How on earth is it possible they can cover a 1.5B loss? Are they really sitting on that much profit, or is the goal to ponzi it out from here, MtGox style?
How on earth is it possible they can cover a 1.5B loss?
Easy! They give Binance an IOU in exchange for 1.5 billion BUSD which is just "minted" out of fresh new electrons. Neither of them has really lost anything. Everyone can carry on as if it never happened.
In the bizarro world of crypto, this is business as usual.
They didn't regulate the crypto industry. They told everyone to stop and then refused to provide regulations or guidance on acceptable behavior despite continual begging by coinbase et. al. to be allowed to cooperate.
I never said that it should be unregulated, just that the sanction applied to BUSD had a political motive. Of course stablecoins are not securities, just like a 20$ note isn't a security.
How it it different from what banks do? (Except for a central regulator.)
Your exception is the answer.
Only the central regulator can "mint" money and doing so has real world consequences. The central regulator has financial incentives to limit this sort of activity.
The bizarro world of crypto has no such regulation and as a result, it is inherently unstable.
The proof of this is right in front of you --- it is the fact that "stable coins" exist. The only way to bring stability to the bizarro world of crypto is by tying it to "fiat" --- which is the very thing crypto is supposedly working to eliminate.
I sure hope we don't end up in the same place where the monetary system is only being held up by the fact that there is more debt than money creating an endless competition for the limited quantity of money that exists in order to pay off ever-increasing debts and expenses with a currency that is continually debased throughout the process.
They are being loaned ETH to cover withdrawals and prevent what would amount to a bank run, not stablecoins. This entire comment chain is stupid and pointless.
Banks don't print money for each other, and if they get money for free it's backstopped by the government and hence all of us. Crypto wants this single aspect but none of the central regulation.
Both systems stink for those at the end of the chain, i.e. us; you can decide which one is worse.
Because while banks hold duration, the net value of their current assets, future asset streams, and equity is above zero. Indeed the core focus of the business and regulatory side is ensuring this is so.
The central regulator caveat is also a huge caveat to brush aside. During the last round of systemic stress, the banking system essentially got a guarantee that all uninsured deposits would be protected, and banks were allowed to post their collateral for liquidity at terms that no other business has access to.
What OP is referencing is the oft-seen practice in the crypto space where failed entities fill an asset hole with propped up tokens, essentially transforming their paper loss on the balance sheet into liquidity risk that doesn't show as readily.
The important point here is that in the latter case, the entity may be fully insolvent, even after accounting for future cashflows on loans. When it comes to banks, even the left tail cases like SVB, their "problem assets" are things like long term treasuries, which are way down the risk curve when compared to the ponzi-tokenonics style "stablecoins" that we've seen unwind over the past few years.
I often read this sort of comment from crypto-defenders, but is it what banks do?
I’m relatively naive about these things, but my impression is that a bank losing this proportion of their assets can’t just ‘pretend’ they have the money, or create ‘new’ money.
That's one model/theory for how modern money creation works.
Another is modern monetary theory (MMT), and in that, commercial banks are indeed the primary creators of money, with the central bank playing a technically more passive role.
Still, in either model of money creation (i.e. classical "money multiplier" and MMT), governmental regulators (which can be the central bank or others) do ultimately control the rate of money creation via various mechanisms.
not exactly true - Binance is indeed "printing money", just with no centralized regulation. When the Feds do it the expectation is that they are aware of the long-term impacts of doing so, and include in their calculation. For crypto it's the opposite: do it before you erode trust & goodwill to the point where it's no longer valuable. I see it more like it is very different than printing money in a economy that's perceived as stable and quite similar to printing money in one where the people have no faith in the value of sovereign currency. So the crypo-promoters are right about the use-case in certain jurisdictions, but the problem is that's not where the wealth is, so they target rich economies that tend to have stable government currencies & established banking, and do not need crypto for legitimate tasks.
I doubt they can because they peg it to USD, do you think they can pay aws bill with busd??? maybe you can but people with busd would convert it to usd at some point
Bybit trading volume is in tens billions of dollars daily. Their comission rate for the retail traders is up to 10bp (0.1%). Even considering a huge part of that volume is coming from institutional players who enjoy significantly reduced commission rates, I think they're surely making few million dollars daily on comissions alone, maybe tens of millions in a good day. And besides comissions, they also have other sources of profit, like staking, crediting customers, and forced liquidations.
Being a crypto exchange in current market is very profitable. If the crypto itself does not collapse, I think it's totally possible for them to repay that sum in a year or less.
I'm nowhere near expert on any of the things below, but:
My gut tells me if an exchange makes as much money as you suggest, people involved in that exchange are making even more profit from the said exchange, otherwise they wouldn't engage. The whole thing being literally money out of thin air, it feels like a huge bubble that should inevitably burst bringing down _ a lot _ of collaterals with it.
You might be interested in reading Warren Buffett's reasoning for not investing in crypto. Basically he says crypto produces no goods, products or services, and it's only value comes from finding a "bigger fool" to pay a higher price than you did for it.
It's value is from speculation assuming future speculation will assume more future speculation
It's easy to agree with this position if you deliberately ignore that the "service" crypto provides is a decentralized, censorship-resistent, self-contained, global system of finance that is designed specifically for the modern internet age and which does not need to be under the control of any particular nation-state or company in order to function.
Otherwise, it is clear where the value comes from.
Note that Coinbase (like most exchanges) charges retail clients outrageously high fees (orders of magnitude more than you would pay at a competitive FX or equity broker), but institutional and whales that trade a lot very small fees.
Yet another way crypto moves money from poor suckers to insiders.
Yeah, as a layman this MSTR explainer was an "aha" moment for me:
No, what is likely happening with all the convertible bond issues is that MicroStrategy prices the bonds in a manner to attract market neutral hedge fonds, meaning arbitrageurs. Saylor has briefly mentioned these firms, as opposed to firms seeking actual Bitcoin exposure. For issue after issue, they can be spotted as the largest bond holders by anyone with a Bloomberg terminal. By buying the bonds, even when conversion price is at a large premium, and by simultaneously shorting the shares, these arbitrage funds can lock in close to risk-free profits. Due to the convex nature of the value of the convertible bonds, the hedge funds attempt to profit no matter whether MicroStrategy shares rise or decline
Like, a broker profiting off PFOF in the stock market makes sense because there's an underlying asset generating real cashflow that people are buying into. But where is the money in crypto actually coming from? You have to pay miners, brokers, rugpulls/thefts/etc and there's barely any cashflow from the underlying assets (dApps?). But if it really is ~just a casino, with retail gamblers as the only real source of cash, it can still be profitable for smart money to pour billions in and use their PhDs to trade the vol. It goes up, it goes down, overall retail is bleeding huge amounts of cash on a sort of 5 dimensional pyramid scheme but enough gamblers go viral winning the slots/blackjack that the casino doesn't run out of customers.
Can this continue indefinitely? Maybe / probably? Seems similar to sports betting, Polymarket, retail now ~70% of options trading. The west and especially America becoming a gambling culture. The "bubble" may burst and reinflate over and over.
> Due to the convex nature of the value of the convertible bonds, the hedge funds attempt to profit no matter whether MicroStrategy shares rise or decline.
This sounds exactly like the rationale for the box spreads incident on WSB a couple years ago.
Hyperliquid, a decentralized perp exchange, is a good proxy for ByBit’s revenues. On an average, Hyperliquid does between 800k-1M in revenue per day. ByBit is substantially bigger and easily does 50-100M in monthly revenue
> Even considering a huge part of that volume is coming from institutional players who enjoy significantly reduced commission rates...
But the volume is huge. Even if we take the best publicly shared MM rates from Bybit (which is 1.5bp taker commission, 0.5bp maker rebate), and assume the whole volume is traded with these rates, it is still 1bp from 40B dollars, which is 4M dollars daily.
These exchanges make an absurd amount of money. That amount of money is basically a decent quarter for Coinbase in fee revenue, and Bybit is smaller but it isn't that much smaller.
It sucks if you're Bybit, but they're going to have plenty of lenders happy to provide them liquidity while they make it all back.
I can understand why some FTX creditors are pissed that the exchange didn't start back up under new management. They would have actually been made whole, unlike the current situation where they're getting "repaid" but pegged to November 2022 valuations (i.e. the absolute bottom of the crypto bear market).
