the issue.
SWIFT is rarely seen as part of crimes - but crypto is pointing towards a new world. Imagine "permissioned blockchains" ie Bank Of England coins, this would still be a real viable scam. Proving you did not mean for people to take your 100M and rapidly move it would be a slow process. Stop orders would be a common place activity, potentially holding up long chains of transactions.
Even without permission-less crypto the move to a digital native currency is a long process
By virtue of converting the ETH to AAVE wrapped ETH, they're earning interest by loaning out the underlying ETH. Who is taking out loans and paying interest for ETH I have no idea.
Plus, even without the AAVE wETH, they expect ETHs value to accrue faster than any other asset, so there's no cost to letting the money just sit, as opposed to your USD in savings depreciating over time.
Just two lines... Is the idea that tokenToBeApproved.allowance() can do bad things?
Code: https://twitter.com/thomasg_eth/status/1492663290715152384/p...
Tokentobeapproved is a variable declared in the contract. It will be pointing at the aWETH contract, which is the claim token for ETH on aave, a money market.
I'd have diversified. Some cash, some ETF, some property. A lot of tax, now or in the future. I wouldn't complain about the tax, even after there's enough for a lifetime. (And yes I know both property and ETF can decline in value, but here's the thing: when you see their book value it's a damn sight more real)
Remember, unless I am very mistaken he didn't put $80m of real money in, to secure an amazing 20% ROI which out in your real world would be normally exciting. So the net effect of fees, gas, AML, tax even taking 50% makes him as rich as croesus compared to most people for very low initial input.
Do we know what real world $ went in to bootstrap?
(I know this story is mostly about the social engineering, which is of course the real problem)
God I hate twitter threads, especially 32 tweets long!
Tbh I would feel safer having 10k in cash (at home at least) than in crypto. At least the attack vectors (fire, burglary) are known and tangible.
Imagine founding a startup, working your ass off living off ramen for a few years, every day worrying that it all might be for naught, and then through a combination of skill, determination and luck you do make it and your startup is worth a few millions... and then suddenly you make a small mistake and lose all your shares!
This is how crypto feels to me.
Maybe I am just not made for crypto.
Well said. This goes hand-in-hand with the victim blaming that goes on in cryptocurrency circles. Any time a story like this appears, defenders come out of the woodwork to insist that it's the victim's fault for doing something or not doing something else. Even the linked Twitter thread is full of replies from people suggesting that the author was "asking for it".
Crypto seems to appeal to people who like to think that they are smarter than the average person and therefore will succeed by self-managing their finances right down to the private keys. Adding smart contracts to the mix basically opens up a can of worms that makes it unrealistic to actually control every detail of your money unless you strictly limit each contract to a separate wallet and only transfer funds into that wallet before activating the contract. That's honestly a good strategy if you're sitting on $100mm+ in cryptocurrency and the transaction fees are negligible (as was the case with the Twitter user). However, when transaction fees are $10/each or more, the average crypto user isn't actually doing anything of the sort. They're clicking the buttons and hoping for the best.
I've been calling them Dunning Krugerrands for this reason, and I suggest others do as well.
1) Spend more tokens than the amount you approved. 2) Spend any other tokens besides the specific type that you approved. (E.g. can’t steal your NFT or USDC) 3) Spend tokens at any other wallet address even if you own those other addresses (and creating a new address for a specific purpose is trivially easy)
In addition the only approve() technology is already being replaced with the modern EIP-2612 standard. (USDC already implements it.) In this workflow instead of pre-approving a contract, you sign a specific transaction-specific message. With EIP-2612 you know exactly how much you’re spending on each transaction and there’s zero after the fact risk.
I'm glad the standard for approval of control of wallets is being deprecated for one with more granularity and security, and I hope it solves this problem.
But that is how it works. The idea that I have a wallet as an extension in my web browser, and people can deliver me any transaction they like, with a "yes" button decorated however they like in the form of a web app, it absolutely does mean that I need to know how to read solidity to be safe and that I must audit every transaction I'm interested in signing. And an engineer would take that for granted, but if that's the standard UX, again, this isn't ready for grandma, not even close.
What ethereum should've done was be a little more slow moving with adding features and maintain mist so that a standard UI feature set could be expected by users.
I have seen contracts approve your entire supply though without mentioning it. That would allow the contract to come back at any time, with no user action, to take more coins out.
Just be wary of "Approving" contracts before using them on DeFi apps. That first approval confirmation is the most important as you're basically handing them that much coin and trusting them to give it all back.
