[HN Gopher] Crypto exchange BitMart confirms hack resulting in l...
___________________________________________________________________
Crypto exchange BitMart confirms hack resulting in loss of $150M
Author : prostoalex
Score : 199 points
Date : 2021-12-05 18:00 UTC (5 hours ago)
(HTM) web link (www.theblockcrypto.com)
(TXT) w3m dump (www.theblockcrypto.com)
| okareaman wrote:
| "People complain about the weather but nobody does anything about
| it" ~ anon
|
| "It rained in Seattle today and in other news a crypto exchange
| was compromised for hundreds of millions of dollars"
|
| It's weird how this keeps happening and a lot of people shrug
| their shoulders and move on. I don't buy that we're still in the
| wild west phase of crypto. We've had enough time to figure this
| out. If I was conspiratorial minded I'd think it was an
| intentional weakness built into the system.
| dcow wrote:
| A BlockChain is like giving people ACH access. It's insane to
| think that people are ever going to be competent and experienced
| enough to run their own bank. Society needs banks and
| regulations. This can all happen at layer-2 on top of an
| auditable and objective root chain. There's a very clear analogy
| where everyday people interface with Eltoo "banks" existing (and
| regulated) on-chain providing convenient "traditional" banking
| services. That's where this is all going. Crypto anarchy is a
| farce; don't fall for it.
| duxup wrote:
| Bitcoin is a great lesson on why things are the way they are.
|
| It's not just evil banker man rules, there's reasons.
| sterlind wrote:
| it's kind of beautiful that way though. fools and their money
| are soon parted, while others learn and do things the right
| way. it's like making banking accessible to hobbyists.
| dcow wrote:
| Yes but there's also real value in developing better
| technology and encoding transparency and accountability into
| our financial and social systems. Evil banker men and corrupt
| authorities _do_ exist and people rightfully want to
| rebalance the power distribution to mitigate the damage
| manipulative people can do.
| acdha wrote:
| The question is whether any of the cryptocurrency companies
| are actually able to deliver that. Traditional MLMs always
| claimed to be doing something noble like being healthier or
| democratizing real-estate, too, and the cryptocurrency
| pitches notably revolve around people selling things which
| they know cannot solve the stated problem but promise that
| they'll figure out how to built a viable system after you
| buy in and make them rich first.
| duxup wrote:
| I wouldn't be surprised to find that if given the choice
| any given crypto company would gladly become "the man"
| they would seem to be fighting against.
| acdha wrote:
| I feel like an awful lot of the market could be summed up
| as "Wouldn't it be great if <ordinary activity> had
| microtransactions like a pay-to-win mobile game?"
| throwaway248329 wrote:
| 99% of all crypto companies are scams looking pump the
| price and sell their premine.
|
| Bitcoin is the only crypto that matters.
| bradwood wrote:
| and there is no Bitcoin "company"
| boh wrote:
| I love how crypto is somehow morally superior bcs
| "technology". Somehow crypto enthusiasts can explain away
| the opportunist cesspool that surrounds crypto as isolated
| anomalies, while making corruption a characteristic
| exclusive to existing institutions.
| rglullis wrote:
| Who said anything about morally superior?
|
| There is no morals in regard to the technology. The tech
| itself has no morals, it is the people that use the tech
| for good or evil.
| lottin wrote:
| Not really, "evil" bankers are held accountable by the
| judiciary and regulators. If anything crypto-currencies
| hamper the ability of those authorities to hold them
| accountable, so they make things worse in that respect, not
| better.
| bradwood wrote:
| > ..."evil" bankers are held accountable by the judiciary
| and regulators
|
| ...by the judiciary and regulators only so far as the
| (imperfect) legislation of the day allows.
|
| You are forgetting the unelected central bankers who
| knowing refer to inflation as "transitory" when they
| know, and we know, it isn't.
|
| You are forgetting the guys who decide to print 40% more
| US Dollars in 18 months without giving the electorate an
| opportunity to weigh in on this drastic decision.
|
| These central bankers are the so-called "evil bankers" --
| the Wall St types just want to make money and while that
| might be greedy, at least they're honest about it.
| Bombthecat wrote:
| Tether is the next fucked example, they print money.. Out of
| thin air! No audit, nothing. They say they bake it with
| collateral. But some people think it's either nothing or they
| print tether to buy bitcoin. Either way. Its fucked.
| Vadoff wrote:
| Bitcoin is just a currency, there's nothing stopping
| traditional banks/institutions from using it or allowing
| customers to trade/keep it.
| colechristensen wrote:
| ACH is reversible for 30 days IIRC, though technically forever
| through court orders. Checks are essentially giving everyday
| people ACH access.
|
| You're right and I've said it before, the only place crypto is
| going is going to be boring and indistinguishable besides minor
| details from traditional services.
| wmf wrote:
| The banks are the ones getting hacked.
| dcow wrote:
| Yeah I'm including crypto banks in the set of things that
| need regulating. People rob banks, for sure. There should
| probably be op-sec regulations and e.g. on-chain multi-sig
| requirements for transactions out of the bank accounts and
| ability to revoke etc. Bank rolls up its L2 day-to-day into a
| smart contract address type of stuff.
| papito wrote:
| It's almost like in the past the world did not have anyone who
| had the capability to print their own money, until the world
| said "this is madness, we need to put structure to this".
| dcow wrote:
| You can't print gold. ...
| lottin wrote:
| During the gold standard central banks would engage in
| sterilising operations to prevent large fluctuations in the
| money supply, which was the equivalent of open market
| operations in modern central banking (what some people call
| "printing money")
| bradwood wrote:
| You can't print bitcoin, but you can mine more gold.
| dragontamer wrote:
| But you can go to 'India', conquer the Aztecs, steal all
| their gold and silver, and depress the European gold
| economy for the next century.
|
| -----
|
| You can also subtly alter the composition of your gold and
| silver coins to leverage your reputation and squeeze more
| money out of your gold reserves.
|
| Turns out that most people don't have a habit of checking
| the density of gold coins. As long as they weigh the same,
| you can trick the scales.
|
| 500 years ago, they'd mix cheaper metals into their coins.
| Today, we'd just use tungsten, which has very similar
| density to gold.
| dcow wrote:
| You can do the first thing with a chain coin but I don't
| think you can do the second.
| dragontamer wrote:
| For Blockchain, you just invent a new coin (DOGE, Shibu,
| whatever). Every new Blockchain is a new group of people
| printing a trillion / quadrillion crypto tokens and
| throwing into the market.
|
| As long as cryptofans buy up new coins or NFTs, you can
| keep printing new tokens.
| Vadoff wrote:
| Holds true as long as "cryptofans buy up new coins". But
| eventually, they won't. For these types of get-rich-quick
| gamblers, they usually shift their money around to the
| next thing, but an equal amount of them lose their money
| as well.
|
| Those that invest in Bitcoin tend to be more
| conservative, and are more willing to hold their coins
| and use it as a long term investment/store of value. They
| aren't easily convinced a new coin can replace Bitcoin
| either.
| lowkey wrote:
| "A fool and his money are soon parted"
|
| Fool's gold has always been a thing. Similarly, there
| will always be some who cannot distinguish between
| Bitcoin and the latest dog coin. Few Bitcoiners are
| selling Bitcoin to buy NFTs or altcoins.
| rglullis wrote:
| What are they selling it for?
| joering2 wrote:
| Well, technically you can. You can "print" gold by using
| other elements with _simply_ changing number of protons to
| match 79. I believe this has been done already, if my
| memory serves me right reading some article years ago. Its
| just that the cost of doing so even on small scale
| overweight the cost of the resulting gold, even if the
| price would be of a 10-fold what it is today.