Bybit is one of the most used crypto exchanges and does >100M$ of revenue per month, growing fast.
If this isn't enough, I'm sure that every crypto VC would line up to buy a single digit % of their equity to cover up the hole. Crypto hosts the most profitable businesses in the world.
> Crypto hosts the most profitable businesses in the world.
Well, because the retail clients expect to get rich and don't mind paying 1% or so fees per exchange.
Similarly, the BTC future basis (the difference between the spot price and future price) on many exchanges around 10 to 5 years ago was easily 80% p.a. which you could realize by buying Bitcoin and selling the future. What happened there is that people going long Bitcoin with leverage essentially borrowed the money giving them that leverage at usurious rates (this implied rate is not usually displayed and thus invisible to your average retail client, but definitely very visible to the finance professionals moonlighting in crypto (such as Jane Street, Jump trading, and many others)).
You pay 1% on Coinbase because they are a quasi monopoly due to regulation. Offshore exchanges take less than 0.1% usually.
The neutral rate for perps is 10%, which is lower than the credit card borrowing rate in the USA. And nothing prevents retail investors to earn it by shorting while holding spot.
Last, Tether is crypto's most profitable business, and likely the world's most profitable if you account on $ of profit per employee, and is not an exchange.
Tether is an absolutely remarkable business, indeed. Basically an unregulated bank that pays no interest and follows no KYC/AML/ABC/CTF rules (because they just deal with wholesale, and then the Tethers are transacted on some permissionless "who, me?" blockchain).
Remarkable dereliction of responsibility. I don't understand why we let them get away with it.
Yes, that's the concept of crypto. Uncensorable transactions. USDT is used in many countries that have capital controls, shoddy banks, or simply no proper payment infrastructure. Stablecoins work on week ends and are settled instantly. It's a superior form of money compared to what your average bank proposes.
And of course that stablecoin providers conduct AML and KYC when you redeem/mint them. It's like complaining that the gold foundries don't control the secondary market for ingots and gold coins.
Presumably for the same reason the US let offshore banks get away with creating Eurodollars in the past: It's useful to maintain the status of the US dollar as the currency of global trade.
This utility has always been at odds with the (relatively recent in comparison to Eurodollars, as far as I understand) desire to and ability of the US government to use USD financial rails as a political tool via sanctions.
Yes, the profits are insane in that business. Binance was raided for a similar amount, and paid it out easily. Mtgox was raided for ₿650k ($60B in today's money), and plans to return ₿140k to traders. However, I believe most Mtgox investors are better off this way because they were forced to hold onto their investments; otherwise, they would have sold at around $1,000 or so.
This loss is more than 5% of their holdings.. To me that implies the supposed benefit of crypto is nonexistent. If an institution is making so much money off your crypto assets that they can return 5% of them, they are a bank doing whatever it was that was so evil.
yes, great jobs: "I used to have to GO to the casino to play slots, and even without the one arm bandits, had to physically push the button. Now I work from anywhere!"
> The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The wallet has sold around $200 million worth of stETH so far.
If you showed me a paragraph like this a decade ago and told me it was from 2025, I would have a difficult time believing you.
Crypto shenanigans were happening in 2015, even as far back as 2010, so I would have to absolutely believed you to hear that it continues happening, as crypto is a fundamentally unstable platform.
Mt. Gox (a former crypto exchange) was hacked in 2014 and the thieves stole nearly half a billion dollars in BTC. Considering how much more the currency is worth today and how much bigger the markets are, it seems like Bybit got off easy in terms of sheer volume.
It's a cold wallet which means it should never be connected to the internet, so not entirely online, but yes - these are the wild wild west times of the internet. Imagine how easy it was to go into a bank shoot some people and get out with money, and doing it like, daily? monthly? Today it's not possible.
What supposedly happened is that malware was installed on every multisig key signer's device and then the hacker showed them all a fake transaction that looked legit but actually changed the smart contract of the cold wallet to give him access.
It's definitely embarrassing that people losing their shirts in crypto didn't see it coming. It's bad that people think a zero sum game is worth playing against incumbents. The marks aren't the worst part, though. Everyone promoting memecoins and utility-free cryptocurrency in general is either ignorant or just a bad person with a warped idea of success. Personal money accumulation is a sad goal compared to actual wealth creation. The parasites who push crypto on the hopeful proto-bag holders are destroying the prosperity that supports them.
Yeah on memecoins isn’t that just a loophole for running naked pyramid schemes? I.e. a pyramid where everyone knows it’s a pyramid.
Like the weird part about a pyramid is that depending on your risk tolerance it may actually make sense to participate in a pyramid even if everyone involved knows it’s a pyramid. So are that many people being scammed as in tricked (seems hard to believe), or is it just a risky form of gambling that is outlawed in legacy formats.
I've never purchased crypto or had any involvement but acquaintances I know have used that exact argument. They know it's a pyramid but believe they can get ahead because they were in early enough.
They are usually a lot more vague when I ask about their realized gains.
I have many friends who started from really humble beginnings ~5 years ago (or instance, a typical small business like "an e-shop selling bullshit Chinese gizmos online making 20k per month"), and are now uber rich in crypto. Like, hundreds of millions in net worth and spending 200-400k per month. And yes, they don't invest their money anywhere except new and new crypto projects themselves, just because they don't know anything that gives near similar returns. Not one-off success, but 5-10 or more different avenues of making money there (but certainly none of them was about "trading coins" or passively investing in them).
Just to be clear I'm not saying that my aquaintences didn't make money. Just that they are vague.
But ultimately if you have friends making hundreds of millions of dollars and there is enough of them then that essentially proves there will be many more losers than winners.
I personally don't partake for the same reason I didn't partake in Amway in college. It's functionally a pyramid scam and on a personal level a boring way to make a living.
How do you know it’s boring? The guy above clearly has some bright ideas about it.
It’s on par with inventing an axe and now living in a forest god mode. Is that boring, or is that……… why I’m even asking, an ability to spend $e5/mo covers allmost all personal interests in the world.
During the previous wave of crypto, there were all sorts of ambitious if doomed plans to do interesting things with blockchains. Even Bitcoin was originally supposed to be a means of exchange, not an "investment".
Now we don't even pretend that $DOGE/$TRUMP/whatever has any utility aside from speculation.
As far as I know the only difference between these so-called memecoins and 'reputable' cryptocoins is that the former have a funny name. Other than that they're essentially the same product.
Bitcoin, ETH, and Monero all have utility in one way or another. Bitcoin is accepted by most black markets (and Monero is even better for privacy). And software is built on top of the ETH chain. No one is buying stuff using DOGE or Trump coin. There's a clear difference between memecoins and legitimate cryptocurrencies whether you like them or not.
The question is: what makes a cryptocoin legitimate, in your opinion, considering that 'ilegitimate' memecoins are usually just a copy-paste version of a supposedly 'legitimate' cryptocoin?
A “musked” transaction consists of payload obfuscation and spoofing, more often than not malicious actors create a genuine looking UI with legit transaction details, while being malicious underneath.
It’s basically phishing at a transaction signing level.
I only found the term a few weeks ago and thought I was the one left out, sorry for not defining it earlier.
"Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
From the article. Not that I endorse crypto, in fact I despise it. But at least per this statement, it seems to have been handled offline. How a hacker could get access to this is another story to unpack.
edit: I guess this is the story that "unpacks". One more reason to not believe in crypto.
By "online wallet" they were likely referring to the Bybit website being the wallet of those customers that held their coins there rather than keeping them in their own private wallets, and not whether the hack involved a hot wallet or a cold wallet. Calling it a custodial wallet would have been more accurate.
There's some info and speculation in these two (distinct) articles, but I'd love to know technical details of where the gaffs were.
eg. Was client software compromised? Did the multisig keyholders succumb to social engineering? Were the signers using airgapped machines / hardware devices?
"Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address."
Unfortunately most hardware wallets can't interpret EVM smart contract transactions and asks you to sign a big binary blob that is supposed to match what you see on your computer screen (it's literally called blind signing). He said in the tweet and later on a live stream that they verified that the URL was correct, and there were several signers in different locations on different machines.
