Blockchain Address: How Bitcoin Public & Private Keys Work ...
Bitmex bans quebec and the rest of Canada coming : BitcoinCA
4 Best Methods To To Buy Bitcoin with PayPal - 2020 Guide
Bitcoin Mining Pool Bitcoin.com
Best cryptocurrency exchanges in Canada (2020 update ...
8 Biggest Bitcoin Mining Pool With Best Payout And High ...
The 100% Up-to-Date Guide to Choosing the Best Bitcoin ...
How to Mine Bitcoin: The Complete Guide to Bitcoin Mining
Bob The Magic Custodian
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
How To End The Cryptocurrency Exchange "Wild West" Without Crippling Innovation
In case you haven't noticed the consultation paper, staff notice, and report on Quadriga, regulators are now clamping down on Canadian cryptocurrency exchanges. The OSC and other regulatory bodies are still interested in industry feedback. They have not put forward any official regulation yet. Below are some ideas/insights and a proposed framework.
Typical securities frameworks will cost Canadians millions of dollars (ie Sarbanes-Oxley estimated at $5m USD/yr per firm). Implementation costs of this proposal are significantly cheaper.
Canadians can maintain a diverse set of exchanges, multiple viable business models are still fully supported, and innovation is encouraged while keeping Canadians safe.
Many of you have limited time to read the full proposal, so here are the highlights:
Effective standards to prevent both internal and external theft. Exchange operators are trained and certified, and have a legal responsibility to users.
Regular Transparent Audits
Provides visibility to Canadians that their funds are fully backed on the exchange, while protecting privacy and sensitive platform information.
Establishment of basic insurance standards/strategy, to expand over time. Removing risk to exchange users of any hot wallet theft.
Background and Justifications
Cold Storage Custody/Management After reviewing close to 100 cases, all thefts tend to break down into more or less the same set of problems: • Funds stored online or in a smart contract, • Access controlled by one person or one system, • 51% attacks (rare), • Funds sent to the wrong address (also rare), or • Some combination of the above. For the first two cases, practical solutions exist and are widely implemented on exchanges already. Offline multi-signature solutions are already industry standard. No cases studied found an external theft or exit scam involving an offline multi-signature wallet implementation. Security can be further improved through minimum numbers of signatories, background checks, providing autonomy and legal protections to each signatory, establishing best practices, and a training/certification program. The last two transaction risks occur more rarely, and have never resulted in a loss affecting the actual users of the exchange. In all cases to date where operators made the mistake, they've been fully covered by the exchange platforms. • 51% attacks generally only occur on blockchains with less security. The most prominent cases have been Bitcoin Gold and Ethereum Classic. The simple solution is to enforce deposit limits and block delays such that a 51% attack is not cost-effective. • The risk of transactions to incorrect addresses can be eliminated by a simple test transaction policy on large transactions. By sending a small amount of funds prior to any large withdrawals/transfers as a standard practice, the accuracy of the wallet address can be validated. The proposal covers all loss cases and goes beyond, while avoiding significant additional costs, risks, and limitations which may be associated with other frameworks like SOC II. On The Subject of Third Party Custodians Many Canadian platforms are currently experimenting with third party custody. From the standpoint of the exchange operator, they can liberate themselves from some responsibility of custody, passing that off to someone else. For regulators, it puts crypto in similar categorization to oil, gold, and other commodities, with some common standards. Platform users would likely feel greater confidence if the custodian was a brand they recognized. If the custodian was knowledgeable and had a decent team that employed multi-sig, they could keep assets safe from internal theft. With the right protections in place, this could be a great solution for many exchanges, particularly those that lack the relevant experience or human resources for their own custody systems. However, this system is vulnerable to anyone able to impersonate the exchange operators. You may have a situation where different employees who don't know each other that well are interacting between different companies (both the custodian and all their customers which presumably isn't just one exchange). A case study of what can go wrong in this type of environment might be Bitpay, where the CEO was tricked out of 5000 bitcoins over 3 separate payments by a series of emails sent legitimately from a breached computer of another company CEO. It's also still vulnerable to the platform being compromised, as in the really large $70M Bitfinex hack, where the third party Bitgo held one key in a multi-sig wallet. The hacker simply authorized the withdrawal using the same credentials as Bitfinex (requesting Bitgo to sign multiple withdrawal transactions). This succeeded even with the use of multi-sig and two heavily security-focused companies, due to the lack of human oversight (basically, hot wallet). Of course, you can learn from these cases and improve the security, but so can hackers improve their deception and at the end of the day, both of these would have been stopped by the much simpler solution of a qualified team who knew each other and employed multi-sig with properly protected keys. It's pretty hard to beat a human being who knows the business and the typical customer behaviour (or even knows their customers personally) at spotting fraud, and the proposed multi-sig means any hacker has to get through the scrutiny of 3 (or more) separate people, all of whom would have proper training including historical case studies. There are strong arguments both for and against using use of third party custodians. The proposal sets mandatory minimum custody standards would apply regardless if the cold wallet signatories are exchange operators, independent custodians, or a mix of both. On The Subject Of Insurance ShakePay has taken the first steps into this new realm (congratulations). There is no question that crypto users could be better protected by the right insurance policies, and it certainly feels better to transact with insured platforms. The steps required to obtain insurance generally place attention in valuable security areas, and in this case included a review from CipherTrace. One of the key solutions in traditional finance comes from insurance from entities such as the CDIC. However, historically, there wasn't found any actual insurance payout to any cryptocurrency exchange, and there are notable cases where insurance has not paid. With Bitpay, for example, the insurance agent refused because the issue happened to the third