Also this guy seems rather green in term of internet scams,
> Scammers are getting smarter. Before now, the best scam I've really encountered is basically "hi this is tech support please share your private key so we can help"
No, for the same reason you don't check the code on every website you visit, if you want to be even more secure then just stick to blue chips like aave, curve, etc you can see how much is sitting in popular defi contracts here: https://www.defipulse.com/
You also don't give an ethereum contract full access to your wallet, you need to approve access to however much you want the contract to have access first then you get a second prompt to allow the contract to run.
You're talking like one accidental misclick and all your money is gone.
If you're super duper paranoid you might want to look at something like argent wallet (https://www.argent.xyz/) which lets you do common trades, defi, staking etc from within the app so you don't have to worry about random contracts and there's no seed phrase so no need to worry about that either.
This went on way longer than i expected
At least Chrome tracks malicious websites.
By comparison, there seem to be no checks in place to prevent writing an ethereym contract that drains a victim’s wallet.
And FWIW I'm not sure "fraudulent" is the right word. NFTs are not a fraud, you usually get what you pay for, a mediocre jpeg, and perhaps a really primitive game.
And to be fair, what are the odds his VTOL company will ever produce anything either?
And NFT part adds anything substantial and is not replaceable by regular transfer (either transfer of money or BTC-like)?
If you don't know much about NFTs but think they're kinda scammy, maybe you shouldn't default to "support / lend your reputation to them."
I guess you can argue that get-rick-quick does not necessarily imply scam, but it certainly reflects poorly on a person to ignore their doubts because the source of the doubts is useful. Its not a unique problem to NFTs, its a similar problem that a founder might face when, say, entertaining an acquisition by Meta.
at 1:22:50 Smart contracts are just code, they’re software, there’s no reason they can’t be viruses or worms, the primary limitation is processing power. But, also, it’s a virus that someone can drop directly into your bankless bank account and just wait for you to activate it. And, yeah, that’s right, there’s no offer/confirmation step in sending tokens back and forth, someone who knows your wallet can just drop stuff right into it, so, like, pin that somewhere in your brain.
Line Goes Up – The Problem With NFTs
While it's true that NFTs can be sent without permission and can contain code, users normally invoke contracts via (hopefully trusted) dapp websites, such as app.uniswap.org. Invoking code from an NFT I found in my wallet is possible, but not part of any normal/legitimate workflow that I'm aware of.
It looks like the message in this case would have given the attacker permission to transfer the victim's aWETH, which represents ETH that has been deposited into an Aave lending pool. These transfer permissions are something all ERC-20 tokens support.
Typically users will only sign messages sent from trusted websites, just as they would only install software from trusted sources. Or they can sign a questionable message from a separate wallet which doesn't hold much value, as the victim did here.
Granted, this isn't a great situation. It can be hard to know which websites to trust, and even trusted websites can be hacked and then send malicious messages to unsuspecting users.
[1] Think of these as being similar to Word or Excel macros embedded in a document... nothing bad ever happened with them, did it? ;-)
There's nothing broken here. A smart contract is just a piece of code that moves money. You better be sure about what it's doing before you allow it to run. There's blue chip smart contracts that are proven and thoroughly audited, but anything else you need to read the code. Same as reading a contract before you sign it.
I'm still not convinced that Ethereum isn't just a strange RPG that people who don't really want to play are accidentally getting involved in.
We had illegal p2p sharing where you could download a virus from bad people and then Jobs came along and made iTunes which set the standard for streaming. I am sure someone will come along in the crypto space and make crypto easy for the rest of us.
I don't necessarily think the author is a scammer, but the whole project is the equivalent of "I'm going to launch a rocket to the moon" and then the first thing you do is open a nice website and launch a new token.
But DAO's do look attractive to me fyi. I wish I could do something similar in regular "fintech" ( and with c#)
Exactly. That's where the gullibility is really visible... This is basically a steroid version of "I am Nigerian royalty and I need you to give me money" emails. Your first instinct should always be skepticism.
No one.
> It's just the Trust Problem all over again. Decentralized reliance on automatic software still requires trust that the authors of the software won't scam you. It all comes down to trust.
It does, but you get to decide who you trust rather than being forced to trust one of a small number of large institutions. If you want, you can delegate your trust to a third party who will be responsible for vetting anything you interact with.
You can also choose to trust yourself or other members of your community.
This person shouldn’t trust themselves since they are too willing to go along with people who say positive things about them.
