Debatable. GP basically ignores all the interesting parts of the article being posted in order to simply say the usual spiel about how much HN hates crypto. The relevance to the original article is close to nil.
I'm calling them out for that -- perhaps in a way that's too terse, but at least I'm not completely derailing the conversation like they're doing. But thank you for prompting a longer response from me.
How much purchasing power does that afford? If he wanted to buy an island, pay for it to have infrastructure added, and then also hire security and business payroll, could he actually exchange the Eth to the applicable currencies? I know the numbers line up, but is that amount of liquidity in the system?
Breaking news: "off-ramps" to centralized currencies is centralized.
It's not difficult if the source of your cryptocurrencies is legitimate, while difficult if you have a hard time explaining how it's legitimate. I think the system works as intended.
I'm confused then, are you in support of cryptocurrency? Because what you're describing (the "system") sounds an awful lot like reinventing banks from first principles but much less efficiently. If that is how it's intended to function then why are we bothering with this at all?
And aside from KYC issues, another recently posted article pointed out that when a single individual tried to unload around a 1500 BTC (%0.03 of the coins in circulation at the time) it caused a liquidity crisis that crashed the market by 20%.[1]
In this case the individual in the Twitter thread has an amount of ETH of that magnitude.
Basically because crypto is performing the job of a speculative asset it results in the liquidity issues that you would see in things like company stock.
[1]: https://blog.dshr.org/2022/02/ee380-talk.html?m=1 (see footnote 11. The gist is that this sale put enough pressure on the order books that a lot of leverage positions cascaded into selling as well causing the flash crash)
> I'm confused then, are you in support of cryptocurrency?
I'm neither. I treat it as a protocol like HTTP, use it where it makes sense, don't use it where it doesn't make sense.
When I say the "system", I'm referring to the system of centralized currencies. Banks have always wanted to know where large sums come from, and where they are going to, as the government will ask them questions about it and they like to be prepared.
> And aside from KYC issues, another recently posted article pointed out that when a single individual tried to unload around a 1500 BTC (%0.03 of the coins in circulation at the time) it caused a liquidity crisis that crashed the market by 20%.[1]
Not sure what KYC issues you're referring to. They are only a issue if you're having a hard time explaining where the money comes from. If you have a legitimate source for your funds, it's a couple of emails with some attachments to pass the KYC/AML checks that the major exchanges perform. Same thing will happen with you bank, and they normally will accept the same amount of evidence you send to the exchange.
And yes, if you try to offload 1500 BTC on the open market the market will correctly adjust. That's why I wrote about the OTC offers in my initial message, that's normally how you want to offload/purchase a large amount, as it's not gonna change the pricing on the open market, as you manually match buyer/seller.
the world is not anymore the way it used to be, mm mm NO NO No! Bitconeeeeeeeeeeeeeeeect wooo bitconnect! We are coming and we are coming in waves. We are starting and to actually go all over the world. We all built the entire world.
I paid off all my student loan debt and bought a house last summer because I got scammed into buying ETH about 2 years ago. Thanks for your insight though.
That just means that you were part of the scam. Hell; somebody approvingly reading this comment might be the bagholder of the future, shooting himself after all of his savings have evaporated into some ETH tycoon's pocket who dumped before the market locked up.
Now that the bag holders include major investment houses... Well, if it's possible for a scam to have a successful "exit," that's what happened. They used their funny money to tap in to the real funny money. If all cryptocurrencies went to 0 tomorrow I wouldn't be surprised at all if some part of the "real" financial infrastructure got caught and there had to be bailouts, which we've learned is what happens when the wrong people lose a bet.
There's too much money in the system now for it to all be from mom-and-pop marks. That's just not a viable explanation at these market capitalizations. That's not to say that average people aren't going to find out that they're long crypto - but it'd be in the way they found out they were long real estate.
As a thought experiment, replace crypto in this situation for beanie babies. You managed to buy a bunch of beanie babies before a beanie baby craze started, and sold them at exorbitant prices to other people coming in that were convinced that beanie baby prices would only keep skyrocketing. You took their money, and now I guess as long as they're the bag holders still holding beanie babies when it all falls apart and they become worthless, and not you, it's all good. As long as you managed to make a profit and get out in time it wasn't a scam.
1 is questionably valuable and arguably harmful, 2 is increasingly untrue, 3 and 6 aren't inherent benefits of Ethereum, 4 and 5 aren't true, and 7 is speculative and begs the question.
It’s about 1.1TB for full sync geth nodes, and growing. Ethereum researchers are looking into statelessness and state expiry which aim to make it even easier to run nodes with little need for space.
People will continue to run nodes regardless of the price of ETH, just like Bitcoin.
ENS is a smart contract protocol, so I don’t see how it’s related.
> 1 is questionably valuable and arguably harmful
If it’s mutable, it’s centralized, so you’re wrong.
>2 is increasingly untrue
That’s also incorrect, Ethereum has become more decentralized every year
> 3 and 6 aren't inherent benefits of Ethereum and 5 aren't true
Yes they are. Ethereum is deflationary and will became three times more inflationary later this year.
1. Maybe. It's not so great if you publish something confidential.
2. No one is responsible for anything, you'll never get any support, and one day the decentralized consensus might be to abandon the whole system.
3. It takes 16 seconds for a transaction to post and the average transaction fee [a] is over $2. Cross-country money transfers (assuming you mean international) benefit money launderers and criminals a lot more than me.
4. I never understand this sentiment. Thousands of tokens have been invented to create hundreds of billions of dollars. If the federal reserve told everyone they could print their own fiat and have it accepted at the bank, what do you think would happen? Inflation, right? Think of it another way. If the liquidity for the market is fixed in the sense of the amount of fiat people are willing to bring in, then every token mined or minted is diluting the value of anything you're holding.
5. This is at the risk of losing your keys and your life savings. No thanks. Also, banks act as a backstop for a lot of things people don't even think about. They won't let you wire your life savings to Nigeria without trying to make sure you won't get scammed. The indemnify you from the risk of fraud if you're using a credit card. Money you give them is backed by FDIC (or similar) insurance, so if the bank fails your money is still there.
6. Like?
7. Yeah. I'm sure the super elite that control almost all of the money and assets on the planet are going to sit by and watch as the crypto community anoints themselves as the new rulers of the wealth.
And what happens in this utopia where everything can be anonymous and governments have lost control of the money supply? Does everyone stop paying taxes? Who funds the schools, hospitals, and all other infrastructure? Do you think the rich are going to suddenly become charitable and start funding everything? They already contribute as little as possible, so it's difficult to imagine a world where they'd contribute $1 if they aren't forced to do it?
> The fact that people still don’t get that in 2022 is astonishing.
We don't get it because it doesn't make sense. It might make perfect sense for those of you that mined millions of (on paper) dollars of crypto currency, but it's not a good deal for anyone else. It's objectively worse in terms of stability and predictability and the best outcome for us is to get a different set of wealthy elite that control everything.
Your arguments are mostly usability. However, there are already many services that gives you additional utility such as insurance, backups etc.
Crypto already has replaced money in several countries, especially third world countries where it has replaced money for 30% of the population that have protected their funds against inflation thanks to the inherent scarcity of respective cryptos.
Could you please stop posting unsubstantive and/or flamebait comments to HN? It's not what this site is for, and it destroys what it is for.
In case it helps: the first two comments you posted with this account (a couple weeks ago) were much more substantive and much more along the lines of what we're looking for.
Please don't post this sort of generic flamebait to HN. It leads to repetitive, predictable, and ultimately nasty threads. And of all the classic flamewar topics this one is probably the most predictable—just what this site is not supposed to be for (https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...).
These scammers went to impressive lengths. They say that often the secret of a magic trick is to put in far more prep work than anyone thinks is reasonable. Con games work the same way. In this case, the effort is worth since the target has something like $175 million in a wallet. The payoff is massive.
Worth noting, though, that for all the fancy footwork the point of failure for the scam is him being willing to work with his main wallet rather than a one-off, and when he showed hesitation, they got too impatient. Good security practices were still the answer.
> when he showed hesitation, they got too impatient.
This seems to be the common factor among scams, cons, and social engineering strategies. Rushing people will have them bypass protocol, training, and security practices. It's a universal "hack" for our brains; we do things we otherwise wouldn't when rushed. Security practices are like a rituals, standards of behavior that we just don't have time for right now.
"The funds are only available for the next hour"; "You will be prosecuted if you don't do X"; "Per the CFO, we need to spend these funds before end of day."
I do wonder if they were more patient and said to themselves “let’s build more trust over the next three months” if they would’ve been able to get him to use his main wallet?
Great story though. I never realized these smart contracts could be so obtuse and malicious. That needs to be fixed.
Yes - they could've just kept churning out more NFTs for him to "stake" and catch him off-guard when he used his main wallet by accident or maybe even give him legitimate returns (that they bankroll) to convince him to use his main wallet intentionally to get higher returns.
The lengths they went through were mind-boggling to me until he mentioned he has 9 figures sitting in a public wallet. Then it made a lot of sense. At first I thought he had maybe a few hundred thousand, partly because he was happy to accept the free help from a stranger.
It's still pretty impressive how competently these scammers were able to discuss and deliver the VTOL work, the Space Falcon game, and entrepreneurial strategy.
Generalizing, anytime someone is giving you a “gift” but is putting expectations on how you receive it (in this case the wallet destination) that should be a huge red flag.
Most people who invite me
over for a sandwich would be insulted if I entered their house, took the sandwich they made me and left. In fact, I probably would never get invited over again.
true, but if they invited you in and told you had to go stand on a very specfic place in the room, facing a certain direction and to only start eating when they said so, that would be very suspicious and likely result in you opting out.
The number of people who'd do something like this is miniscule. Human society is built on trust for a good reason. We know that rules are imperfect and trust our fellow humans to do the right thing. They don't always but most of the time, the average person will.
Who is we? I don’t trust my fellow humans to do the right thing. Average don’t matter, what matters is, are you offering me a sandwich? Is it poisonous? Would you tell me if it was?
Location and culture plays a factor. If the average stranger in New York City or Miami, Florida offered me a free sandwich, I would be skeptical. If I were visiting a small town that wasn't known for a negative reputation, I wouldn't automatically decline or be as skeptical when offered a sandwich.
Do you trust your doctor with your medical history?
Do you trust your pizza delivery guy to deliver you pizza's that aren't poisoned?
Being skeptical is sometimes a good idea, like when it comes to "online research" or "alternative medicine". But having zero trust in even the most basic human interactions sounds like hell.
Unsolicited pizza, no trust. No keys for neighbors.. no way.
I don’t trust most Doctors either, and you probably can’t trust any medicinal organization with keeping records confidential, plenty of examples of breach of that trust.
A good rule of thumb is if somebody you've just met introduces you to someone with an exciting new NFT project that they want your help testing, you're probably being scammed.
While NFTs probably have some useful purpose that will emerge eventually, for now you should consider any proposal or offer that involves the term 'NFT' as having about the same value as any offer involving the term 'Nigerian prince'.
Well, yes and no. They are clearly all-in on crypto (and who wouldn't be, if I made 100 million on tulip bulbs I'd probably be all-in on tulips, too) but they do state in the featured thread that they "aren't really an NFT guy".
Certainly not a great look to have >$100 million in an asset sitting in a single account of any form, though.
When it comes to crypto, 95% of the projects are by people who do not understand it themselves and were sold on it by someone whose sole purpose is to broaden crypto's financial reach and who worked tirelessly to make sure it's obscure/redundant enough that you don't understand it unless you're a developer attempting to implement it or seriously skilled at due diligence. They ran their whitepaper through their advisors to ensure it was clear yet didn't give anything away in terms of how it worked or how the authors get their kickbacks.
I still fail to understand how the smart contract metaphor of "here is some obfuscated code from a third party, please give it access to all your money, kthx" has managed to survive at all. I mean, really, no one saw this coming?
It's just the Trust Problem all over again. Decentralized reliance on automatic software still requires trust that the authors of the software won't scam you. It all comes down to trust. And I trust banks, mostly. Who in their right mind trusts contracts someone sends you on Discord? And yet...
I don't trust them. Just last week, GoFundMe rugged a bunch of funds sent for a legitimate political protest. They can snap their fingers and freeze your funds and hold it indefinitely, without a warrant.
I admit that the Approval UX for wallets and tokens needs to be improved. Unlimited spend approvals should always be flagged in the UX. And approvals should be atomic (single transaction only, with a clearly listed cap, by default). There are some EIP proposals addressing this, but they will be a ways off from standardization.
A private company intervened in the sending of money between private individuals. You can arbitrate that all you want, but it doesn't change the fact that they shouldn't have that power in the first place. GoFundMe is not politically neutral.
> Who in their right mind trusts contracts someone sends you on Discord?
No one.
> It's just the Trust Problem all over again. Decentralized reliance on automatic software still requires trust that the authors of the software won't scam you. It all comes down to trust.
It does, but you get to decide who you trust rather than being forced to trust one of a small number of large institutions. If you want, you can delegate your trust to a third party who will be responsible for vetting anything you interact with.
You can also choose to trust yourself or other members of your community.
This person shouldn’t trust themselves since they are too willing to go along with people who say positive things about them.
And if you trust the wrong people? Per the linked twitter thread, the author trusted the scammers! They only avoided the scam because they were competent to read the contract code for themselves. Is that the standard you want applied to all transactions? Does that seem likely to lead to good outcomes?
Yeah it isn’t trusting people so much as trusting code written by people. Generally something you want to do only very carefully and when you have no other choice. Or have some proper centralized framework of safety engineering to make mistakes harder.
To be honest i don’t really trust banks to value my economic well-being so I have almost all my money in a credit union. But as a software engineer I really don’t see how you can trust code, even stuff developed under NASA style care has bugs. Especially where the framework isn’t doing any rate limiting or safety checks.
> Who in their right mind trusts contracts someone sends you on Discord?
Exactly. That's where the gullibility is really visible... This is basically a steroid version of "I am Nigerian royalty and I need you to give me money" emails. Your first instinct should always be skepticism.
Totally agree. I heard recently discussion of putting deeds to homes on the blockchain, but having recently purchased my first home, I am 1000% okay with the paperwork and oversight and honestly friction that goes into it. The amount of regulation seems to make it very difficult to get totally ripped off, which is great since so much of the process was so opaque to me.
This was a multi-week long social engineering scam targeted at Thomas. Thomas has a Discord for a drone transportation startup, and the scammers proceeded to embed themselves in the community and provide valuable labor such as web design and graphics design in order to earn his trust.
Thomas's wallet is public and advertised on Twitter via his ENS domain. He had $100M+ in aETH, a derivative token provided by Aave when you lend out your assets for interest. The aETH is redeemable for the underlying asset.
