A Crypto User Sent $50k to a Smart Contract. It's Gone Forever
decrypt.co" Some activities superficially familiar to you are merely stupid and should be avoided for your safety, [..] These include: giving your bank account details to the son of the Nigerian Minister of Finance; buying title to bridges [..] and entering into financial contracts with entities running Economics 2.0 or higher. "
- Accelerando by Charles Stross
It's not 50k (more like $50), but I have a similar story with Stellar.
I was one of the (thousands of?) people who Keybase/Stellar/mysterious parties decided to gift some of their tokens to. I tried to transfer them to a provider with my bank information, and immediately flushed them into /dev/null because I didn't understand the separate sequences of numbers that I was supposed to provide.
I wasn't exactly upset, but it really solidified my opinion of the entire space: as an end user, my single greatest interest is the fidelity of the transactions that I take part in. Tack onto that the constant whirlwind of technical compromises that lack legal recourse, and my feelings of confidence approach zero.
That's a different situation. Those Stellar tokens didn't go into /dev/null. They went into the hands of Coinbase, they're just not crediting you. It's not that they can't do anything about it, they just aren't.
Correct. To be specific, instead of providing a unique address per deposit, Coinbase instead provides one address, and identifies individual deposits to that address using a Stellar "memo." The same issue is present with Ripple.
This isn't a problem with Stellar itself, but more how Coinbase decides to approach the issue. But Stellar does require a 0.5 XLM commitment to "open" an account on-chain, which is probably what holds Coinbase back.
Otherwise, Stellar is a very reliable and focused chain, and has a stable fee market (which means a lot these days!).
I don’t know whether that’s better or worse, but I dislike it roughly as much. No other financial institution in the world can “just not” anything without me having some recourse.
That's a pain. If you might still be willing to give the _entire_ entire space a try, it's getting easier to participate with services like Coinbase and e.g. XLM-USD trading, which is different from holding XLM. (Is that a cup with handle on the 1D?) Or trading crypto-related stocks, even.
That's just gambling with extra steps.
Everything looks like gambling if you squint hard enough. Always use a risk management framework, and then you can squint at everything again and see investments.
> It's not 50k (more like $50)
Uh? LINK is currently at $13.65 [1]. x 4,005 tokens = $54,668
EDIT: I misread; parent was speaking of their own loss of $50, not correcting the original article's accuracy.
The $50 refers to their own story not the one mentioned in the article
From the bottom:
> Still, user mistakes keep occurring with unenviable regularity. In late October, someone sent 28,050 AAVE tokens—worth around $1.1 million at the time—to the wrong address, which resulted in the irreversible loss of their funds. It’s a scary world out there.
Incredible.
There is a portion of my brain that might never be able to comprehend digital currency with real money. It’s possible I’m not incapable of understanding it.
All I’ve ever heard are exchanges that are so grossly incompetent that I would never even think about engaging with. Months of waiting for verification that never happens. Waiting for transfers that never happen.
Uploading passports and drivers licenses to an exchange, and bank account information, to only think that 6 months from now there will be a breach and all my information is downloaded by criminals. It’s a full stop to not even consider proceeding.
I would love to know how someone can convert Bitcoin or other digital currency to millions of USD that are capable of hitting a bank account, that can be spent at the local grocery store.
I watched as Bitcoin became a thing and never even considered touching it because I didn’t even remotely wanted to be associated with criminals using it for drugs and other illegal stuff.
Anyways, digital currency is just so bizarre to me.
Why don't these tech support the oldest trick every financial companies have been doing?
They send a cent and see if the recipient received it or not. If the money went through and is secured, then send the rest. Simply by doing this, you could avoid almost all incidents like these.
I fairly regularly do that. It's easy to get complacent and as the average fee increases it becomes a higher and higher incentive to just send the amount.
People do do that. There's millions of transactions that go through for every one disaster like this.
On decentralized exchanges, a single ERC-20 coin transaction can sometimes be as expensive as $50+ in gas fees and take 15-30 minutes to confirm. Sending a test transaction of $1 is not always feasible.
Decentralized exchanges like Uniswap?
I do this for every new address that I send to.
Transactions are often slow and expensive.
Each transaction takes minutes to complete, and costs an absurd amount of money.
I'm never trusting software for two things:
1. Voting
2. Irreversible transactions
Don't be naive - the transaction is definitely reversible. It's just that enough Important people need to agree it is reversible. If it was an Important person who lost money, or the loss was big enough to be bad PR, they would hard fork the chain and pretend like the transaction never happened.
No it's irreversible. Ethereum had one hard fork in its history (the DAO hack of 2016) and it was contentious and caused a split in the community. It can't be done Willy nilly.
Wallets should do more to prevent these types of sends from occuring, providing warnings. But you should also never ever send $50K without a test transaction of some token amount first.
(2) the transactions are irreversible, and the software is clearly doing that well.
The problem is people don't actually want irreversible transactions, they've just been told that they do.
Yes, they do. That is a feature, not a bug. It gives digital transactions the same properties as cash. When you hand over $50K in cash to someone, you better make sure you trust that someone. When you send $50K in crypto to an address, you better make sure you trust that address. People have to learn new habits and precautions with crypto. With great power comes great responsibility.
Maybe the UI for wallets should do more to defend against erroneous sends, or warn the user to make a test transaction before sending large amounts? A lot more can be done with UX.