Logically the UI must have been manipulated for all of them, which I can think of a few different ways to do:
- The signing link was replaced somehow over whatever medium they sent it to each other, pointing to something that either looks like the original UI (perhaps IDN homograph domain) or is the actual site if it has some weakness that allows script injection to manipulate the page
- The server side was exploited to serve a manipulated page
- Client side malware that injects something in the browser to manipulate the page
- Some kind of network/DNS attack combined with mis-issued TLS certificate (or injected CA)
It points to some level of sophistication and long-term observation of their internal systems to know what the process looks like and devising an attack.
Will be interesting to read when/if they release a full analysis.
> According to crypto security firm Groom Lake, a Safe multisig wallet was deployed on Ethereum in 2019 and on the Base layer-2 in 2024 with identical transaction hashes. Ethereum’s alphanumeric transaction hashes are 64 characters long, so deploying the same smart contract transaction hash twice should be mathematically impossible.
> The same transaction hash appearing on both Ethereum and Base indicates an attacker could have found a way to make a single transaction valid on more than one network or could be reusing crypto wallet signatures or transaction data across networks, pseudonymous Groom Lake researcher Apollo said.
Oh, when I read this yesterday I assumed "musked" was a clever play on the idea that someone is tricked into agreeing to things against their interests.
A huge problem with signing EVM transactions using hardware wallets is that is common to be blind signing messages. The device has no knowledge of the SAFE EVM contract functions or any other context, it just asks you to sign an gobblygook opaque binary message so you may have no idea what's being signed, is my experience using multiple different vendor HW wallets. Not sure if that's what happened, but possible this type of problem contributed to the exploit. BTC TXs are simple enough that all HW wallets can basically display what's happening, but with turing-complete arbitrary computations in EVM this becomes very difficult.
In almost all cases EVM smart contract interaction looks like a function call which can be easily decoded into JSON if you know ABI.
HW wallet doesn't need to understand the contract logic, it just needs ABI, which is generally a simpler task. Also it can show the name of function you're calling as selector is a hash of a name.
Safe is a bit more complex as it also wraps it in EIP-712 message, but that can also be decoded in a systematic way.
Yes, each opcode has a gas cost. Some are quite expensive, like writing storage (changing network state). Each block has a target gas limit. Say 30 million. A single transaction cannot exceed that. Additionally, a transaction specifies a bid on how much they are willing to spend, in ether, per gas. That said, transferring funds does not typically require significant gas.
But the space of their effects on the Blockchain state is vast. You need software to translate those effects to a form human can interpret as "what I want"/"not what I want".
Ie. engineering work needs to happen in the UI they used to confirm the tx
What you suggest is possible (evaluate the side effects of the transaction and present that information to the prospective signer). But at present they don't do that. I'm not sure about this specific case but often it's just a supplied text string (that can say anything) that's displayed. Basically the system depends on trust in whatever came up with the transaction payload.
https://x.com/tayvano_/status/1847877011462901915
This thread has some info about very similar past attacks, should give some insights into the level of sophistication that goes into something like that.
Society has devolved a bit when not long ago a heist like this would involve sieging Nakatomi Plaza, now it takes just finding a bug in someone's defective Python codes.
It has been this way since the dawn of electronic banking. I once had complete access to all digital wallets for the Seattle metro, which I gained by looking at two cards and noticing the numbers were incrementing. Even with all of the flaws of electronic transactions, it's still better than walking to the bank and hoping a check won't bounce.
You don't even have to break into a wierd high-tech vault to get an unreasonably slow (or fast) billion-dollar progress bar with a snazzy custom UI toolkit these days. Not sure if technology or inflation is most to blame!
yes, this part won't play well in the movie: it takes just as long to transfer a billion as a dollar; the progress bar won't allow any time to build suspense... will they finish in time? cuts between parallel timelines...
not related to the current western market, but countries like Romania pre EU had a huge surplus of soviet-educated young people and no jobs. This definitely increased their involvement with "informal" economies for some time.
It was the basis of the plot of the first Jurassic Park movie. All shenanigans started because Dennis Nedry, the parc IT manager, disabled some security system at a bad time so he could sell some company secrets to concurrents.
There are interesting character analysis to do between the book and the movie version, where the book version or Dennis Nedry is way more sympathetic (even if flawed), he's a extremely talented IT guy who was undersold the amount of work to do in the park, kinda stuck doing unpaid overwork in a remote island and generally been fleeced by a way more villainous book John Hammond.
A crypto exchange WazirX was hacked for ~$300M, roughly 50% of the users fund gone.
There is no action on the CEO since the hack in July 2024. He sits in Dubai. He just got a nod from Supreme Court of SG to just average out the funds and distribute it among the users.
No action has been initiated against the company/ceo for losing the fund. He is geared up to launch another company/exchange.
It’s not money though. It’s property at best. It doesn’t get held to the same standards.
CryptoBros are all about “no laws, do whatever” right up until the, inevitable, point at which /they/ are getting swindled and then they want to cry foul and run to the authorities.
It’s just like the whole DAO situation which showed “Crypto is immutable and we want to live and die by the code unless of course someone finds a flaw in the code and steals our money, then we will roll back the immutable chain to recover it” what a farce.
I'm a huge crypto believer but I can admit that we don't have a serious system if a person can just transfer over $1.5B from a well known crypto cold wallet to different accounts with nothing flagging it and no way to reverse it.
In the face of the never-ending list of these kinds of events, the laughably impossible task of average nontechnical individuals protecting their own assets (and the consequence of total financial ruin when they fail to do so), the overwhelming number of and size of scams, rug pulls, fraud, outright Ponzi schemes, and on and on and on… what exactly is left to keep anyone a “huge believer”?
Put differently, it’s been seventeen years of constant and escalating mayhem. What would finally be enough to shake your faith?
> what exactly is left to keep anyone a “huge believer”?
I don't really engage in the ponzibucks part and don't touch exchanges except to on and off-ramp, and use crypto to pay for things like hosting, seedboxes, or other services I might not necessarily want my debit card directly attached to.
I like sending vendors $100 and spending $0.00005 in transaction fees and knowing that they'll get $100 (or $99 with some 3rd party integration like Coinbase Commerce) versus spending $100, of which Stripe gets $5 of and the vendor only sees ~$95 if I don't feel like I need the protections of a card, which is frequent but not all the time.
Crypto fits a niche in my life well, despite the wider crypto world having dumb controversies. Just like my HSBC bank account fits a niche well, despite HSBC's wikipedia page being ~50% controversy section by word count.
Coinbase is 10,200x more than you stated ($0.51 to send $100) BUT that’s only if I send directly on Coinbase. Coinbase Commerce takes 1% so it would actually be 20,000x more than you listed.
Stripe is 64% of what you stated ($3.20), and that’s with no processing fee discounts like you can get with higher volume.
Now, obviously, $3.20 > $1 but it’s not apples to apples. You can claw back your money with a card for one. there are many cases where I would prefer to pay the extra $2.20.
Credit card interchange fees being ridiculously high is pretty much a US thing:
> In the United States, the fee averages approximately 2% of transaction value. In the EU, interchange fees are capped to 0.3% of the transaction for credit cards and to 0.2% for debit cards, while there is no cap for corporate cards.
Sensible regulation can make a big difference.
FWIW, I can pay bills by initiating a transfer both in HK and the EU instantaneously and for free.
Note also in your comparison of costs that most people still use fiat, and then pay the enormous fees of exchanges like Coinbase or Bybit that (for retail investors) are ridiculously high. So, a fiat-crypto-transfer-crypto-fiat round trip has another 2% or so on top (plus volatility).
It goes to rewards which go straight back to the consumer.
My main credit card gives me 2% back on all purchases. In cash. Zero annual fee. And it's a card anyone with a normal credit score can get. Nothing special about it.
It really only makes sense to compare interchange fees after subtracting the proportion of them that get paid back to consumers.
Sure, smart consumers can claw back some of that. But what you have then is merchants raising average prices, and consumers that use such credit cards being subsidized by those that don't.
Solana is the main chain I use for these transfers, and it’s 0.000005 SOL * $170/SOL = $0.00085 to transfer any amount of USDC. so I was a little off there. My apologies for a $0.0008 error.
By the way, I specifically mentioned Coinbase commerce takes about a dollar:
> $100 (or $99 with some 3rd party integration like Coinbase Commerce)
Stripe fees vary, but in a frequent case where a user is using an international card in a foreign currency it’ll very easily get close to 5%.