The scammers created a fake NFT project associated with space and drones, and proceeded to give Thomas a free one, but asked that he stake it (or deposit it into a smart contract), to earn yield in the form of Armstrong ETH, a token they made up that had the same acronym as Aave's (aETH).
The catch was that when he went to stake his NFT, they asked for an approval for spending aETH from his wallet. Approvals such as this are normal when interacting with smart contracts, since the contract has to be "delegated" responsibility over the tokens in order to move them. However, what wasn't normal is that the approval was actually for Aave ETH.
If he had only looked at the front end of the scam site, it wasn't obvious what was going on. However, a quick glance at Etherscan revealed that he had signed off on an unlimited spend approval for Aave ETH.
Luckily, he had done so on a fresh wallet and not his main wallet that has $100M in aETH. When the scammers tried to get him to stake a second NFT from his main account, he got suspicious and discovered the truth.
This scam was specifically targeted at Thomas, and orchestrated over multiple weeks, for the specific assets in his primary wallet.
Couple takeaways:
- divide your assets across multiple wallets. New wallets are free. Don't put all your eggs in one basket.
- use a hardware wallet or an audited battle tested smart contract such as Gnosis Safe for storing significant sums of money.
- always verify your transactions
- avoid associating your public identity with your main wallet / vault address
- be careful, scammers are getting more creative and advanced in technique including standing up professional front end websites to give the appearance of legitimacy
Does Thomas actually have $100M of assets in a single wallet? Or is it spread out over, say, ten wallets?
I’m interested to know whether the con artists could have realistically nabbed $100M, or if there was effectively never any chance of that due to other precautions. I would hope it’s the latter, but crypto’s strangeness stopped surprising me.
Fabulous comment, by the way. Easily one of the top ten in the last month. Thank you for the breakdown.
There’s no advantage, just laziness. A wallet like that shouldn’t be easy to access and should never be used for for anything other than funding their other hot wallets.
There are reasons, firstly tax advantage in that there is no capital gain from selling the cryptocurrency; the other is that you don’t lose your position on the cryptocurrency, ideally over time you can increase your borrow as the underlying collateral increases in fiat value.
One can also use the borrowed funds to speculate on other cryptocurrency, as a collateralized margin loan.
Many lending systems offer incentives too, where you can be paid to borrow.
In this case, liquidity is pooled across the Aave protocol. There's no difference in the interest rate for someone lending / borrowing $50M or $50. It's easier, but you should probably never have more than 10-20% of your portfolio in a single wallet. And probably should shrink that down even further as your net worth grows.
To be honest, if they got this close, it’s only a matter of time before they take it all. He should strongly consider cashing out and leaving only an amount he is willing to lose in ETH.
Hell, given my distaste for crypto, if I were more unethical I may even attempt such scams, but I’d balance it out by donating the stolen money to environmental initiatives to combat global warming (after giving myself some fair compensation, I don’t have the skills to get away with hiding $100+ million).
It’s like the televangelist. Money affinity scamming. You need to conspicuously show your wealth on chain so people think God (vitalik) made them rich.
Unless you flex with your $100M in aave on your main with an ENS name, how will your victims know you are rich and worthy?
If I had $100M, I find it hard that I’d care that much about things. I barely give a fuck now and my net worth is only 1/58th of that. I’d probably just build a passive income stream and chill the rest of my life.
Which might not actually be that much in some parts of the world. For real. A few million is nice but that doesn’t even get you a house in nice places.
The 4% rule is fairy tales, especially post pandemic economy. we will be working more for less as time goes on.
Then couldn't you just move somewhere else? I live in the Netherlands, near amsterdam. It's one of the most developed places on Earth (more so than most of the US) and my yearly salary is only 100k USD, which puts me in the top 1% on my country.
> hot ass babe to pleasure me and raise nice children
Boy, are you in for a nasty surprise. But don't come crying to us, old men who warned you that what you really should want is a nice cabin near a lake with plenty of fish and an absolutely plain ass woman.
You think you need more than 170k per year to own a yacht, travel the world and dress fancy? I'm guessing you haven't actually done any of these things before, then.
Outside of silicon valley, 170k per year is a huge amount of money. Especially if you're going to travel outside of North America and Europe.
I like the takeaways, though I'd also add an additional one, that you should use systems that have reversible transactions. That way, when you fall victim to fraud, you can use the court system to recover your losses.
This is just saying “that’s what you get for playing with crypto you degenerate”.
The fact is wires can also be irreversible and you cannot use the court system as a blunt instrument outside your jurisdiction. The value transmission medium isn’t the problem here.
Try getting your money back when getting scammed via venmo or PayPal - rarely any better, and if you’re selling you’re more likely to get scammed with those services than crypto.
I have done multiple clawbacks via payment processors. In each case, I escalated (vendor -> processor -> my bank -> CFPB) until the dispute was resolved to my satisfaction.
In nearly all cases, no separate restitution was required: the processor or my bank was able to reverse or halt the ACH transaction before the money settled. In the handful of cases where settlement had already happened, they were able to countermand the transaction.
Yes but, not sure this is a fair comparison. Doesn't ACH transactions take 1 to 2 business days to settle by design, as they are processed in batch and go through an intermediate clearing house ?
Venmo/PayPal/Fedwire transactions should be able to settle in real time, which can be more convenient at the expense of easy reversability
Venmo and PayPal are, to the best of my knowledge, settled via ACH if you use a bank as your source of funds. That's what I've always done, since it provides the greatest amount of personal control over my transactions.
If you use a payment card (debit or credit) with a payment service, then they might use either the payment card's network or ACH, depending on what the card issuer supports.
I’ve had a PayPal failure, a PayPal success, an apple pay failure.
It’s definitely not a guarantee. Most of the Venmo type scams where people “accidentally” send you money and ask you to send it back or pay for an item with bad funds are not reclaimable from those services based on TOS. In those cases you’d be better off with BTC.
> This is just saying “that’s what you get for playing with crypto you degenerate”.
No, it isn't. It's a reminder that we have all of this financial structure for a reason. The person you're responding to didn't make any light of the potential victim or call them a degenerate.
In traditional finance, you (Joe Shmoe) can't just wire someone ~100M USD, regardless of jurisdiction. There are controls, most of which have been written in blood or tears. Cryptocurrencies will also grow those controls, and we will all rightly question its value when it inevitably does.
You ever heard of asset forfeiture? There's two sides to everything. Not really "owning" something is great if you're the victim of fraud, but has its downsides when you become a target and someone wants to arbitrarily capture your wealth
But it's also not a disgrace for traditional finance: it's a disgrace with respect to the latitude our justice system gives to individual LEOs and a sign that the government is willing to extrajudicially punish people instead of pursuing justice through the courts.
Put another way: assert forfeiture is not some kind of "gotcha" against traditional finance in favor of cryptocurrencies. When law enforcement seizes your bank account, they're going to seize your cryptocurrency accounts too. And if you (unadvisedly) attempt to hide those assets, then you will be making their job in court much easier.
Then you missed the point of this whole thing. Some of us would rather die with the keys then let the State steal funds from them. Cryptocurrency is the first technology that lets you take wealth to the grave and keep it there.
Look: if you want to clutch those hashes to the grave, more power to you. I think the Federalist Papers' authors wouldn't know whether to laugh or cry, but that's the wonderful thing about this little American Experiment of ours.
But don't delude yourself into thinking that any meaningful number of people, even cryptocurrency believers, share your position. It's all fun and games until the Men with Sticks show up, and most people understandably tuck tail at that point.
If I'm going to be made a coward in the eyes of a few LARPers, I might as well pay as few middlemen as possible in the process. But that's just me!
Next you're going to tell me that the blockchain isn't made of Lego blocks!
> You'd be surprised.
Given the aggressive spread of custodial services, I don't think I would be. The average cryptocurrency user (even enthusiasts, true believers, &c.) is not a dyed-in-the-wool Burkean. Less prosaically: easy money comes with loose beliefs.
I'm all for the legal process and there is a legitimate way to seize assets. But asset forfeiture is not that. It's only enabled because it is trivial and is done outside of the normal legal process. It doesn't help that the beneficiaries are the very people that can initiate the forfeiture.
If someone goes through the legal process and is found to be guilty and their assets are seized that's fine. But if someone is pulled over, found to have some drugs, gets their car and cash on them possessed and is forced to go through a lengthy process that free up that money, then that's different.
In any case: the really egregious examples of civil asset forfeiture are the petty ones: the government stops someone for the crime of DWB[1], and seizes all of the property they have on their person (including, sometimes, the car itself.) It's a disgusting crime, but one that doesn't typically extend to the victim's bank accounts or other financial resources, unless there's a larger case being pursued against them. And so, once again, it's not clear how cryptocurrency improves the state of affairs: either you're carrying a hot wallet around with you for your day-to-day expenses (in which case you're subject to the same seizure), or it's roughly equivalent to a traditional financial produce and isn't subject to a spurious seizure (but might be subject to a larger one).
Forteiture scenario 1: cops take your cash. It's on you to sue them and prove to a court that it's legitimately yours.
Scenario 2: they take your hardware wallet, then they must prosecute you and prove to a court that the money is not legitimately yours, to get the key. IANAL, but am I wrong?
The answer to this probably depends on your local jurisdiction, thanks to America's unique system of legal devolvement.
Instead, I'll point out that the answer does not matter: from the moment that they have my hot wallet instead of me, I can no longer use it. It doesn't matter to me whether they can actually liquidate it or not. And, as I pointed out earlier, I'd harm my own case by attempting to liquidate my assets with a separate copy.
My main point is the change from presumption of guilt to presumption of innocence. If they are effectively able to freeze it (but not transfer) before the court ruling, that main point still holds. Your claim was that crypto makes no difference, or worse.
I'm not saying technical solutions make the rule of law unnecessary. But they can defend against some violations of the rule of law, depending on the parts of the justice system that are still just.
People effectively defending themselves against a national disgrace help towards getting the disgrace fixed.
You're mixing up reversible transactions and court system. If someone defrauds you in an irreversible transaction, you can still sue that person for damages if you know who they are. Similarly if someone defrauds you in reversible transactions, you can't just wave a wand and get your money back. You can sue them if you know who they are, or you can request a reversal from your bank/cc provider (may or may not be honored) but you're not completely safe. Most fraud happens in fiat and there are real victims out here.
> Most fraud happens in fiat and there are real victims out here.
We had multiple threads about base rate error on HN just yesterday!
Most financial activity happens in fiat, and so of course it stands to reason that most fraud is also done in fiat. The real question is whether the legitimate-to-fraudulent ratio is higher in cryptocurrencies than in fiat.
See also: the "Chinese Robbers" fallacy[1] -- just because you can find a ton of examples of fiat fraud, doesn't imply its worse -- without context it only implies its the most common form of currency.
"Base rate" appears multiple times in that article and is a pretty core concept in the rationalist movement. Memorably illustrating a concept is not the same thing as not knowing the technical term.
It's certainly under the category of base rate bias but it's a specific subcategory (think of it as the rhombuses and squares relationship). In this case the term is used to focus on the fact that it's not just one example here (or two or three), you can provide thousands of examples of currency fraud and the fallacy is still a fallacy
> Most people think of stereotyping as “Here’s one example I heard of where the out-group does something bad,” and then you correct it with “But we can’t generalize about an entire group just from one example!” It’s less obvious that you may be able to provide literally one million examples of your false stereotype and still have it be a false stereotype.
How would one "accidentally" wire transfer millions of dollars? At $10k in America, KYC and AML laws force banks to step through extra layers of verification to wire such amount. It's virtually impossible for someone to accidentally wire millions, which would likely involve a mandatory in-person meeting with the bank customer to verify their credentials and purpose.
If somehow you get through an in-person meeting with a bank branch manager to unwittingly wire millions of dollars, and the topic of how much money you're wiring and the exact purpose of wiring such a high amount isn't brought up, and you somehow still accidentally wire millions of dollars away without anyone ever bringing up the amount and purpose of the transaction, then I'm sure you'll still be able to recover that money back because banks are required to actually validate transactions of that size with KYC, AML, etc. laws. Only cryptocurrencies allow one the ability transmit this amount of money in seconds.
> At $10k in America, KYC and AML laws force banks to step through extra layers of verification
Isn't that only for cash transfers?
> which would likely involve a mandatory in-person meeting with the bank customer
At least at Chase and Fidelity, wires can be done over the phone with no limit.
> to verify their credentials and purpose
I've never seen a banker really help to verify wire instructions, as in contacting the intended recipient. Normally they just ask the sender if they've verified the instructions, if they understand that the wire is irreversible, etc.
Of course when it gets to the bank's wire department, they make some attempt to block suspicious wires. But they're guessing based on limited info, as they don't typically contact the sender or recipient.
> I'm sure you'll still be able to recover that money back because banks are required to actually validate transactions of that size with KYC, AML, etc. laws
From what I've heard, fraudsters will (indirectly) transfer funds to e.g. a Nigerian bank and cash out there. It doesn't always succeed, but it does sometimes, or wire fraud wouldn't exist.
Yes, the banking industry won't do much to prevent Aunt Senile from wiring $80k to Nigeria, although I doubt they make it easy. Hell, I couldn't even phone-authorize a wire of 8k to buy a car two states over, but I guess that's just my bank. Had to bloody pay for the car on credit card, no joke.
But the scenario in the OP is only possible in cryptocurrencies. You can't put a button on a website "Click here to send a JPEG through email for $3.50*" with the fine print "*and also 100 million dollars" and expect that to ever work out with the legacy banking system. Only in cryptoland could someone ever accidentally yeet 100 million dollars in a few seconds by visiting a website and clicking a button.
It's a fair criticism. But the reverse is also true, in that money is frictionless to raise and coordinate in cryptocurrencies, such as the $45M attempt at buying a copy of the Constitution (which failed, but people simply got a refund), or the $56M that was raised for Julian Assange's defense last week.
I'm able to work with total strangers, raise money, sell products, contribute to causes, commission art work etc, etc, hold those funds in a smart contract treasury and encode rules to govern the spending of those funds.
Safe guards do exist for the aforementioned issue. Number one is not holding significant sums of money in a single wallet, unless it's a multi-sig that requires multiple parties to agree to transactions (like Gnosis Safe wallets, which store $100B+ in assets and are battle tested at this point).
The value of the PEOPLE tokens on the secondary market proceeded to increase nearly 10x in the weeks following the dissolution of the DAO. Even though market cap is declining, at $327M mcap, it is still many multiples of the amount raised.