party CEO's computer instead of anything to do with Bitpay itself. With the Youbit exchange in South Korea, their insurance claim was denied, and the exchange ultimately ended up instead going bankrupt with all user's funds lost. To quote Matt Johnson in the original Lloyd's article: “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.” ShakePay's insurance was only reported to cover their cold storage, and “physical theft of the media where the private keys are held”. Physical theft has never, in the history of cryptocurrency exchange cases reviewed, been reported as the cause of loss. From the limited information of the article, ShakePay made it clear their funds are in the hands of a single US custodian, and at least part of their security strategy is to "decline to confirm the custodian’s name on the record". While this prevents scrutiny of the custodian, it's pretty silly to speculate that a reasonably competent hacking group couldn't determine who the custodian is. A far more common infiltration strategy historically would be social engineering, which has succeeded repeatedly. A hacker could trick their way into ShakePay's systems and request a fraudulent withdrawal, impersonate ShakePay and request the custodian to move funds, or socially engineer their way into the custodian to initiate the withdrawal of multiple accounts (a payout much larger than ShakePay) exploiting the standard procedures (for example, fraudulently initiating or override the wallet addresses of a real transfer). In each case, nothing was physically stolen and the loss is therefore not covered by insurance. In order for any insurance to be effective, clear policies have to be established about what needs to be covered. Anything short of that gives Canadians false confidence that they are protected when they aren't in any meaningful way. At this time, the third party insurance market does not appear to provide adequate options or coverage, and effort is necessary to standardize custody standards, which is a likely first step in ultimately setting up an insurance framework. A better solution compared to third party insurance providers might be for Canadian exchange operators to create their own collective insurance fund, or a specific federal organization similar to the CDIC. Such an organization would have a greater interest or obligation in paying out actual cases, and that would be it's purpose rather than maximizing it's own profit. This would be similar to the SAFU which Binance has launched, except it would cover multiple exchanges. There is little question whether the SAFU would pay out given a breach of Binance, and a similar argument could be made for a insurance fund managed by a collective of exchange operators or a government organization. While a third party insurance provider has the strong market incentive to provide the absolute minimum coverage and no market incentive to payout, an entity managed by exchange operators would have incentive to protect the reputation of exchange operators/the industry, and the government should have the interest of protecting Canadians. On The Subject of Fractional Reserve There is a long history of fractional reserve failures, from the first banks in ancient times, through the great depression (where hundreds of fractional reserve banks failed), right through to the 2008 banking collapse referenced in the first bitcoin block. The fractional reserve system allows banks to multiply the money supply far beyond the actual cash (or other assets) in existence, backed only by a system of debt obligations of others. Safely supporting a fractional reserve system is a topic of far greater complexity than can be addressed by a simple policy, and when it comes to cryptocurrency, there is presently no entity reasonably able to bail anyone out in the event of failure. Therefore, this framework is addressed around entities that aim to maintain 100% backing of funds. There may be some firms that desire but have failed to maintain 100% backing. In this case, there are multiple solutions, including outside investment, merging with other exchanges, or enforcing a gradual restoration plan. All of these solutions are typically far better than shutting down the exchange, and there are multiple cases where they've been used successfully in the past. Proof of Reserves/Transparency/Accountability Canadians need to have visibility into the backing on an ongoing basis. The best solution for crypto-assets is a Proof of Reserve. Such ideas go back all the way to 2013, before even Mt. Gox. However, no Canadian exchange has yet implemented such a system, and only a few international exchanges (CoinFloor in the UK being an example) have. Many firms like Kraken, BitBuy, and now ShakePay use the Proof of Reserve term to refer to lesser proofs which do not actually cryptographically prove the full backing of all user assets on the blockchain. In order for a Proof of Reserve to be effective, it must actually be a complete proof, and it needs to be understood by the public that is expected to use it. Many firms have expressed reservations about the level of transparency required in a complete Proof of Reserve (for example Kraken here). While a complete Proof of Reserves should be encouraged, and there are some solutions in the works (ie TxQuick), this is unlikely to be suitable universally for all exchange operators and users. Given the limitations, and that firms also manage fiat assets, a more traditional audit process makes more sense. Some Canadian exchanges (CoinSquare, CoinBerry) have already subjected themselves to annual audits. However, these results are not presently shared publicly, and there is no guarantee over the process including all user assets or the integrity and independence of the auditor. The auditor has been typically not known, and in some cases, the identity of the auditor is protected by a NDA. Only in one case (BitBuy) was an actual report generated and publicly shared. There has been no attempt made to validate that user accounts provided during these audits have been complete or accurate. A fraudulent fractional exchange, or one which had suffered a breach they were unwilling to publicly accept (see CoinBene), could easily maintain a second set of books for auditors or simply exclude key accounts to pass an individual audit. The proposed solution would see a reporting standard which includes at a minimum - percentage of backing for each asset relative to account balances and the nature of how those assets are stored, with ownership proven by the auditor. The auditor would also publicly provide a "hash list", which they independently generate from the accounts provided by the exchange. Every exchange user can then check their information against this public "hash list". A hash is a one-way form of encryption, which fully protects the private information, yet allows anyone who knows that information already to validate that it was included. Less experienced users can take advantage of public tools to calculate the hash from their information (provided by the exchange), and thus have certainty that the