For me, yeah $2.2 is relatively immaterial. For a provider who’s doing $1MM in crypto transactions? Somehow I suspect that a few percentage points are quite meaningful, and I get the benefit of not having to explain what a seedbox is to my bank if they ever call me.
Again, crypto as a payment method is not for everything. But it’s quite nice to have the option.
> What would finally be enough to shake your faith?
Permanent and major market crashes is the only thing I can think of .
After the last crash a lot of fraud and incompetence got out because they couldn’t stay solvent, stuff like Celsius or FTX etc got exposed only because of the crash we had in 21/22.
It will take a few crashes, like that, until then scams or incompetence like this incident will not make people loose their money.
Few crashes, then most believers will loose their savings then the faith will shatter not until then.
Most people are after all investing in crypto because it goes up and not because they believe in decentralized currencies. As long as they hear how someone is making money on crypto they will keep believing no matter how many meme coins pull the rug, or exchanges fail or pig butchering or myriad of other scams come to light
> what exactly is left to keep anyone a “huge believer”?
Bias. I expect believers to have earned a profit or still hold significant quantities of crypto assets.
But in their favor, trust in any currency is the foundation of its value. States create it by collecting taxes and paying employees. Crypto currencies generally lack that heavy weight central authority, so they kind of have to believe to the point where they get burned.
The "oh but there's crime in fiat" argument holds no water.
Sure, HSBC facilitated money laundering and drug trafficking in Mexico. And when it came out, the fiat response was a huge outcry and putting a stop to it.
The crypto response is to say "screw the laws, let's go all in with money laundering and drug trafficking".
It's like noticing that kitchen knives are occasionally used for murder, and then concluding that it's a good idea to sell machine guns at every corner.
Fiat is indispensable, and (due to regulation) better for legitimate purposes than for crime.
Crypto is entirely dispensable, and (due to its inherent limitations (inefficient, slow, cumbersome)) better for crime than legitimate purposes.
Fiat currencies have collapsed in the past due to bad monetary policy (regulation is only good right?). Ask Argentinians how they feel about stablecoins after rapid inflation.
Alternative currencies offer competition and access. Why is that such a problem?
You like decentralized money without laws and accountability, but would like to have a central thing (TBD) that is accountable and respect laws? How would that work?
1. Upgrade protocol to include protections for well known cold wallets held by exchanges (ex: API call has to be made to the exchange's security endpoint to validate each transaction out of the wallet. Exchange staff would need to manually allowlist large transactions before they are transmitted).
2. Decentralized voting on reversal of transactions (90-95%+ vote needed to reverse to avoid 51% attacks)
> 2. Decentralized voting on reversal of transactions (90-95%+ vote needed to reverse to avoid 51% attacks)
Couldn't you technically just 'git checkout' a previous commit from before the fraudulent transaction occurred and pretend it never happened? Isn't the real problem that you'd have to convince a majority of users to do the same?
Right on. My bank calls me every time I send money out. And I'm talking like $50. I used to find it annoying, but now I'm blown away every financial system doesn't...
On the one hand, I understand banks attempting to protect customers and limit liability, on the other hand, frankly I have better things to do with my time than spend 30 minutes waiting in a phone queue because I had the audacity to go on holiday and attempt to spend $20 on ice cream.
Cold usually means it needs multiple physical people to sign from offline devices to move it. Hot wallet usually is automated. Here it looks like the «hackers» found a way to trick enough people to sign this transaction
It could still be cold. "took control of the specific ETH cold wallet" sounds like stealing the physical hardware. Like someone stealing the vault key, or the HDCP master key getting leaked.
They could have gotten the recovery phrase off some paper, then imported it wherever. More likely than guessing the pin on a ledger with a short number of tries before wiping.
There should be something like a "finalizing transaction", which both the sender and receiver need to sign after the first transaction has been mined, i.e. like an in-built escrow. If it's not signed by both, then funds are returned. This wouldn't protect against key leakage, but in this case, the tx was signed by accident. This would also protect against sending to wrong address.
There are cryptocurrencies in which transactions must be signed by both sender and receiver, such as those implementing the pure Mimblewimble protocol.
> Both the sender and receiver need to sign after the first transaction has been mined
That makes no sense; miners don't mine transactions unless they're guaranteed to be valid. All signing must be done before transactions are even published. Otherwise one could DoD-attack the network by having it forward tons of invalid transactions.
You’d mine the first transaction which is a nominal value but the rest of the transaction won’t get mined until that first transaction is signed by both parties indicating acceptance. You could even break it down into an arbitrarily multi-stage process where the next stage is exponentially larger more money (i.e. transfer $100, then transfer $1000, then $1000, etc). This would make the accident “hit a button and lose a B right away” much harder to pull off. Of course, in this case I don’t know that it would help as I believe the attacked party signed approval to change the contract itself.
Can someone even explain what Bybit is actually about? I searched around when the hack was announced, but I'm very confused. Mostly what I saw said "scam" on it.
This isn't your run-of-the-mill Coinbase style exchange, right?
It's the second largest crypto exchange by volume globally, behind Binance. Specialized in derivatives but they have lots of regular retail products that you might find at Coinbase. Basically like a bigger version of Coinbase from Asia.
I spent several years pointing out to my last employer that every former employee could have walked off with secrets that allowed them access to our backends. The were already slowly working on hardening write access but read access was still being worked on a couple months before I left, when I got to write about half of the last mile code for the user facing bits.
This is not a unique experience by any means. I’ve seen this sort of thing enough to pay attention when acquaintances bitch about it too.
Are these business-owned exchanges and managed wallets not fundamentally incompatible with making guarantees of security? Is anyone doing it the "right" way and what does the right way even look like?
I don't know the answer to that, I only have guesses.
But one mistake we make over and over is that we write code that just does its best to answer questions as quickly as possible. And when those questions show up 10x as quickly as they have any other time in our company history, they either just plug right along or maybe throw an error.
Someone shouldn't be able to empty a billion dollars out of an exchange in 10 minutes, unless they do $250B in daily traffic. And I suspect most of them can be, and in even less time than that.
> have a wallet, work at bybit
> understand backdoor
> steal money from your account, some from others
> bybit pays you back
> still have money you stole
The current deletion is for reasons that include lack of NCORP (Notability (organizations and companies)). And they back that in turn by saying that the sources are weak.
I understand on one side that they don’t want every company in the world to have a Wikipedia page. Because the point of Wikipedia is not to promote or legitimise every company in the world.
But you’d think that at the point where widely covered news of a hack leading to a loss of a billion dollars and a half, would be reason to have a Wikipedia article about it.
And instead they went and deleted the article today.
There’s probably additional editing of the page itself that you can dig into the history of if you want to see what happened during the past couple of days leading up to the page being deleted again.
For me, I’ll file this under Wikipedia Editors gonna Edit. They have all kinds of edit wars and page deletions going on all the time in the background that the rest of us mostly don’t even notice most of the time. And all over I’m still happy with Wikipedia for all of the information it has collected within.
It could be resurrected if there are multiple news stories making it notable for being hacked. It would have to be rewritten, though, to give it substantially different content.
They're basically saying "nah, that's spam". So when it was recreated yet again, of course it was speedily terminated with prejudice because it just looks like another spam attempt.
Not sure if there's a rule against covering news stories. Seems like we wouldn't want an article on every news event (I'm pretty sure there is a rule against that), but Crowdstrike got an article.
Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
"Control" has a specific meaning under UCC Article 12, which was ratified in 2022 and is slowly being adopted by U.S. states. It links some rights to control/possession of keys, even if a blockchain asset may have been stolen before being sold, https://www.clearygottlieb.com//news-and-insights/publicatio...
> Article 12 – dealing directly with the acquisition and disposition of interests (including security interests) in “controllable electronic records,” which would include Bitcoin, Ether, and a variety of other digital assets ... a good faith purchaser for value who obtains control (a “qualifying purchaser”) takes its interest free of conflicting property claims... Control under Article 12 is designed to be a technology-neutral functional equivalent of “possession.” It generally encompasses circumstances when a party has the “private key”
I think (I assume but could be wrong) in the average CEO X-tweet "control" likely only means 'control' nobody was reading through UCC Article 12 while drafting this message
As in: "The hacker gained access to" "The hacker took charge of" "The hacker assumed authority over"
It describes the legal status of stolen cryptocurrency changing after the first sale. This HN story is about stolen cryptocurrency. In particular:
> The wallet has sold around $200 million worth of stETH so far
If some of those sales took place within jurisdiction of a U.S. state that has ratified UCC Article 12, then the buyer of the stolen cryptocurrency is now the new legal owner.