And if you trust the wrong people? Per the linked twitter thread, the author trusted the scammers! They only avoided the scam because they were competent to read the contract code for themselves. Is that the standard you want applied to all transactions? Does that seem likely to lead to good outcomes?
I admit that the Approval UX for wallets and tokens needs to be improved. Unlimited spend approvals should always be flagged in the UX. And approvals should be atomic (single transaction only, with a clearly listed cap, by default). There are some EIP proposals addressing this, but they will be a ways off from standardization.
The protest is illegally blocking much of downtown Ottawa, as a result GoFundMe decided to refund the donors. That's far from a "rug"
Since NFT's are subject to heavy criticism of their existence, a lot of people are developing extra things you actually can do with them. The market is interested in that being done right, so its interesting to be a part of projects that are trying. This extra thing required Thomas sending the NFT to another service they developed. Smart contracts in Ethereum Virtual Machine environments (EVMs) have to be primed to recognize asset. So there is something called an Approval. When Thomas interacted with this contract it did the approval for the NFT, and also an approval for aWETH a token associated with that project.
aWETH is the ticker symbol for a token that project created called Armstrong ETH. The namespace for ticker symbols has many collisions as there are many tokens. So people aren't too worried about that, a token's ID is its contract address which does not have collisions.
In this case, this was the actual phishing attempt.
Their project did indeed use a token called Armstrong ETH, but their approval was for aWETH which is Aave Eth, an asset collateralized by liquid valuable actual Ether. It is also redeemable for actual Ether.
So if Thomas approved the use of their project from his main account, the hacker would have been able to use another function written in their smart contract that leveraged the approval of aWETH (the Aave Eth) to take it all away from Thomas. He has $100m of that.
Very close one for him.
To be clear, the “thing” in this instance is NFT staking: a ponzi upon a ponzi where you buy a NFT and then lend it to a platform, which pays you fees. Platforms can advertise ridiculous yields (200% APY) because deposits go right out the door again as fees to people higher up in the pyramid.
Someone comes to you and says "I'll give you X Euro if you let me hold onto your Y Dollars until you give me X Euro back."
You think, well Euro are useful, maybe you need Euro specifically to invest in an European business. So you agree.
But when you review the contract presented it just says you give Y Dollars, so you go "wtf?" and refuse to sign.
Apparently, some people are dumb enough to hand over their cash without reading the contract, and an entire industry exists to fool people into doing so.
If he approved their contract to be allowed to control his aWETH they'd take it all.
You can't ever expose that level to end users without it being an endless fraud source for people.
This is making it so there is no "undo", and no escrow agent. There's value, for those looking to take advantage of others.
Beware the survivorship bias: https://xkcd.com/1827/
I don’t understand at all how wheels move and what is that round thing near my chest and what do with it. Maybe it’s the fifth wheel. Or why fuel is needed, I can’t even find a mechanic who will look under the hood for me if I can’t. Also since my last car could use my ATM card and sign my cheques I had to be extra careful when turning on the ignition and had to see the gps log whether it drove to my bank when I was taking the afternoon nap.
There was no service warranty and guarantee with the car at all. I had to hire an entire division of technicians and engineers to use it. I think few lawyers and auditors as well.
In fact it felt I also needed a PhD in all things automobile to use my car.
Most importantly I can’t see in front of me at all. Front is opaque. I just drive hoping I don’t run someone over or something doesn’t run me over and my car.
Crypto is neither understandable nor useful.
I am not a cryptocurrency skeptic, but my level of trust for a “DAO driven aircraft / taxi service” is exceedingly low.
They suspect you wouldn't invite them again if all they did was raid your fridge, and not even say so much as a "hi".
OTOH it'll probably be harder for non-native English speakers to pull off a phone/video call considering that a lot of amateur scammers have telltale bad grammar even over text
This is literally happening right now all over the place. Just go to any reddit cryptocurrency sub and do a search for "free token scam." People are finding free tokens in their wallets, trying to spend them and having their wallets emptied.
I don't check code on every website I visit because websites can't just empty my life savings with no recourse.
We had multiple threads about base rate error on HN just yesterday!
Most financial activity happens in fiat, and so of course it stands to reason that most fraud is also done in fiat. The real question is whether the legitimate-to-fraudulent ratio is higher in cryptocurrencies than in fiat.
[1]:https://www.lesswrong.com/s/XsMTxdQ6fprAQMoKi/p/DSzpr8Y9299j...
