102 comments

[ 3.0 ms ] story [ 188 ms ] thread
Cryptocurrency won't work as a general use currency as long as this is possible and irreversible. So basically, it won't work.
I'm not convinced that is true. Tools can be written to validate amounts carefully.

Wire-fraud is also relatively common and often not reversible but people and businesses still wire money frequently.

Also happens with HFT: https://www.bbc.com/news/magazine-19214294

It is reversible. If you make a mistake like this oftentimes you can rely on law enforcement/bank to force the money to be given back. Not sure if this is possible with crypto.
If anyone read, it was reversed at 50% the cost.
It wasn't reversed. The beneficiary just agreed to give half of it back.
Same as with bank accounts and transfers.
Pretty sure I'm not just at the beneficiary's whim when it comes to bank transfers.
As soon as it is out of country, it is up to them - there is no one who could force them.
Often it's not reversible in practice, if the destination bank/jurisdiction is not cooperative.

This is why you hear people losing their life savings to scammers in Nigeria, instead of just successfully suing them to get it back.

Yeah but usually that's not the case. Usually you can get it back.

I would say more often than not it's reversible.

> Can a Transfer Be Reversed After Being Accepted? Once a wire transfer has been accepted by the recipient's bank, there are only a few circumstances that allow for the reversal of the wire transfer under the Uniform Commercial Code.

> The only available options for reversing a completed transfer are if the sending bank made a mistake, if the payment order was a duplicate of a previous order, or if the order is for an amount greater than the beneficiary was entitled to receive under the transfer. In those cases, the beneficiary's bank will recover the funds improperly paid to the beneficiary.

https://budgeting.thenest.com/time-frame-reversing-wire-tran...

Can is a large word, you need to standardize it, which is what’s needed and it’s a long way to go.
Bank wires let you send money to the wrong place and are largely irreversible. The solution is for your bank to double check your transaction and refuse to send a wire with a typo'd destination.

Likewise, the solution for crypto is for your wallet software to check your transaction and refuse to send it if it has an exorbitant transaction fee.

I trust my bank and the legal framework more than wallet software and a loose band of SWEs running a blockchain or DLT.

If funds are wired to the wrong person in your jurisdiction, you can sue to recover it if the sending and receiving institutions can't claw it back. With crypto, you're SOL. Technology doesn't fix trust and legal issues, and a judge is going to laugh an immutable ledger out of a courtroom (or hold you in contempt).

https://www.youtube.com/watch?v=15RTC22Z2xI [HBR: Blockchains Are a Bad Idea (James Mickens)]

Why couldn't you sue to recover the crypto?
Lack of KYC (Know Your Customer [1]) and AML (Anti Money Laundering processes [2]) makes it more difficult to know who to pursue legally. Your US bank account or brokerage account is tied to your social security number and other PII. Who and where to process serve is much more accessible.

[1] https://en.wikipedia.org/wiki/Know_your_customer

[2] https://en.wikipedia.org/wiki/Anti-money_laundering_software

Why would you send currency to an address if you haven’t verified its identity. The tools are young, if there aren’t enough controls for you yet then don’t use them. I don’t, but I respect the power of the technology and it’s future potential.
Because there is no meaningful proof of identity for a bitcoin address? If someone on twitter says “here’s my bitcoin address for donations” they may have been hacked, or they could claim that they were hacked, and you can’t find who controls the recipient account. By design.
What if they are wired to the wrong person outside your jurisdiction?
Don’t do that. If you don’t trust yourself not to make a mistake, use a third party with better controls. If none exist yet, wait.

The fact that those controls haven’t been built yet doesn’t mean the whole idea is flawed.

An international wire transfer requires even more checks than a domestic one, and you can always sue in the recipients jurisdiction.
This is a ridiculous take. There’s plenty of problems with crypto but this isn’t one of them. The payment protocol has no reason to be irreversible, why would you ever want that. Reverse transactions should be handled by institutions, and institutions should use the protocol. If they make a mistake while using the protocol, they work together with the other institutions to fix it, exactly as happens with bank transfers.

Yes it’s stupid to use a crypto currency network to send personal raw transactions, but the tech is still young and a lot of people do it. Eventually that won’t happen.

Yes you can burn currency by sending it to an invalid address. You can also burn cash. Build controls so that people won’t do it.

The closest example is modern databases. If you let users run sql directly they could drop their own database. That’s an irreversible transaction. The solution is to abstract that power away so that it’s extremely hard to do extremely dangerous things.