.. “take free” regime introduced by the 2022 UCC Amendments for these assets. Under these rules, a person who acquires a CER for value, in good faith and without notice of any conflicting property claims, is deemed a “qualifying purchaser” and, as such, takes it free from any preexisting property claims.
The 2022 UCC Amendments draw heavily from the UCC Article 3 provisions for negotiable instruments, and these provisions have the effect of making CERs negotiable. It follows that if a secured creditor obtained a security interest in CER inventory and only perfected by filing, that creditor would be at risk of the debtor disposing of the collateral and transferring control to a qualifying purchaser that would take it free from any competing claim.
I think you're saying this is different to theft-of-car. A stolen car could be sold/bought a number of times, but any amount of years later the car belatedly identified as the one stolen from the rightful owner means it is returned. A fraudulently created title isn't enough to protect the bagholder from having to return the car.
It is important everyone is thinking real hard about how this is different from traditional theft: there is no way to actually prove the operators didn't just steal everything themselves vs actual real hack theft.
When even professional companies that have billions of dollars under management can't securely manage their crypto assets, how likely is it that individuals can?
Who says ByBit can cover the loss? The article title says that but the article quotes do not. The CEO only said that their other cold wallets are intact and that withdrawals remain normal.
Bybit claims to be regulated by the Virtual Assets Regulatory Authority of Dubai.[1]
But the lookup page at VARA says they only have "In-principle approval", not a full license. "Applicants holding an IPA are strictly prohibited from initiating operations, conducting any virtual asset activities, or servicing clients until they have obtained their full VASP licence from VARA."
I wouldn't be surprised if Bybit cuts a deal with the hacker to return the funds. There's no way that $1.46 billion of marked ETH can be liquidated and off-ramped to fiat.
Exchanges will blacklist the addresses that hold the hacked ETH. They won't be able to deposit, or if they can deposit, the ETH will be frozen by the exchange.
>Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
Have to wait for a post-mortem, but there was some speculation from Ben earlier in his spaces.
They used a gnosis safe which is a smart contract multi-sig wallet that is pretty much the gold standard for Ethereum.
They believed that all of the signers' pcs were hacked and that the UI for signing was staged with a fake element to make it appear like a normal transfer.
They were signing with hardware wallets, but it's hard to verify what you're signing from a ledger typically.
What they ended up signing instead was an upgrade to the smart contract giving control of the gnosis safe to the hacker who then drained it.
These are not hacks, just like Mtgox, Celsius, FTX etc etc etc were not hacks. These are crypto insiders supporting the stablecoin so they can print and set a floor on prices before/during potential mass sell off events.
My understand is that the original transaction was a small fraction of the total balance of ETH in the wallet. How then were they able to liquidate the entire ETH wallet?
The entirety of the cryptocurrency world is so obviously a "Chesterton's Fence" situation.
Every pseudo-intellectual thinks that the fiscal world is "too complicated" and they're going to "simplify" it by making some token, only for people to realize that the monetary world is just complicated, and they have to reinvent everything that already existed in the traditional banking system.
I had to do some work on an ACH system a couple years ago [1], and I read through a large chunk of the ACH standard, which was about 800 pages. It's easy to see and hear that and think "that's way too complicated, what could possibly be so hard about money transfers that necessitates an 700 page specification??", but as I read it and saw how many edge cases it took into account, it was easy to see why it got so huge. It turns out that dealing with money is just a really hard problem at scale.
I fell for the cryptocurrency hype of 2021, and I will fully acknowledge that that came out of a complete lack of understanding of how fiscal systems work. I wish everyone else would just grow up already.
[1] Usually disclaimer: not hard to find my work history, it's not hidden, but I ask that you do not post anything about it (or at least any proper nouns about it) here.
For what it’s worth, I’m a “crypto believer” and I have never considered ease of use to be one of its selling points.
What you are describing are the systems of power which create a stable financial system. That is, one where you can put a nickel into a bank account and expect it to be there in a year or a hundred years.
That indeed requires a complex web of power structures, because its top line goal is to be stable and dependable. And stability within a complex landscape requires an equally complex network of power.
Crypto provides the exact opposite value: it cannot be controlled, no matter how robust your power structure is. It can be insured, at a significant cost, but not controlled.
That means in the face of even totalitarian powers someone could still move crypto across any boundary that is permeable to information, which it turns out is a set that roughly approximates the set of all boundaries.
This is a terrible way to pay for candy bars, because candy bars are not worth insuring.
But what I think the crypto opponents miss is that there is a set of transactions—some criminal, some legal, some immoral, some righteous—which cannot be made in a state controlled financial systems.
And that these transactions are what gives crypto value as a currency.
To me, where I would like the debate to go is not “is crypto a scam?” but “how does society protect people from the violence facilitated by crypto?”
Yes, financial “violence”, which can be insured against, but also real violence: human trafficking, extortion, etc.
We anarchists sometimes like to pretend that without rulers we will be freed to care for each other. But in the shadow of a history of violence, there will be more violence too.
And the “crypto is a scam” argument I fear is a red herring that distracts from this, the real issue.
Power structures can absolutely control crypto. They can make it illegal - it won't eradicate it altogether (see: war on drugs), but it will severely decrease its influence. No one is bragging about investing their retirement savings into cocaine, and Paypal does not offer it to me either.
Or if government is smarter, they can slowly gain control over it. Allow trading traceable currencies via official channels, but with good KYC measures. Do not allow fully anonymous systems. Go after mixers. Prosecute exchanges which do not verify their customers. Once there are plenty of government-sanctioned exchanges in the country, there will be little incentive to create unsanctioned ones, and someone with coins that were marked "North Korean-originated" won't be able to spend them in the country.
> Crypto provides the exact opposite value: it cannot be controlled, no matter how robust your power structure is. It can be insured, at a significant cost, but not controlled.
This is such a naive claim parroted by crypto enthusiasts. Lots of criminal things can't be 'controlled' (e.g. stopping people murdering, stealing, etc.), but there are consequences if you do them.
Crypto could easily be controlled by laws or punitive taxes. KYC is a step in that direction. But still this claim keeps coming out. All they need to do is control the off-ramps.
It's like the one "but, but, there will only ever be a fixed amount of BTC, so it's valuable!". There will only ever be a fixed amount of my turds, but I don't see them up for auction. It also doesn't explain why BTC is the valuable one but not all the clones (spoiler: it's the brand name).
It's easier to just parrot some grifter's justifications than actually thinking for yourself I guess.
If you read the original bitcoin paper, it complains about bank centralization and “issues” with traditional finance for a not-insignificant amount of it, and presents cryptocurrency as a solution.
I will admit I used a bit of shorthand, but the paper is providing a “simple” solution to a “complex” problem.
When you decentralize finance like this what becomes okay to do according to system rules is exactly what is possible to do according to system rules. We don't have humans in that loop anymore to enforce moral judgments about what constitutes unlawful theft (except for 1 or 2 rare "hard-forks" of various blockchains to reverse devastating transactions).
I feel bad for people who lose large volumes of cryptocurrency to malicious actors in the same way I feel bad for people who lose large volumes of real money to a casino.
It is 2025 now and we all know that anyone who can somehow get your private-key to whatever blockchain backed assets you have "owns" those assets just as much as you do and they are permitted to take them under the rules of the system so whatever you do do not lose that key.
There is no higher arbiter of justice in this space so use it at your own risk.
Being doomed to spending millions of real dollars litigating to buy a trash dump full of used diapers and toxic waste, just to dig around in it looking for a hard disk drive for the rest of your life, seems to be a particularly satisfying Sisyphean form of justice.
In this case yes - everything went by the design and law of the underlying code. There was no exploited bug or vulnerability flaw besides human laziness here.
1) Their multi-signature wallet signing employees lazily clicked through in unison to approve a new smart contract without examining the contents to see if it was unusual.
2) Bad security architecture to keep too much in a single wallet that wasn't properly kept cold. There should have been a few fully cold wallets, that only rarely transact with mostly-cold intermediary "airlock" wallets which are also separated from the exchange operations and wallets. The signers also need to be different combinations of people for each of those wallets - preferably some of those signers being additionally liable 3rd party technical experts.