PEOPLE tokens in circulation are still redeemable for the underlying ETH, but the monetary premium has increased as a result of the dispersed liquidity to so many holders (16K+) as well as the novelty of retaining the token for a failed, yet valiant effort.
I recently bought a house. My title company made a BIG deal about fraud. Basically, people figure out you're in the process of buying a house, pretend to be your title company, and give you their wire info instead of the real info. You wire a giant pile of house down payment to the bad guys, and they walk. You will not get that $ back.
Those are all intentionally sending money; you just have had someone tell you the wrong account. Which is just as easy with crypto. And, just like with crypto, you can always reach out to the party you are trying to send money to via another means to confirm the address.
When I purchased a house, I Googled the recipient, confirmed the certificate, Googled the number found on their website separately to confirm it was listed elsewhere as belonging to the company I expected it to belong to, called it, and got them to tell me the account details for the wire transfer, confirming it matched what I had been sent. Which, to their credit, their instructions also told me to do. And I initially sent the down payment, confirmed they received that, and only later in the process sent the remainder.
While there still are some ways to beat that (compromise the recipient's infrastructure, change the website, lock out the recipient from their email, insert into the email exchange, get a wire transfer done before the recipient can proactively call the target to warn them), it's a lot harder to pull off than "find a target that won't read the code very closely".
It's rare that buyers of houses and property are that thorough. On the contrary, my friend recently bought a plot of land for which the sellers did not own the title. The title company, who's only job is to verify this, completely missed it. The fake sellers made out with tens of thousands of dollars and the real owners, who are from Germany, are still haggling with my friend and trying to get her or the title company to pay for their lawyer fees, and she still doesn't have title to the land!
At least with crypto, the chain of ownership is transparent and can't be faked. So validation is cheap and easy to do.
Where is the land mentioned? Is there no land registry there? In many jurisdictions, titles to land are registered through a government operated registry where would-be buyers could look up information on the situation of the land rights.
AFAIK you don't need to be a title company to do this, any buyer could do it themselves.
And what if you don't know enough about land law to make sense of everything? That's when you need companies to do it for you.
Is checking the chain of ownership of cryptocurrencies easier than land? It depends whether you're talking to a real estate lawyer or a NFT seller.
I'm neither, and I don't see the intrinsic difference.
>> At least with crypto, the chain of ownership is transparent and can't be faked. So validation is cheap and easy to do.
In theory. The devil is in the details; does everyone know how to validate the chain of ownership, even the most non-technical of users who must rely on the system? If not, you either will never be mainstream, or you're reliant on a trusted agent to validate on your behalf (sorta like a title company!).
And if you screw something up with crypto, there is no way to address it. The complaint of "dealing with lawyers and trying to get someone to pay for it" is a feature, not a bug. Worst case, it's no different than the crypto outcome; best case, you have recourse.
Man, BoA sure lets a lot through. I couldn't even wire 8k without my physical presence - this was during COVID lockdown of all things as well! I know nothing of buying a house, but when I bought another, more expensive car that required a loan, the bank went through the whole rigamaroo calling a bunch of people to verify all the details (after all, I was going to buy their car with their money) - took nearly an hour to actually get the money after being approved for the loan days beforehand with all their internal busywork. All for something that, what, might have covered half of the wages for the day of the employees working there at the branch office after three years of interest? I think I'll be staying with my tiny, irrelevant local bank after all!
I worked at a financial institution, no way you could open an account, deposit some spare change, and then withdraw 900k after a few weeks especially in America. Compliance would be all over that account, which is probably why they got the money back anyhow because the crooks would have a lot of talking to do after getting that much money in their account. KYC and AML is required for both sides of the wire transfer.
For somebody with $100M+ I find it strange how excited Thomas got about the prospect of some strangers setting up a meeting with some random founders. With that much money would it be that difficult for Thomas to set up a meeting with them on his own?
He might have the wealth, but he is nouveau riche. He probably doesn't have the connections and hasn't experienced enough of the rich people world to see what those connections look like. He probably (subconsciously) thought this was a start of that sort of thing.
Yes, isn't it interesting how people who own crypto valued at hundreds of thousands or millions of dollars rarely act like people with that much money, get involved in the kind of business deals or social engagements that people with that much money do, etc.? It's also interesting how many of the assets they tend to purchase are themselves part of the crypto ecosystem. How many people, given $300k, would go and buy exclusive access to an online monkey avatar?
Yes, and I think he just set himself up as an even bigger target, because he's revealed that he has personal, immediate custody over $100m. His next attackers are likely to get much more personal and direct.
I’m curious, does anyone know Thomas, or how did they amass 100M in ETH? The websites provide absolutely no identity of anyone involved (as is very common for crypto). The Twitter account is 4 months old.
No mention of the person or the Arrow company on the internet previous to this episode seems to exist. Other than looking at the chain records, how should we believe that any of these stories are true?
I know of Thomas through the Rocketpool community Discord (a decentralized Ethereum staking pool). He's a regular on there. And I'm one of 90ish members in the Arrow Discord. It's a super early stage startup that's still in the conceptualization phase. I don't know how he got his capital, I don't know his background. But he's been an engaged member of the RPL community and seems genuine in his interest for drone transportation. A lot of this is still available in the Discord chat history.
when he invites you to get in on the ground floor of an amazing opportunity, I suggest you take him up on it. He's rich so it definitely won't be a scam!
My impression of him is that he's a decent guy who got targeted by scammers who knew he was rich. I've participated in the ground floor of plenty of opportunities. Some of them work out, some of them don't. But the ones that do more than make up for the ones that don't.
There's a more general takeaway, and it's one every developer discovers for themselves, sooner or later:
- People don't read what's in front of them.
I've seen this emerge in a vast array of fields. No matter how much we highlight specific details, for all our efforts in red-flagging irreversible actions, folks will often blitz past a confirmation dialog, nag screen, or notification message, without internalising the details or the risks. For those in financial technology, as in this specific example, irreversible actions also extend the attack surface for fraud.
Even the brightest minds can be lazy (some might even say it's a feature, not a bug) and one should never rely upon the opposite. We consequently face a design choice, for all irreversible (or hard-to-reverse) actions, the most common options being:
a) allow a grace period;
b) redesign, if possible, to make it user-reversible;
c) build a forcing function for diligence[1]; or
d) expect support tickets about that feature.
The default is (d), and the helpdesk won't thank us, since the workload generally scales linearly with growth at a high opportunity cost.
> scammers are getting more creative and advanced in technique including standing up professional front end websites to give the appearance of legitimacy
It seems like this is becoming the minimum standard for scam operations. For example, there is currently a BTC phishing scam going around that tries to convince the user they've accidentally received an email meant for someone else, which just happens to include a link to a million dollars worth of BTC. The website looks legitimate, albeit amateurish, to the point that it could even be convincing to another web developer. The rest of it is much like the OP's scam.
It starts with an email from the hacked account of a real bank manager in an Italian town, and is addressed to a real self-proclaimed stock market "guru" from the UK, now living in the US. The email states that 19 BTC has been deposited into an account that was created for them on a site called Coinlux, and they provide the username and password for the account. The Coinlux name was even used by an actual company at one point, so searching for any of the names or details surrounding the scam generates very real and convincing results.
Upon visiting the page, you're presented with a moderately professional-ish looking site that asks which fiat currency you want to use and lets you login. You're then prompted to enter a phone number to "secure the account" which, surprisingly, initiates an actual phone call from a number in the UK using a Twilio-like service. After confirming the verification number, you're allowed to view the account, which has some realistic dummy transactions in the history and other features that make the site somewhat believable (it even has a fake chat system and working account recovery).
After initiating a withdrawal of any amount, it provides a warning that you should make a small test transaction first (of 0.0001/$4), to ensure that you're sending to the correct BTC address -- after all, you wouldn't want to send 19 BTC to the wrong place and lose it all. It takes much longer than a normal transaction (likely because the scammers are manually initiating them), but it does eventually go through, and they've now succeeded in convincing the user that there is real BTC in the account and you can actually withdraw it.
However, if you try to make a larger withdrawal (or a second one at all), you're now presented with an error stating that you're not withdrawing enough, because of a "minimum withdrawal amount" defined when the account was created. This minimum amount happens to be 19.01 BTC, or 0.01 more than is in the actual account currently. So you've successfully withdrawn ~$4, but you have to deposit ~$400 if you want to access the entire 19 BTC.
As if it weren't obvious enough at this point, checking the address[1] which sent the 0.0001 makes the entire scam plain as day. This means that anyone with any amount of tech knowledge is probably not susceptible to the scam, though I do think that certain personality types could get caught up in the excitement of potentially "stealing" a million dollars. On the other side, non-techies will likely fall for this in droves, and the transaction history on that address does show there have already been successful victims -- though this particular person's scam has been massively unsuccessful so far, and they may actually be in the red overall.
It is quite elaborate, well-planned and a lot of time has surely been invested, so the very underwhelming results must be devastatingly demoralizing -- which I think is probably the best outcome of any scam.
I'm surprised anyone reading this story wouldn't conclude that the real takeaway is to just not engage with cryptocurrency at all. This ecosystem is so convoluted it just turns me off at every level.
I woke up this week to dozens of comments on a video from a speaker at SaaS Connect 2017 (previously known as The Small Business Web Summit) to learn she was arrested and charged by the DOJ this week for laundering $4.5 billion in crypto. https://www.justice.gov/opa/pr/two-arrested-alleged-conspira...
Billion!
Since this is an allegation, we must presume innocence. However I still cannot imagine what planet would entrust 10 figures to her control. Witness her rap.
It's worth noting that those 4.5 billions had a value of 75 millions or so when they were stolen. It's also worth noting the "heist" happened in 2016, so before that talk.
That's precisely my take away since I saw what ETH's instruction set looks like and what sort of languages these smart contracts are made of. It's a giant pile of flimsy garbage propped up by a frenetic gold rush.
To think that any of this would then be used to build a trustworthy ecosystem for non-developers to use, seems delusional to me. And building a VTOL taxi airline on top of it seems like it puts the cart 3 miles uphill from the horses.
There are trade-offs with every financial system, and ways of using each in a way that mitigates its disadvantages.
Smart contracts on a general computing platform can enable anything, including the reversible payments and reliance on trusted third party delegates that you see in traditional banking, so as a consequence of this maximally expansive design space, I assume they will eventually lead to a financial system that offers a much better set of trade-offs than that of any other financial system.
Taking a high-velocity ride in a cage of aluminum? I don't want to engage with that at all. I am so surprised that safety measures such as airbags and seat belts are discussed. Obviously cars are too dangerous to exist.
Not that this legitimizes crypto, but early cars were not understandable by ordinary people. They were loud and finicky, and toys of the rich who had the time and energy and money to spend on them until the technology matured and mass manufacturing brought their price way down.
I don’t understand at all how wheels move and what is that round thing near my chest and what do with it. Maybe it’s the fifth wheel. Or why fuel is needed, I can’t even find a mechanic who will look under the hood for me if I can’t. Also since my last car could use my ATM card and sign my cheques I had to be extra careful when turning on the ignition and had to see the gps log whether it drove to my bank when I was taking the afternoon nap.
There was no service warranty and guarantee with the car at all. I had to hire an entire division of technicians and engineers to use it. I think few lawyers and auditors as well.
In fact it felt I also needed a PhD in all things automobile to use my car.
Most importantly I can’t see in front of me at all. Front is opaque. I just drive hoping I don’t run someone over or something doesn’t run me over and my car.
I think there is value in being able to write up an online contract (code) that is able to manage money for two parties without needing to go to a bank or some third party to act as the middleman.
It's the same thing as reading the terms and conditions.
Human transactions can 'easily' be undone in a court of law, and yet are still so painful to undo as to necessitate a trusted escrow agent in many of them.
This is making it so there is no "undo", and no escrow agent. There's value, for those looking to take advantage of others.
> when he went to stake his NFT, they asked for an approval for spending aETH from his wallet. Approvals such as this are normal when interacting with smart contracts, since the contract has to be "delegated" responsibility over the tokens in order to move them. However, what wasn't normal is that the approval was actually for Aave ETH.
I'm a reasonably technical dude (senior data engineer at GAMMA/FAANG/whatever we're deciding to use nowadays), yet I don't have a damn clue what this means. And that's not an indictment of your communication. How on earth could I expect my wife, my brother, my parents, my kids, any of my friends, etc., to understand this?
On the other hand, all these people understand the concepts of bank accounts, credit cards, fiat currency, etc.
I'm open to learning more and having my views changed, but I'm so far convinced that there's absolutely nothing about crypto that is a simple, reliable, demonstrably real solution to a problem that isn't already handled by our current financial instruments.
It is a specific technical detail of how ERC-20 tokens work. Your wife/brother/kids etc make transfers online from their bank account without knowing the technical details of how that transfer works.
Ideally wallets would have better UX where concepts like this could be handled safely and in an accessible manner. I think crypto isn't really ready for general consumption yet.
This discussion tells me once again that crypto today is similar to you have access to the backend systems of the bank and you can write database commands in sql that change things in your account records. It's insane low level access system. Transferring ownership of money via a webpage that has a source and destination on your bank webpage is understandable at a certain level. Is that the right source, is that the right destination. But you can put in 100,000 instead of 1k or 10k by accident. That's very different than if you click the 'ok' button it runs say random javascript like commands that the destination of the money wrote up.
You can't ever expose that level to end users without it being an endless fraud source for people.
"The catch was that when he went to stake his NFT, they asked for an approval for spending aETH from his wallet. Approvals such as this are normal when interacting with smart contracts, since the contract has to be "delegated" responsibility over the tokens in order to move them." - this is a bit surprising - I thought the way to let a contract move tokens was just to send them to it? Approving a contract to move everything from a wallet works like sending everything from the wallet to the contract - it omits the step where you choose the amount that you trust the contract with, why is this the 'normal' way?
Thomas also mentioned in the thread that it seems "Space Falcon" is a real NFT project. The actual domain ends in .io though, and somehow the scammers managed to acquire the .com domain and I'd imagine they'd then only need to replicate the frontend UI instead of coming up with an all-new one. Still very sophisticated for sure.
Not really, it seems like the usual being extra flattering to earn favours (or worse). The first two messages would have raised several red flags with me.
> He's currently working at Ubisoft and offers to help with 3D design and animation
Like if I worked for Ubisoft I'd have time to do 3D design for free for some other company.
> Like if I worked for Ubisoft I'd have time to do 3D design for free for some other company.
Why is that so hard to believe? It's like suggesting that no professional software engineer would ever contribute code for free into an open source project in their free time. My basic assumption if somebody send a patch to an open source project is not that I'm being social engineered -- it is that they're either using the software or interested in the domain.