auditor received their full balance information. Easy instructions can be provided. Auditors should be impartial, their identities and process public, and they should be rotated so that the same auditor is never used twice in a row. Balancing the cost of auditing against the needs for regular updates, a 6 month cycle likely makes the most sense. Hot Wallet Management The best solution for hot wallets is not to use them. CoinBerry reportedly uses multi-sig on all withdrawals, and Bitmex is an international example known for their structure devoid of hot wallets. However, many platforms and customers desire fast withdrawal processes, and human validation has a cost of time and delay in this process. A model of self-insurance or separate funds for hot wallets may be used in these cases. Under this model, a platform still has 100% of their client balance in cold storage and holds additional funds in hot wallets for quick withdrawal. Thus, the risk of those hot wallets is 100% on exchange operators and not affecting the exchange users. Since most platforms typically only have 1%-5% in hot wallets at any given time, it shouldn't be unreasonable to build/maintain these additional reserves over time using exchange fees or additional investment. Larger withdrawals would still be handled at regular intervals from the cold storage. Hot wallet risks have historically posed a large risk and there is no established standard to guarantee secure hot wallets. When the government of South Korea dispatched security inspections to multiple exchanges, the results were still that 3 of them got hacked after the inspections. If standards develop such that an organization in the market is willing to insure the hot wallets, this could provide an acceptable alternative. Another option may be for multiple exchange operators to pool funds aside for a hot wallet insurance fund. Comprehensive coverage standards must be established and maintained for all hot wallet balances to make sure Canadians are adequately protected.
Current Draft Proposal
(1) Proper multi-signature cold wallet storage. (a) Each private key is the personal and legal responsibility of one person - the “signatory”. Signatories have special rights and responsibilities to protect user assets. Signatories are trained and certified through a course covering (1) past hacking and fraud cases, (2) proper and secure key generation, and (3) proper safekeeping of private keys. All private keys must be generated and stored 100% offline by the signatory. If even one private keys is ever breached or suspected to be breached, the wallet must be regenerated and all funds relocated to a new wallet. (b) All signatories must be separate background-checked individuals free of past criminal conviction. Canadians should have a right to know who holds their funds. All signing of transactions must take place with all signatories on Canadian soil or on the soil of a country with a solid legal system which agrees to uphold and support these rules (from an established white-list of countries which expands over time). (c) 3-5 independent signatures are required for any withdrawal. There must be 1-3 spare signatories, and a maximum of 7 total signatories. The following are all valid combinations: 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. (d) A security audit should be conducted to validate the cold wallet is set up correctly and provide any additional pertinent information. The primary purpose is to ensure that all signatories are acting independently and using best practices for private key storage. A report summarizing all steps taken and who did the audit will be made public. Canadians must be able to validate the right measures are in place to protect their funds. (e) There is a simple approval process if signatories wish to visit any country outside Canada, with a potential whitelist of exempt countries. At most 2 signatories can be outside of aligned jurisdiction at any given time. All exchanges would be required to keep a compliant cold wallet for Canadian funds and have a Canadian office if they wish to serve Canadian customers. (2) Regular and transparent solvency audits. (a) An audit must be conducted at founding, after 3 months of operation, and at least once every 6 months to compare customer balances against all stored cryptocurrency and fiat balances. The auditor must be known, independent, and never the same twice in a row. (b) An audit report will be published featuring the steps conducted in a readable format. This should be made available to all Canadians on the exchange website and on a government website. The report must include what percentage of each customer asset is backed on the exchange, and how those funds are stored. (c) The auditor will independently produce a hash of each customer's identifying information and balance as they perform the audit. This will be made publicly available on the exchange and government website, along with simplified instructions that each customer can use to verify that their balance was included in the audit process. (d) The audit needs to include a proof of ownership for any cryptocurrency wallets included. A satoshi test (spending a small amount) or partially signed transaction both qualify. (e) Any platform without 100% reserves should be assessed on a regular basis by a government or industry watchdog. This entity should work to prevent any further drop, support any private investor to come in, or facilitate a merger so that 100% backing can be obtained as soon as possible. (3) Protections for hot wallets and transactions. (a) A standardized list of approved coins and procedures will be established to constitute valid cold storage wallets. Where a multi-sig process is not natively available, efforts will be undertaken to establish a suitable and stable smart contract standard. This list will be expanded and improved over time. Coins and procedures not on the list are considered hot wallets. (b) Hot wallets can be backed by additional funds in cold storage or an acceptable third-party insurance provider with a comprehensive coverage policy. (c) Exchanges are required to cover the full balance of all user funds as denominated in the same currency, or double the balance as denominated in bitcoin or CAD using an established trading rate. If the balance is ever insufficient due to market movements, the firm must rectify this within 24 hours by moving assets to cold storage or increasing insurance coverage. (d) Any large transactions (above a set threshold) from cold storage to any new wallet addresses (not previously transacted with) must be tested with a smaller transaction first. Deposits of cryptocurrency must be limited to prevent economic 51% attacks. Any issues are to be covered by the exchange. (e) Exchange platforms must provide suitable authentication for users, including making available approved forms of two-factor authentication. SMS-based authentication is not to be supported. Withdrawals must be blocked for 48 hours in the event of any account password change. Disputes on the negligence of exchanges should be governed by case law.