If institutions are going to run the network, and the transactions will be reversible, and you're not going to run your own wallet, why crypto? It's a solution for a problem that doesn't exist. The database works just fine.
Anyone can join the network and start a new institution. Good luck starting a bank
You're not an institution unless you have a banking or money transmittal license, crypto or not. The nation state still makes the laws, a DLT node doesn't change the law.

I entirely agree it's hard to start a bank, but your problem won't be solved through technology, only through policy and regulation updates.

https://www.npr.org/sections/money/2017/02/10/514577243/epis... (Planet Money: Blockchain Gang)

https://cointelegraph.com/news/charges-reduced-charlie-shrem... (Charges Reduced: Charlie Shrem Agrees to Plea Deal)

> Before getting locked up, Shrem had run the company BitInstant. BitInstant made buying Bitcoin as easy as purchasing a money order. By the time he was 22, Shrem had hired dozens of employees, found a brand new office in Manhattan, and was processing a million dollars a day.

> Shrem though ended up helping some of the wrong people trade dollars for Bitcoin: buyers and sellers of illegal drugs on the website Silk Road. As he was getting off a plane from Europe to New York, Shrem was arrested. He was convicted of aiding and abetting an unlicensed money transmitter, and sentenced to two years in federal prison.

Absolutely agree, but what’s exciting about blockchain is that it makes the network accessible across country boundaries by default. Definitely countries can opt out by banning it, but the hope is that this interconnection becomes so valuable that banning it has too many negative consequences, just like with the internet.
You still have to obey the laws of the company you operate in. So if you want to act like a bank, you have to obey banking laws - including all the capital and auditing.
Yes but different countries have different laws. The hope is the technology forces the laws to change eventually.
What happens is that you need to obey both sets of laws. This is both good and bad.

e.g. one country requires you don't allow transactions with terrorists. So neither end can be a terrorist org.

additional e.g. one country says LGBT orgs are illegal so neither end can be an lgbt org.

etc.

This wouldn't happen with a bank wire, because you don't set the fee. You choose where to send, and how much to send. And that's it.

Yes, you can send to the wrong place, but for example, in Brazil, to transfer to another person, you have to specify:

- Name

- bank

- bank branch

- bank account

- CPF (government national ID)

if anything doesn't match, the transaction doesn't go through.

Is a bit harder to wire a large amount As bank make it a bit different than sending etransfers, in crypto, there is no limit, all transfer for any amount goes through the same interface.
With a wire transfer you have to provide a swift or such routing number a bank name, an account holder name, and an account#. All of which have to match.

Then there is a processing period during which it can still be cancelled.

Finally the dispute resolution process (the law) can force the transaction to be reversed - taking money back from the recipient account.

None of that exists in bitcoin. Especially given you can’t necessarily identify the miner or recipient to contact to reverse the transaction, even if they wanted to.

We’ll just ignore crypto transactions taking $$$s per transaction, taking minutes to hours to complete, and consume more power than some countries.

This doesn't seem drastically different from your bank working with you to get back money you wired to the wrong account.
It wasn't a wire to the wrong account. In ETH, you set the fee yo are going to pay the miner for the transaction.

Imagine this: you want to transfer $1000 to your your friend. You put your friend's correct account, $1000 as transaction fee, and $10 as transfer.

Your friend receives $10, the miner receives $1000.

Never going to happen with a bank, as you don't offer a transaction fee to someone.

Well, you do offer a transaction fee to the bank (if you're in the U.S. where these transfers aren't free of charge), but presumably the bank has a fixed fee schedule for that and you don't specify a fee of your choice.

A closer analogy might be a service where you can offer a tip by typing or writing a tip amount. In restaurants, if paying by credit card, you have to manually add the tip amount to the total in order to guard against mistakes in your intention (both through fraud and through your own error). Some online services like food delivery may let you specify an arbitrary tip just by typing it in, and I'm sure people make mistakes in the amount all the time (e.g. $44 instead of $4, or $80 instead of $8.00), though the web sites probably also have a limit on the tip value, so you'll usually only see mistakes of one order of magnitude rather than six.

They are not free of charge, but it's not up to YOU to type in the value, right?

At least in Canada and Brazil, the fee is set up/calculated by the bank, depending on the type of transaction and value. So you choose the transfer type, input value, and they tell you the fee. And it's NOT going to be $2 million (at least for $100 transfers)

Yes, that's exactly right.
The future of Crypto's are in free transactions, like IOTA and brothers.
I have never seen anyone able to explain why IOTA isn't nonsense and a scam. They seem to claim that trinary encryption and trinary processors are going to be revolutionary for some reason. They have been claimed decentralization is coming since it was created, but there has never been an explanation for how that will even work.
IOTA is vaporware and gives all blockchain projects a bad reputation by association. You are right on your points and forget that they rolled their own elliptic curve so you cant use a wallet twice.
Complete BS, of course you can use your wallet twice, but not the receiving seed, that's why you have to generate for each transaction a new seed.