I see this quote repeated here often, but working in the industry I've never heard it said unironically by any of my peers or thought leaders in the space. Best I can tell it is a sort of lazy straw man repeated by skeptics. Does it have an origin?
I suppose so, however Ethereum Classic is a fork of Ethereum that failed. I don't think it's generally well regarded in the space. I doubt many of the newer entrants to the ecosystem have even heard of it.
This would be like finding a quote from some old poorly maintained Linux distribution and attributing quotes from the maintainers as being representative of all kernel developers.
Thanks for a good faith response. This is what makes this website excellent.
While I must admit that I have some anti-cryptocurrency biases, I am also not that familiar with the cryptocurrency world. I really appreciate you sharing your knowledge.
The original idea with crypto was that the "code" was so strong, it removed the need for physical banks, tellers, FDIC, law enforcement, etc. The theory was, we can have everything the banking system has, but cheaper, because the only way to steal money was to break the crypto itself, hence "code is law".
The industry cannot appeal to the protections of law enforcement, civil tort, and other features of the regulated banking system, without simultaneously undermining the "crypto" part. If you're going to summon authorities when hackers hack, you're no better off than if you just acted like any other bank and stored the client's balance in an excel sheet.
Maybe so, but please don't post unsubstantive / snarky / tropey comments here. It leads to generic / repetitive / nasty discussion, and we're hoping to avoid that here.
The genius behind crypto is that it's not just the extremely gullible. I know a fair number of really smart people, academics even, that have bought into the cryptocurrency hype.
It has this kind of veil of "high techness" to it that is appealing to smart-but-uninformed people (like me in 2021). I'm embarrassed that I fell for it, but on the bright side it does make me a bit more sympathetic for other people who also fell for it.
> The genius behind crypto is that it's not just the extremely gullible.
I don't know about you, but I barely follow cryptocurrency news, and I've still been hearing about major players getting "hacked" several times a year for over a decade.
Either it's Mt Gox or FTX or The DAO or Bitfinex or QuadrigaCX or Terra/Luna or rug-pull meme coins or dollar-backed coins that actually aren't or any of a dozen other things.
Anyone who isn't being extremely careful to avoid scams, given the constant drumbeat of reports about how you have to be extremely careful to avoid scams when dealing with cryptocurrency, is pretty gullible.
Ironically I think being more educated might sabotage you more with cryptocurrency.
My parents, both smart people but neither of which know much about distributed systems or concurrent computing or cryptocurrency, see the news reports about Mt Gox or BitConnect and think "that sounds like a scam", avoid it, and put money into a Vanguard or something.
On the other hand, you have people like me (and probably a not-insignificant percentage of people on HN), who have learned a fair amount of distributed and concurrent programming, and see the "neatness" factor of cryptocurrency, and since the crypto is laundered through interesting tech, we fall for it.
I haven't touched any cryptocurrency since I fell for the unregistered security calling itself Gemini Earn [1] (so almost three years now), but I did think that stuff like Filecoin was pretty cool. Hell, I'll still acknowledge the coolness factor of stuff like Filecoin and Storj and Sia. I just think that the currency itself is wishful-thinking-at-best, and fraudulent at worst (probably somewhere in between).
I don't think I'm an especially gullible person, but no one thinks that they're gullible, so I'll acknowledge that I probably am, but I think a lot of the educated people who got into crypto got into it because they kind of had horse-blinders on when looking at the interesting tech.
I don't think most academics would fall for the "Nigerian Prince" chain emails, or the "Romance Scams" you see on YouTube, which are things I usually associate with extremely gullible people.
Sure, I'll totally acknowledge that some of the distributed algorithms that have spun out of the blockchain are pretty cool, and I'll even go as far as to say that maybe someday we'll find some very cool high-value uses from them.
Pretend money, at least in my opinion, is not one of those uses.
I don't know, I think some of the papers for distributed consensus might lead to something cool; if nothing else it does seem to be increasing the use of formal methods, which I think is neat.
These things can take time; it might be thirty years or more before someone does anything actually useful with the stuff learned from the crypto world.
Thinking you can store your crypto with some 3rd party that _definitely_ won't get hacked (or """hacked"""), also thinking your crypto won't become worthless from a singular unusual event. Actually the most gullible are the people who think of cryptocurrency as an "investment" XD
I don't know. I always store my crypto offline. I bought $1000 worth of bitcoin when it was less than $100 per bitcoin because it seemed like something that could get big at some point, and I was willing to risk $1000 on that thought.
My thought was it will some day either be worth a lot or be worth 0 and I'm OK with both of those possibilities. I don't really think I was gullible about anything and yes I thought about it as a risky investment that turned out to pay off quite well.
It’s an investment the same way that playing the lottery is. I had a family member win ~$30MM back in the 80s, but he had played the same numbers for decades; someone who knew of this stole the winning tickets and he ended up only getting 7.5MM of the winnings after a protracted court case.
Crypto is the same thing. You put money in and you may cash out quickly with a big number, but someone who knows can swoop in and steal your money in a way that is much easier than if you used more traditional investment and banking vehicles.
So salty! And yet...How's ETH Classic doing? It was the right move at the time to fork. And pretty obviously would be the wrong move today.
For context, guluarte is referring to a moderately contentious hardfork done by the Ethereum developers and mining community to reverse TheDAO Hack in 2016 or so. The stakes were much larger then -- Ethereum was newer, not yet battle tested, and TheDAO had something like 10% of all ETH in it.
A fork was formed -- "ETH Classic" -- ticker ETC -- which did not reverse the DAO hack, and you can see from valuations that the public preferred the reversal.
I mean, the public comprised of the developers of Ethereum who had significant financial incentive to pretend the hack did not happen and to forever publicize their chain of history.
it was actually up to the node operators to update their clients or not, which resulted in a contentious chain split. just like Bitcoin. decentralization worked as intended.
Old man yells at cloud vibes every time a crypto post comes on HN.
No interesting discussions ever. Just axes being sharpened and people who dislike it taking the opportunity to gloat. I would characterize the pro crypto people but I don’t see any. Which is said because over the last 5 years I have found crypto, bitcoin, and stable coins to be extremely useful when helping family members in emerging markets.
But hey it’s all trash, the west doesn’t need it so let’s all dance on its grave.. i guess we will keep dancing for another 15 years.
Crypto use case: Finance North Korea's nuclear missile program.
I’m not worried we have entire federal agencies to regulate financial crime and nuclear operations don’t we?
How on earth is it possible they can cover a 1.5B loss? Are they really sitting on that much profit, or is the goal to ponzi it out from here, MtGox style?
How on earth is it possible they can cover a 1.5B loss?
Easy! They give Binance an IOU in exchange for 1.5 billion BUSD which is just "minted" out of fresh new electrons. Neither of them has really lost anything. Everyone can carry on as if it never happened.
In the bizarro world of crypto, this is business as usual.
Binance doesn't mint BUSD, BUSD is emitted by Paxos, which is an american licensed company.
I have a license to drive a car. Having it doesn't limit my ability to mint crypto.
https://www.dfs.ny.gov/consumers/alerts/Paxos_and_Binance
It was approved by the New York State Department of Financial Services (NYDFS).
From your reference:
If you insist, feel free to replace BUSD with an unregulated "stable coin" of your choice. How about FDUSD?The sentence right before says "It is important to note that the Department authorized Paxos to issue BUSD on the Ethereum blockchain."
As far as I know Binance ended the Binance-pegged BUSD (the BNB chain version bridged from ethereum) without any problem or holder loss?
Gary Gensler called BUSD a security and banned it years go. What a guy!
[flagged]
Yes we definitely should have left all the sector unregulated or else how would we make a profit?
They didn't regulate the crypto industry. They told everyone to stop and then refused to provide regulations or guidance on acceptable behavior despite continual begging by coinbase et. al. to be allowed to cooperate.
I never said that it should be unregulated, just that the sanction applied to BUSD had a political motive. Of course stablecoins are not securities, just like a 20$ note isn't a security.
How it it different from what banks do? (Except for a central regulator.)
How it it different from what banks do? (Except for a central regulator.)
Your exception is the answer.
Only the central regulator can "mint" money and doing so has real world consequences. The central regulator has financial incentives to limit this sort of activity.