|
| tldr: its possible, just not worth it.
| dcow wrote:
| Ha, yeah technically you can grind the chain too, but it
| requires unreasonable amounts of resources.
| hutrdvnj wrote:
| But it's interesting, because it sets an upper limit for
| the gold price.
| reginold wrote:
| Yes very interesting. Gold was originally formed within
| supernovae, which is a sure sign that our planet is
| formed from molecules that have been through at least one
| or two supernovae already. Another fund gold fact, the
| reason gold appears in "veins" is that it's actually big
| blobs, but over time water runs through the blob,
| dragging along little bits of dust with it down the same
| channel. Those little bits of dust build up and become
| veins of gold.
| p2p_astroturf wrote:
| Uh no, this is (one reason) why you want to use a (well
| written) decentralized exchange.
|
| >is like giving people ACH access
|
| I use ACH, I know nothing about it, and I'm sure I can lose all
| my money from using it wrong, as banks love systems that are
| impossible to operate securely. I don't have this problem with
| bitcoin, and never will.
|
| As for the tech side, you know nothing. The bugs are simply
| because of the demographics behind decentralized tech:
|
| - Before snowden: script kiddies, slightly educated hobbyists
|
| - After snowden: all kinds of idiots
|
| > Crypto Anarchy is a farce
|
| Your post is a farce. Wanting basic control over your own money
| (and removing horrible bank insecurity and UX as a side effect)
| is not anarchy or anything remotely resembling it. Your post
| only sounds reasonable from the perspective of $current_world
| which is basically hyperstatist, people are literally afraid to
| have sex and cross the street without government approval.
| ben_jones wrote:
| What are some examples of well-written _decentralized_
| exchanges?
| diveanon wrote:
| Uniswap, pancakeswap, 1inch, apeswap, sushiswap,
| traderjoes, Crono, quickswap, paraswap and those are just
| off the top of my head.
|
| All of these projects have hundreds of million to billions
| in tvl and have been running fine for years.
|
| Dexes are the backbone of the defi community and share very
| little in common with centralized exchanges.
| rglullis wrote:
| Uniswap (v2) has simple contracts, has been audited
| multiple times, holds billions of USD and it has not faced
| any kind of systemic attack. The only issue that I can
| think of is that pools with low liquidity can suffer from
| front-running.
|
| Even the fees are not a "problem", if you consider that
| there are already roll ups (loopring, zkswap) that run
| pretty much the same version of those contracts and cost
| fractions of a penny.
| reginold wrote:
| Curious to hear more about this as well. How is Uniswap?
| dvt wrote:
| > It's insane to think that people are ever going to be
| competent and experienced enough to run their own bank.
|
| It's also insane to think people are competent enough to vote
| (this was a real argument in the 1700s), and yet here we are.
| Also insane to think they're competent enough to use guns, or
| drive cars, or whatever.
|
| I think that, throughout human history, the pattern here is
| that we'd rather prefer the tyranny of the masses as opposed to
| the tyranny of the aristocracy. That's why I think crypto is
| here to stay. It will be pseudo-regulated, but if DraftKings
| and Eaze/WeedMaps is any indication (who would've thought, just
| 15 years ago, that sports betting or marijuana would be legal
| in _most_ US states?), people will have access to these risky
| financial instruments.
| echelon wrote:
| This libertarian argument is somewhat disingenuous. It hides
| the fact that the whales stand to benefit tremendously. The
| peons will still be peons.
|
| You're asking for us to vote you into power, and so far all
| of the evidence says this is a bad thing. Power consumption,
| no restitution for hacks, pump and dump driving insane swings
| and pyramid scheme behavior, the emergence of ransomware, NFT
| artificial scarcity.
|
| KYC and AML are good. Regulations are good. The cowboy wild
| west without these protections is a nightmare that will lead
| to increased lawlessness, hacks, and thefts that will harm
| the poorest among us.
|
| I don't want the thought leaders in crypto being in charge.
| They've already shown what bad stewards they are by
| downplaying all of these points and continuing to ignore the
| problems. They're focusing on what they can gain rather than
| what others are losing.
| dvt wrote:
| > This libertarian argument is somewhat disingenuous.
|
| I'm not really making any argument; in fact, I'm probably
| leaning towards the "philosopher king" ideal rather than
| the masses running the show (I mean, just look at how much
| of a societal disaster social media has been), but it seems
| to be where we're headed.
| [deleted]
| rglullis wrote:
| > It's insane to think that people are ever going to be
| competent and experienced enough to run their own bank.
|
| Not what happened here. A centralized exchange is the exact
| opposite of "running your own bank".
|
| > Society needs banks and regulations.
|
| Agreed about the principle, but I can bet we disagree about the
| scale. A lot of the problems in the past financial crisis are
| due to banks being "too big to fail" and regulatory capture
| that makes it basically impossible for small-scale banks to be
| sustainable. Open Banking and the fintechs that are cropping up
| are all based on the same idea of "winner-takes-all" dynamics
| that has been the bane of Big Tech.
|
| > Crypto anarchy is a farce; don't fall for it.
|
| You are absolutely right. Just like goldbugs, there is this
| special type of crypto enthusiast that believes that their
| "money" will be of any use in an apocalyptic world, and simply
| forget that a world with failed institutions they will probably
| not even have internet, and even if they did they will lose
| pretty quickly to rubber-hose "hackers" than anything.
|
| But crypto _can_ be used as a hedge for the many dysfunctional
| institutions that we have today, and it _can_ be a response to
| this hyper-globalized world that we live in. It 's barely a
| paragraph on my description of Hub20 [0], but one of the
| reasons that I am working on it is that I hope that it can be
| used as a community-oriented bank, where each group of people
| can define how to operate it and how to manage the funds. I
| hope to make it something that can be a middle ground between
| the "welcome to the jungle" and the "resistance is futile"
| mindsets that seem to polarize the crypto-debate.
|
| [0] https://hub20.io/about
| boh wrote:
| The comments defending crypto seem to all anchor on the
| argument on what crypto "can" be. Anything "can" be anything.
| Maybe it is what it is and it has to be something totally
| different to be different.
| rglullis wrote:
| The "can" is not hypothetical. There are plenty of times
| and people who have used crypto as a way to get around
| dysfunctional institutions. It's just that those stories
| get drown-out by the ones looking for a quick way to be
| rich, the scammers and all the chaos that always come with
| any new technology.
| boh wrote:
| Edge cases don't make much of an argument.
| celticninja wrote:
| They tend to be edge case for HN users. That is, male,
| educated, well off/affluent and living in a first world
| country. All the benefits of cryptocurrency are already
| available in their privileged position and they cannot
| understand that others do not have the same
| options/access to financial instruments.
| rglullis wrote:
| One trip to Argentina is all it takes for someone to get
| crypto.
| [deleted]
| rglullis wrote:
| They are not edge cases for the people who use it out of
| need.
| [deleted]
| [deleted]
| Vadoff wrote:
| Bitcoin already acts as a hedge against inflation, since
| its supply is relatively fixed (90% of all the maximum
| supply of Bitcoin has been mined).
| rglullis wrote:
| Taleb would like to have a word with you.
|
| (Or probably not, he would just call you a Bitidiot for
| parroting this argument and block you on Twitter)
| birdyrooster wrote:
| More than a hedge against dysfunctional institutions, it
| hastens the downfall of those institutions by removing their
| leverage. Imagine if the US government had to collect more
| taxes and police the blockchains to enforce it instead of
| just printing money, it would push them to the brink. Grab
| your popcorn. Crypto is a self fulfilling prophecy of
| government failure.
| reginold wrote:
| Hmm curious to hear more about this, do you have any
| examples?