Continued review of existing OSC feedback is still underway. More feedback and opinions on the framework and ideas as presented here are extremely valuable. The above is a draft and not finalized. The process of further developing and bringing a suitable framework to protect Canadians will require the support of exchange operators, legal experts, and many others in the community. The costs of not doing such are tremendous. A large and convoluted framework, one based on flawed ideas or implementation, or one which fails to properly safeguard Canadians is not just extremely expensive and risky for all Canadians, severely limiting to the credibility and reputation of the industry, but an existential risk to many exchanges. The responsibility falls to all of us to provide our insight and make our opinions heard on this critical matter. Please take the time to give your thoughts.
InvestInBlockchain - Cryptocurrencies in the Top 100 With Working Products
📷 Bitcoin is the cryptocurrency that started it all back in 2009, after the global financial crisis and subsequent bailouts of banks left many people disenfranchised with fiat currency and outdated, insecure financial infrastructure. Today, Bitcoin is being used for peer-to-peer payments across the globe. More than that, though, it is leading the way towards a future in which financial technology is trustless, secure, resilient, and censorship resistant. Without Bitcoin, this list would not exist.
📷 The platform that brought smart contracts to the blockchain, spurring a minor revolution in the cryptocurrency ecosystem. Before Ethereum, Bitcoin and its transaction-oriented design was the central focus of most blockchain projects. After Ethereum, teams saw the value of decentralized apps (dapps) and smart contracts, and shifted their focus to compensate. Vitalik Buterin’s Ethereum whitepaper was released in late 2013. The project itself was announced January 2014, with a crowdsale the following July. The system officially went live in July 2015. Since then, hundreds of businesses, individuals, and blockchain projects have adopted Ethereum as their main smart contracts platform.
📷 Ripple is focused primarily on one thing: fast and cheap international transactions. Current banking infrastructure has failed to evolve in the 21st century, such that it still takes 3-5 business days on average for an international transfer to be processed. With just 4 second transaction times and at a fraction of the cost of a wire transfer, Ripple’s working product is already impacting the banking sector. The big knock against Ripple is that its native token, XRP, is completely unnecessary. Indeed, driving adoption of Ripple’s banking solutions is far easier than getting real-world adoption for XRP. If you’re interested in seeing a discussion about how XRP adoption will occur, you might find this reddit thread worth a read. Meanwhile, all of us will just have to wait and see whether XRP adoption strategies ultimately come to fruition.
Bitcoin Cash (BCH)
📷 Bitcoin Cash was created in 2017 when the first ever hard fork of the Bitcoin blockchain took place. The split was the result of Bitcoin’s 1MB blocks filling up. Transaction speeds were declining, fees were increasing, and it became clear to the community that the current model wasn’t sustainable for scaling. In a move that still causes cryptocurrency fights to this day, Bitcoin and Bitcoin Cash soon emerged as separate but similar projects. BCH has 8x the block size of BTC, giving it roughly 8x the transaction throughput. Its fees and transaction times are much faster, as predicted. Learn more about Bitcoin vs Bitcoin Cash.
📷 The Stellar project and its associated Lumens (XLM) token was forked from the Ripple protocol in 2014. Stellar has come into its own since then, providing a blockchain connection service for fiat transactions between banks, payment systems, and people. Stellar is fast and reliable, and it works with practically no fees for the end-user. Stellar is a payments system, meaning its job is to move money as efficiently as possible. Partnerships with banks and financial institutions were key in evaluating its status, as was the ability to actually send money using the network. Several non-profits and commercial entities have agreed to use Stellar as part of their financial infrastructure. Recently, the team partnered with IBM and KlickEx to facilitate cross-border transactions in the South Pacific and announced an affiliate with Keybase to streamline international transactions. Stellar also has projects being builton its network by major established entities. IBM’s blockchain division is using XLM for their payments infrastructure, for example, and the Veridium startup is working with both organizations to tokenize its carbon credits market.
📷 Litecoin is a Bitcoin fork that was created in 2011 by Charlie Lee as a cheaper and faster (2.5 minute block time instead of 10) alternative to Bitcoin. This is accomplished predominantly because Litecoin uses a Scrypt hashing algorithm instead of the SHA-256 algorithm used by Bitcoin. It’s common to hear Litecoin called “digital silver” to Bitcoin’s “digital gold,” and in reality Litecoin does not really expand upon the functionality of Bitcoin in a significant way so much as it makes different tradeoffs. That being said, it does succeed in being cheaper and faster to use than BTC, which has led to it being accepted by hundreds of merchants and thus making Litecoin one of the most widely used cryptocurrencies for digital payments.
📷 Tether is an unusual project. Whereas most cryptocurrencies rise and fall in value, Tether was designed to stay the same, fixed at a 1:1 ratio with the U.S. dollar. This allows users to store, send, and receive digital currencies across platforms without incurring significant losses due to value fluctuations. The Tether stable coin sounds straightforward, but the project isn’t without controversy. USDT is supposedly backed by real USD sitting in a bank account. But in which account? Who controls it? And is Tether being used to manipulate the value of Bitcoin? It’s all part of the Tether controversy.