The social aspects of the crypto community are very interesting. The "WAGMI" mindset encourages a kind of freewheeling magnanimity where strangers will offer to help people get involved, give away free coin, bail out people who got scammed, etc.
No doubt this is often genuine goodwill, but it's also an effective technique for recruitment (it's longstanding practice for evangelical religions and MLMs), and it creates a situation where a lot of self-interested people looking to get rich quick are mingling in an environment where it's perfectly common to make generous offers with no expectation of return.
It's like going to a tech meetup where there are a lot of people working on startups, and who might buy a few rounds at the bar afterwards in exchange for maybe attracting an interested investor or cofounder, but where there's a chance that drinking a seemingly normal beer might give them access to your bank account.
Note; dude has $123M in aave wrapped ethereum that he almost granted a scammer access to.
Scammers ripping off scammers.
Why would you waste time with open source aircrafts. Aircrafts are a regulated thing. Nobody wants to fly in your science project. Put some of that 123 million into starting an actual company. DAOs are bullshit.
The aircraft and/or taxi service might be legit but all the crypto around it is useless complexity at best or a complete scam at worst.
If you legitimately wanted to develop an aircraft taxi service, you do not need to involve crypto in any way. Even if you wanted to accept it for payments it's an auxiliary component that merely accounts for it and converts to fiat at some point.
The DAO or whatever crypto bullshit is intertwined with it is absolutely a scam.
"legit persons" are always materializing out of thin air with $100m+ and a "legit project" that is just a content-free web page. I will definitely be surprised when "thomasg.eth" uses this publicity to generate interest in his "legit project" and then rugpulls
Did you take a look at arrowair.com? Everything about that screams "art project". None of it makes sense. There are extreme engineering, economic, and legal challenges to doing have of what they are proposing, so the first thing they are investing in are their crypto projects? Because crypto crypto future future?
I don't necessarily think the author is a scammer, but the whole project is the equivalent of "I'm going to launch a rocket to the moon" and then the first thing you do is open a nice website and launch a new token.
He didn't grant them access on his main wallet which holds the amount you describe, he granted them access on a different wallet that didn't hold those assets. Thus "nearly" in the title.
Banks in my country don't have a reasonable API. There is CODA, but it's restricted to business accounts too ( and you have to pay for it).
Additionally, accountants make a huge part of the workforce. So I don't think it will be possible in the short term to "replace them" by traditional means.
I had never heard of DAOs before this and am struggling to wrap my head around it. It seems similar to any other venture with shareholders, except the shareholders need to reach consensus for any sort of financial transaction. Is that right?
So the DAO is blocking this guy with $100M sitting around from just hiring an actual designer for his air taxi project?
He had $130 million wrapped up in an ERC20 token called Aave wETH (aWETH). ERC20 tokens let you approve another address to spend those tokens on your behalf. Basically, the scammers tried to trick him into approving all of his Aave wETH by creating a fake website designed to make him think that he's approving a different token with the same aWETH symbol.
They're basically receipts for putting money into a lending pool. In this case he's lending about $130 million, on which he's earning interest, and can get his money back by redeeming those tokens.
My apologies for being so ignorant on crypto lending, but I'm not even sure where I'd look up the details of how this system works.
When Thomas puts that money into the lending pool, what happens if the borrower defaults? Did the borrower put up some non-liquid collateral? Did someone do a background/credit check? Who takes the loss, is it split across the pool?
I understand how traditional bank loans work, I'm a little lost how much risk is being taken by the loan issuer here.
Aave's documentation [1] is pretty good if you're interested in doing a deeper dive. But yeah, it's a collateralized loan where the borrower stakes some ETH.
So the idea is that I can take $100 worth of ETH and put that up as collateral for a $75 loan. And if the value of my collateral drops due to the ETH<>USD exchange rate I have to stake more collateral. If I don't (or if the exchange rate moves below a certain point) then my collateral is automatically liquidated at a discount. So in this case, if the value of my collateral falls to $80 the contract will put it up for sale at $75 -- this creates an arbitrage opportunity, so the liquidation will likely happen very quickly.
There are other lending protocols where you can stake other assets (NFTs, other tokens, etc.), but this is my understanding of how Aave works.
Since NFT's are subject to heavy criticism of their existence, a lot of people are developing extra things you actually can do with them. The market is interested in that being done right, so its interesting to be a part of projects that are trying. This extra thing required Thomas sending the NFT to another service they developed. Smart contracts in Ethereum Virtual Machine environments (EVMs) have to be primed to recognize asset. So there is something called an Approval. When Thomas interacted with this contract it did the approval for the NFT, and also an approval for aWETH a token associated with that project.
aWETH is the ticker symbol for a token that project created called Armstrong ETH. The namespace for ticker symbols has many collisions as there are many tokens. So people aren't too worried about that, a token's ID is its contract address which does not have collisions.
In this case, this was the actual phishing attempt.
Their project did indeed use a token called Armstrong ETH, but their approval was for aWETH which is Aave Eth, an asset collateralized by liquid valuable actual Ether. It is also redeemable for actual Ether.
So if Thomas approved the use of their project from his main account, the hacker would have been able to use another function written in their smart contract that leveraged the approval of aWETH (the Aave Eth) to take it all away from Thomas. He has $100m of that.
> a lot of people are developing extra things you actually can do with them
To be clear, the “thing” in this instance is NFT staking: a ponzi upon a ponzi where you buy a NFT and then lend it to a platform, which pays you fees. Platforms can advertise ridiculous yields (200% APY) because deposits go right out the door again as fees to people higher up in the pyramid.
He has around $130mm of a token called aWETH, which stands for Aave Wrapped ETH and means he has that much ETH deposited into the Aave app. The attacker tried to trick him into giving their contract control over his aWETH under the guide of being a different, useless, token that they were just trying out.
If he approved their contract to be allowed to control his aWETH they'd take it all.
Someone comes to you and says "I'll give you X Euro if you let me hold onto your Y Dollars until you give me X Euro back."
You think, well Euro are useful, maybe you need Euro specifically to invest in an European business. So you agree.
But when you review the contract presented it just says you give Y Dollars, so you go "wtf?" and refuse to sign.
Apparently, some people are dumb enough to hand over their cash without reading the contract, and an entire industry exists to fool people into doing so.
This was an absolutely fascinating and chilling story.
The thing that struck me about it is the scam didn't work for a few reasons:
1. He typically had a practice of not using his main wallet for things like this.
2. He got wary and actually read the smart contracts.
This is a level of technical competence required that's going to mean most people have to offload this to a trusted intermediary. And then what's the point of all the decentralization ideology? Because we just re-invented banks.
The purpose of decentralization is solely censorship resistance. It has nothing to do with consumer protections, consumer education, or easier to check software.
Decentralization can't provide consumer protections regardless of what regulators do. The one thing it can do is resist censorship and things indistinguishable from censorship, like software failure.
The amount. A real example is CNY, which is limit to 100 yuan notes, deliberately to make it hard to move large sums.
1000 USD bills exist but are very rare. 1000 euro note exists but I think that’s on the way out.
Your point that cash is censorship resistant is good, yes and we need to make sure it remains, however the physical limitations are defacto censorship.
How is it censorship? Moving large amounts of cash is impractical due to physical constraints, but is still possible. And there are legitimate concerns at play for those limitations.
Technically, $500, $5000, and $10000 also exist in private collections. They were last printed in 1945, and stopped being issued in 1969. They're worth far more than their denomination to collectors, understandably.
Also, technically, $100k bills exist. They, however, were printed during the Great Depression and intended solely for transfers between federal reserve banks, and were never circulated. It's illegal to hold them privately, though there are some museums and things that have one.
Cash has pretty decent censorship resistance. It's when going digital that it gets difficult because you either need a centralized clearinghouse to prevent double spends (Visa, PayPal, etc) or a BFT consensus algorithm ("cryptocurrency").
I'm fact when discussing both privacy and censorship resistance I often cite cash as a target goal.
>And then what's the point of all the decentralization ideology? Because we just re-invented banks.
There's nothing wrong with centralized services built on a decentralized network. Take a look at the web. Sure you can use a centralized service like facebook to make a facebook page, but if you want you can host your own website.
Sorry, but that's exactly what is wrong with the web, and what we strive to "fix" about it when we build decentralized alternatives to centralized infrastructure.
It is a systemic failure that most users must "fail over" to a centralized service to publish on the web.
The conceptual improvement enabled by blockchain is that the data layer is a neutral plane and this theoretically gives users portability. But, to say that centralization is fine because it has happened on the web and that was also fine is rationalizing a bad thing as good actually.
no it's not a bad thing at all. it's not a systemic failure, it's division of labor and people need to stop being willfully ignorant of economics. Lawyers are good at reading contracts, Facebook is good at running servers. Medium is good at publishing your things and getting you ad revenue.
sending http and json over the internet is just as neutral of a technology as the blockchain. the reason people build centralized services on top of it is that we're collectively better off by specializing.
As a writer you're better off writing your content full-time than running a server, becoming a smart contract expert, casual coder and server administrator. no technology on earth is going to change that fact and it's why people buy their bitcoin on coinbase and their nfts on opensea.
No-one is better off concentrating power in a centralized authority with the scale and (lack of) accountability of Facebook.
Specialization doesn't come into it, although it is worth observing: your comment presupposes that in order to benefit from specialization, one must subject themself to exploitation.
I'll be the first person to agree that there's plenty of wrong with Facebook, but many people are better off because they have access to platforms like Facebook even with their flaws. If you've ever seen online small business in a lot of developing countries, a significant amount of money they make is through online marketplaces.
they don't stay there because they are being exploited, it's because centralized platforms reach many customers and automate away a lot of the problems that you'd have if you had to set that infrastructure up yourself and pay for it.
If you're a creator you stay on Youtube because you get a sustainable income. They can do that because they're centralized. If you run your own peertube instance and pay more in server costs than you make in ads that isn't a solution.
And these simple economies of scale will always exist regardless whether your software runs on a server or a distributed blockchain vm.
To the extent that you are saying that specialized services can be built upon a generalized infrastructure and that people can benefit from that, I agree!
But, the commenter I take issue with said that it's good actually that we are just re-inventing banks on top of the blockchains, and the evidence that they offered is that it was good actually that we invented Facebook on top of the decentralized web.
Actually, Facebook is bad. It's not bad because it offers a service that people clearly need. I think we can all agree that an easy publishing on-ramp is great, and that it should exist. Facebook is bad because its creators use it as a tool for mass manipulation and exploitation of its users, and the web as we know it facilitates this through a combination of its flaws and missing features.
Facebook has created some useful services, but that doesn't mean we want to build Facebook again on a newly conceived network infrastructure. In web3 we see a latent opportunity to design new infrastructure that improves on the flaws and power imbalances of the previous one. But, if we seek only to re-invent the exploitative institutions of the past atop a new substrate, then frankly it's a waste of (most) people's time (I'm sure some VCs and early adopters have a lot riding on it, though).
I don't understand why in the world Thomas wouldn't directly communicate via phone and video chat to any of these people first before doing serious business and potentially traveling across the country for random anonymous folks on Discord.
Social engineering is so much easier when you engage in faceless, voiceless communication. This could've been shut down so much more easily if they put a real human being to match the messages. When things actually matter, I need more than just a Discord avatar and a handle to identify someone.
But what are you checking with a call? That just seems like creating a false sense of security since there is virtually no additional “useful” information that is being sent over the audio channel above and beyond what is in text.
I'm checking to see if this Linh Nguyen that some random Discord user referenced me is the Linh in front of me on Zoom. A phone call isn't ideal, but it's still better than nothing. At the very least, there's one more identifying factor though that may help with spotting any scams, but yes, it can be false sense of security if you rely purely on it.
If I'm John Doe and I made some merge requests to your open source project for a couple of weeks, is that alone really enough to potentially meet me in some city far from yours? That's essentially what the author was prepared to do.
Scammers have plenty of time to practice compared to the average person, and the face to face nature can make people more susceptible due to a false sense of trust / thinking that they can judge character over video.
OTOH it'll probably be harder for non-native English speakers to pull off a phone/video call considering that a lot of amateur scammers have telltale bad grammar even over text
"Discord" by itself is a pretty big red flag to be honest. I would personally not engage in any business or industry where that is the main communications platform.
"She tells me a bit about her metaverse project, Space Falcon. I'm not really sold on it, but I'm not really an NFT person so I didn't have any reason to think it was a bad idea either.[...] It seems kind of like a get-rich-quick scheme, but again, that's kind of how I see a lot of NFTs. With all that she's doing for Arrow, there's no harm in showing a little support."
The real takeaway from this is that it's dangerous to break your moral compass and sense of reality to the point where you think helping out people who are pushing an obviously fraudulent business, is ok and normal.
I don't see it that way at all. The NFT vector is arbitrary. The point was to drain his accounts and nothing more. If a less suspicious method was available, I'm sure the scammers would have taken that one.
Is there any case of NFT that is not some combination of get-rich-quick scheme, Ponzi scheme, search for a bigger fool, FOMO-powered stupidity, extracting money from naive people or satire of NFT?
And NFT part adds anything substantial and is not replaceable by regular transfer (either transfer of money or BTC-like)?
It’s degrees of suspension of disbelief. Software is just tricking sand into to thinking.
I have no issue believing that an imaginary consensus stored ledger in thousands of computers all secured by massive amounts of energy and limited to 21M units over 100 years might be valuable.
The ability for people to copy this software idea? Not valuable. The ability for people to issue new tokens on existing chains? Not valuable. The ability for people to post and sell jpegs, Not valuable.
Only original ideas are scarce. It’s the first step vs the n-th step.
I think SV libertarians saw the scam of world finance and thought, y’know what if we could get in on this too and then we would never have to innovate again.
> I have no issue believing that an imaginary consensus stored ledger in thousands of computers all secured by massive amounts of energy and limited to 21M units over 100 years might be valuable.
It's not "secured" by energy. You can't convert a Bitcoin into the original amount of power required to produce it, which is the defining quality of a financial security.
It's more accurate to say that Bitcoin's value is retained by the ongoing commitment of power into the network. But that correctly suggests that the network collapses without a perpetual source of electricity, which is not the kind of positive connotation that I think you meant to supply.
It’s a little more nuanced, while some component of maintaining hashrate/energy, it’s best be be thought of as a point in time expenditure given the network size, participants and technology available. Once a block is minted at a given difficulty, it can never be undone (with a negligible probability), as a chain reorganization would need to put in more energy than that to undo it.
It’s a conversion, abstractly. Probabilistic finality at a given level of technological and economic resource exploitation.
The wonderful thing about economic value is that, for better or worse, we get to decide what has it. A large number of people have decided that Bitcoins have economic value, and it's not particularly salient to my arguments as to whether that's true or not.