| rglullis wrote:
| El Salvador? How else would you explain an authoritarian
| leader of a narco-sponsored state and paramilitary groups
| being so interested in promoting Bitcoin?
| NicoJuicy wrote:
| Crypto doesn't fix the failed state.
|
| There are a lot more problems there then: "bought the
| dip" lol
| rglullis wrote:
| Evolution does not work by "fixing" anything, just by
| removing what is not suitable for the environment.
|
| Crypto is not going to "fix" anything. Crypto is just an
| alternative for those who live on places that the
| institutions are broken, and the more the institutions
| are broken the more compelling crypto will become.
| dcow wrote:
| I think we 100% agree. Thanks for elaborating. I am including
| banks/exchanges in the set of things that need regulation. I
| understand the way I worded my comment implies retail did
| something wrong, that was not the intention. I was more tying
| to highlight that this stuff is important and there's a
| reason people lean on 3rd party entities to help them manage
| and trade their assets--it's too complex to do alone for
| most. So we're gonna need L2 institutions that handle large
| amounts of consumer assets and so we're going to need to
| impose regulatory requirements surrounding e.g. key storage
| and access. Deploy root-chain-enforced multi-signature
| requirements, perhaps entertain transaction revocation for
| sufficiently large sums, etc.
| rglullis wrote:
| > so we're going to need to impose regulatory requirements
| surrounding e.g. key storage and access
|
| This is the part that I said I knew I'd disagree about
| scale. ;)
|
| Instead of hoping for any kind of "imposed" solution, I'd
| rather prefer a myriad of different providers and wait to
| see what patterns emerge and what becomes the best
| practices. Bottom-up, evolutionary approaches always beat
| top-down designs in the long run.
| saurik wrote:
| > A centralized exchange is the exact opposite of "running
| your own bank".
|
| I assume the argument is that if a large company with this
| much money on the line can't figure out how to securely run a
| bank, how would I be able to?
|
| I disagree with that argument, though, as I think it is in
| fact the large amount of money on the line managed by a large
| number of people that makes running an exchange difficult.
| [deleted]
| jernejzen wrote:
| Hello world from the first world
| hartator wrote:
| The main issue in third world countries is always corruption.
| jernejzen wrote:
| so 95% people in 3rd world countries are corrupted?
| hartator wrote:
| 100% lives in a corrupt state, mafia, or militia.
| voakbasda wrote:
| Corruption is a huge first world issue too.
| Ensorceled wrote:
| In the first world, it's always called a "lapse in
| judgment" ...
| Tarsul wrote:
| in UK politics it's called "sleaze" but that's a fair bit
| better than "lobbyism" in the US.
| anonnyj wrote:
| I like the option to be my own bank. It's a little insane for
| everyone to just hand all power over to The Citadel just
| because it's easier.
| pictur wrote:
| Absolutely I agree. People will always be stupid and stupid.
| controlweather wrote:
| This guys butt hurt because he's a bank retail employee with no
| ability to see where the world is heading next. You're an
| idiot!
| gibbonsrcool wrote:
| Is it possible to move bitcoin between wallets through tumbling
| or other means so as to make it impossible to trace back to the
| original wallet? If not with bitcoin alone, would it be possible
| going through other coins as intermediates or even ending up in
| another cryptocurrency so long as the trail was impossible to
| follow?
| throwaway248329 wrote:
| Yes. See https://wasabiwallet.io/
| gibbonsrcool wrote:
| Thanks!
| ronsor wrote:
| The great thing about crypto exchanges (and other sites that hold
| crypto for you) is that they're self-paying bug bounties.
| Ansil849 wrote:
| > The great thing about crypto exchanges (and other sites that
| hold crypto for you) is that they're self-paying bug bounties.
|
| That's a pretty crass and glib statement. So are home
| burglaries, I guess? Or, really, any kind of crime regarding
| the stealing of funds or valuables?
|
| You're basically saying 'if you find a 'bug' that lets you get
| money, then it's a self-paying bug bounty.'
|
| So, snatching someone's purse while they're in the toilet--
| boom, instant self-paying bug bounty.
| eatYourFood wrote:
| Do you even know what a joke is?
| Ansil849 wrote:
| Do you know what insensitivity is? Would you make the same
| joke about any of the other examples I mentioned?
| dmingod666 wrote:
| If explicitly people want to be independent of the
| regulated financial sector and sign-up to take these
| risks you cannot claim "oh, I've been wronged, pity me"
| -- sure they deserve justice, but this happening to them
| is part of the risk reward of working with crypto..
| folli wrote:
| I'd wager that you shouldn't put any money you can't
| afford to lose into crypto, so your other examples are
| not really comparable.
| Ansil849 wrote:
| > I'd wager that you shouldn't put any money you can't
| afford to lose into crypto
|
| Again, you can just as easily say: I'd wager you
| shouldn't put any money you can't afford to lose into
| your wallet or purse.
|
| You're just doing transparent victim-blaming right now.
| If someone gets robbed, it is not their fault.
| eatYourFood wrote:
| Silly wager. Crypto is a wild punt, your wallet is not.
|
| Calm down son, your emotions are getting the better of
| you.
| Ansil849 wrote:
| It doesn't matter if they're being robbed of cash in
| their wallet or magic beans in their e-wallet. What
| matters is the action, and making light of it.
| eatYourFood wrote:
| No I wouldn't because they aren't topical to a website
| devoted to talking about dev and tech. It's a joke,
| sensitivity isn't always a priority, you don't have to
| like it.
| humaniania wrote:
| Except these people can create their own bugs and rob their own
| clients and call it a hack and nobody can do anything about it
| because they're off shore and unregulated. You'd have to be
| pretty dense to put any money on the unregulated exchanges.
| Vadoff wrote:
| Yeah, what's the motivation for so many people going to these
| unregulated exchanges when there's so many regulated ones (or
| at least larger ones, I've never even heard of BitMart)?
|
| Is it to trade coins/tokens that aren't normally listed?
| [deleted]
| arcticbull wrote:
| At least in the US, exchanges aren't really regulated. Not
| as broker-dealers, anyways, in the same way a Fidelity or
| Schwab is regulated. They're regulated as money services
| businesses and money transmitters, a much weaker form of
| regulation designed explicitly to work around the "onerous"
| regulations in the rest of the system.
| hawk_ wrote:
| Unless it's an inside job going high up.
| foobiekr wrote:
| Insider threat is a part of security considerations.
| 0xb0565e486 wrote:
| Anything that holds value is a self-paying bug bounty.
| JumpCrisscross wrote:
| > _Anything that holds value is a self-paying bug bounty_
|
| Most valuables have means for recourse. Crypto's pitch is
| that it circumvents these mechanisms.
| kkjjkgjjgg wrote:
| My stolen bicycles would like to have a word.
| [deleted]
| repomies69 wrote:
| I think hacking about any service will provide valuable
| data, which can be sold at darknet marketplaces. I read
| somewhere that there is a marketplace just for hacked
| server credentials as well.
| gruez wrote:
| >Most valuables have means for recourse
|
| Most _valuables_? I think most _financial assets_ have
| means for recourse, but if your gold bars /jewellery gets
| stolen, it's as good as gone.
| JumpCrisscross wrote:
| > _if your gold bars /jewellery gets stolen, it's as good
| as gone_
|
| Which is why society stopped storing meaningful
| quantities of value in gold generations ago.
| toomanydoubts wrote:
| No. That's why we created banks to store this gold. The
| reason we moved to paper and digital currencies was so
| governments and banks could create money out of thin air.
| tshaddox wrote:
| Surely there is _more_ value stored in gold now than
| generations ago, right?
| canjobear wrote:
| On the list of reasons for why we switched away from the
| gold standard and gold coinage, this is probably not even
| in the top 10.