📷 Released in 2014 as a fork of Bytecoin, Monero has since made a name for itself as the most popular privacy coin on the market. Most cryptocurrencies offer little in the form of anonymity. Monero was built for privacy from the ground-up, featuring stealth addresses, ring signatures, and complete coin fungibility. All of this adds up to a near-perfect cloak of anonymity, allowing Monero users to conduct transactions without exposing their identity. Monero has had steady growth over the years thanks to a dedicated team of developers and an active community. The project continues to evolve with new privacy features and improved transaction security.
📷 NEO was founded in 2014 as one of the earliest smart contract platforms, giving it a wide breadth of possible functionality. The platform’s strongest use case is digitizing traditional assets so that they can be easily tracked and exchanged on the blockchain. NEO is also well-known as the “Chinese Ethereum,” and the fact that it is a Chinese-based project does seem to make Chinese dapp developers somewhat more likely to build on top of it than other platforms. In fact, NEO has already supported dozens of ICOs and remains one of the predominant platforms for supporting smart contracts and dapps.
Binance Coin (BNB)
📷 Binance Coin is an exchange token used to reduce trading fees on the Binance platform. Users can opt to pay exchange, listing, and withdrawal fees using BNB and enjoy as much as a 50% discount on all charges. This turns out to be a powerful incentive for purchasing and holding BNB, as what trader doesn’t enjoy saving money on transactions? Binance Coin is an ERC-20 token that runs on the Ethereum blockchain. Its purpose is extremely limited, but because such a vast number of Binance users transact with it every day, it qualifies as a working and active product.
📷 Zcash is another immensely popular privacy coin that often cracks the top 20 cryptocurrencies. It uses the tagline “internet money” and promises to fully protect the privacy of transactions with zero-knowledge cryptography. Zcash provides anonymity by shielding transactions on the blockchain, preventing anyone from seeing the sender, recipient, or value of each transaction. The technology is so effective the Ethereum team is investigating it to enable anonymous transactions on their network. Zcash has grown in leaps and bounds in 2018. The dev team published a roadmap through the year 2020, which includes a major features upgrade in the October 2018 Sapling release. Coinbase is also considering listing Zcash, which is a huge boost for any cryptocurrency.
📷 Qtum is a smart contracts platform similar to Ethereum, only with a stronger focus on value transfers and decentralized apps. It’s meant to be something of a hybrid between Bitcoin and Ethereum, allowing businesses to build smart contracts on the platform or just focus on cryptocurrency transactions. Qtum launched in March 2017, and dashed straight to the top. The initial offering sold over $10 million in tokens after just 90 minutes. The project differentiated itself by providing a rare Proof-of-Stake smart contracts platform designed to compensate for some of Ethereum’s shortcomings, including lack of compatibility for mobile devices. Qtum released its mainnet in September 2017, opening the doors to a fully functional smart contract and dapps platform. Several projects already have an established presenceon the network. One of the more exciting ones is Space Chain, which aims to create an open-source satellite network anyone can use for data transmission, storage, and development.
0x Protocol (ZRX)
📷 0x Protocol has one of the most important working products in the entire Ethereum ecosystem. It is a permissionless, open-source protocol that facilitates trustless exchanges of Ethereum tokens through relayers and dapps that build on top of the protocol. Not only has 0x been providing this functionality for over a year now, but they’ve been working to expand the protocol functionality significantly since that initial launch. In 0x protocol 2.0 and beyond, it will be possible to trade tokens built on standards besides ERC-20, including non-fungible ERC-721 tokens. In a market full of scams and vaporware, 0x’s valuable contributions to the Ethereum ecosystem have made it one of the best performing cryptocurrencies of 2018.
📷 Bytecoin is another popular privacy-focused cryptocurrency with a strong community and user base. Transactions on the Bytecoin blockchain are instantaneous, untraceable, unlinkabe, and resistant to blockchain analysis. Bytecoin has been around for a long time now, with contributions to the project beginning in 2012. However, that hasn’t stopped the project’s developers from continuously improving the product. The recently updated Bytecoin roadmap has a hard fork for a consensus update scheduled for August 31, as well as numerous initiatives for community growth constantly in the works.
📷 Founded in 2015 by former Bitcoin developers, Decred’s most important working product is its solution to Bitcoin’s biggest problem. No, not scalability… blockchain governance. You see, early Bitcoiners have been debating block size limitations and the efficacy of other scalability solutions like the Lightning Network for years, even though the problem of scalability really only became discussed in the mainstream in 2017. With its community-based governance model and strong adherence to the core ethos of decentralization, Decred is built to evolve and improve rapidly. That means that it’s equipped to handle not only the scalability problem today, but other big problems that might arise down the line. When you have poor governance, it is an arduous process making any upgrades to a project, no matter how necessary they may seem to the majority of coin holders. Decred’s best-in-class and still improving governance model give it an intriguing case to be a leader in digital payments for a long time to come.
📷 BitShares aims to improve worldwide access to financial services via blockchain. The tagline “assist the unbanked” summarizes the project nicely. In practice, this translates to BitShares operating as a decentralized exchange, one that was built from the ground-up to avoid scalability issues and keep transaction fees low. BitShares was launched in 2014 by Dan Larimer, who would then go on to take a lead development role in both EOS and Steem. The current state of the project offers decentralized asset exchange, price-stable cryptocurrencies, recurring and scheduled payments, user-issued assets, and more, all available through a decentralized system powered by delegated PoS consensus.