In a twist of irony, you can see another example of it in the distribution of terms reinvented by internet rationalists :-)
If I'm John Doe and I made some merge requests to your open source project for a couple of weeks, is that alone really enough to potentially meet me in some city far from yours? That's essentially what the author was prepared to do.
> Most people think of stereotyping as “Here’s one example I heard of where the out-group does something bad,” and then you correct it with “But we can’t generalize about an entire group just from one example!” It’s less obvious that you may be able to provide literally one million examples of your false stereotype and still have it be a false stereotype.
If somehow you get through an in-person meeting with a bank branch manager to unwittingly wire millions of dollars, and the topic of how much money you're wiring and the exact purpose of wiring such a high amount isn't brought up, and you somehow still accidentally wire millions of dollars away without anyone ever bringing up the amount and purpose of the transaction, then I'm sure you'll still be able to recover that money back because banks are required to actually validate transactions of that size with KYC, AML, etc. laws. Only cryptocurrencies allow one the ability transmit this amount of money in seconds.
Isn't that only for cash transfers?
> which would likely involve a mandatory in-person meeting with the bank customer
At least at Chase and Fidelity, wires can be done over the phone with no limit.
> to verify their credentials and purpose
I've never seen a banker really help to verify wire instructions, as in contacting the intended recipient. Normally they just ask the sender if they've verified the instructions, if they understand that the wire is irreversible, etc.
Of course when it gets to the bank's wire department, they make some attempt to block suspicious wires. But they're guessing based on limited info, as they don't typically contact the sender or recipient.
> I'm sure you'll still be able to recover that money back because banks are required to actually validate transactions of that size with KYC, AML, etc. laws
From what I've heard, fraudsters will (indirectly) transfer funds to e.g. a Nigerian bank and cash out there. It doesn't always succeed, but it does sometimes, or wire fraud wouldn't exist.
But the scenario in the OP is only possible in cryptocurrencies. You can't put a button on a website "Click here to send a JPEG through email for $3.50*" with the fine print "*and also 100 million dollars" and expect that to ever work out with the legacy banking system. Only in cryptoland could someone ever accidentally yeet 100 million dollars in a few seconds by visiting a website and clicking a button.
https://www.cnbc.com/2020/10/15/how-one-familys-nightmare-il...
When I purchased a house, I Googled the recipient, confirmed the certificate, Googled the number found on their website separately to confirm it was listed elsewhere as belonging to the company I expected it to belong to, called it, and got them to tell me the account details for the wire transfer, confirming it matched what I had been sent. Which, to their credit, their instructions also told me to do. And I initially sent the down payment, confirmed they received that, and only later in the process sent the remainder.
While there still are some ways to beat that (compromise the recipient's infrastructure, change the website, lock out the recipient from their email, insert into the email exchange, get a wire transfer done before the recipient can proactively call the target to warn them), it's a lot harder to pull off than "find a target that won't read the code very closely".
I worked at a financial institution, no way you could open an account, deposit some spare change, and then withdraw 900k after a few weeks especially in America. Compliance would be all over that account, which is probably why they got the money back anyhow because the crooks would have a lot of talking to do after getting that much money in their account. KYC and AML is required for both sides of the wire transfer.
Ignorance is unbecoming.
When you stop worrying about that, and can actually start to deploy advanced technology for your advanced users.
You can weight your argument however you want, all technology will fail some class of user. Me, I’ve been playing with this and various tech for a decade now and the sky is the limit for where this can go.
Cant keep your assets? Someone else who can code can!
Looking forward to the technocrat plutocracy
I’m being facetious as I think there will continue to be a balance and cat / mouse game.
Do you trust your neighbour with your spare key?
Do you trust your doctor with your medical history?
Do you trust your pizza delivery guy to deliver you pizza's that aren't poisoned?
Being skeptical is sometimes a good idea, like when it comes to "online research" or "alternative medicine". But having zero trust in even the most basic human interactions sounds like hell.
I don’t trust most Doctors either, and you probably can’t trust any medicinal organization with keeping records confidential, plenty of examples of breach of that trust.
I think you are not skeptical enough.
No, it isn't. It's a reminder that we have all of this financial structure for a reason. The person you're responding to didn't make any light of the potential victim or call them a degenerate.
In traditional finance, you (Joe Shmoe) can't just wire someone ~100M USD, regardless of jurisdiction. There are controls, most of which have been written in blood or tears. Cryptocurrencies will also grow those controls, and we will all rightly question its value when it inevitably does.