| dmingod666 wrote:
| Vast quantities of gold hold value still in the same way
| as before, only that it's done by very large
| organisations. This too is a western phenomenon. Indian
| Households currently own 25,000 tons of gold( one of the
| largest reserves anywhere) - China isn't too far behind
| AFAIR.
| humaniania wrote:
| That's because those countries have the largest
| populations of new money rubes to sucker into buying
| shiny objects.
| dmingod666 wrote:
| Oh, the contemptuous disdain dripping in this comment..
| somehow feels like the early 1900s pride of the British
| Empire.. just sounds very awful tbh.
| midasuni wrote:
| One of the reasons. The ability to exchange cheaply and
| quickly is another reason, di visibility another one
| ryanlol wrote:
| What means for recourse do most financial assets have? If
| a business falls victim to a BEC scheme that money is
| gone and nobody will reimburse them.
|
| If you as an individual fall for a craigslist scam, your
| money is gone.
| cinntaile wrote:
| This only makes sense for smart contract run exchanges where
| the code, in theory, is always right. Otherwise this is no
| different from any other financial hack.
| ronsor wrote:
| Oh, but it is, because with crypto you can simply drain the
| wallets anonymously. If you hack a regular bank and try to
| transfer the money to your accounts, you'll get caught and
| jailed ridiculously fast.
| ryanlol wrote:
| Maybe you should try to learn about how these schemes work
| before making such statements?
|
| According to the FBI, BEC fraudsters took $1.8 billion in
| 2020 by stealing wire transfers from businesses into their
| own accounts https://www.ic3.gov/Media/PDF/AnnualReport/202
| 0_IC3Report.pd...
| brarsanmol wrote:
| I'm a relative newcomer to the crypto-space so please
| forgive me for any errors.
|
| I see the point you are attempting to make but the number
| is rather useless, in the past week hackers took 20% of
| what was stolen by BEC in a year. And skimming through
| the report you sent it seems like there is a program to
| recover said funds that have been lost and it has an 82%
| success-rate.
| ryanlol wrote:
| The $1.8B only represents US losses known and properly
| classified by the FBI, the real number for global losses
| will be _much_ higher.
| brarsanmol wrote:
| Agreed, but that is simply cause-and-effect by virtue of
| the majority of the world using the current global
| financial system rather than crypto and many more hackers
| are targeting said folk.
|
| Either way two wrong's don't make a right, there will be
| losses in both systems but I would argue that storing
| your money with a unregulated crypto-firm would be more
| dangerous than with a modern-day bank.
|
| I think the main gripe that many people have including
| myself with crypto is that it doesn't even have the
| proper consumer protections so that a decent/strong
| chance of recovery is possible.
|
| This trend of massive amounts of crypto currency being
| stolen is not even a relatively recent one, see Gerald
| Cotten's (Quadriga) death in 2019 which resulted in $150
| million in assets going missing with no chance of
| recovery.
|
| This reply has been a little-bit scatter-brainish, so my
| apologies for that.
| duxup wrote:
| I wonder if a completely Wild West really makes for better
| security... doesn't seem like it so far.
|
| Probably a good lesson in there about incentives and
| consequences maybe not always going where you might think.
| monkeybutton wrote:
| The invisible hand of the free market is in your back pocket
| lifting your wallet.
| kgin wrote:
| Immutable ledger means nobody can fix things like this
| raesene9 wrote:
| meh, there have been multiple occasions where either rollbacks
| have happened (maker DAO https://levelup.gitconnected.com/how-
| ethereum-reversed-a-50-...)
|
| or exchanges have frozen stolen coins.
| eatYourFood wrote:
| That's not what 'immutable ledger' means. An equally weighted
| credit can balance out a debit on an immutable ledger. I think
| ledgers are generally supposed to be immutable.
| jen729w wrote:
| Indeed. One corrects a mistake, one does not go back and
| erase it.
|
| https://www.cliffsnotes.com/study-
| guides/accounting/accounti...
| erik_landerholm wrote:
| It's amazing to me anyone uses crypto. If banks or exchanges were
| this bad at holding on to your money, no one would use
| them...ever.
| Vadoff wrote:
| This is a random small exchange that I've never heard of. I
| don't think a popular exchange hasn't been hacked for years
| now.
| twright wrote:
| What I've been curious about this week along with the $120
| million badger DAO hack is what does one then do with these
| hundreds of millions? Do you launder it through NFT's, divide it
| between dozens of wallets and dump it on some other exchange? If
| you do end up selling it can you expect legal troubles beyond
| taxes (e.g. the original wallet holders press charges)?
| Asparagirl wrote:
| Some amount of the "hot money" -- maybe not millions, that's
| too unwieldy, but a good amount -- can be used to purchase
| closed-loop gift cards, on websites that allow purchase with
| BTC. If those cards are from major retailers like Target or
| Amazon or Walmart, the cards can be used to buy merchandise
| which is in demand and holds its value well, most likely
| electronics, which can then be sold on eBay or through Buyers'
| Clubs for most of their retail price. But that's a lot of work
| and a lot of inventory to manage, so it's more likely the gift
| cards would then be sold for about 70-80% of their face value,
| usually on a site like Raise.com or GiftCardGranny or similar,
| or even at the automated kiosks that are starting to be
| available in some chain stores, with the laundered funds being
| delivered by ACH a few weeks later.
| [deleted]
| Tenoke wrote:
| It depends. There's plenty of hacked funds that are blacklisted
| and useless. Otherwise you typically go through a tumbler, and
| then use ineficent methods to cash out like buying gold bars at
| markup, selling for cheap to associates who will use services
| like localbitcoins/localmonero/giftcard buying. If you do get
| caught you can definitely expect legal troubles though.
| dabeeeenster wrote:
| Could you trade it for Monero, move it around in monero
| wallets, then trade out of Monero into ether and then fiat?
| joenathanone wrote:
| This is how banking regulations happened, once enough people lost
| their money, the law had to step in.
| agumonkey wrote:
| financial independence means not using money
| throw_m239339 wrote:
| > This is how banking regulations happened, once enough people
| lost their money, the law had to step in.
|
| Technically crypto corporations are already regulated the same
| way banks and financial businesses are. It's just that most of
| these exchanges exist outside US jurisdiction, and will often
| not accept US customers.
| raesene9 wrote:
| Well they'll pinkie swear they don't take US customers,
| whilst ignoring VPNs and other mechanisms of appearing not to
| be in the USA, at least...
| papito wrote:
| There was an article in the NYT literally a few days ago
| about how Kyiv, Ukraine has become an absolute unregulated
| wild west of crypto.
| kkjjkgjjgg wrote:
| What kind of regulation would help, exactly?
| raesene9 wrote:
| So one example, in the UK if my bank goes bust then up to
| PS75k I get my money back. This is funded by a levy on all
| the banks.
| kkjjkgjjgg wrote:
| OK but so far most countries don't have that many crypto
| exchanges.
| raesene9 wrote:
| Ok another one. In the UK we have a Financial services
| ombudsman https://www.financial-ombudsman.org.uk/ which
| can mediate in any dispute a customer has with a bank.
|
| So if a bank takes funds or won't release funds, there's
| a route you can use to get that back. One look at the
| sub-reddits for most crypto exchanges will show quite a
| few posts from people who can't get withdrawals and the
| exchanges are just stonewalling them.
| Ansil849 wrote:
| Penalties for insufficient security controls, for starters.
| logicalmonster wrote:
| What exactly is "sufficient security controls"? This is the
| type of thing that sounds good on the surface, but becomes
| nightmarish when you start to think about how it might work
| in practice.