📷 Steem is the cryptocurrency that powers Steemit, a decentralized social media platform that incentivizes user participation through micropayments. Think of it like Reddit, only instead of just upvoting or downvoting posts, users can actually reward creators for their effort. Steem is a functional cryptocurrency used exclusively on the Steemit platform. That gives it something of a limited use, but seeing as how Steemit is live and boasts a few hundred thousand users, it’s hard to argue it isn’t a working product. Some people may even beearning money using Steemit.
📷 Siacoin is one of the leaders in decentralized cloud storage, a more secure and affordable alternative to centralized cloud storage solutions like Amazon S3, Google Drive, iCloud, Dropbox, and others. Sia 1.0 was launched in June 2016, and has achieved considerable adoption since then. With the $200 billion cloud storage market widely seen as one of the spaces most ripe for blockchain disruption, Sia has gotten off to a nice start by offering a functional decentralized cloud storage platform for over 2 years.
📷 Augur is one of the most recently launched products on this list. The platform mainnet went live in early July 2018, bringing to fruition almost 4 years of post-ICO work. Augur is a decentralized prediction market that uses game theory to generate crowd-sourced insights. Essentially, thousands of people working together have shown the remarkable ability to forecast outcomes. With Augur, users can put REP tokens as bets on these predictions, essentially creating a form of “useful social gambling.” Augur’s release was a long time coming. The project started as far back as 2014, nearly a year before the ICO. The creators cite the complexity of Augur’s smart contracts as the chief cause of the lengthy development time. Regardless of its past, Augur is now a live product with a bright future. Over 300 predictions have already been made, with the largest winning payout hitting $20,000. Betting volume even exceeded $1 million within the first weeks of launch.
Basic Attention Token (BAT)
📷 Basic Attention Token was one of the easiest projects to include on this list. That’s because its working product, Brave Browser, has more than 3 million active usersbetween its mobile and desktop platforms, making it one of the most widely-used working products in the blockchain space. Not only is Brave Browser functional, it’s the only browser on the market that has built-in ad-blocking and tracker blocking, making the browsing experience both cleaner and faster than what you get with other popular browsers like Chrome and Firefox. The future remains uncertain for the BAT token itself, as its adoption depends heavily on whether or not advertisers buy-in to the Brave model, as well as how willing Brave users are to be shown relevant ads and to pass along the BAT they earn to content publishers. Given Brave’s success in just a short time since being launched, though, the future does appear promising for BAT.
📷 Nano (formerly RaiBlocks) is all about scalability. The coin has nearly instant transactions with a completely fee-less structure. The platform accomplishes this by creating a unique blockchain for every account, preventing bloat and allowing for practically infinite scalability. Nano’s motto of “do one thing and do it well” has gotten them a long way. The team doesn’t have to deal with scaling or slowdown issues thanks to the underlying structure of the project, allowing its roadmap to focus on wallet updates and outreach. This is one cryptocurrency that’s essentially feature complete, and it has been for some time.
📷 Golem has set out to be the Airbnb of computing resources. Have you ever needed extra GPU power to finish up a render? How about processing scientific data similar to the [email protected] project? Even if you don’t have those needs, a lot of groups do. Golem aims to provide easy access to those resources, all of which are rentable for a small cryptocurrency fee. Golem hit the mainnet launch button in April 2018, and was met with a fair amount of fanfare. One of the main goals for the feature-incomplete launch was to push the product out so real users could put it to work. The team was interested in strengthening their interactions with end users to help guide the future of the platform. The team has several major milestones planned for the coming months, so the mainnet release is only just the beginning.
Pundi X (NPXS)
📷 Pundi X has been shooting up the market cap rankings so far in Q3 2018, and they also happen to have a working product that just recently became available to retailers. The primary Pundi X product is a point-of-sale (POS) device that enables quick and easy mobile transactions for both fiat and cryptocurrencies. 500 POS devices are already being used by retailers in Asia, and there are thousands more scheduled to be distributed in the coming months. In addition, Pundi X also offers XPASS cards, cryptocurrency credit cards that can work in place of mobile apps for making digital payments. What makes the Pundi X project noteworthy is that it enables consumers to pay retailers in cryptocurrencies like BTC and ETH, and it immediately converts the payments into local fiat currencies so that retailers don’t need to worry about price volatility of the cryptocurrencies. This makes it significantly easier for people to use cryptocurrencies in their daily lives, making Pundi X an exciting project for blockchain enthusiasts who are looking for signs of future mass adoption.
📷 Waves was the first ever blockchain platform that made it possible for anybody — regardless of their programming experience — to create blockchain tokens. Additionally, Waves has a decentralized exchange where tokens can be traded and exchanged with fiat currencies. Since the project’s first releases in 2016, Waves has gone on to make their DEX accessible from mobile phones and expanded its functionality significantly, while also building several strategic partnerships to help grow the Waves community and user base. Ultimately, though, the Waves Client is the project’s most important working product, as it is what allows tokens to be issued, stored, sent, and exchanged among users.
KuCoin Shares (KCS)
📷 Similar to Binance Coin, KuCoin Shares is an exchange token that can be used to pay reduced fees on cryptocurrency trades. KCS has the added bonus of paying dividends to long-term hodlers, as well, paying out a 5% ROI for most users. The nature of KuCoin Shares is one of the reasons the KuCoin exchange has gotten so much attention since it appeared on the scene. The tokens themselves are limited in scope, of course, but the sheer number of people using them for trades and buying them for passive income is enormous.