But it's also not a disgrace for traditional finance: it's a disgrace with respect to the latitude our justice system gives to individual LEOs and a sign that the government is willing to extrajudicially punish people instead of pursuing justice through the courts.
Put another way: assert forfeiture is not some kind of "gotcha" against traditional finance in favor of cryptocurrencies. When law enforcement seizes your bank account, they're going to seize your cryptocurrency accounts too. And if you (unadvisedly) attempt to hide those assets, then you will be making their job in court much easier.
Try getting your money back when getting scammed via venmo or PayPal - rarely any better, and if you’re selling you’re more likely to get scammed with those services than crypto.
In nearly all cases, no separate restitution was required: the processor or my bank was able to reverse or halt the ACH transaction before the money settled. In the handful of cases where settlement had already happened, they were able to countermand the transaction.
Venmo/PayPal/Fedwire transactions should be able to settle in real time, which can be more convenient at the expense of easy reversability
It’s definitely not a guarantee. Most of the Venmo type scams where people “accidentally” send you money and ask you to send it back or pay for an item with bad funds are not reclaimable from those services based on TOS. In those cases you’d be better off with BTC.
But.. why? Isn’t that a remarkably bad idea?
Or is there some crypto advantage to keeping every last coin in the same basket? Other than it being a flex.
It’s a giant flex.
no address reuse is almost impossible as the wallets make it very hard as well
people don't really seem to know that Metamask gives you unlimited addresses, fwiw it is expensive to do approvals in each address
https://zapper.fi/account/0xb1e9d641249a2033c37cf1c241a01e71...
sending http and json over the internet is just as neutral of a technology as the blockchain. the reason people build centralized services on top of it is that we're collectively better off by specializing.
As a writer you're better off writing your content full-time than running a server, becoming a smart contract expert, casual coder and server administrator. no technology on earth is going to change that fact and it's why people buy their bitcoin on coinbase and their nfts on opensea.
Specialization doesn't come into it, although it is worth observing: your comment presupposes that in order to benefit from specialization, one must subject themself to exploitation.
they don't stay there because they are being exploited, it's because centralized platforms reach many customers and automate away a lot of the problems that you'd have if you had to set that infrastructure up yourself and pay for it.
If you're a creator you stay on Youtube because you get a sustainable income. They can do that because they're centralized. If you run your own peertube instance and pay more in server costs than you make in ads that isn't a solution.
And these simple economies of scale will always exist regardless whether your software runs on a server or a distributed blockchain vm.
The 4% rule is fairy tales, especially post pandemic economy. we will be working more for less as time goes on.
Nah, I want cars, some homes, a yacht and a hot ass babe to pleasure me and raise nice children as we travel the world and dress fancy.
I'm fact when discussing both privacy and censorship resistance I often cite cash as a target goal.
1000 USD bills exist but are very rare. 1000 euro note exists but I think that’s on the way out.
Your point that cash is censorship resistant is good, yes and we need to make sure it remains, however the physical limitations are defacto censorship.
€500 was the largest, but as of April 2019 is no longer being issued.
Technically, $500, $5000, and $10000 also exist in private collections. They were last printed in 1945, and stopped being issued in 1969. They're worth far more than their denomination to collectors, understandably.
Also, technically, $100k bills exist. They, however, were printed during the Great Depression and intended solely for transfers between federal reserve banks, and were never circulated. It's illegal to hold them privately, though there are some museums and things that have one.
Also I’m not sure that “censor” means what you think it means.
When Thomas puts that money into the lending pool, what happens if the borrower defaults? Did the borrower put up some non-liquid collateral? Did someone do a background/credit check? Who takes the loss, is it split across the pool?
I understand how traditional bank loans work, I'm a little lost how much risk is being taken by the loan issuer here.
So the idea is that I can take $100 worth of ETH and put that up as collateral for a $75 loan. And if the value of my collateral drops due to the ETH<>USD exchange rate I have to stake more collateral. If I don't (or if the exchange rate moves below a certain point) then my collateral is automatically liquidated at a discount. So in this case, if the value of my collateral falls to $80 the contract will put it up for sale at $75 -- this creates an arbitrage opportunity, so the liquidation will likely happen very quickly.
There are other lending protocols where you can stake other assets (NFTs, other tokens, etc.), but this is my understanding of how Aave works.
If you use a payment card (debit or credit) with a payment service, then they might use either the payment card's network or ACH, depending on what the card issuer supports.
Don’t fall for the DAO trap, it’s a pit for fools to throw their money into.