|
| Experts disagree on how to do security. For instance,
| there's still some people who insist that complex password
| rules are a genius idea that makes the world far safer, yet
| they're unambiguously bad for security because they
| knowingly decrease the number of possible password
| combinations.
|
| Whose idea of best practices wins? I'd hate that the
| decision now becomes a dictate by some bureaucracy that
| likely barely knows what the hell is going on.
| Ansil849 wrote:
| You're acting like there are no established security
| controls for financial institutions. There are.
| logicalmonster wrote:
| Maybe so.
|
| But my bank still does 2 Factor Authentication only
| through SMS and doesn't even offer some kind of
| Authentication App as an option.
|
| Additionally they have strict password rules in place, a
| basically broken password reset form, and a comically
| short maximum password limit.
|
| Color me not impressed with whatever rules do exist.
| Daishiman wrote:
| User-facing security is just the tip of the iceberg for
| bank security, and IMO one of the less important factors.
|
| You have regulations like CPI on how to store credit card
| credentials, transaction history, and audit logging.
|
| You have regulations on physical access and who's allowes
| to touch production.
|
| There's enormous amounts of regulation on auditing and
| software that's permitted to generate bank transactions.
|
| Having worked in the space I am definitely impressed;
| it's taken very seriously, there are real, concrete
| consequences for not taking is seriously, and you
| generally don't see retail banks failing because someone
| messed around with ACH transactions, for example.
| lanstin wrote:
| Yet they seem to prevent banks from having all their
| stored value exfiltrated. of all my worries about my
| credit union, them having all their money shipped of to
| an anonymous crypto wallet obfuscator is not one. I can
| manage the risks of systems i interact with directly, but
| some non zero chance of the assets disappearing i cannot
| manage
| Ansil849 wrote:
| It's not "maybe so", it's a matter of fact.
|
| And we're not talking about outdated user-facing login
| authentication procedures, we're talking about securing
| the back-end.
|
| When is the last time your bank had $150 million stolen?
| logicalmonster wrote:
| I don't know how my bank implements their backend. Based
| on the parts I can see that I mentioned, I'm not very
| impressed with their interpretation of best practices.
|
| That's a good question. I don't know how often banks get
| robbed of cash due to digital intrusions. I have gotten
| credit card info stolen before and that happens with many
| people, so maybe errors in the banking system more
| commonly take the form of lots of small fraud rather than
| a few big events.
| Daishiman wrote:
| So if you don't know, how can you be unimpressed?
| logicalmonster wrote:
| As I said, I don't have proof about parts I can't see and
| never claimed so. But the parts I can see are IMO bad, so
| it's reasonable to be skeptical about the parts I can't
| see.
|
| Also, I haven't worked with my actual bank, but I've done
| multiple bits of consulting in the past on some other
| national bank's technology, and my time there was such a
| disorganized mess that I have to doubt the quality of all
| of their systems and practices.
| logicalmonster wrote:
| Also as an additional followup comment, the legal
| structure surrounding banks probably impacts how digital
| robberies are targeted as well.
|
| A cyber-criminal organization who wants to rob some big
| player like Goldman Sachs, BlackRock, or Citibank of 9+
| figures probably knows that they're going to have a devil
| of a time getting away with any big-time theft. The US
| government is actually going to go after anybody who
| tries to pull money out of big banks accounts to the
| point that they might even be willing to go to war in the
| right circumstance. If you're a cyber criminal, even if
| you could hack into some big bank systems and force a
| transfer, how would you get away with the cash in most
| cases? If they really target you with their full weight,
| you're probably completely screwed.
|
| In comparison, random Crypto Financial Agents are on many
| power-players "Naughty List". Depending on the exact
| circumstances of some crypto-robbery, the full weight of
| the US Government probably isn't going to be deployed
| against some cyber criminal organization who manages to
| take out a crypto firm's assets in the same way that they
| would if you targeted the existing banks. So maybe
| relatively more cyber attacks happen against crypto than
| other types of assets because it's known as a safer
| target. (I have no clue, this is just a reasonable
| hypothesis to me)
| jl2718 wrote:
| My concern is that "the law" is incompetent in this domain.
| jspaetzel wrote:
| The concern should be about how "the law" can't be applied
| here
| rco8786 wrote:
| By what measure??
| thehappypm wrote:
| And possibly incompatible.
| toomuchtodo wrote:
| That's sort of humorous that the law is the problem after $10
| billion+ has been lost to crypto theft and fraud. Maybe the
| tech is the problem?
|
| "Maybe I'm out of touch with the rest of the developed world?
| Impossible, it's everyone else demanding the enforcement of
| laws and regulations around value transfer, storage, and
| ownership who are the problem." (Not you personally, crypto
| folks in general)
| vmception wrote:
| Then its not lost and isn't a problem, to the current
| owners.
|
| The prior owners were hodling it wrong.
| toomuchtodo wrote:
| That's not how common and property law work, and the
| enforcement of the law is catching up. I think that's the
| real problem crypto proponents have; that the law is
| recognizing digital assets as assets, and the property
| rights that go along with that.
|
| Tangentially, I support my tax dollars being spent
| pursuing these threat actors for as long as it takes,
| with sentencing guidelines in line with the value stolen.
| vmception wrote:
| Common and property law rely on locating the assets and
| the owner and then establishing jurisdiction to sanction
| and recover the assets.
|
| Decade old best practices for using crypto assets
| circumvents all of this. Ignoring the best practices
| leads to the assets being seized in the first place as
| well as persecution of the thief.
|
| Using the best practices prevents seizure from an
| independent private thief or the state actor thief, so
| you see its not even _about_ the government and its
| inflated sense of relevance.
| [deleted]
| [deleted]
| vmception wrote:
| I would support my tax dollars being spent on
| standardized smart contract development and standardized
| authentication and custodial relationships, analogous to
| the IETF which started out with US federal government
| funding and laid the frameworks for internet usefulness.
| Daishiman wrote:
| There's nothing in contract law preventing parties to
| agree on the automated execution of software when certain
| criteria are met.
|
| It's just that it doesn't trump contract law and it's not
| generally a barrier for implementing contracts digitally.
| wincy wrote:
| So for $800 they go to prison for 3 years, and for
| anything over $50,000,000 they get a commuted sentence
| and parole? That's generally how it works in the US legal
| system.
| toomuchtodo wrote:
| This person below stole $1.6 million in PPP loans and is
| going to jail for 9 years. The system can and does work,
| although outliers can be unfortunate. Overall, arguably,
| the US justice system functions and rule of law is needed
| for a functioning society.
|
| https://www.mercurynews.com/2021/11/30/houston-man-spent-
| ppp...
| voakbasda wrote:
| I wish this was more of a joke, but this is exactly how
| the US "justice" system works. You must buy your freedom,
| or you will suffer a disproportionate and unjust
| sentence. Remember, they are not courts of "truth" and
| "justice"; they are Courts of Law.
| joenathanone wrote:
| The law isn't perfect but we aren't seeing banks getting
| robbed or hacked and people losing their money, also I'm sure
| all the people with money in that exchange would be loving
| from FDIC insurance right now, sure it's only $100k but a
| whole lot better than nothing.
| Tenoke wrote:
| We aren't seeing banks being hacked and people losing
| money? Sorry, what?
|
| Here is one comparable hack[0] I remember which followed
| another series of SWIFT hacks. Further, people lose money
| all the time to more minor exploits that target just
| specific accounts, credit cards are always sold (less of a
| fault of the banks directly but tied to how the system is
| set up), Robinhood had a data breach recently, etc.
|
| >also I'm sure all the people with money in that exchange
| would be loving from FDIC insurance right now
|
| Plenty of big exchanges like Binance and Coinbase do have
| similar insurance and have made users whole after a
| hack[1]..