The rest of what you've written doesn't really concern me, because all I was interested in was pointing out that Bitcoin doesn't securitize energy.
Okay. In what "literal" sense of the word is Bitcoin secured by electricity? The need for electricity seems to be Bitcoin's greatest practical liability, since the entire network depends on it.
I think that fits more into "ridiculous economic Chinese finger trap" than "security feature." It's similar to calling gold's physical weight a security feature, but at least there's a consistent and non-economic relationship between how much gold you have and how hard it is for someone to pick it up and walk away with it.
(It's also not immediately obvious that "more electricity" is needed to attack it, since a handful of extant larger pools could just conspire as-is.)
> Larger pools doing that would be subtracting energy from the honest side, and adding it to the dishonest side
Why would that be the case? It isn't necessarily zero-sum; the more realistic scenario is that the remaining honest participants ramp up their energy consumption in an attempt to prevent the attack.
But that's still only the most boring of the many, many latent threats to Bitcoin. Solar flares and electronic warfare strike me as more interesting.
To be fair, most human technology is vulnerable to these. The nice thing about a distributed ledger is that as long as one copy remains it can be bootstrapped back to full form. One Pi sitting in Africa could do it. Try that with your banks SQL db backups, which all tapes disks and ssds were erased in the solar storm.
“Technology” is the operative word. Cash works just fine.
Once again: the bar for cryptocurrencies to clear isn’t to be “as good as” traditional finance. They have to do better, given the additional middlemen and costs they shoulder on all of us.
You’ve failed to demonstrate that they clear that bar: a single surviving backup of a distributed ledger isn’t distributed in either the trust or failure senses, and is thus no better (and possibly worse!) than us trying to piece the world’s financial system back together from everybody’s paper receipts. Oh, and the whole “cash” thing continues to work.
The NFT part keeps track of who owns what domain. It would improve the situation by getting rid of the questionable organization running things presently. (See: the .org scandal)
Obviously the NFT would "keep track of", but you have to be more specific.
And changing the organisation is a completely separate question from which database technology they use. IF you just switch from SQL to NFT the organisation will not suddenly become less corrupt, or whatever the issue with them is.
If you're asking for the implementation details, there's a group trying to do it right now. You should look them up if you're interested.
>IF you just switch from SQL to NFT the organisation will not suddenly become less corrupt, or whatever the issue with them is.
It's true that it won't make the managing organization less corrupt - it will make them nonexistent. That's the idea behind decentralized decision-making. The people running the database don't have to have the power to change it or bend the rules: that's what this whole crypto thing is about.
How would you be able to get rid of the organisation? So many people talk about various crypto use cases but they can almost never explain how it would work.
From land deeds to insurance to domain registration to in game assets etc etc, people have all these wonderful ideas. It would be interesting to one day have at least one of these ideas explained.
It's literally whoever owns the keys listed as the registrant owns the domain. If you lose your keys you lose your domain. You have no recourse if someone squats on your domain, uses a lookalike domain for phishing, steals your domain, etc.. And for the privilege of having a judgement proof blockchain with no oversight you get to buy your domain from an early adopter that's squatting (investing) and you get to pay fees every time you blink.
All the crypto bros printed (mined) a bunch of monopoly money (coins), invented assets (NFTs), bought (allocated to themselves) all the assets (NFTs) using their monopoly money (coins), and want us to buy into these crappy systems with real money so they can sell us the assets (NFTs) while still being the landlords (transaction processors) that charge us rent (fees) on everything forever.
> It's literally whoever owns the keys listed as the registrant owns the domain.
Sure, but even so, how is this implemented? Presumably some organisation needs to uphold this connection. Simply "owning" a domain, in the sense that you "own" an NFT, is not very helpful, you need some kind of actual control over it. Presumably a server is needed to forward the domain to your IP, and someone needs to run that server, right?
There is a smart contract that supports features like domain name resolution and transfers. The data and code needed to resolve the domain to your IP would live on the blockchain, so effectively every node in the network is hosting it. The smart contract could be totally immutable; nobody would have special permissions.
The resolution would work by executing some "lookup" smart contract function on a node (you could run your own local node for lookups, or use a public node similar to hitting your ISP's or Google's DNS server).
None of this is really cutting edge, it has been possible for a long time now.
We all understand the first part. Storing information on the blockchain, that's easy. But where almost all use cases fall down is in interfacing with the real world.
In this case it sounds like that is solved though. I know very little about the structure of the internet, but it seems you are saying that instead of asking a DNS server, every computer would ask the blockchain to resolve the domain name, correct? But wouldn't that require every single device that connects to the internet to "update its firmware" or something? Or could this decentralised DNS somehow emulate the old fashioned kind?
Right exactly. I think from the perspective of devices (say your laptop) it looks pretty similar to the current system. You give it the IP address of a "DNS server", but now it's hitting an Ethereum node who is doing the DNS lookup. There is danger there that the node could lie about the state of the blockchain, so it does need to be trusted. The paranoid can always run their own node and be 100% sure.
I do think you could expose the same interface as traditional DNS but backed by the registrations in the blockchain. There are browsers that will resolve Ethereum Name Service domains today, but I'm not sure how that's implemented (probably lookups on a public ETH node).
The important improvements IMO are on the registration, transfer, renting of the names rather than the lookup side which doesn't look dramatically different except that other code running on the blockchain could do the lookups too.
My domain is secured by the ministry of telecommunications of my local government. To transfer ownership of my domain requires a hard copy of a random code snail-mailed to me by the ministry. It's literally tied to my legal citizenship. That's the opposite of "questionable."
That has some obvious downsides. It probably doesn't matter for you personally but being able to take someone's domain away for political reasons isn't ideal.
Ownership as a concept is backed and secured by law (and enforcement), an inherently political system in democracy. It's the most ideal system successfully practised around the world today.
The next best thing is securing one's property by practicing personal violence, and as I've no interest in shooting anyone for mere robbery, I'll take political ownership any day of the week.
If my very countrymen (and women) collectively decide I can't have my domain, then so be it. The obvious upside is that while they do uphold my ownership, it's as secure as any of my earthly possessions. Stealing my domain amounts to stealing my mail, which is a crime.
Not everyone in the world has access to a government that will uphold their ownership in a just way. Like I said it this likely isn't valuable for you personally, you are not looking past your specific situation.
We're talking about domain name registration right? No reason why it would need to be more expensive than the current system. The argument is that ownership is upheld in a totally programmatic way. Just is a value judgement, not sure about that. It depends on what you value. Available globally yes.
What's "totally programmatic"? Is that where programmers never make mistakes, protocols never have bugs, users always remember their secret keys, read and understand the code they're running, on the computer they wholly own and trust, with perfectly functioning hardware? And somehow resistant against the $5 wrench attack and state-level seizure?
Protocols have bugs, yep. Audited and battle tested protocols, less often though. For example, there are hacks every day where people exploit smart contract bugs, yet there are contracts securing billions of dollars that have not been hacked. Both can be true at once. Something like this wouldn't be widely used without lots of iterations to iron out issues like that.
$5 wrench attack is easily thwarted by splitting ownership across multiple geographically separated people, easily doable by giving control of the domain name to a shared contract. This would require lawyers in the current system!
ens.domains just sounds like selling plots on the Moon, or names of distant stars. It only matters to those who buy in. Current system domains are cheap and work fine for most people. If your local government is oppressive and won't let you own a domain, you can't really solve that political problem technologically.
My understanding of smart contracts is that it's like a distributed virtual machine of consensus. A single program that runs on all the networked computers, all executing the same set of functions on the same set of data producing the same result. But it's slow and expensive, because it's "trustless", and it turns out that trust is very valuable and embedded in our traditional methods, and people get scammed left and right because they think trustless means they don't need to trust, but that's a lie.
I own one. All the blockchain domains are a dream come true for squatters and scammers. I'll take the oversight, stability, accountability, and mutability of ICANN and the current registry/registrar system every single time given the choice.
The registrars are obligated to prevent fraud and abuse. If they fail to do that job you can appeal directly to the registry. If the registry doesn't do anything you can appeal to ICANN.
All of them are within the scope of the legal system, so if you send a police report demonstrating fraud to a registrar or registry and they fail to act you have some recourse. If their inaction results in increased damages they've opened themselves to liability and you could sue them. The possibility alone is enough that everyone has published polices detailing how they deal with those situations. As long as you follow the rules you can get a domain taken away from a bad actor. It's not easy, but it's possible if someone is doing enough harm.
So yeah, you can host a scam on a normal ICANN domain. It's what happens afterwards that matters. In ICANN land you get one chance to run your scam because the victim can make an appeal to authority to have you shut down. In blockchain land it's tough luck for you.
As an example, this [1] looks like PayPal's wallet. What do they do about this [2] wallet which owns paypals.eth (alongside sqaree.eth, chasebanks.eth, etc.)? They have two choices AFAIK. The first is to pay whatever the owner demands for those domains. The second is to take the risk of the owner selling those domains to someone that wants to use them for phishing.
There are exactly two winners in the blockchain version; the domain squatter and a would be scammer. In the existing system a high value domain owner like PayPal will have an established procedure for dealing with bad actors that infringe on their trademark and dealing with typo squatting like that is probably as simple as sending a template they have to the corresponding registry.
I think parent commenter might feel the same way I do, which is that when I read him say "eh, a scam but she's helping us, no harm in me voicing support" my sympathy for him diminished significantly.
If you don't know much about NFTs but think they're kinda scammy, maybe you shouldn't default to "support / lend your reputation to them."
To restate what the twitter user was saying: "It seemed like this was a get-rick-quick scheme, but this person could be useful to my goals, so I decided to overlook that"
I guess you can argue that get-rick-quick does not necessarily imply scam, but it certainly reflects poorly on a person to ignore their doubts because the source of the doubts is useful. Its not a unique problem to NFTs, its a similar problem that a founder might face when, say, entertaining an acquisition by Meta.
Sure, NFTs and crypto in general may be get rich schemes at the core, but a lot of people do believe in them, so a charitable view would be that HE saw it as a scheme, but he thought that perhaps SHE believed in it.
And FWIW I'm not sure "fraudulent" is the right word. NFTs are not a fraud, you usually get what you pay for, a mediocre jpeg, and perhaps a really primitive game.
And to be fair, what are the odds his VTOL company will ever produce anything either?
Yeah it's pretty ironic that a "legitimate" NFT venture and a project invented solely for social engineering are indistinguishable even for someone who presumably knows a lot about the crypto space.
Scammers ripping each other offer on discord. Today it’s apes, next week it will be houses. I can’t believe they can convince people to lend liquidity to bridges, myself.
My fear is it just becomes another side show. Ethereum is going to become ebay. Yeah you can trade rare coins but it’s mostly just trash changing hands and clogging up the mail system.
We should make it blatantly clear and public that we will not he bailing out banks, pension funds etc that will inevitably get burned on some crypto scam.
I would rather make it clear that the cryptoeconomy will not bail out fiat currencies when they fail. The first government to get a fat stack of Bitcoin probably wins. Game theory intensifies.
Onlyowner modifier means the contract creator can call this function and transfer all the funds from the victims wallet (if they have previously approved).
Tokentobeapproved is a variable declared in the contract. It will be pointing at the aWETH contract, which is the claim token for ETH on aave, a money market.
This highlights how scary it is to interface your savings with these “smart contracts”. Most people have no way to know what they’re actually going to do; the tiny slice of people capable of investigating can hardly remain vigilant at all times. Like, if you ask me to log into something with my bank account, all alarm bells would go off; if you ask me to stake this, approve that with my eth wallet, well, just another weird smart contract thing, right?
This kind of scam just wouldn't work on BTC. You're passing tokens around. At fanciest you're time-locking wallets or using M of N signatures. You're not like, installing arbitrary code in your bank account.
I find ETH very technically interesting but it feels like it's full of sentient foot-guns.
Imagine if every person you interact with could "be their own bank", and define the logic between your transactions. It's fully transparent, so you can audit it as much as you want to - but still, that's the amount of headache you'd have to deal with, to fully trust the other part.
There are lots of upsides to this, but there's no shame in saying: No, I'd rather not. I'll keep trusting the trust-based system I've been using since forever.
Financial privacy is a must-have, not a nice-to-have feature. Financial privacy does not prevent one from being able to pay taxes. But it definitely prevents this type of attacks.
If you don't remember which smart contracts you have gave permissions of which coins you can check from debank. And you can also cancel one by one.
It is not possible for humans to use ethereum without interacting with proxy. Front ends always can be comprimesed. When interacting with smart contracts approving spending is most important interaction to be careful about.
422 comments
[ 2.9 ms ] story [ 308 ms ] threadI'm calling them out for that -- perhaps in a way that's too terse, but at least I'm not completely derailing the conversation like they're doing. But thank you for prompting a longer response from me.
At $100M you would want to split trade across exchanges and probably some defi too, but yeah, you could. Eth has about $10M/-2% on major exchanges.
Not that you would need to convert to fiat. If you ran your own island, just pay for goods and labor in Bitcoin or Ether directly.
Yes, Coinbase, Binance and other big exchanges offer OTC trading where you can trade pretty large amounts without impacting the market at large.
https://news.ycombinator.com/item?id=30322296
It's not difficult if the source of your cryptocurrencies is legitimate, while difficult if you have a hard time explaining how it's legitimate. I think the system works as intended.
And aside from KYC issues, another recently posted article pointed out that when a single individual tried to unload around a 1500 BTC (%0.03 of the coins in circulation at the time) it caused a liquidity crisis that crashed the market by 20%.[1]
In this case the individual in the Twitter thread has an amount of ETH of that magnitude.
Basically because crypto is performing the job of a speculative asset it results in the liquidity issues that you would see in things like company stock.
[1]: https://blog.dshr.org/2022/02/ee380-talk.html?m=1 (see footnote 11. The gist is that this sale put enough pressure on the order books that a lot of leverage positions cascaded into selling as well causing the flash crash)
I'm neither. I treat it as a protocol like HTTP, use it where it makes sense, don't use it where it doesn't make sense.
When I say the "system", I'm referring to the system of centralized currencies. Banks have always wanted to know where large sums come from, and where they are going to, as the government will ask them questions about it and they like to be prepared.
> And aside from KYC issues, another recently posted article pointed out that when a single individual tried to unload around a 1500 BTC (%0.03 of the coins in circulation at the time) it caused a liquidity crisis that crashed the market by 20%.[1]
Not sure what KYC issues you're referring to. They are only a issue if you're having a hard time explaining where the money comes from. If you have a legitimate source for your funds, it's a couple of emails with some attachments to pass the KYC/AML checks that the major exchanges perform. Same thing will happen with you bank, and they normally will accept the same amount of evidence you send to the exchange.