So the DAO is blocking this guy with $100M sitting around from just hiring an actual designer for his air taxi project?
Banks in my country don't have a reasonable API. There is CODA, but it's restricted to business accounts too ( and you have to pay for it).
Additionally, accountants make a huge part of the workforce. So I don't think it will be possible in the short term to "replace them" by traditional means.
Who said it needed to be a real bank?
> At least Chrome tracks malicious websites.
That's not TCP/IP, the chrome equivalent would be on Trustwallet, argent, metamask etc to implement.
This isn't Ethereum's job.
It's an L2's job. Whichever ones you choose to engage with. But, they'll all be interoperable.
At least with crypto, the chain of ownership is transparent and can't be faked. So validation is cheap and easy to do.
In theory. The devil is in the details; does everyone know how to validate the chain of ownership, even the most non-technical of users who must rely on the system? If not, you either will never be mainstream, or you're reliant on a trusted agent to validate on your behalf (sorta like a title company!).
And if you screw something up with crypto, there is no way to address it. The complaint of "dealing with lawyers and trying to get someone to pay for it" is a feature, not a bug. Worst case, it's no different than the crypto outcome; best case, you have recourse.
AFAIK you don't need to be a title company to do this, any buyer could do it themselves.
And what if you don't know enough about land law to make sense of everything? That's when you need companies to do it for you.
Is checking the chain of ownership of cryptocurrencies easier than land? It depends whether you're talking to a real estate lawyer or a NFT seller.
I'm neither, and I don't see the intrinsic difference.
But, the commenter I take issue with said that it's good actually that we are just re-inventing banks on top of the blockchains, and the evidence that they offered is that it was good actually that we invented Facebook on top of the decentralized web.
Actually, Facebook is bad. It's not bad because it offers a service that people clearly need. I think we can all agree that an easy publishing on-ramp is great, and that it should exist. Facebook is bad because its creators use it as a tool for mass manipulation and exploitation of its users, and the web as we know it facilitates this through a combination of its flaws and missing features.
Facebook has created some useful services, but that doesn't mean we want to build Facebook again on a newly conceived network infrastructure. In web3 we see a latent opportunity to design new infrastructure that improves on the flaws and power imbalances of the previous one. But, if we seek only to re-invent the exploitative institutions of the past atop a new substrate, then frankly it's a waste of (most) people's time (I'm sure some VCs and early adopters have a lot riding on it, though).
People wanted easy access to music, itunes provided that service.
Right now with the world of crypto is confusing to the average guy, so hopefully in the future someone will create a good UX and the underlying to protocol for instant decentralised payments.
So... Napster and LimeWire?
You can't break cryptocurrency's weakness for this kind of adoption without dropping decentralization. Same conclusion that iTunes came to. People wanted downloadable music, not a specific implementation detail about how that music is delivered.
I wouldn't touch it with a ten foot pole. I just don't see any sense or reason in the concept.
It's mighty arrogant from crypto enthusiasts to assume that everybody will jump on it as soon it just can be made mainstream and "safe".
Thanks, but no thanks
I'm able to work with total strangers, raise money, sell products, contribute to causes, commission art work etc, etc, hold those funds in a smart contract treasury and encode rules to govern the spending of those funds.
Safe guards do exist for the aforementioned issue. Number one is not holding significant sums of money in a single wallet, unless it's a multi-sig that requires multiple parties to agree to transactions (like Gnosis Safe wallets, which store $100B+ in assets and are battle tested at this point).
The value of the PEOPLE tokens on the secondary market proceeded to increase nearly 10x in the weeks following the dissolution of the DAO. Even though market cap is declining, at $327M mcap, it is still many multiples of the amount raised.
PEOPLE tokens in circulation are still redeemable for the underlying ETH, but the monetary premium has increased as a result of the dispersed liquidity to so many holders (16K+) as well as the novelty of retaining the token for a failed, yet valiant effort.
One can also use the borrowed funds to speculate on other cryptocurrency, as a collateralized margin loan. Many lending systems offer incentives too, where you can be paid to borrow.
If you want to maximize your potential losses, that’s a great idea.
I have no issue believing that an imaginary consensus stored ledger in thousands of computers all secured by massive amounts of energy and limited to 21M units over 100 years might be valuable.
The ability for people to copy this software idea? Not valuable. The ability for people to issue new tokens on existing chains? Not valuable. The ability for people to post and sell jpegs, Not valuable.
Only original ideas are scarce. It’s the first step vs the n-th step.