|
| 0. https://en.m.wikipedia.org/wiki/Bangladesh_Bank_robbery
|
| 1. https://www.wired.com/story/hack-binance-cryptocurrency-
| exch...
| roywiggins wrote:
| The Bangladesh hack would have been much worse if the Fed
| hadn't been custodian of much of the money: "The Federal
| Reserve Bank of New York blocked the remaining thirty
| transactions, amounting to US$850 million, due to
| suspicions raised by a misspelled instruction" and much
| of the other money was recovered: "All the money
| transferred to Sri Lanka has since been recovered.
| However, as of 2018 only around US$18 million of the
| US$81 million transferred to the Philippines has been
| recovered"
|
| Yeah, I wouldn't want to rely on the Federal Reserve Bank
| noticing a misspelled instruction before my billion
| dollars were released, but at least there's someone with
| a brain looking at the transfer before it happens!
| ryanlol wrote:
| From the BBC:
|
| >The RCBC bank branch in Manila to which the hackers
| tried to transfer $951m was in Jupiter Street. There are
| hundreds of banks in Manila that the hackers could have
| used, but they chose this one - and the decision cost
| them hundreds of millions of dollars.
|
| >"The transactions... were held up at the Fed because the
| address used in one of the orders included the word
| 'Jupiter', which is also the name of a sanctioned Iranian
| shipping vessel," says Carolyn Maloney.
|
| >Just the mention of the word "Jupiter" was enough to set
| alarm bells ringing in the Fed's automated computer
| systems. The payments were reviewed, and most were
| stopped. But not all. Five transactions, worth $101m,
| crossed this hurdle.
| throwaway1777 wrote:
| FDIC insurance is 250k now, but your point still stands.
| ryanlol wrote:
| But we are seeing banks getting hacked and losing huge
| amounts of money.
|
| Not to mention the billions lost to BEC schemes.
| teh_infallible wrote:
| Actually, banks do get robbed and hacked. Here is one
| example:
|
| https://www.reuters.com/article/us-cyber-heist-swift-
| special...
| agency wrote:
| Unlike the crypto exchanges, which are paragons of
| competence.
| gruez wrote:
| >which are paragons of competence.
|
| Yes, actually. If I had to trust one entity to safeguard
| something digital, I'd trust the security team at a major
| crypto exchange, than the police department at a major
| city. The problem isn't really that they're incompetent,
| it's that they're the juiciest targets.
| emerged wrote:
| Yea, the law should be programmed by random front end devs
| using house of card custom scripting engines instead.
| ceva wrote:
| Nothing new, it happen before and it will continue to happen in
| future.
| rodmena wrote:
| These hacks won't stop until people understand they don't need to
| / they mustn't keep their coins in an exchange. Single click
| trading looks pretty appealing to many, but that's not how things
| should work. The whole idea of transaction fee is a corrupted
| idea supported by cybercriminals turned into startups.
| Daishiman wrote:
| Keeping your wallet local is a gigantic PITA and most
| definitely something that only a minority of users want.
| lnxg33k1 wrote:
| I might be too sentimental (and left leaning) but I always love a
| story that ends with a company losing money
| Animats wrote:
| As usual, the trouble with cryptocurrency exchanges is that they
| mix multiple functions.
|
| * They're an exchange, matching orders.
|
| * They're a retail broker, taking orders from customers and
| holding funds.
|
| * They're a custody institution, holding both fiat and
| cryptocurrencies.
|
| * They're banks, lending to others and receiving interest, and
| borrowing from customers and receiving interest.
|
| * They're traders themselves, for their own account.
|
| Now, in the real world, all of those functions used to be done by
| separate companies. With "deregulation", there are banks which
| have brokerage, custody, and trading units, and they do get into
| trouble. Which is why those are all highly regulated industries
| with a lot of inspection, required disclosure, and insurance
| backup.
|
| You'd think the "decentralized finance" people would have figured
| out a way to separate those functions by now. But no.
| tcgv wrote:
| In fairness, BitMart is not "decentralized finance", it's a
| privately owned business that allows it's customers to trade
| crypto.
| disruptalot wrote:
| > You'd think the "decentralized finance" people would have
| figured out a way to separate those functions by now. But no.
|
| But yes. I'm not sure how you've heard the term "decentralised
| finance" but haven't heard of decentralised exchanges, both
| traditional Ethereum DEXs and more novel cross chain ones. They
| successfully separate out:
|
| - User funds by self custody
|
| - protocol rules that are publicly verifiable.
|
| - build/bring your own front end
|
| - market making- AMM, order relayers + others
|
| - lending and borrowing including the above stack in completely
| separate but composable protocols
| 1270018080 wrote:
| Decentralized finance is a pipe dream. If it were truly
| decentralized we would have individuals managing all of the
| responsibilities you listed. Fraud would be EVEN MORE common.
|
| I forgot where I read this, but someone said something like
| "Crypto advocates are learning in real time why finance/banks
| are centralized. They're playing out the history of finance
| reform at hyperspeed."
| Traster wrote:
| I've literally had people at prop trading firms gush about how
| crypto exchanges work - "You're the exchange so you literally
| know where everyone's stop losses are!", it's absurd you're the
| exchange but you're also the largest market maker, flash crash
| through a load of stop losses and pick up a tonne of coins at
| below market rate.
| mmastrac wrote:
| The joke that crypto is a libertarian speed-run to regulated
| banking is somewhat apt.
|
| (I do own some crypto)
| jspaetzel wrote:
| What does this mean?
|
| (Libertarian here asking)
| screye wrote:
| Libertarians often stand by the 'small govt' ideal, where the
| ideal size of a govt. is a set of the minimum and necessary
| regulations needed for basic functioning.
|
| Crypto started off with zero govt, and is speed running
| towards the same level of regulations that banks operate
| under. The implication is that libertarians usual complaint
| about overegulation in legacy systems may be misguided, and
| that legacy systems are adequately libertarian. Phrased
| another way, the seemingly crippling regulation in legacy
| financial systems might actually be the 'minimum' amount of
| regulations necessary to enable a financial system of the
| size we operate in today.
|
| A more charitable reading would be that during this speed
| run, we reach a much earlier and smaller set of regulations
| that are sufficient for functionality equal to todays legacy
| system. Crypto can simply 'stop' adding regulation at that
| point, and achieve the libertarians dream of a leaner and
| more effective regulatory body. To some degree, it will also
| accomplish some of original goals of Crypto pioneers of 'low
| regulation' finance.
| jspaetzel wrote:
| Oh I see. You're saying that crypto inverts the problem
| libertarians want to address with the financial system.
| Which is nifty!
|
| I think you might find libertarians would be split about
| this... In my case I'm against anything that would throw
| out the existing system to start over from scratch, I'd
| rather work from the existing system and tactically remove
| things when they can't be justified.
| jl6 wrote:
| I expect most libertarians have identified the direction
| in which they wish to move the needle and would be
| content with a gradual, conservative reform programme
| towards that direction - rather than overnight
| revolution.
| rewgs wrote:
| > libertarian speed-run to regulated banking
|
| Ha! This is perfectly put.
| wnevets wrote:
| crypto exchanges and getting hacked go together like chocolate
| and peanut butter.
| SpaceManNabs wrote:
| In other news, Ledger and Trezor sold a few more units today.
| max_ wrote:
| I remember back in the day (2010's) a hack would trigger gigantic
| price drop. It's good to know that this does not affect the price
| much now days.
| nine_zeros wrote:
| Hacks and scams are priced in. Jk but not really joking! This
| whole thing is utter madness.
| [deleted]
| myaccoun90 wrote:
| Or... people were selling like mad due to the 20% crypto drop and
| the exchange didn't actually have the tokens so they just closed
| shop and called it a hack.