📷 Wanchain aims to build new and improved financial infrastructure to seamlessly connect the digital economy through blockchain interoperability. The use cases for Wanchain’s network are vast, and they include decentralized financial services, supply chain logistics, medical data sharing and security, digital ID management, and more. With the recently released Wanchain 2.0, it is now possible to transfer Ether cross-chain using Wanchain’s Ethereum Mapping Token, WETH. Ethereum interoperability is just the start, though, and it’s expected that cross-chain support for Bitcoin and a couple of ERC-20 tokens will follow before the end of 2018.
📷 Komodo is a fork of Zcash that uses the same zk-snark cryptography to hide information about transaction participants and amounts being sent. Functional privacy coins aren’t unique (there are a handful on this list) but Komodo does have some unique features. For one, Komodo was the first ever decentralized initial coin offering. Moreover, Komodo helps other developers to build their own customizable blockchain solutions, from building and securing independent blockchains and launching decentralized ICOs, to integrating projects into the cryptocurrency ecosystem. KMD would already qualify as a working product for its anonymity features on digital payments, but add the end-to-end blockchain building solution and it’s clear that Komodo is making meaningful contributions to the cryptocurrency ecosystem.
📷 Ardor is a scalable blockchain platform that allows businesses to create their own child chains and tokens with relative ease. This helps keep blockchain bloat to a minimum and provides multiple transactional tokens without sacrificing core chain transactions. It’s also a remarkably energy efficient platform that uses Proof-of-Stake to power consensus. Ardor launched its mainnet on January 1, 2018 after a full year in testnet status. Its core features are largely in place, with the roadmap set to improve things like scalability and snapshotting. The Blockchain-as-a-Service-platform hosts a few projects of its own, including the Ignis ICO, which was the first child chain on the mainnet.
Huobi Token (HT)
📷 Huobi is a digital asset exchange platform founded back in 2013, now offering well over 250 different trading pairs. The Huobi Token, meanwhile, is an ERC-20 token that is used on the exchange for discounts on trading fees of up to 50%. In addition, 20% of the income generated on the Huboi Pro trading platform is used to buy back HT on the open market. Unlike most buyback programs, the main purpose of Huobi’s program isn’t to reduce the circulating supply of HT. Rather, the HT that is bought back goes into a Huobi Investor Protection Fund, which is used to compensate Huobi users if they lose coins or tokens on the platform, as well as to ensure market stability and protect investor interests.
📷 ZenCash is yet another privacy coin with a working product in the Top 100, originally launched in the first half of 2017. What makes ZenCash unique is that it’s the first blockchain with Transport Layer Security (TLS) integration for node encryption, making communication on the ZenCash network both private and highly secure. Some other interesting parts of the ZenCash product include Tor nodes and built-in chat messaging services. In the future, the ZenCash team will deliver a DAO Treasury Protocol-level Voting System as well as a scalability solution to handle greater transaction volume.
📷 PIVX is another privacy coin that focuses on keeping users and their associated transactions hidden under a cloak of secrecy. The project also tries to keep transactions as fast and fee-less as possible, something not all privacy platforms can boast about. PIVX launched in January 2016. The coin is currently spendable and delivers the privacy features it promises, though it’s not yet a widely accepted currency by merchants. Future plans for PIVX include governance functions to engage the community, wallet voting, and its own zPIV decentralized exchange.
Kyber Network (KNC)
📷 Kyber Network launched their mainnet in Q1 2018, enabling instantaneous and secure inter-token settlements through a Decentralized Liquidity Network. It’s currently possible to swap ERC-20 tokens on the network with just a few mouse clicks, giving it some basic functionality that is already being used to improve liquidity for Ethereum tokens. In the future, however, Kyber Network will expand its functionality significantly in an effort to seamlessly connect dapps, DEXes, protocols, payment systems, token teams, investors, fund managers, and digital wallets.
📷 Bancor is a liquidity provider that enables users to exchange tokens without the need for a third-party to be involved in financing the transaction. Gaining liquidity is incredibly important for young cryptocurrency projects, as a lack of liquidity makes it risky for investors to buy a considerable amount of a given coin or token, knowing that it might be exceedingly difficult to sell should they wish to. Bancor’s technology makes it possible to convert one token to another, so that investors can be confident that they won’t be stuck involuntarily holding a cryptocurrency that they want to sell. This functionality makes the Bancor Liquidity Network one of the most promising working products on this list, and one that has already achieved a good deal of adoption.
Loom Network (LOOM)
📷 Loom Network is still less than a year old, having been founded in October 2017. However, they have accomplished a lot in that short time span, including having launched numerous tools to help software developers learn how to build blockchain solutions. The most important of these tools — and Loom’s biggest working product — is the Loom software development kit (SDK). However, Loom Network is far more than just a simple blockchain coding academy. It is also a production-ready scalability solution for Ethereum, as the Loom developer toolkit helps programmers to build highly scalable dapps which connect to the Ethereum blockchain through special side chains called DappChains. The project may still be in its infancy, but Loom Network is already contributing more utility to the cryptocurrency ecosystem than the vast majority of other cryptocurrency projects.