It's not "secured" by energy. You can't convert a Bitcoin into the original amount of power required to produce it, which is the defining quality of a financial security.
It's more accurate to say that Bitcoin's value is retained by the ongoing commitment of power into the network. But that correctly suggests that the network collapses without a perpetual source of electricity, which is not the kind of positive connotation that I think you meant to supply.
Discussion on Reddit's r/metaverse [1]
[1] https://www.reddit.com/r/metaverse/comments/sr0sqz/what_meta...
Boy, are you in for a nasty surprise. But don't come crying to us, old men who warned you that what you really should want is a nice cabin near a lake with plenty of fish and an absolutely plain ass woman.
Outside of silicon valley, 170k per year is a huge amount of money. Especially if you're going to travel outside of North America and Europe.
All of them are within the scope of the legal system, so if you send a police report demonstrating fraud to a registrar or registry and they fail to act you have some recourse. If their inaction results in increased damages they've opened themselves to liability and you could sue them. The possibility alone is enough that everyone has published polices detailing how they deal with those situations. As long as you follow the rules you can get a domain taken away from a bad actor. It's not easy, but it's possible if someone is doing enough harm.
So yeah, you can host a scam on a normal ICANN domain. It's what happens afterwards that matters. In ICANN land you get one chance to run your scam because the victim can make an appeal to authority to have you shut down. In blockchain land it's tough luck for you.
As an example, this [1] looks like PayPal's wallet. What do they do about this [2] wallet which owns paypals.eth (alongside sqaree.eth, chasebanks.eth, etc.)? They have two choices AFAIK. The first is to pay whatever the owner demands for those domains. The second is to take the risk of the owner selling those domains to someone that wants to use them for phishing.
There are exactly two winners in the blockchain version; the domain squatter and a would be scammer. In the existing system a high value domain owner like PayPal will have an established procedure for dealing with bad actors that infringe on their trademark and dealing with typo squatting like that is probably as simple as sending a template they have to the corresponding registry.
1. https://app.ens.domains/address/0x527FC48f1CA8b41DF3E870F5DE...
2. https://app.ens.domains/address/0x7731652a9F7F48F77E94a8675F...
If someone goes through the legal process and is found to be guilty and their assets are seized that's fine. But if someone is pulled over, found to have some drugs, gets their car and cash on them possessed and is forced to go through a lengthy process that free up that money, then that's different.
In any case: the really egregious examples of civil asset forfeiture are the petty ones: the government stops someone for the crime of DWB[1], and seizes all of the property they have on their person (including, sometimes, the car itself.) It's a disgusting crime, but one that doesn't typically extend to the victim's bank accounts or other financial resources, unless there's a larger case being pursued against them. And so, once again, it's not clear how cryptocurrency improves the state of affairs: either you're carrying a hot wallet around with you for your day-to-day expenses (in which case you're subject to the same seizure), or it's roughly equivalent to a traditional financial produce and isn't subject to a spurious seizure (but might be subject to a larger one).
Scenario 2: they take your hardware wallet, then they must prosecute you and prove to a court that the money is not legitimately yours, to get the key. IANAL, but am I wrong?
Instead, I'll point out that the answer does not matter: from the moment that they have my hot wallet instead of me, I can no longer use it. It doesn't matter to me whether they can actually liquidate it or not. And, as I pointed out earlier, I'd harm my own case by attempting to liquidate my assets with a separate copy.
I'm not saying technical solutions make the rule of law unnecessary. But they can defend against some violations of the rule of law, depending on the parts of the justice system that are still just.
People effectively defending themselves against a national disgrace help towards getting the disgrace fixed.
But don't delude yourself into thinking that any meaningful number of people, even cryptocurrency believers, share your position. It's all fun and games until the Men with Sticks show up, and most people understandably tuck tail at that point.
If I'm going to be made a coward in the eyes of a few LARPers, I might as well pay as few middlemen as possible in the process. But that's just me!
> But don't delude yourself into thinking that any meaningful number of people, even cryptocurrency believers, share your position.
You'd be surprised.
Next you're going to tell me that the blockchain isn't made of Lego blocks!
> You'd be surprised.
Given the aggressive spread of custodial services, I don't think I would be. The average cryptocurrency user (even enthusiasts, true believers, &c.) is not a dyed-in-the-wool Burkean. Less prosaically: easy money comes with loose beliefs.