The bizarro world of crypto has no such regulation and as a result, it is inherently unstable.
The proof of this is right in front of you --- it is the fact that "stable coins" exist. The only way to bring stability to the bizarro world of crypto is by tying it to "fiat" --- which is the very thing crypto is supposedly working to eliminate.
Contradict and hypocrite much?
I saw a quote somewhere:
>Crypto is speedrunning the entire evolution of finance to end up at the same place
I sure hope we don't end up in the same place where the monetary system is only being held up by the fact that there is more debt than money creating an endless competition for the limited quantity of money that exists in order to pay off ever-increasing debts and expenses with a currency that is continually debased throughout the process.
I saw a quote somewhere:
The only thing new about crypto is paper has been replaced by electrons.Individuals/banks minting their own money has been tried before. It didn't go well.
However, this quote is usually intended to be a warning, not an opportunity to run all the old scams again.
These people hear it and think "You mean we get to repeat history?!"
They are being loaned ETH to cover withdrawals and prevent what would amount to a bank run, not stablecoins. This entire comment chain is stupid and pointless.
False. Money on your bank account is backed by bank's assets, not by the central regulator. Recommended reading: https://en.wikipedia.org/wiki/Fractional-reserve_banking , M1 money supply, etc.
> The only way to bring stability to the bizarro world of crypto is by tying it to "fiat"
False. It's possible to make stable-coins using just price oracle and collateral. "Fiat" is not necessary. E.g. https://www.liquity.org/bold
> False. Money on your bank account is backed by bank's assets, not by the central regulator. Recommended reading: https://en.wikipedia.org/wiki/Fractional-reserve_banking , M1 money supply, etc.
You didn't even finish reading the first paragraph.
> Bank reserves are held as cash in the bank or as balances in the bank's account at the central bank
The collapse of svb shows how much the central regulator cares about making sure the entire banking system doesn't fall apart, too.
With the way you remarked "false" at the OP, though, I don't expect you're here for an engaging and educational discussion, so I'll leave it here. lol
It's possible to make stable-coins using just price oracle and collateral.
Most attempts at "algorithmic" stable coins have failed. See TerraDollar, Luna and Titan.
Over-collateralized stables are different from "algorithmic": the algorithmic ones are not fully backed by reserves.
They are very capital inefficient and still can fail during black swan events.
Banks don't print money for each other, and if they get money for free it's backstopped by the government and hence all of us. Crypto wants this single aspect but none of the central regulation.
Both systems stink for those at the end of the chain, i.e. us; you can decide which one is worse.
Banks borrow from each other all the time. What do you think "overnight loans" is for? And when banks gives a loan that creates money
Because while banks hold duration, the net value of their current assets, future asset streams, and equity is above zero. Indeed the core focus of the business and regulatory side is ensuring this is so.
The central regulator caveat is also a huge caveat to brush aside. During the last round of systemic stress, the banking system essentially got a guarantee that all uninsured deposits would be protected, and banks were allowed to post their collateral for liquidity at terms that no other business has access to.
What OP is referencing is the oft-seen practice in the crypto space where failed entities fill an asset hole with propped up tokens, essentially transforming their paper loss on the balance sheet into liquidity risk that doesn't show as readily.
The important point here is that in the latter case, the entity may be fully insolvent, even after accounting for future cashflows on loans. When it comes to banks, even the left tail cases like SVB, their "problem assets" are things like long term treasuries, which are way down the risk curve when compared to the ponzi-tokenonics style "stablecoins" that we've seen unwind over the past few years.
> How it it different from what banks do?
I often read this sort of comment from crypto-defenders, but is it what banks do?
I’m relatively naive about these things, but my impression is that a bank losing this proportion of their assets can’t just ‘pretend’ they have the money, or create ‘new’ money.
That's because they're mistaken. In traditional banking only the central authority can print money, not the individual banks.
If someone stole a trillion dollars from JP Morgan, JP Morgan can't make themselves whole by creating a new trillion dollars.
The central authority might guarantee the customers of JP Morgan that their money is protected, but they won't print money to make the bank whole.
That's one model/theory for how modern money creation works.
Another is modern monetary theory (MMT), and in that, commercial banks are indeed the primary creators of money, with the central bank playing a technically more passive role.
Still, in either model of money creation (i.e. classical "money multiplier" and MMT), governmental regulators (which can be the central bank or others) do ultimately control the rate of money creation via various mechanisms.
False. Banks create money. https://en.wikipedia.org/wiki/Money_creation
Banks create money by issuing loans; but they can't create money out of thin air if $1.5B was stolen from them.
FEDS can print money while Binance does not
not exactly true - Binance is indeed "printing money", just with no centralized regulation. When the Feds do it the expectation is that they are aware of the long-term impacts of doing so, and include in their calculation. For crypto it's the opposite: do it before you erode trust & goodwill to the point where it's no longer valuable. I see it more like it is very different than printing money in a economy that's perceived as stable and quite similar to printing money in one where the people have no faith in the value of sovereign currency. So the crypo-promoters are right about the use-case in certain jurisdictions, but the problem is that's not where the wealth is, so they target rich economies that tend to have stable government currencies & established banking, and do not need crypto for legitimate tasks.
I doubt they can because they peg it to USD, do you think they can pay aws bill with busd??? maybe you can but people with busd would convert it to usd at some point
Bybit trading volume is in tens billions of dollars daily. Their comission rate for the retail traders is up to 10bp (0.1%). Even considering a huge part of that volume is coming from institutional players who enjoy significantly reduced commission rates, I think they're surely making few million dollars daily on comissions alone, maybe tens of millions in a good day. And besides comissions, they also have other sources of profit, like staking, crediting customers, and forced liquidations.
Being a crypto exchange in current market is very profitable. If the crypto itself does not collapse, I think it's totally possible for them to repay that sum in a year or less.
I'm nowhere near expert on any of the things below, but: My gut tells me if an exchange makes as much money as you suggest, people involved in that exchange are making even more profit from the said exchange, otherwise they wouldn't engage. The whole thing being literally money out of thin air, it feels like a huge bubble that should inevitably burst bringing down _ a lot _ of collaterals with it.
</speculation>
You might be interested in reading Warren Buffett's reasoning for not investing in crypto. Basically he says crypto produces no goods, products or services, and it's only value comes from finding a "bigger fool" to pay a higher price than you did for it.
It's value is from speculation assuming future speculation will assume more future speculation
It's easy to agree with this position if you deliberately ignore that the "service" crypto provides is a decentralized, censorship-resistent, self-contained, global system of finance that is designed specifically for the modern internet age and which does not need to be under the control of any particular nation-state or company in order to function.
Otherwise, it is clear where the value comes from.
Coinbase charges 100bps (1%) between trader & maker fee.
Just last quarter, Coinbase had:
https://help.coinbase.com/en/exchange/trading-and-funding/ex...https://s27.q4cdn.com/397450999/files/doc_financials/2024/q4...
Note that Coinbase (like most exchanges) charges retail clients outrageously high fees (orders of magnitude more than you would pay at a competitive FX or equity broker), but institutional and whales that trade a lot very small fees.
Yet another way crypto moves money from poor suckers to insiders.
You just described volume-based discounts.
What’s so wrong with that?
It’s the same reason why buying a single soda at a convenience store cost more (per unit) than buying a large pack at Costco.
Yeah, as a layman this MSTR explainer was an "aha" moment for me:
No, what is likely happening with all the convertible bond issues is that MicroStrategy prices the bonds in a manner to attract market neutral hedge fonds, meaning arbitrageurs. Saylor has briefly mentioned these firms, as opposed to firms seeking actual Bitcoin exposure. For issue after issue, they can be spotted as the largest bond holders by anyone with a Bloomberg terminal. By buying the bonds, even when conversion price is at a large premium, and by simultaneously shorting the shares, these arbitrage funds can lock in close to risk-free profits. Due to the convex nature of the value of the convertible bonds, the hedge funds attempt to profit no matter whether MicroStrategy shares rise or decline
Like, a broker profiting off PFOF in the stock market makes sense because there's an underlying asset generating real cashflow that people are buying into. But where is the money in crypto actually coming from? You have to pay miners, brokers, rugpulls/thefts/etc and there's barely any cashflow from the underlying assets (dApps?). But if it really is ~just a casino, with retail gamblers as the only real source of cash, it can still be profitable for smart money to pour billions in and use their PhDs to trade the vol. It goes up, it goes down, overall retail is bleeding huge amounts of cash on a sort of 5 dimensional pyramid scheme but enough gamblers go viral winning the slots/blackjack that the casino doesn't run out of customers.