📷 Polymath wants to be the world’s go-to resource for security tokens on the blockchain. What Ethereum did for tokens, Polymath will do for securities. The advantages of this are enormous, but the Polymath team likes to point to 24/7 market access, the elimination of middlemen, and trading access for 2 billion unbanked people around the world as the chief benefits of their efforts. The Polymath platform launched in October 2017, and has since released a new security token every week, attracting investors and traders alike. It’s not as exciting of a project as some other blockchain tech, but it’s delivering on its promises with a working product.
Bibox Token (BIX)
📷 Bibox is a encrypted digital asset exchange whose primary differentiator from other crypto exchanges is that it integrates AI technology. The purpose of the AI is to help Bibox’s traders, which it does by providing quantitative computation and analysis of trading activity, personalized risk allocation strategy, speech recognition, and objective analysis of the various coins and tokens listed on the exchange. The Bibox exchange first launched back in November 2017. It has operation centers in the US, Canada, mainland China, Hong Kong, Japan, and Estonia. BIX token holders receive 20% of the exchange profits, and also get discounts on trading fees, similar to Binance. https://www.investinblockchain.com/top-cryptocurrencies-working-products/
For example, on the day this comment was written, Prohashing paid 103.83% of straight bitcoin mining – even after the pool’s fees were taken. Daniel Mohammed Akubo [ Reply ] I believe so much in future of crypto currency,but I actually want to invest with one of best ten miners but I don’t know how to go about it.pls I need a help, so I can benefit as one of the investors.Thanks Individuals, businesses, developers: learn from our simple Bitcoin guides. How Bitcoin works, what is Bitcoin, what is blockchain, how to buy Bitcoin, what is Bitcoin mining and more. an example of a seed phrase from an Electrum wallet. Additionally, an HD wallet can create many Bitcoin addresses from the same seed, so you don’t have just one Bitcoin address. All the transactions sent to addresses created by the same seed will be part of the same wallet. If you want to sell cryptocurrency on an exchange – let’s say Bitcoin for the purposes of this example – you’ll need to follow these steps: Log into your account and find the BTC wallet address. Use this address to transfer the BTC you want to trade from an external wallet. Navigate to the “Exchange” or “Trading” page. The Bitcoin.com mining pool has the lowest share reject rate (0.15%) we've ever seen. Other pools have over 0.30% rejected shares. Furthermore, the Bitcoin.com pool has a super responsive and reliable support team. 4. Buy Bitcoins using PayPal & WirexApp: Wirexapp is one of the best ways for anyone who is looking to buy Bitcoins using PayPal on a consistent basis.This method would take 1-2 days for the first time & after that, it’s all instant. Just follow the steps mentioned in this tutorial & then you will be able to use your PayPal funds to Buy Bitcoins. Also, its far from perfect. For example, I cashed out $650 worth of btc a couple weeks ago. After transferring the btc to my wallet, then to shakepay/fees etc etc I received $592 CAD. So bitcoin is convenient - I took my payout at 2AM and it was available as CAD in less than an hour the cost was steep. This has to improve. I’ll look at these in a bit more detail and then I’ll get onto exactly how to mine Bitcoins!. Pool Mining. Bitcoin mining as part of a larger pool of miners is the easiest, fastest, and most reliable way to make sure your Bitcoin mining operation is profitable.You join forces with other miners to share the rewards. A Bitcoin wallet is as simple as a single pairing of a Bitcoin address with its corresponding Bitcoin private key. Such a wallet has been generated for you in your web browser and is displayed above. To safeguard this wallet you must print or otherwise record the Bitcoin address and private key. It is important to make a backup copy of the private key and store it in a safe location. Bitcoin also has other advanced address types. P2SH addresses, for example, allow for multi-signature transactions. Similarly, other altcoins also employ the identical SHA-26, ECDSA, SHA-256 and RIPEMD160 protocols in order to generate addresses. For the purposes of understanding an blockchain address, while techies might squeal if one dares compare one system to another, the principle remains ...
If you want to someone to send you money to your Bitcoin account, Give them this address. you may donate to our network via Bitcoin as well :) Bitcoin addres... [Example Image](https: ... click the Deposit link to get your Ethereum wallet deposit address. Here you can send your Ethereum from **Coinbase** to **Binance**. Then once you have recieved your ... My Second Channel: https://www.youtube.com/channel/UCvXjP6h0_4CSBPVgHqfO-UA ----- Supp... All donations and tips go towards a fund for building spiritual healing centres in Canada. It's been a life goal of my family and I to create spiritual healing centres to re-establish communities ... Binance Announcement: Campaign with Bitcoin & Ethereum for all the fans - Binance GET BTC & ETH Binance US 4,503 watching Live now Things you can make from old, dead laptops - Duration: 19:03. Bitcoin Cloud Mining: Most Profitable Mining Contracts & Pools 2018. In this update, I review Hashflare, Genesis Mining & BitClub Network. I cover the most profitable cloud mining contracts by ... In this episode I'm going to talk about Binance building a crypto corridor to India. Want to support the Channel? Below you find my donation addresses and affiliate links - thanks for the support ... 8.Oct 2015, Since 2009 when Bitcoin started the crypto currency phenomenon, we have become fascinated by the concept of digital money and how it can have int... #Bitcoin $1,000,000? A thought provoking overview. Check out our partner page at: https://thelocalforum.com/ Here you can find free stuff & free samples that... Check out Unstoppable Domains! Blockchain based domains that protect you and your content! PLUS, can be used as your cryptocurrency wallet addresses! https:/...