It’s a little more nuanced, while some component of maintaining hashrate/energy, it’s best be be thought of as a point in time expenditure given the network size, participants and technology available. Once a block is minted at a given difficulty, it can never be undone (with a negligible probability), as a chain reorganization would need to put in more energy than that to undo it.
It’s a conversion, abstractly. Probabilistic finality at a given level of technological and economic resource exploitation.
The rest of what you've written doesn't really concern me, because all I was interested in was pointing out that Bitcoin doesn't securitize energy.
And changing the organisation is a completely separate question from which database technology they use. IF you just switch from SQL to NFT the organisation will not suddenly become less corrupt, or whatever the issue with them is.
>IF you just switch from SQL to NFT the organisation will not suddenly become less corrupt, or whatever the issue with them is.
It's true that it won't make the managing organization less corrupt - it will make them nonexistent. That's the idea behind decentralized decision-making. The people running the database don't have to have the power to change it or bend the rules: that's what this whole crypto thing is about.
From land deeds to insurance to domain registration to in game assets etc etc, people have all these wonderful ideas. It would be interesting to one day have at least one of these ideas explained.
The next best thing is securing one's property by practicing personal violence, and as I've no interest in shooting anyone for mere robbery, I'll take political ownership any day of the week.
If my very countrymen (and women) collectively decide I can't have my domain, then so be it. The obvious upside is that while they do uphold my ownership, it's as secure as any of my earthly possessions. Stealing my domain amounts to stealing my mail, which is a crime.
(It's also not immediately obvious that "more electricity" is needed to attack it, since a handful of extant larger pools could just conspire as-is.)
Why would that be the case? It isn't necessarily zero-sum; the more realistic scenario is that the remaining honest participants ramp up their energy consumption in an attempt to prevent the attack.
But that's still only the most boring of the many, many latent threats to Bitcoin. Solar flares and electronic warfare strike me as more interesting.
All the crypto bros printed (mined) a bunch of monopoly money (coins), invented assets (NFTs), bought (allocated to themselves) all the assets (NFTs) using their monopoly money (coins), and want us to buy into these crappy systems with real money so they can sell us the assets (NFTs) while still being the landlords (transaction processors) that charge us rent (fees) on everything forever.
Sure, but even so, how is this implemented? Presumably some organisation needs to uphold this connection. Simply "owning" a domain, in the sense that you "own" an NFT, is not very helpful, you need some kind of actual control over it. Presumably a server is needed to forward the domain to your IP, and someone needs to run that server, right?
The resolution would work by executing some "lookup" smart contract function on a node (you could run your own local node for lookups, or use a public node similar to hitting your ISP's or Google's DNS server).
None of this is really cutting edge, it has been possible for a long time now.
Is that the argument? Crypto is "more just" and "available globally" and affordably?
Once again: the bar for cryptocurrencies to clear isn’t to be “as good as” traditional finance. They have to do better, given the additional middlemen and costs they shoulder on all of us.
You’ve failed to demonstrate that they clear that bar: a single surviving backup of a distributed ledger isn’t distributed in either the trust or failure senses, and is thus no better (and possibly worse!) than us trying to piece the world’s financial system back together from everybody’s paper receipts. Oh, and the whole “cash” thing continues to work.
In this case it sounds like that is solved though. I know very little about the structure of the internet, but it seems you are saying that instead of asking a DNS server, every computer would ask the blockchain to resolve the domain name, correct? But wouldn't that require every single device that connects to the internet to "update its firmware" or something? Or could this decentralised DNS somehow emulate the old fashioned kind?
I do think you could expose the same interface as traditional DNS but backed by the registrations in the blockchain. There are browsers that will resolve Ethereum Name Service domains today, but I'm not sure how that's implemented (probably lookups on a public ETH node).
The important improvements IMO are on the registration, transfer, renting of the names rather than the lookup side which doesn't look dramatically different except that other code running on the blockchain could do the lookups too.
$5 wrench attack is easily thwarted by splitting ownership across multiple geographically separated people, easily doable by giving control of the domain name to a shared contract. This would require lawyers in the current system!
If you mean that it'll become easy enough over time, that's an assumption I don't buy.
It was probably thousands of talented dev hours, who said it was easy?
Just curious are you at all familiar with smart contracts in general?
My understanding of smart contracts is that it's like a distributed virtual machine of consensus. A single program that runs on all the networked computers, all executing the same set of functions on the same set of data producing the same result. But it's slow and expensive, because it's "trustless", and it turns out that trust is very valuable and embedded in our traditional methods, and people get scammed left and right because they think trustless means they don't need to trust, but that's a lie.