No, people want reversible transactions.
They want transactions where they pay someone, and that person doesn't send the goods they can reverse the charge.
They want to be able to correct erroneous or fraudulent transfers.
These are all things that the normal financial system does well, and crypto systems absolutely cannot.
You cannot force someone to return a crypto currency transfer. No matter what the case: error, fraud, or theft. Even the latter is feasible within the regular financial system.
When you hand someone cash you can get the cash back. You know the person you can chase them down.
No, you can't necessarily get it back. It's like sending cash internationally, but you sent it to the wrong address and now you don't know who the fuck has it.
If you mis-address cash sent internationally it does get held for reversal. That's why international wires require so many details.
A wire is not "cash." Cash, in this conversation, refers to paper and metal transfered physically.
I suppose I'll be downvoted for this but my unpopular opinion is that I feel like the voting problem is solvable with some combination of decentralized and cryptographic tech. It's just that the people who can solve it don't want to solve it.
The thing about voting is that for the public to trust voting, it needs to be something a general member of the public can understand.
That is why paper balloting is such a durable voting mechanism. Pretty well anyone can understand how you would take a stack of paper ballots and decide who got the most votes. From there you just need to maintain a chain of custody where all ballots are monitored by any interested parties from the time they are cast to the time they are counted.
The more technical you get with your voting solutions, the less overall trust the public will have in the final vote counts.
I understand the argument here, but to play devil's advocate...
In the 2020 presidential election, tens of millions of people had trouble understanding how paper ballots worked. I'm not sure the argument about public trust is that durable or cogent at this point.
Most of the arguments I saw were about the chain of custody being broken and allegations that ballots were tampered with at that point. That is different from not understanding how a paper ballot works.
Most people who claim that there was fraud in the election focus on the voting machines — that they were programmed to "flip" votes, there were servers in Germany, or they had some linearly "weighted" mode which was allegedly turned on. They claim that "the algorithm" caused the election to be stolen from Trump.
If we created a cryptographic voting system with homomorphic encryption to preserve privacy, they would be claiming the exact same thing — except in that case, you wouldn't be able to recount the ballots by hand.
I think paper + blockchain. Paper ballot with anti-counterfeit tech (maybe fingerprint requirement as well for uniqueness check), scanned with an image recorded on blockchain (or hash of image stored on chain), then I think ballot images should be publicly viewable (with personal info redacted) so anyone can audit.
Its an active research area, there are proposals like helios https://en.m.wikipedia.org/wiki/Helios_Voting which check some of the boxes but aren't perfect . I'm sure cryptographers would love to come up with a fully scalable, trustless, verifiable, anonomous, coercion resistant system. But that's a hard set of properties to satisfy especially if nothing is in the physical world.
If you allow physical voting places, then just make a machine that gives a paper recipt and do risk limiting audits. Problem solved.
No, scan the full paper ballots with personal info redacted and make them publicly accessible so anyone can count the result.
So you don't trust the machines to scan the ballots to count them, but you do trust them enough to scan the ballots so that the public can count them? If the machine is compromised the scanning step will be compromised.
Personally i think risk limiting audits of the original physical documents is a much more secure system.
I mean, it's been already solved with a decentralized, low-cost, secure technology. It's called paper, and it has this wonderful security property that the amount of work needed to subvert the result is proportional to the number of votes you need to change, whatever you do.
Many people have tried to solve it in the past and all of the attempts ended in failure. It appears that it is non-trivial to have both secret voting and at the same time make it possible for the voters to prove that the election was not rigged.
I'm not sure it is solvable. Voting has to satisfy two requirements:
1) Votes must be private and anonymous (i.e. not linked to your identity)
2) Voting must be secure
It's easy to satisfy either one of these requirements, but currently impossible to satisfy both.
Pieces of paper in big boxes work pretty well, especially when they are enclosed in a sealed envelope with return address information for verification in case of fraud accusations.
Having the return address information on voting envelopes is a simple way to destroy deniability. Now you can prove who voted X if you have access to the envelopes.
I would argue that the paper voting doesn't satisfy both conditions either. And while putting a paper in a box is vividly understandable to the average voter, whatever happens to the vote after that point isn't, as evident by the number of people believing that a Texas lawsuit may overturn Michigan election results.
That's because there's video evidence of Fulton County Georgia poll workers clearing out all poll watchers on the basis of a bullshit pipe leak story and then as soon as everyone left they brought out suitcases of ballots and started scanning them in. There's 1000 affidavits of egregious election fraud and abuse in this election. The Supreme Court's refusal to even hear Texas's case is outrageous.
Define 'secure'?
Seems fairly obvious and self explanatory to me.
A secure vote is one that has a result that cannot be altered once it has been cast.
I like that one of the recommended solutions is to use named addresses instead of wallet hashes.
DNS and domains instead of IP addresses
That is a non-solution. DNS spoofing is notorious, and it's same for any "meaningful" names. If there isn't a checksum it's actually harder to detect a typo, human brain tends to autocorrect it. Domains also rely on trusted third party and are stolen all the time.
DNS(/namecoin) and domains instead of tor addresses rather.
A donation to everyone, deflation
"welp, fck this, I'm not doing crypto anytime soon" - most people who are technically competent but not experts, including myself