EDIT: In other words every seed could just be used for one transaction...but that has nothing todo with your wallet-seed

EDIT2: And its not a elliptic-curve but a direct acyclic graph

https://en.wikipedia.org/wiki/Directed_acyclic_graph

elliptic curve is a type signing algorithm (like blake2b or sha). if you dont understand what an EC is i dont think you also understand why rolling your own would be a bad idea. the wallet/account seed (your post is semantics in my opinion, whichever seed it is you can only use once, which is a flaw) is directly related again to this issue.
Its not a elliptic curve but was a type of winternitz (Curl-P) before, then blackhat came:

https://i.blackhat.com/us-18/Wed-August-8/us-18-Narula-Heilm...

And then they changed it....and no you create a iota seed just like that:

cat /dev/urandom |tr -dc A-Z9|head -c${1:-81}

And talking about scam....ethereum-classic? Bitcoin-cash?

Your talking about a flaw when you just can use a receiving seed once? Please just read the DAG article, and understand what winternitz-ots means hint (one time signing)

EDIT: Here the winternitz paper: https://eprint.iacr.org/2011/191.pdf

Elliptic curves are a type of cryptography and directed acyclic graphs are a type of graph. They have nothing to do with each other at all.

Also all crytpo currencies are essentially DAGs that are synchronized by the ordering of the transactions by whoever mines the block. IOTA pretends that there is something different when the real difference is that they can't decentralize how to synchronize transactions.

Just half true, read for your self:

https://www.gibraltarlaw.com/directed-acyclic-graph-vs-block...

>can't decentralize how to synchronize transactions

No one ever said that, of course they have so synchronize to the network...what else? Entanglement?

>Elliptic curves are a type of cryptography

Yes and it was NOT a Elliptic curve but a type of winternitz-ots.

The point was that you didn't know the difference between where elliptic curve cryptography would be used and a directed acyclic graph. Also a ledger is by its nature a directed (one direction) acyclic (no cycles) graph of dependencies, it just depends how you visualize it. Just like instructions on a computer are in a sequence, they can be separated into graphs of dependencies which may be woven together.

Other crypto currencies are able to synchronize in a decentralized way with different miners mining each block. As far as I know IOTA's structure makes this impossible, even though when they created it everyone else had already done it.

If you hand someone a million in cash. Then find out they gave you bad goods or an empty container, how do you get $$ back if they're long gone?

want safety here? you'd probably use escrow or something.

Not a bitcoin fan, more because of its fluctuating values, but this specific reasoning doesn't set itself apart from cash.

Sounds like vanilla money laundering.
That was my first thought.

“Where did this money come from? I made it trading cryptocurrency and paid taxes on it.”

Is this something that happens a lot? If you're a miner and this happens to you once every few years, that might be plausible, but if it's happening multiple times a year the IRS/FBI might get suspicious.
I am not expert in blockchain but how can you wash money with transaction fees, you can't know where the fee are going, right ?
You can if the miner is doing the laundering
How would you know which miner would get the fee?
By only giving the transaction to one specific miner.
(comment deleted)
I don't know the specifics of etherum, I actually do think they are somewhat robust against the more trivial attacks.

However, in some blockchains it is absolutely feasible to become a majority miner for a short period of time by simply renting cloud resources.

If the network is further temporarily reduced due to internet connectivity flapping/segmentation, it might be cheap.

1) Situate yourself in a country with poor connectivity. 2) Trip a breaker to zap most of the connectivity 3) Spin up a gazillion cloud instances 4) Compete more-or-less only with national miners.

The fee goes to the miner of the block with the transaction in it, the "next block" in a simplified sense.

If you've already mined the next block yourself, you can publish the transaction directly in the block itself instead of loose out to the network like a pleb. Then you'll be effectively guaranteed to get the transaction fee yourself.

Can we see if this particular transaction was broadcast to the network?
How is that even possible? You can't know who will mine the next block.
why not? Miners are looking for transactions to verify. If you have the money, and if you craft your transaction so that miners put you first in the queue, you will be quarantined to be in the verified chain.
If you've already mined the next block, then you know what the next block will be.
In theory could this be done by DoSing people while mining?
It seems possible, although challenging; I'm curious for your take on this:

0. You run a large network with substantial hash power.

1. You submit a transaction that is broadcast only to your own mempool and don't relay it outside of your network.

2. You attempt to include this output in some/most/all attempts.

3. You finally solve a block with this transaction and distribute it to the rest of the network.

If this were happening, one way to surveil for it would be to keep track of every submitted transaction that a few nodes ever see. Is there a mining pool that is consistently mining huge fee transactions that were never present in your mempool?