|
| Is there any proof they continuously held those funds until the
| hack?
| tudorw wrote:
| only $150? netflix and chill
| joering2 wrote:
| They always felt shaky to me. First, I was never able to transfer
| from/to using Litecoin. Their system said "wrong wallet format".
| Tech support never replied (its been probably close to a year
| now).
|
| It also shocked me when I wanted to remove 2FA (Google Auth). It
| was just not worth it considering small amount I kept. So since
| you cannot do it thru their portal, I opened the ticket. I never
| got any response but Google Auth disappeared from my account some
| 2 weeks later. So technically only sending email was sufficient.
| [deleted]
| garbagecoder wrote:
| You should put your savings in crypto. Lol.
| renewiltord wrote:
| I lost about $10k+ there. Lame. Now, to figure out how to mark
| this as a realized loss.
|
| Actually, it's in an obscure shitcoin so it's probably going to
| zero anyway haha.
| gadnuk wrote:
| This looks and smells like an inside job.
|
| Similar to: https://cointelegraph.com/news/signs-point-to-inside-
| job-in-...
|
| or: https://dailyhodl.com/2019/04/01/inside-job-19-million-
| bithu...
|
| The timing seems suspicious too. When most of crypto land was
| crashing. My theory is that this exchange simply didn't have
| enough liquidity when the price crashed and they simply siphoned
| off the hot wallet. Lots of people wanted to sell at once.
| Bitmart did not have these funds. A hack at the same time is just
| too convenient.
|
| Watching the Ether address get drained in real time yesterday was
| surreal to see, like out of a movie:
| https://etherscan.io/address/0x4bb7d80282f5e0616705d7f832acf...
|
| This whole space is full of scams and exchanges that know
| everything about you in terms of what limits you've set to
| buy/sell, the order book, liquidity, etc. And worse, they can bet
| against you. Alameda admitted yesterday that they ended up
| profiting quite a bit being short BTC Futures (long spot) because
| the spread collapsed (Source:
| https://twitter.com/AlamedaTrabucco/status/14672197504891412...)
|
| Only tight regulations can save investors because these "hacks"
| are way too common. And don't even get me started on Tether ( who
| conveniently printed another billion after the liquidations were
| done: https://twitter.com/whale_alert/status/1467155858228494353
| )
|
| Edit: rofl, they just printed another $1 billion, on a weekend!
|
| https://twitter.com/whale_alert/status/1467504581571751940
|
| It's funny how brazen they've become.
|
| Not to mention Bitfinex and Tether CTO implying the dip was done
| after they printed:
| https://twitter.com/paoloardoino/status/1467053381072138240
|
| Everything in this space seems so shady. But the regulators don't
| seems to give a damn and keep kicking the can for eternity. It's
| the wild wild west out there.
|
| Moral of the story: Not your keys, not your coins. Do not keep
| your coins on exchanges.
| kwertyoowiyop wrote:
| The cyber equivalent of arson at a money-losing business,
| except no third-party is needed.
| cheese_van wrote:
| >Only tight regulations can save investors because these
| "hacks" are way too common. and don't even get me started on
| Tether.
|
| Perhaps regulators have been tardy because they find it
| difficult to determine what of value was stolen. It may not be
| clear to them that crypto has value worth protecting by
| regulation.
|
| That's not to say there is no value in crypto, or that crypto
| transactions do not deserve being regulated to protect the
| public. It's simply that regulators may not understand, or
| believe, that there is value worth regulating. I confess to the
| same lack of understanding.
| jl6 wrote:
| The taxman is happy to collect their percentage on crypto
| capital gains so I'm not sure the value too hard to spot. It
| doesn't matter if crypto isn't _really_ valuable in some
| cosmic sense.
| unclebucknasty wrote:
| > _It may not be clear to them that crypto has value worth
| protecting by regulation._
|
| That ship has sailed.
|
| It's really not a question of what anyone thinks of intrinsic
| value when the two top coins _alone_ have a market cap of
| over $1T and easily do north of $60B in transactions over a
| 24-hour period.
|
| The number of people and amounts involved are the
| consideration.
| hidenotslide wrote:
| I don't think you understood what Sam was saying, being short
| BTC futures is NOT the same as having a net short exposure to
| bitcoin prices. And what does Tether have to do with BitMart,
| an exchange I had never even heard of before this "hack"?
| gadnuk wrote:
| They weren't net short by design since they have to stay
| delta neutral. They were long spot and short futures. However
| when the liquidations started happening, the futures to spot
| premium went outta whack.
|
| https://twitter.com/AlamedaTrabucco/status/14672197436901416.
| ..
|
| So instead of locking in some spread they target, they ended
| up benefitting with a much larger profit.
|
| And BitMart has no option to trade in USD. They trade
| exclusively in USDT. Tether might not have a hand in the
| hack, but they definitely have a hand in providing liquidity
| to exchanges which they print out of thin air with no actual
| 1-to-1 USD backing.
|
| The Tether part was to highlight how this space is rife with
| scams, both on the shadow banking side and on the exchange
| side of things.
| hidenotslide wrote:
| But how is being delta neutral a scam? If they weren't
| taking the other side of the long futures trade, someone
| else would at an even worse price. And if they weren't
| buying it back lower, someone else would at a worse price.
|
| The idea that Tether just prints out of thin air is a
| conspiracy theory, I've seen large traders confirm they can
| do create/redeems and there was some information released
| about their holdings of commercial paper, settlement with
| NYAG, etc. And they have frozen stolen funds in the past,
| in the case of the Poly network hack. USDT routinely trades
| at a premium to USD, the market does not seem worried.
|
| Of course Binance and Tether and a lot of other unregulated
| crypto companies are shady, but it's more interesting to
| focus on the particular shady company in the original post.
| gadnuk wrote:
| Tether has regularly been sued and settled, never won.
|
| CFTC:
| https://www.cftc.gov/PressRoom/PressReleases/8450-21
|
| NYAG: https://www.cnbc.com/2021/02/23/tether-bitfinex-
| reach-settle...
|
| DOJ: https://www.bloomberg.com/news/articles/2021-07-26/t
| ether-ex...
|
| They have been evading an audit for almost 7 years now.
| They are required to provide an attestation every 3
| months and yet they delayed the last one. Their current
| attestation raises more questions than answers:
| https://twitter.com/dee_bosa/status/1466826912781590529
|
| Their attestations have never been independently
| verified.
|
| Their commercial paper holdings are all murky and they
| have never provided an actual breakdown. Who knows if
| they are holding large quantities of commercial paper
| tied to Chinese real estate?
|
| I mean, for a legit org, they tend to get sued quite a
| lot (and never win).
|
| An audit for a stablecoin shouldn't really be hard to do.
|
| And no, it's not really a conspiracy theory when there is
| so much evidence against Tether and Bitfinex. The burden
| of proof is on them. They can have all the "conspiracy
| theories" go away with an audit. 7 years. Still waiting.
| Accusations against Theranos were labeled as conspiracy
| theories up until 2015. They were until they weren't.
|
| Regards Alameda and being delta neutral, I edited my
| comment. I never claimed it was a scam. It's just that
| firms can profit off crashes which may embolden others to
| take similar positions. The whole space is highly
| manipulated by big players, its as simple as that.
| legohead wrote:
| Why does the "from"[1] say "Bitmart Hacker 2"?
|
| [1]
| https://etherscan.io/address/0x4bb7d80282f5e0616705d7f832acf...
| gadnuk wrote:
| Etherscan puts that kind of label on the address, not the
| attacker themselves. It's standard protocol in such hacks.
| Animats wrote:
| From the site: 'all withdrawals are suspended until "further
| notice."'