And yes, if you try to offload 1500 BTC on the open market the market will correctly adjust. That's why I wrote about the OTC offers in my initial message, that's normally how you want to offload/purchase a large amount, as it's not gonna change the pricing on the open market, as you manually match buyer/seller.
the world is not anymore the way it used to be, mm mm NO NO No! Bitconeeeeeeeeeeeeeeeect wooo bitconnect! We are coming and we are coming in waves. We are starting and to actually go all over the world. We all built the entire world.
Me? Im just out there fiat mining, stacking sats…
https://news.ycombinator.com/newsguidelines.html
There's too much money in the system now for it to all be from mom-and-pop marks. That's just not a viable explanation at these market capitalizations. That's not to say that average people aren't going to find out that they're long crypto - but it'd be in the way they found out they were long real estate.
1. Immutability
2. Decentralization
3. Cheap, fast, secure cross-country money transfers
4. Protection against inflation
5. Independence of banks or arbitrary freezes of your funds
6. Access to a vast variety of financials services
7. Is quite likely the replacement of money
The fact that people still don’t get that in 2022 is astonishing.
How many nodes will there be if ETH hits $0? What will happen to the services like ENS?
1. https://www.bitrates.com/guides/ethereum/how-many-ethereum-a...
Is the above accurate? Wikipedia says the whole network is 1TB, so that doesn't quite add up for me.
People will continue to run nodes regardless of the price of ETH, just like Bitcoin.
ENS is a smart contract protocol, so I don’t see how it’s related.
>2 is increasingly untrue
That’s also incorrect, Ethereum has become more decentralized every year
> 3 and 6 aren't inherent benefits of Ethereum and 5 aren't true Yes they are. Ethereum is deflationary and will became three times more inflationary later this year.
> 7 is speculative and begs the question.
No speculation here, check here yourself for just a small overview https://www.defipulse.com/
2. No one is responsible for anything, you'll never get any support, and one day the decentralized consensus might be to abandon the whole system.
3. It takes 16 seconds for a transaction to post and the average transaction fee [a] is over $2. Cross-country money transfers (assuming you mean international) benefit money launderers and criminals a lot more than me.
4. I never understand this sentiment. Thousands of tokens have been invented to create hundreds of billions of dollars. If the federal reserve told everyone they could print their own fiat and have it accepted at the bank, what do you think would happen? Inflation, right? Think of it another way. If the liquidity for the market is fixed in the sense of the amount of fiat people are willing to bring in, then every token mined or minted is diluting the value of anything you're holding.
5. This is at the risk of losing your keys and your life savings. No thanks. Also, banks act as a backstop for a lot of things people don't even think about. They won't let you wire your life savings to Nigeria without trying to make sure you won't get scammed. The indemnify you from the risk of fraud if you're using a credit card. Money you give them is backed by FDIC (or similar) insurance, so if the bank fails your money is still there.
6. Like?
7. Yeah. I'm sure the super elite that control almost all of the money and assets on the planet are going to sit by and watch as the crypto community anoints themselves as the new rulers of the wealth.
And what happens in this utopia where everything can be anonymous and governments have lost control of the money supply? Does everyone stop paying taxes? Who funds the schools, hospitals, and all other infrastructure? Do you think the rich are going to suddenly become charitable and start funding everything? They already contribute as little as possible, so it's difficult to imagine a world where they'd contribute $1 if they aren't forced to do it?
> The fact that people still don’t get that in 2022 is astonishing.
We don't get it because it doesn't make sense. It might make perfect sense for those of you that mined millions of (on paper) dollars of crypto currency, but it's not a good deal for anyone else. It's objectively worse in terms of stability and predictability and the best outcome for us is to get a different set of wealthy elite that control everything.
a. https://ycharts.com/indicators/ethereum_average_transaction_...
Crypto already has replaced money in several countries, especially third world countries where it has replaced money for 30% of the population that have protected their funds against inflation thanks to the inherent scarcity of respective cryptos.
In case it helps: the first two comments you posted with this account (a couple weeks ago) were much more substantive and much more along the lines of what we're looking for.
https://news.ycombinator.com/newsguidelines.html
At least there are uses for ETH
If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it. Note this one:
"Avoid [...] generic tangents."
Worth noting, though, that for all the fancy footwork the point of failure for the scam is him being willing to work with his main wallet rather than a one-off, and when he showed hesitation, they got too impatient. Good security practices were still the answer.
This seems to be the common factor among scams, cons, and social engineering strategies. Rushing people will have them bypass protocol, training, and security practices. It's a universal "hack" for our brains; we do things we otherwise wouldn't when rushed. Security practices are like a rituals, standards of behavior that we just don't have time for right now.
"The funds are only available for the next hour"; "You will be prosecuted if you don't do X"; "Per the CFO, we need to spend these funds before end of day."
Great story though. I never realized these smart contracts could be so obtuse and malicious. That needs to be fixed.
It's still pretty impressive how competently these scammers were able to discuss and deliver the VTOL work, the Space Falcon game, and entrepreneurial strategy.
Whether that’s cryptocurrency or a sandwich.
You’re probably right though. But if you ever find yourself near Lake St Louis, MO, feel free to raid our fridge.
They suspect you wouldn't invite them again if all they did was raid your fridge, and not even say so much as a "hi".
Do you trust your neighbour with your spare key?
Do you trust your doctor with your medical history?
Do you trust your pizza delivery guy to deliver you pizza's that aren't poisoned?
Being skeptical is sometimes a good idea, like when it comes to "online research" or "alternative medicine". But having zero trust in even the most basic human interactions sounds like hell.
I don’t trust most Doctors either, and you probably can’t trust any medicinal organization with keeping records confidential, plenty of examples of breach of that trust.
I think you are not skeptical enough.
While NFTs probably have some useful purpose that will emerge eventually, for now you should consider any proposal or offer that involves the term 'NFT' as having about the same value as any offer involving the term 'Nigerian prince'.
Certainly not a great look to have >$100 million in an asset sitting in a single account of any form, though.
It's just the Trust Problem all over again. Decentralized reliance on automatic software still requires trust that the authors of the software won't scam you. It all comes down to trust. And I trust banks, mostly. Who in their right mind trusts contracts someone sends you on Discord? And yet...
I admit that the Approval UX for wallets and tokens needs to be improved. Unlimited spend approvals should always be flagged in the UX. And approvals should be atomic (single transaction only, with a clearly listed cap, by default). There are some EIP proposals addressing this, but they will be a ways off from standardization.
The protest is illegally blocking much of downtown Ottawa, as a result GoFundMe decided to refund the donors. That's far from a "rug"
No one.
> It's just the Trust Problem all over again. Decentralized reliance on automatic software still requires trust that the authors of the software won't scam you. It all comes down to trust.
It does, but you get to decide who you trust rather than being forced to trust one of a small number of large institutions. If you want, you can delegate your trust to a third party who will be responsible for vetting anything you interact with.
You can also choose to trust yourself or other members of your community.
This person shouldn’t trust themselves since they are too willing to go along with people who say positive things about them.
And if you trust the wrong people? Per the linked twitter thread, the author trusted the scammers! They only avoided the scam because they were competent to read the contract code for themselves. Is that the standard you want applied to all transactions? Does that seem likely to lead to good outcomes?
Exactly. That's where the gullibility is really visible... This is basically a steroid version of "I am Nigerian royalty and I need you to give me money" emails. Your first instinct should always be skepticism.
Thomas's wallet is public and advertised on Twitter via his ENS domain. He had $100M+ in aETH, a derivative token provided by Aave when you lend out your assets for interest. The aETH is redeemable for the underlying asset.
The scammers created a fake NFT project associated with space and drones, and proceeded to give Thomas a free one, but asked that he stake it (or deposit it into a smart contract), to earn yield in the form of Armstrong ETH, a token they made up that had the same acronym as Aave's (aETH).
The catch was that when he went to stake his NFT, they asked for an approval for spending aETH from his wallet. Approvals such as this are normal when interacting with smart contracts, since the contract has to be "delegated" responsibility over the tokens in order to move them. However, what wasn't normal is that the approval was actually for Aave ETH.
If he had only looked at the front end of the scam site, it wasn't obvious what was going on. However, a quick glance at Etherscan revealed that he had signed off on an unlimited spend approval for Aave ETH.
Luckily, he had done so on a fresh wallet and not his main wallet that has $100M in aETH. When the scammers tried to get him to stake a second NFT from his main account, he got suspicious and discovered the truth.
This scam was specifically targeted at Thomas, and orchestrated over multiple weeks, for the specific assets in his primary wallet.
Couple takeaways:
- divide your assets across multiple wallets. New wallets are free. Don't put all your eggs in one basket.
- use a hardware wallet or an audited battle tested smart contract such as Gnosis Safe for storing significant sums of money.
- always verify your transactions
- avoid associating your public identity with your main wallet / vault address
- be careful, scammers are getting more creative and advanced in technique including standing up professional front end websites to give the appearance of legitimacy
I’m interested to know whether the con artists could have realistically nabbed $100M, or if there was effectively never any chance of that due to other precautions. I would hope it’s the latter, but crypto’s strangeness stopped surprising me.
Fabulous comment, by the way. Easily one of the top ten in the last month. Thank you for the breakdown.
He could have approved a malicious contract to drain the lot.
But.. why? Isn’t that a remarkably bad idea?
Or is there some crypto advantage to keeping every last coin in the same basket? Other than it being a flex.
no address reuse is almost impossible as the wallets make it very hard as well
people don't really seem to know that Metamask gives you unlimited addresses, fwiw it is expensive to do approvals in each address
It’s a giant flex.
One can also use the borrowed funds to speculate on other cryptocurrency, as a collateralized margin loan. Many lending systems offer incentives too, where you can be paid to borrow.
If you want to maximize your potential losses, that’s a great idea.
https://zapper.fi/account/0xb1e9d641249a2033c37cf1c241a01e71...
Hell, given my distaste for crypto, if I were more unethical I may even attempt such scams, but I’d balance it out by donating the stolen money to environmental initiatives to combat global warming (after giving myself some fair compensation, I don’t have the skills to get away with hiding $100+ million).
Unless you flex with your $100M in aave on your main with an ENS name, how will your victims know you are rich and worthy?
The 4% rule is fairy tales, especially post pandemic economy. we will be working more for less as time goes on.
Nah, I want cars, some homes, a yacht and a hot ass babe to pleasure me and raise nice children as we travel the world and dress fancy.
Boy, are you in for a nasty surprise. But don't come crying to us, old men who warned you that what you really should want is a nice cabin near a lake with plenty of fish and an absolutely plain ass woman.
Outside of silicon valley, 170k per year is a huge amount of money. Especially if you're going to travel outside of North America and Europe.
Yes. Probably not for the other things.
The fact is wires can also be irreversible and you cannot use the court system as a blunt instrument outside your jurisdiction. The value transmission medium isn’t the problem here.
Try getting your money back when getting scammed via venmo or PayPal - rarely any better, and if you’re selling you’re more likely to get scammed with those services than crypto.
In nearly all cases, no separate restitution was required: the processor or my bank was able to reverse or halt the ACH transaction before the money settled. In the handful of cases where settlement had already happened, they were able to countermand the transaction.
Venmo/PayPal/Fedwire transactions should be able to settle in real time, which can be more convenient at the expense of easy reversability
If you use a payment card (debit or credit) with a payment service, then they might use either the payment card's network or ACH, depending on what the card issuer supports.
It’s definitely not a guarantee. Most of the Venmo type scams where people “accidentally” send you money and ask you to send it back or pay for an item with bad funds are not reclaimable from those services based on TOS. In those cases you’d be better off with BTC.
No, it isn't. It's a reminder that we have all of this financial structure for a reason. The person you're responding to didn't make any light of the potential victim or call them a degenerate.
In traditional finance, you (Joe Shmoe) can't just wire someone ~100M USD, regardless of jurisdiction. There are controls, most of which have been written in blood or tears. Cryptocurrencies will also grow those controls, and we will all rightly question its value when it inevitably does.
https://en.wikipedia.org/wiki/Asset_forfeiture
But it's also not a disgrace for traditional finance: it's a disgrace with respect to the latitude our justice system gives to individual LEOs and a sign that the government is willing to extrajudicially punish people instead of pursuing justice through the courts.
Put another way: assert forfeiture is not some kind of "gotcha" against traditional finance in favor of cryptocurrencies. When law enforcement seizes your bank account, they're going to seize your cryptocurrency accounts too. And if you (unadvisedly) attempt to hide those assets, then you will be making their job in court much easier.
But don't delude yourself into thinking that any meaningful number of people, even cryptocurrency believers, share your position. It's all fun and games until the Men with Sticks show up, and most people understandably tuck tail at that point.
If I'm going to be made a coward in the eyes of a few LARPers, I might as well pay as few middlemen as possible in the process. But that's just me!
> But don't delude yourself into thinking that any meaningful number of people, even cryptocurrency believers, share your position.
You'd be surprised.
Next you're going to tell me that the blockchain isn't made of Lego blocks!
> You'd be surprised.
Given the aggressive spread of custodial services, I don't think I would be. The average cryptocurrency user (even enthusiasts, true believers, &c.) is not a dyed-in-the-wool Burkean. Less prosaically: easy money comes with loose beliefs.
If someone goes through the legal process and is found to be guilty and their assets are seized that's fine. But if someone is pulled over, found to have some drugs, gets their car and cash on them possessed and is forced to go through a lengthy process that free up that money, then that's different.
In any case: the really egregious examples of civil asset forfeiture are the petty ones: the government stops someone for the crime of DWB[1], and seizes all of the property they have on their person (including, sometimes, the car itself.) It's a disgusting crime, but one that doesn't typically extend to the victim's bank accounts or other financial resources, unless there's a larger case being pursued against them. And so, once again, it's not clear how cryptocurrency improves the state of affairs: either you're carrying a hot wallet around with you for your day-to-day expenses (in which case you're subject to the same seizure), or it's roughly equivalent to a traditional financial produce and isn't subject to a spurious seizure (but might be subject to a larger one).
[1]: https://en.wikipedia.org/wiki/Driving_while_black
Scenario 2: they take your hardware wallet, then they must prosecute you and prove to a court that the money is not legitimately yours, to get the key. IANAL, but am I wrong?
Instead, I'll point out that the answer does not matter: from the moment that they have my hot wallet instead of me, I can no longer use it. It doesn't matter to me whether they can actually liquidate it or not. And, as I pointed out earlier, I'd harm my own case by attempting to liquidate my assets with a separate copy.