Could someone explain how this would work? I know the fees go to the miners...is there some way to determine in advance _which_ miner(s) receive the fee? I think this would need to be possible in order for this to be practical since I can't imagine a good outcome here for the person initiating this transaction to be that they just pay those fees to some random recipient(s), right?
>is there some way to determine in advance _which_ miner(s) receive the fee?

yeah, don't broadcast the transaction publicly. Only give it to the miner you're colluding with.

If you publish your transaction publicly then any miner can get the fees from that transaction. If you send your transaction only to your preferred miner, then only your preferred miner can get the fees from that transaction.

None of the standard software used for mining enables adding additional possible transactions manually AFAIK. It theoretically could be done though.

The only thing you need is to be capable of actually mining a block, which costs about 13k USD I've heard.

Mining pools are run by teams of people whose full time jobs are to take care of their pool. I don't think any significant BTC or ETH pool runs standard software without any modifications.

I wanted to get a custom coinbase message included in a block, and paid $500 to a pool for the privilege.

Yes. You only broadcast the tx to the miner; who keeps it to themselves.
im not sure why this is being downvoted. this is clearly the case here.

the user and the miner are colluding (or the same party). the user does not broadcast their tx publicly, only sending it to the colluding miner. since fees have no utxo history, this essentially launders the eth

One critical problem: The blockchain irrevocably records the recipient of the transaction fee.
There are better ways to launder money than to post egregious transactions on a public ledger for all the world to see.
This seems like an easy thing to test for? "Like, are you sure you wanted to pay 19,403x in fees over what you're transferring? Please submit again if yes." Unreal.
(comment deleted)
Where would this test happen? There's no official interface. Sure, it can be (and probably is) implemented in different wallets but if you're interacting with the blockchain directly no-one can prevent you from doing stupid things like this.
A smart contract wallet like argent could easily prevent this.
Who is the fee paid to in this case?
In Bitcoin it would be paid to the miner of the individual block where the transaction appears; I assume the same is true for Ethereum. (The miner, as part of the mining process, specifies an address where the network mining reward as well as the fees in the block are deemed to be sent.)

Edit: yes, Ethereum uses the same concept here and there is a field in the block header for the miner's address, which is how the miner gets paid for mining.

Edit 2: In this case a parsed version of the Ethereum block in question, linked to from the article, is at https://etherscan.io/block/10237208 and shows that the miner was "Spark Pool" (a mining consortium based in China, https://www.sparkpool.com/en/).

Mining pools aren't required to identify themselves, but identifying themselves may create goodwill, for example by slightly assuaging fears that one entity secretly controls mining on an entire chain, and might help pools to market themselves to prospective members or investors.

> Coindesk reported at the time that the South Korean blockchain firm behind the error admitted to the mistake, contacted the mining pool that had benefitted, and worked out a deal where the firm got half of the accidentally sent ETH returned. Notably, that partial happy ending 100 percent relied on the goodwill of the mining pool, as ETH transactions are non-reversible by design.

If cryptocurrency use increases it will eventually approach how real currency is used with defacto Know Your Customer and reversibility.

From the article:

> In February of 2019, someone accidentally paid 2,100 ETH in fees to move .1 ETH. Coindesk reported at the time that the South Korean blockchain firm behind the error admitted to the mistake, contacted the mining pool that had benefitted, and worked out a deal where the firm got half of the accidentally sent ETH returned.

Who wouldn't want to live in a cryptocurrency powered world economy, right? No mistakes allowed, no insurances, so many nice guys like these. What could go wrong?

Like cash, these properties are also desired in many cases.
I disagree. You can build conflict resolution on top of the database.

Can we say the same about voting or other data? That we don’t want consistency in the database? The flipside is anyone can change your vote or your balance as long as they get access to the keys.

You want decentralized you get these “issues”. Even if the protocol had features to reverse some situations, there are way too many that is complex and need human intervention to resolve for many cases, which becomes some what centralized again. They need to solve these things where your life savings can be lost by accident, guarantees etc. Banks do that either you believe it or not.
"The market will regulate itself, by rewarding the honest players and punishing the dishonest ones"
No drug lord ever lost a case of fiat?

What about pirate treasure?

Bank fraud?

Nothing is fully secure. Better option is some time limit for accidents or buyers remorse built into ther protocol...