|
| That sounds like an inside job.
|
| They claim to be operating from the Cayman Islands and are not
| offering services to US persons, since they are not registered
| with the US SEC. However, it's actually run by someone from New
| Jersey.
| PragmaticPulp wrote:
| > And don't even get me started on Tether ( who conveniently
| printed another billion after the liquidations were done:
| https://twitter.com/whale_alert/status/1467155858228494353 )
|
| Tether is one of the most maddening scams out there.
|
| Who really believes that Tether had a cool _billion_ dollars
| conveniently transferred into their banks so they could mint a
| huge chunk of synthetic dollars to inject into the
| cryptocurrency world? That 's a suspiciously round number for
| such a large transaction.
|
| Yet people who are heavily invested in crypto will find any
| excuse to ignore the absurdity of this whole operation, mostly
| because admitting the Tether problem would be admitting that
| the value of cryptocurrency everywhere is artificially
| inflated.
| SavantIdiot wrote:
| Last I heard tether only had about 2% of total tethers backed
| by dollars. Yikes.
| JumpCrisscross wrote:
| BitMart raised a Series B less than a week ago [1]. What are the
| odds this was an inside job?
|
| [1] https://www.marketwatch.com/press-release/bitmart-
| announces-...
| [deleted]
| Uptrenda wrote:
| Just another day for Bitcoin exchanges. The sad thing is the
| technology exists for fully decentralized exchanges (and has for
| a while.) There are actually multiple 'smart contracts' that
| allow money to move directly between peers without the need for
| centralized deposits. E.g:
|
| - micropayment channels -- send money a piece at a time
|
| - cross chain contracts -- bind simultaneous release of funds to
| a shared secret
|
| - lightning channels -- cross-blockchain stateful commitments
|
| - reputation -- not great but can still work
|
| The order book is another part that can be decentralized. It's a
| little harder to do this due to the need for high speed
| communication but I believe its possible. Newer blockchains like
| Solana have different consensus algorithms that allow for a
| 'global clock' to be created with minimal bottlenecks. It
| wouldn't be as fast as everything sitting on a server but its
| performance would be adequate for traders, IMO.
|
| Bonus section: dark pools could be created with SGX or MPC
| protocols. There are some popular decentralized exchanges at the
| moment. But IMO they will need more features that traders are
| familiar with to be competitive (there's more than just currency
| pairs and limit orders tbh.)
|
| Also: big shout out to https://www.projectserum.com/
| igorkraw wrote:
| Would there be much benefit? Hacks happen because of two
| reasons:
|
| 1. Bugs 2. Social engineering
|
| In a decentralised exchange you increase your vulnerability to
| 1 trying to get rid of 2 on the exchange side, and I'm unsure
| you can offer the features that the bulk of traders want on a
| decentralised exchange. Actually, I'm sure (enough to bet 50 $
| on it if there is a way to properly specify it) that _the_ most
| important thing cannot be offered by decentralised exchanges:
| cashing out to pay your taxes in fiat.
| Acrobatic_Road wrote:
| On a decentralized exchange, users custody their own funds.
| So if a user gets hacked, it's not on the exchange. The only
| exception is liquidity providers, who give money to a
| contract.
| igorkraw wrote:
| Yeah, but what if the contract implementing the
| decentralised exchange has a bug?
| Acrobatic_Road wrote:
| Well, then any LP funds in the contract are in jeopardy,
| as are any transfers to the contract. That's a lot less
| painful than all users of the exchange getting robbed.
|
| So the theoretical "bug bounty" is way lower on a
| decentralized exchange. Decentralized exchanges have a
| smaller attack surface than centralized exchanges, and be
| publicly & professionally audited. That's why they don't
| usually get hacked.
| JumpCrisscross wrote:
| > _the technology exists for fully decentralized exchanges_
|
| Don't these DeFi projects have an even worse track record than
| the centralised exchanges?
| reginold wrote:
| I've been curious about decentralized exchanges. When you say
| they have a bad track record, can you share some examples?
| Uniswap is the one I know of, as far as I know it has a fine
| track record.
| pcthrowaway wrote:
| Check out rekt.news if you want a long list of defi hacks,
| including _many_ decentralized exchanges.
|
| Of course, the code running a DEX is fully auditable by
| anyone, unlike the code powering a centralized exchange.
| sschueller wrote:
| Uniswap works. Just the fees are too high.
| pests wrote:
| Uniswap governance just voted ~two weeks ago to deploy
| UniswapV3 to Polygon . I've never paid more than a penny
| for any Polygon fees so hopefully this along with wrapped
| version of coins will reduce my need for Ethereum. Other
| DeFi exchanges such as SushiSwap have already gone multi-
| chain to multiple chains as well. Mark Cuban recent talked
| about the BCT (Base Carbon Tonne) token which unless you
| mint yourself (via staking a real carbon credit in the real
| world) you must get via SushiSwap on Polygon at this time -
| I think he just invested another 50k into it
|
| I will say one thing about Mark Cuban - he's deep into the
| DeFi/dApp world and seems to actually know his stuff on a
| deep level.
| alienalp wrote:
| NO. Uniswap does not work. There are too much details but.
| In short it just works when there isn't volatility and
| there aren't many people trading so their trades doesn't
| invalidate each others trades because of high slippage
| which has to be set low because otherwise arbitrage bots
| exploits slippage tolerance.
| enricotal wrote:
| https://app.osmosis.zone is a fully decentralized exchange with
| zero fees where you can trade any token including stable coins
| like (UST e EEUR)
| gjulianm wrote:
| I guess most people use exchanges for the possibility to
| interface with non-crypto currencies, right? I don't think you
| can set up a dollars-Bitcoin exchange without centralized
| exchanges.
| Uptrenda wrote:
| Well, everyone has their own bank account. There's a lot of
| potential there to just transact directly. You would have to
| design the deposit layer to be someone efficient though so
| traders can still use credit. But I think its possible.
|
| To give you an example there is this application called
| https://bisq.network/ that uses double-sided collateral in
| contracts to trade fiat currencies. There might be the
| potential to link this up with SSL, too. I've seen this
| application that can provide proofs that a page was in your
| browser https://tlsnotary.org/. Use that to prove a bank
| transfer happened on an SSL page and you've got yourself a
| dex that can work trustless with oracles.
| yyyk wrote:
| >Well, everyone has their own bank account. There's a lot
| of potential there to just transact directly
|
| The technical problems with that are much less important
| than the legal problems.
|
| It's likely that the IRS will maul users (unless they
| report every transaction as a tax event!), and the bank may
| refuse transactions. Users may even _ask_ the bank to
| refuse transactions, and then your collateral isn 't really
| a collateral.
| lottin wrote:
| > can work trustless with oracles
|
| Isn't that a contradiction in terms?
| throwaway248329 wrote:
| The amount of trust will be limited to trusting that the
| bank is showing your balance correctly and that nobody
| stole their SSL keys.
| paulgb wrote:
| Or, more likely than stealing their SSL keys, found a
| "vulnerability" that caused whatever string the smart
| contract is looking for to appear in a signed request
| from the server. I put vulnerability in quotes because
| it's not clear to me that that is not something banks
| would consider part of their threat model.
|
| It's kind of like how SMS messages worked fine until "if
| I can read an SMS sent to your number I can withdraw from
| your account" became part of the threat model.
| gjulianm wrote:
| Sounds technically interesting. However, it seems that they
| can't accept credit cards and transactions take some time,
| so I guess that most users will end up flocking to
| centralized exchanges for a better experience.
| boopboopbadoop wrote:
| Hahahahaha
| bob332 wrote:
| Crypto is for mugs
___________________________________________________________________
(page generated 2021-12-05 23:01 UTC)