I'm not saying technical solutions make the rule of law unnecessary. But they can defend against some violations of the rule of law, depending on the parts of the justice system that are still just.
People effectively defending themselves against a national disgrace help towards getting the disgrace fixed.
We had multiple threads about base rate error on HN just yesterday!
Most financial activity happens in fiat, and so of course it stands to reason that most fraud is also done in fiat. The real question is whether the legitimate-to-fraudulent ratio is higher in cryptocurrencies than in fiat.
[1]:https://www.lesswrong.com/s/XsMTxdQ6fprAQMoKi/p/DSzpr8Y9299j...
In a twist of irony, you can see another example of it in the distribution of terms reinvented by internet rationalists :-)
> Most people think of stereotyping as “Here’s one example I heard of where the out-group does something bad,” and then you correct it with “But we can’t generalize about an entire group just from one example!” It’s less obvious that you may be able to provide literally one million examples of your false stereotype and still have it be a false stereotype.
OTH I'm pretty sure that if the mark had been using such systems years ago, he wouldn't have $100m+ worth of ETH now ; )
Beware the survivorship bias: https://xkcd.com/1827/
Also here in Belgium, plenty of people are getting scammed by wire transfer, and no way to get their money back.
I think you have overly optimistic view on banks or the court system giving your money back.
If somehow you get through an in-person meeting with a bank branch manager to unwittingly wire millions of dollars, and the topic of how much money you're wiring and the exact purpose of wiring such a high amount isn't brought up, and you somehow still accidentally wire millions of dollars away without anyone ever bringing up the amount and purpose of the transaction, then I'm sure you'll still be able to recover that money back because banks are required to actually validate transactions of that size with KYC, AML, etc. laws. Only cryptocurrencies allow one the ability transmit this amount of money in seconds.
Isn't that only for cash transfers?
> which would likely involve a mandatory in-person meeting with the bank customer
At least at Chase and Fidelity, wires can be done over the phone with no limit.
> to verify their credentials and purpose
I've never seen a banker really help to verify wire instructions, as in contacting the intended recipient. Normally they just ask the sender if they've verified the instructions, if they understand that the wire is irreversible, etc.
Of course when it gets to the bank's wire department, they make some attempt to block suspicious wires. But they're guessing based on limited info, as they don't typically contact the sender or recipient.
> I'm sure you'll still be able to recover that money back because banks are required to actually validate transactions of that size with KYC, AML, etc. laws
From what I've heard, fraudsters will (indirectly) transfer funds to e.g. a Nigerian bank and cash out there. It doesn't always succeed, but it does sometimes, or wire fraud wouldn't exist.
But the scenario in the OP is only possible in cryptocurrencies. You can't put a button on a website "Click here to send a JPEG through email for $3.50*" with the fine print "*and also 100 million dollars" and expect that to ever work out with the legacy banking system. Only in cryptoland could someone ever accidentally yeet 100 million dollars in a few seconds by visiting a website and clicking a button.
I'm able to work with total strangers, raise money, sell products, contribute to causes, commission art work etc, etc, hold those funds in a smart contract treasury and encode rules to govern the spending of those funds.
Safe guards do exist for the aforementioned issue. Number one is not holding significant sums of money in a single wallet, unless it's a multi-sig that requires multiple parties to agree to transactions (like Gnosis Safe wallets, which store $100B+ in assets and are battle tested at this point).
The value of the PEOPLE tokens on the secondary market proceeded to increase nearly 10x in the weeks following the dissolution of the DAO. Even though market cap is declining, at $327M mcap, it is still many multiples of the amount raised.
PEOPLE tokens in circulation are still redeemable for the underlying ETH, but the monetary premium has increased as a result of the dispersed liquidity to so many holders (16K+) as well as the novelty of retaining the token for a failed, yet valiant effort.
https://www.cnbc.com/2020/10/15/how-one-familys-nightmare-il...
https://www.nar.realtor/wire-fraud
When I purchased a house, I Googled the recipient, confirmed the certificate, Googled the number found on their website separately to confirm it was listed elsewhere as belonging to the company I expected it to belong to, called it, and got them to tell me the account details for the wire transfer, confirming it matched what I had been sent. Which, to their credit, their instructions also told me to do. And I initially sent the down payment, confirmed they received that, and only later in the process sent the remainder.
While there still are some ways to beat that (compromise the recipient's infrastructure, change the website, lock out the recipient from their email, insert into the email exchange, get a wire transfer done before the recipient can proactively call the target to warn them), it's a lot harder to pull off than "find a target that won't read the code very closely".
At least with crypto, the chain of ownership is transparent and can't be faked. So validation is cheap and easy to do.
AFAIK you don't need to be a title company to do this, any buyer could do it themselves.
And what if you don't know enough about land law to make sense of everything? That's when you need companies to do it for you.
Is checking the chain of ownership of cryptocurrencies easier than land? It depends whether you're talking to a real estate lawyer or a NFT seller.
I'm neither, and I don't see the intrinsic difference.
In theory. The devil is in the details; does everyone know how to validate the chain of ownership, even the most non-technical of users who must rely on the system? If not, you either will never be mainstream, or you're reliant on a trusted agent to validate on your behalf (sorta like a title company!).
And if you screw something up with crypto, there is no way to address it. The complaint of "dealing with lawyers and trying to get someone to pay for it" is a feature, not a bug. Worst case, it's no different than the crypto outcome; best case, you have recourse.
I worked at a financial institution, no way you could open an account, deposit some spare change, and then withdraw 900k after a few weeks especially in America. Compliance would be all over that account, which is probably why they got the money back anyhow because the crooks would have a lot of talking to do after getting that much money in their account. KYC and AML is required for both sides of the wire transfer.
I could find literally thousands of other stories like this in a minute scraping the web.
[1] https://youtu.be/9cJxpKu_P0A
No mention of the person or the Arrow company on the internet previous to this episode seems to exist. Other than looking at the chain records, how should we believe that any of these stories are true?
- People don't read what's in front of them.
I've seen this emerge in a vast array of fields. No matter how much we highlight specific details, for all our efforts in red-flagging irreversible actions, folks will often blitz past a confirmation dialog, nag screen, or notification message, without internalising the details or the risks. For those in financial technology, as in this specific example, irreversible actions also extend the attack surface for fraud.
Even the brightest minds can be lazy (some might even say it's a feature, not a bug) and one should never rely upon the opposite. We consequently face a design choice, for all irreversible (or hard-to-reverse) actions, the most common options being:
a) allow a grace period;
b) redesign, if possible, to make it user-reversible;
c) build a forcing function for diligence[1]; or
d) expect support tickets about that feature.
The default is (d), and the helpdesk won't thank us, since the workload generally scales linearly with growth at a high opportunity cost.
[1] e.g. https://en.wikipedia.org/wiki/Two-man_rule
But I'm not worth $100m so I guess the joke's on me.
It seems like this is becoming the minimum standard for scam operations. For example, there is currently a BTC phishing scam going around that tries to convince the user they've accidentally received an email meant for someone else, which just happens to include a link to a million dollars worth of BTC. The website looks legitimate, albeit amateurish, to the point that it could even be convincing to another web developer. The rest of it is much like the OP's scam.
It starts with an email from the hacked account of a real bank manager in an Italian town, and is addressed to a real self-proclaimed stock market "guru" from the UK, now living in the US. The email states that 19 BTC has been deposited into an account that was created for them on a site called Coinlux, and they provide the username and password for the account. The Coinlux name was even used by an actual company at one point, so searching for any of the names or details surrounding the scam generates very real and convincing results.
Upon visiting the page, you're presented with a moderately professional-ish looking site that asks which fiat currency you want to use and lets you login. You're then prompted to enter a phone number to "secure the account" which, surprisingly, initiates an actual phone call from a number in the UK using a Twilio-like service. After confirming the verification number, you're allowed to view the account, which has some realistic dummy transactions in the history and other features that make the site somewhat believable (it even has a fake chat system and working account recovery).
After initiating a withdrawal of any amount, it provides a warning that you should make a small test transaction first (of 0.0001/$4), to ensure that you're sending to the correct BTC address -- after all, you wouldn't want to send 19 BTC to the wrong place and lose it all. It takes much longer than a normal transaction (likely because the scammers are manually initiating them), but it does eventually go through, and they've now succeeded in convincing the user that there is real BTC in the account and you can actually withdraw it.
However, if you try to make a larger withdrawal (or a second one at all), you're now presented with an error stating that you're not withdrawing enough, because of a "minimum withdrawal amount" defined when the account was created. This minimum amount happens to be 19.01 BTC, or 0.01 more than is in the actual account currently. So you've successfully withdrawn ~$4, but you have to deposit ~$400 if you want to access the entire 19 BTC.
As if it weren't obvious enough at this point, checking the address[1] which sent the 0.0001 makes the entire scam plain as day. This means that anyone with any amount of tech knowledge is probably not susceptible to the scam, though I do think that certain personality types could get caught up in the excitement of potentially "stealing" a million dollars. On the other side, non-techies will likely fall for this in droves, and the transaction history on that address does show there have already been successful victims -- though this particular person's scam has been massively unsuccessful so far, and they may actually be in the red overall.
[1] https://www.blockchain.com/btc/address/bc1qt80xra3r2df8gvzr0...
Billion!
Since this is an allegation, we must presume innocence. However I still cannot imagine what planet would entrust 10 figures to her control. Witness her rap.
https://www.youtube.com/watch?v=7jlSHGAem6g
But I also realize reading this Twitter thread I do not understand the world of crypto at all.
To think that any of this would then be used to build a trustworthy ecosystem for non-developers to use, seems delusional to me. And building a VTOL taxi airline on top of it seems like it puts the cart 3 miles uphill from the horses.
Smart contracts on a general computing platform can enable anything, including the reversible payments and reliance on trusted third party delegates that you see in traditional banking, so as a consequence of this maximally expansive design space, I assume they will eventually lead to a financial system that offers a much better set of trade-offs than that of any other financial system.
Crypto is neither understandable nor useful.
I don’t understand at all how wheels move and what is that round thing near my chest and what do with it. Maybe it’s the fifth wheel. Or why fuel is needed, I can’t even find a mechanic who will look under the hood for me if I can’t. Also since my last car could use my ATM card and sign my cheques I had to be extra careful when turning on the ignition and had to see the gps log whether it drove to my bank when I was taking the afternoon nap.
There was no service warranty and guarantee with the car at all. I had to hire an entire division of technicians and engineers to use it. I think few lawyers and auditors as well.
In fact it felt I also needed a PhD in all things automobile to use my car.
Most importantly I can’t see in front of me at all. Front is opaque. I just drive hoping I don’t run someone over or something doesn’t run me over and my car.
stay away from all of it.
It's the same thing as reading the terms and conditions.
This is making it so there is no "undo", and no escrow agent. There's value, for those looking to take advantage of others.
I'm a reasonably technical dude (senior data engineer at GAMMA/FAANG/whatever we're deciding to use nowadays), yet I don't have a damn clue what this means. And that's not an indictment of your communication. How on earth could I expect my wife, my brother, my parents, my kids, any of my friends, etc., to understand this?
On the other hand, all these people understand the concepts of bank accounts, credit cards, fiat currency, etc.
I'm open to learning more and having my views changed, but I'm so far convinced that there's absolutely nothing about crypto that is a simple, reliable, demonstrably real solution to a problem that isn't already handled by our current financial instruments.
Ideally wallets would have better UX where concepts like this could be handled safely and in an accessible manner. I think crypto isn't really ready for general consumption yet.
You can't ever expose that level to end users without it being an endless fraud source for people.
Not really, it seems like the usual being extra flattering to earn favours (or worse). The first two messages would have raised several red flags with me.
> He's currently working at Ubisoft and offers to help with 3D design and animation
Like if I worked for Ubisoft I'd have time to do 3D design for free for some other company.
Why is that so hard to believe? It's like suggesting that no professional software engineer would ever contribute code for free into an open source project in their free time. My basic assumption if somebody send a patch to an open source project is not that I'm being social engineered -- it is that they're either using the software or interested in the domain.
No doubt this is often genuine goodwill, but it's also an effective technique for recruitment (it's longstanding practice for evangelical religions and MLMs), and it creates a situation where a lot of self-interested people looking to get rich quick are mingling in an environment where it's perfectly common to make generous offers with no expectation of return.
It's like going to a tech meetup where there are a lot of people working on startups, and who might buy a few rounds at the bar afterwards in exchange for maybe attracting an interested investor or cofounder, but where there's a chance that drinking a seemingly normal beer might give them access to your bank account.
Scammers ripping off scammers.
Why would you waste time with open source aircrafts. Aircrafts are a regulated thing. Nobody wants to fly in your science project. Put some of that 123 million into starting an actual company. DAOs are bullshit.
I don’t think this is legit at all.
If you legitimately wanted to develop an aircraft taxi service, you do not need to involve crypto in any way. Even if you wanted to accept it for payments it's an auxiliary component that merely accounts for it and converts to fiat at some point.
The DAO or whatever crypto bullshit is intertwined with it is absolutely a scam.
I am not a cryptocurrency skeptic, but my level of trust for a “DAO driven aircraft / taxi service” is exceedingly low.
I don't necessarily think the author is a scammer, but the whole project is the equivalent of "I'm going to launch a rocket to the moon" and then the first thing you do is open a nice website and launch a new token.
But DAO's do look attractive to me fyi. I wish I could do something similar in regular "fintech" ( and with c#)
Don’t fall for the DAO trap, it’s a pit for fools to throw their money into.
Banks in my country don't have a reasonable API. There is CODA, but it's restricted to business accounts too ( and you have to pay for it).
Additionally, accountants make a huge part of the workforce. So I don't think it will be possible in the short term to "replace them" by traditional means.
So the DAO is blocking this guy with $100M sitting around from just hiring an actual designer for his air taxi project?
Yeah, start an actual company so you can raise billions with no profits and then IPO and dump on retail traders
When Thomas puts that money into the lending pool, what happens if the borrower defaults? Did the borrower put up some non-liquid collateral? Did someone do a background/credit check? Who takes the loss, is it split across the pool?
I understand how traditional bank loans work, I'm a little lost how much risk is being taken by the loan issuer here.
So the idea is that I can take $100 worth of ETH and put that up as collateral for a $75 loan. And if the value of my collateral drops due to the ETH<>USD exchange rate I have to stake more collateral. If I don't (or if the exchange rate moves below a certain point) then my collateral is automatically liquidated at a discount. So in this case, if the value of my collateral falls to $80 the contract will put it up for sale at $75 -- this creates an arbitrage opportunity, so the liquidation will likely happen very quickly.
There are other lending protocols where you can stake other assets (NFTs, other tokens, etc.), but this is my understanding of how Aave works.