It's strange that with major currencies having these high fees, people haven't moved to Nano since their entire premise is around being feeless.
the lack of awareness around nano is puzzling to me. I assume its because nano became known around the end of 2017 along with many scam coins, and thus became associated with them.

but today if you described implementing a gossip protocol with nanos features (permissionless decentralization, 0 fees, <1s tx), many people would say it is impossible, but here we are with a 4 year mainnet with no serious issues

Why do you manually enter your own transaction fee at all? Is it not just a percentage of the transaction amount? What happens if you enter too small a fee?
I'm not entirely sure if you've used Bitcoin before, but the transaction fee is basically a way to pay a miner to put your transaction into the block they're mining. A higher fee gives miners a higher incentive to add your transaction. But it's generally just a flat value, not tied to the amount being transferred in the transaction - don't think of it as a tip, think of it as paying the miners to take your transaction. Depending on the digital currency you're using, adding too small of a fee may mean your transaction is never added to a block and thus never actually happens.

For Bitcoin in particular I haven't been paying too much attention recently but I do know transaction fees have been getting much higher the past few years, like 5 to 10 dollars or so (Which means you have to pay 5 to 10 dollars to transfer any amount of Bitcoin from one address to another).

I have not used it before. I just assumed that - whether a percentage or a flat fee - the amount would be... deterministic at least? That the entity being paid the fee would at least state their price somehow, instead of the user having to just, like, guess what their tribute should be and hope it's accepted. What you describe sounds incredibly bizarre to me.
Well keep in mind, your transaction basically just floats out in the void until a miner adds it to their block, so you have no idea who's actually going to add it (if anybody does) because due to how Bitcoin works you have no idea who's going to mine the next block(s). It's also basically another market to a degree - It's not really about how much a miner wants as much as how many transactions there are with a particular fee. The blockchain only supports so many transactions per block, so if you send a transaction with no fee and there's enough transactions with fees to fill every block (like with Bitcoin), your transaction will likely never get picked up because there's no reason for a miner to take it.

That said, I agree I'm not a huge fan of a system, but it makes some sense from the standpoint of how Bitcoin works - miners are paid for their work via new bitcoins created as part of their block. But, Bitcoin itself is designed to be deflationary and eventually the number of new bitcoins per block will go to zero, leaving the fees as the only way miners get paid. And the fees thus aren't deterministic as a way of allowing the amount miners are paid to vary over time.

Still, I don't think it's quite as bad as you're thinking - it's not really hard to figure out what an acceptable fee value is with a quick google, and it doesn't really change that much day to day.

The article states:

"Ethereum users can dictate the terms of their transactions, setting both the amount of ETH they want to send and the amount of fees they are willing to pay. The higher the fee, the thinking goes, the more likely their transaction will be included on the next block — i.e. it will go through more quickly."

Would the following theoretically work?

1. Monitor all transactions in the public pool for their fees.

2. As soon as their is a public transaction in the pool that has over 1M$ in fees, spin up as many cloud resources as possible and mine for the block.

3. As soon as the block is mined, stop mining and go back to step 1.

Yes, but you have to worry about several things, at least:

* what's your latency for noticing and spinning up those resources (especially in chains where the average time between blocks is very short)?

* can you cost-effectively confidently outcompete ASIC miners with rented GPUs, even given a reward that's much larger than normal? (probably, given this very extreme anomaly, but you have to do the calculation)

* can you actually rent enough GPUs in practice to outcompete the ASIC miners?

* will it be worth it to ASIC miners who know or speculate that you're doing this to speculatively mine for a while on a shorter chain in which they receive the reward instead of you, in the hope that they can make it longer than yours?

Edit: Finally, do some of the ASIC miners have offline capacity (e.g. old equipment, or equipment located in places where electricity got more expensive) that is physically present in a datacenter but just powered off that they can also spin up quickly in response to these conditions?

Given that this was apparently a "switched two fields" error, does anyone want to comment on them apparently intending to spend $134 in transaction fees to move the money?
> Ethereum users can dictate the terms of their transactions, setting both the amount of ETH they want to send and the amount of fees they are willing to pay. The higher the fee, the thinking goes, the more likely their transaction will be included on the next block — i.e. it will go through more quickly. It's possible, therefore, that someone attempted to send $2.6 million worth of ETH with $134 in fees and simply reversed the two fields.

Having to set up the fee for the transaction to hope the transaction would happen faster? Yeah, I don't see crypto replacing banks.

edit: forgot the quote

Sounds like a developer error with Truffle and gas denominations Wei gwei etc