[1] https://docs.aave.com/faq/
Since NFT's are subject to heavy criticism of their existence, a lot of people are developing extra things you actually can do with them. The market is interested in that being done right, so its interesting to be a part of projects that are trying. This extra thing required Thomas sending the NFT to another service they developed. Smart contracts in Ethereum Virtual Machine environments (EVMs) have to be primed to recognize asset. So there is something called an Approval. When Thomas interacted with this contract it did the approval for the NFT, and also an approval for aWETH a token associated with that project.
aWETH is the ticker symbol for a token that project created called Armstrong ETH. The namespace for ticker symbols has many collisions as there are many tokens. So people aren't too worried about that, a token's ID is its contract address which does not have collisions.
In this case, this was the actual phishing attempt.
Their project did indeed use a token called Armstrong ETH, but their approval was for aWETH which is Aave Eth, an asset collateralized by liquid valuable actual Ether. It is also redeemable for actual Ether.
So if Thomas approved the use of their project from his main account, the hacker would have been able to use another function written in their smart contract that leveraged the approval of aWETH (the Aave Eth) to take it all away from Thomas. He has $100m of that.
Very close one for him.
To be clear, the “thing” in this instance is NFT staking: a ponzi upon a ponzi where you buy a NFT and then lend it to a platform, which pays you fees. Platforms can advertise ridiculous yields (200% APY) because deposits go right out the door again as fees to people higher up in the pyramid.
https://learn.bybit.com/defi/what-is-nft-staking/
Imagine if they got his $100m! That would be an article for a whole half of a week!
If he approved their contract to be allowed to control his aWETH they'd take it all.
Someone comes to you and says "I'll give you X Euro if you let me hold onto your Y Dollars until you give me X Euro back."
You think, well Euro are useful, maybe you need Euro specifically to invest in an European business. So you agree.
But when you review the contract presented it just says you give Y Dollars, so you go "wtf?" and refuse to sign.
Apparently, some people are dumb enough to hand over their cash without reading the contract, and an entire industry exists to fool people into doing so.
The thing that struck me about it is the scam didn't work for a few reasons:
1. He typically had a practice of not using his main wallet for things like this.
2. He got wary and actually read the smart contracts.
This is a level of technical competence required that's going to mean most people have to offload this to a trusted intermediary. And then what's the point of all the decentralization ideology? Because we just re-invented banks.
1000 USD bills exist but are very rare. 1000 euro note exists but I think that’s on the way out.
Your point that cash is censorship resistant is good, yes and we need to make sure it remains, however the physical limitations are defacto censorship.
€500 was the largest, but as of April 2019 is no longer being issued.
https://www.ecb.europa.eu/euro/banknotes/html/index.en.html
Also I’m not sure that “censor” means what you think it means.
Technically, $500, $5000, and $10000 also exist in private collections. They were last printed in 1945, and stopped being issued in 1969. They're worth far more than their denomination to collectors, understandably.
Also, technically, $100k bills exist. They, however, were printed during the Great Depression and intended solely for transfers between federal reserve banks, and were never circulated. It's illegal to hold them privately, though there are some museums and things that have one.
I'm fact when discussing both privacy and censorship resistance I often cite cash as a target goal.
There's nothing wrong with centralized services built on a decentralized network. Take a look at the web. Sure you can use a centralized service like facebook to make a facebook page, but if you want you can host your own website.
It is a systemic failure that most users must "fail over" to a centralized service to publish on the web.
The conceptual improvement enabled by blockchain is that the data layer is a neutral plane and this theoretically gives users portability. But, to say that centralization is fine because it has happened on the web and that was also fine is rationalizing a bad thing as good actually.
sending http and json over the internet is just as neutral of a technology as the blockchain. the reason people build centralized services on top of it is that we're collectively better off by specializing.
As a writer you're better off writing your content full-time than running a server, becoming a smart contract expert, casual coder and server administrator. no technology on earth is going to change that fact and it's why people buy their bitcoin on coinbase and their nfts on opensea.
Specialization doesn't come into it, although it is worth observing: your comment presupposes that in order to benefit from specialization, one must subject themself to exploitation.
they don't stay there because they are being exploited, it's because centralized platforms reach many customers and automate away a lot of the problems that you'd have if you had to set that infrastructure up yourself and pay for it.
If you're a creator you stay on Youtube because you get a sustainable income. They can do that because they're centralized. If you run your own peertube instance and pay more in server costs than you make in ads that isn't a solution.
And these simple economies of scale will always exist regardless whether your software runs on a server or a distributed blockchain vm.
But, the commenter I take issue with said that it's good actually that we are just re-inventing banks on top of the blockchains, and the evidence that they offered is that it was good actually that we invented Facebook on top of the decentralized web.
Actually, Facebook is bad. It's not bad because it offers a service that people clearly need. I think we can all agree that an easy publishing on-ramp is great, and that it should exist. Facebook is bad because its creators use it as a tool for mass manipulation and exploitation of its users, and the web as we know it facilitates this through a combination of its flaws and missing features.
Facebook has created some useful services, but that doesn't mean we want to build Facebook again on a newly conceived network infrastructure. In web3 we see a latent opportunity to design new infrastructure that improves on the flaws and power imbalances of the previous one. But, if we seek only to re-invent the exploitative institutions of the past atop a new substrate, then frankly it's a waste of (most) people's time (I'm sure some VCs and early adopters have a lot riding on it, though).
Social engineering is so much easier when you engage in faceless, voiceless communication. This could've been shut down so much more easily if they put a real human being to match the messages. When things actually matter, I need more than just a Discord avatar and a handle to identify someone.
If I'm John Doe and I made some merge requests to your open source project for a couple of weeks, is that alone really enough to potentially meet me in some city far from yours? That's essentially what the author was prepared to do.
OTOH it'll probably be harder for non-native English speakers to pull off a phone/video call considering that a lot of amateur scammers have telltale bad grammar even over text
The real takeaway from this is that it's dangerous to break your moral compass and sense of reality to the point where you think helping out people who are pushing an obviously fraudulent business, is ok and normal.
And NFT part adds anything substantial and is not replaceable by regular transfer (either transfer of money or BTC-like)?
I have no issue believing that an imaginary consensus stored ledger in thousands of computers all secured by massive amounts of energy and limited to 21M units over 100 years might be valuable.
The ability for people to copy this software idea? Not valuable. The ability for people to issue new tokens on existing chains? Not valuable. The ability for people to post and sell jpegs, Not valuable.
Only original ideas are scarce. It’s the first step vs the n-th step.
It's not "secured" by energy. You can't convert a Bitcoin into the original amount of power required to produce it, which is the defining quality of a financial security.
It's more accurate to say that Bitcoin's value is retained by the ongoing commitment of power into the network. But that correctly suggests that the network collapses without a perpetual source of electricity, which is not the kind of positive connotation that I think you meant to supply.
It’s a little more nuanced, while some component of maintaining hashrate/energy, it’s best be be thought of as a point in time expenditure given the network size, participants and technology available. Once a block is minted at a given difficulty, it can never be undone (with a negligible probability), as a chain reorganization would need to put in more energy than that to undo it.
It’s a conversion, abstractly. Probabilistic finality at a given level of technological and economic resource exploitation.
The rest of what you've written doesn't really concern me, because all I was interested in was pointing out that Bitcoin doesn't securitize energy.
(It's also not immediately obvious that "more electricity" is needed to attack it, since a handful of extant larger pools could just conspire as-is.)
Why would that be the case? It isn't necessarily zero-sum; the more realistic scenario is that the remaining honest participants ramp up their energy consumption in an attempt to prevent the attack.
But that's still only the most boring of the many, many latent threats to Bitcoin. Solar flares and electronic warfare strike me as more interesting.
Once again: the bar for cryptocurrencies to clear isn’t to be “as good as” traditional finance. They have to do better, given the additional middlemen and costs they shoulder on all of us.
You’ve failed to demonstrate that they clear that bar: a single surviving backup of a distributed ledger isn’t distributed in either the trust or failure senses, and is thus no better (and possibly worse!) than us trying to piece the world’s financial system back together from everybody’s paper receipts. Oh, and the whole “cash” thing continues to work.
Discussion on Reddit's r/metaverse [1]
[1] https://www.reddit.com/r/metaverse/comments/sr0sqz/what_meta...
And changing the organisation is a completely separate question from which database technology they use. IF you just switch from SQL to NFT the organisation will not suddenly become less corrupt, or whatever the issue with them is.
>IF you just switch from SQL to NFT the organisation will not suddenly become less corrupt, or whatever the issue with them is.
It's true that it won't make the managing organization less corrupt - it will make them nonexistent. That's the idea behind decentralized decision-making. The people running the database don't have to have the power to change it or bend the rules: that's what this whole crypto thing is about.
From land deeds to insurance to domain registration to in game assets etc etc, people have all these wonderful ideas. It would be interesting to one day have at least one of these ideas explained.
All the crypto bros printed (mined) a bunch of monopoly money (coins), invented assets (NFTs), bought (allocated to themselves) all the assets (NFTs) using their monopoly money (coins), and want us to buy into these crappy systems with real money so they can sell us the assets (NFTs) while still being the landlords (transaction processors) that charge us rent (fees) on everything forever.
Sure, but even so, how is this implemented? Presumably some organisation needs to uphold this connection. Simply "owning" a domain, in the sense that you "own" an NFT, is not very helpful, you need some kind of actual control over it. Presumably a server is needed to forward the domain to your IP, and someone needs to run that server, right?
The resolution would work by executing some "lookup" smart contract function on a node (you could run your own local node for lookups, or use a public node similar to hitting your ISP's or Google's DNS server).
None of this is really cutting edge, it has been possible for a long time now.
In this case it sounds like that is solved though. I know very little about the structure of the internet, but it seems you are saying that instead of asking a DNS server, every computer would ask the blockchain to resolve the domain name, correct? But wouldn't that require every single device that connects to the internet to "update its firmware" or something? Or could this decentralised DNS somehow emulate the old fashioned kind?
I do think you could expose the same interface as traditional DNS but backed by the registrations in the blockchain. There are browsers that will resolve Ethereum Name Service domains today, but I'm not sure how that's implemented (probably lookups on a public ETH node).
The important improvements IMO are on the registration, transfer, renting of the names rather than the lookup side which doesn't look dramatically different except that other code running on the blockchain could do the lookups too.
The next best thing is securing one's property by practicing personal violence, and as I've no interest in shooting anyone for mere robbery, I'll take political ownership any day of the week.
If my very countrymen (and women) collectively decide I can't have my domain, then so be it. The obvious upside is that while they do uphold my ownership, it's as secure as any of my earthly possessions. Stealing my domain amounts to stealing my mail, which is a crime.
Is that the argument? Crypto is "more just" and "available globally" and affordably?
$5 wrench attack is easily thwarted by splitting ownership across multiple geographically separated people, easily doable by giving control of the domain name to a shared contract. This would require lawyers in the current system!
If you mean that it'll become easy enough over time, that's an assumption I don't buy.
It was probably thousands of talented dev hours, who said it was easy?
Just curious are you at all familiar with smart contracts in general?
My understanding of smart contracts is that it's like a distributed virtual machine of consensus. A single program that runs on all the networked computers, all executing the same set of functions on the same set of data producing the same result. But it's slow and expensive, because it's "trustless", and it turns out that trust is very valuable and embedded in our traditional methods, and people get scammed left and right because they think trustless means they don't need to trust, but that's a lie.
All of them are within the scope of the legal system, so if you send a police report demonstrating fraud to a registrar or registry and they fail to act you have some recourse. If their inaction results in increased damages they've opened themselves to liability and you could sue them. The possibility alone is enough that everyone has published polices detailing how they deal with those situations. As long as you follow the rules you can get a domain taken away from a bad actor. It's not easy, but it's possible if someone is doing enough harm.
So yeah, you can host a scam on a normal ICANN domain. It's what happens afterwards that matters. In ICANN land you get one chance to run your scam because the victim can make an appeal to authority to have you shut down. In blockchain land it's tough luck for you.
As an example, this [1] looks like PayPal's wallet. What do they do about this [2] wallet which owns paypals.eth (alongside sqaree.eth, chasebanks.eth, etc.)? They have two choices AFAIK. The first is to pay whatever the owner demands for those domains. The second is to take the risk of the owner selling those domains to someone that wants to use them for phishing.
There are exactly two winners in the blockchain version; the domain squatter and a would be scammer. In the existing system a high value domain owner like PayPal will have an established procedure for dealing with bad actors that infringe on their trademark and dealing with typo squatting like that is probably as simple as sending a template they have to the corresponding registry.
1. https://app.ens.domains/address/0x527FC48f1CA8b41DF3E870F5DE...
2. https://app.ens.domains/address/0x7731652a9F7F48F77E94a8675F...
If you don't know much about NFTs but think they're kinda scammy, maybe you shouldn't default to "support / lend your reputation to them."
I guess you can argue that get-rick-quick does not necessarily imply scam, but it certainly reflects poorly on a person to ignore their doubts because the source of the doubts is useful. Its not a unique problem to NFTs, its a similar problem that a founder might face when, say, entertaining an acquisition by Meta.
And FWIW I'm not sure "fraudulent" is the right word. NFTs are not a fraud, you usually get what you pay for, a mediocre jpeg, and perhaps a really primitive game.
And to be fair, what are the odds his VTOL company will ever produce anything either?
Cant keep your assets? Someone else who can code can!
Looking forward to the technocrat plutocracy
I’m being facetious as I think there will continue to be a balance and cat / mouse game.
https://twitter.com/nayibbukele/status/1467216871846027274
Just two lines... Is the idea that tokenToBeApproved.allowance() can do bad things?
Code: https://twitter.com/thomasg_eth/status/1492663290715152384/p...
Tokentobeapproved is a variable declared in the contract. It will be pointing at the aWETH contract, which is the claim token for ETH on aave, a money market.
This kind of scam just wouldn't work on BTC. You're passing tokens around. At fanciest you're time-locking wallets or using M of N signatures. You're not like, installing arbitrary code in your bank account.
I find ETH very technically interesting but it feels like it's full of sentient foot-guns.
The most reasonable conclusion is that the hacker was sent from the future to try to avert the creation of DAO-controlled flying cryptodrones.
Imagine if every person you interact with could "be their own bank", and define the logic between your transactions. It's fully transparent, so you can audit it as much as you want to - but still, that's the amount of headache you'd have to deal with, to fully trust the other part.
There are lots of upsides to this, but there's no shame in saying: No, I'd rather not. I'll keep trusting the trust-based system I've been using since forever.
Also it seems strange to hold most of it in aETH, wouldn't you want to diversify a bit?