Can this continue indefinitely? Maybe / probably? Seems similar to sports betting, Polymarket, retail now ~70% of options trading. The west and especially America becoming a gambling culture. The "bubble" may burst and reinflate over and over.
https://medium.com/@bdratings/all-your-models-are-destroyed-...
> Due to the convex nature of the value of the convertible bonds, the hedge funds attempt to profit no matter whether MicroStrategy shares rise or decline.
This sounds exactly like the rationale for the box spreads incident on WSB a couple years ago.
"literally cannot go tits up!"
Most of the trading is not done by retail traders but at much lower fees than that, if not being paid (market makers). I just can't make it add up.
Hyperliquid, a decentralized perp exchange, is a good proxy for ByBit’s revenues. On an average, Hyperliquid does between 800k-1M in revenue per day. ByBit is substantially bigger and easily does 50-100M in monthly revenue
I know! As I stated,
> Even considering a huge part of that volume is coming from institutional players who enjoy significantly reduced commission rates...
But the volume is huge. Even if we take the best publicly shared MM rates from Bybit (which is 1.5bp taker commission, 0.5bp maker rebate), and assume the whole volume is traded with these rates, it is still 1bp from 40B dollars, which is 4M dollars daily.
even if this is true, they'll use their entire cashflow for more than a year to cover a single loss? That's not how business works...
In crypto, there is the concept of the "fictional reserve" which can be used in situations such as this.
These exchanges make an absurd amount of money. That amount of money is basically a decent quarter for Coinbase in fee revenue, and Bybit is smaller but it isn't that much smaller.
It sucks if you're Bybit, but they're going to have plenty of lenders happy to provide them liquidity while they make it all back.
I can understand why some FTX creditors are pissed that the exchange didn't start back up under new management. They would have actually been made whole, unlike the current situation where they're getting "repaid" but pegged to November 2022 valuations (i.e. the absolute bottom of the crypto bear market).
Bybit is one of the most used crypto exchanges and does >100M$ of revenue per month, growing fast.
If this isn't enough, I'm sure that every crypto VC would line up to buy a single digit % of their equity to cover up the hole. Crypto hosts the most profitable businesses in the world.
> Crypto hosts the most profitable businesses in the world.
Well, because the retail clients expect to get rich and don't mind paying 1% or so fees per exchange.
Similarly, the BTC future basis (the difference between the spot price and future price) on many exchanges around 10 to 5 years ago was easily 80% p.a. which you could realize by buying Bitcoin and selling the future. What happened there is that people going long Bitcoin with leverage essentially borrowed the money giving them that leverage at usurious rates (this implied rate is not usually displayed and thus invisible to your average retail client, but definitely very visible to the finance professionals moonlighting in crypto (such as Jane Street, Jump trading, and many others)).
Crypto use case: ripping off retail.
You pay 1% on Coinbase because they are a quasi monopoly due to regulation. Offshore exchanges take less than 0.1% usually.
The neutral rate for perps is 10%, which is lower than the credit card borrowing rate in the USA. And nothing prevents retail investors to earn it by shorting while holding spot.
Last, Tether is crypto's most profitable business, and likely the world's most profitable if you account on $ of profit per employee, and is not an exchange.
Tether is an absolutely remarkable business, indeed. Basically an unregulated bank that pays no interest and follows no KYC/AML/ABC/CTF rules (because they just deal with wholesale, and then the Tethers are transacted on some permissionless "who, me?" blockchain).
Remarkable dereliction of responsibility. I don't understand why we let them get away with it.
Yes, that's the concept of crypto. Uncensorable transactions. USDT is used in many countries that have capital controls, shoddy banks, or simply no proper payment infrastructure. Stablecoins work on week ends and are settled instantly. It's a superior form of money compared to what your average bank proposes.
And of course that stablecoin providers conduct AML and KYC when you redeem/mint them. It's like complaining that the gold foundries don't control the secondary market for ingots and gold coins.
Presumably for the same reason the US let offshore banks get away with creating Eurodollars in the past: It's useful to maintain the status of the US dollar as the currency of global trade.
This utility has always been at odds with the (relatively recent in comparison to Eurodollars, as far as I understand) desire to and ability of the US government to use USD financial rails as a political tool via sanctions.
Yes, the profits are insane in that business. Binance was raided for a similar amount, and paid it out easily. Mtgox was raided for ₿650k ($60B in today's money), and plans to return ₿140k to traders. However, I believe most Mtgox investors are better off this way because they were forced to hold onto their investments; otherwise, they would have sold at around $1,000 or so.
This loss is more than 5% of their holdings.. To me that implies the supposed benefit of crypto is nonexistent. If an institution is making so much money off your crypto assets that they can return 5% of them, they are a bank doing whatever it was that was so evil.
FXCM forex trading broker covered a similar sized loss of client money (not hack) when EUR/CHF was unpegged in 2015.
Since it was a profitable broker business, another bigger broker gave them the money to plug the loss in exchange for taking over the business.
bybit makes $100 million a month and has substantial excess reserves
A lot more money than the majority of AI startups and it is creating jobs rather than purposefully destroying them.
I respect everyone's coping mechanisms, including yours.
yes, great jobs: "I used to have to GO to the casino to play slots, and even without the one arm bandits, had to physically push the button. Now I work from anywhere!"
Fractional reserve helps.
From the article:
> The wallet in question appears to have sent 401,346 ETH ($1.1 billion) as well as several other iterations of staked ether (stETH) to a fresh wallet, which is now liquidating mETH and stETH on decentralized exchanges, etherscan shows. The wallet has sold around $200 million worth of stETH so far.
If you showed me a paragraph like this a decade ago and told me it was from 2025, I would have a difficult time believing you.
Crypto shenanigans were happening in 2015, even as far back as 2010, so I would have to absolutely believed you to hear that it continues happening, as crypto is a fundamentally unstable platform.
I think he means the sheer volume
Mt. Gox (a former crypto exchange) was hacked in 2014 and the thieves stole nearly half a billion dollars in BTC. Considering how much more the currency is worth today and how much bigger the markets are, it seems like Bybit got off easy in terms of sheer volume.
Just crazy. Bank heists fully online...
It's a cold wallet which means it should never be connected to the internet, so not entirely online, but yes - these are the wild wild west times of the internet. Imagine how easy it was to go into a bank shoot some people and get out with money, and doing it like, daily? monthly? Today it's not possible.
Apparently there was a path from the internet to the wallet anyway, that's what it sounds like.
So it was a lukewarm wallet?
What supposedly happened is that malware was installed on every multisig key signer's device and then the hacker showed them all a fake transaction that looked legit but actually changed the smart contract of the cold wallet to give him access.
[flagged]
It's definitely embarrassing that people losing their shirts in crypto didn't see it coming. It's bad that people think a zero sum game is worth playing against incumbents. The marks aren't the worst part, though. Everyone promoting memecoins and utility-free cryptocurrency in general is either ignorant or just a bad person with a warped idea of success. Personal money accumulation is a sad goal compared to actual wealth creation. The parasites who push crypto on the hopeful proto-bag holders are destroying the prosperity that supports them.
Yeah on memecoins isn’t that just a loophole for running naked pyramid schemes? I.e. a pyramid where everyone knows it’s a pyramid.
Like the weird part about a pyramid is that depending on your risk tolerance it may actually make sense to participate in a pyramid even if everyone involved knows it’s a pyramid. So are that many people being scammed as in tricked (seems hard to believe), or is it just a risky form of gambling that is outlawed in legacy formats.
EDIT: Ponzi -> Pyramid
I've never purchased crypto or had any involvement but acquaintances I know have used that exact argument. They know it's a pyramid but believe they can get ahead because they were in early enough.
They are usually a lot more vague when I ask about their realized gains.
I have many friends who started from really humble beginnings ~5 years ago (or instance, a typical small business like "an e-shop selling bullshit Chinese gizmos online making 20k per month"), and are now uber rich in crypto. Like, hundreds of millions in net worth and spending 200-400k per month. And yes, they don't invest their money anywhere except new and new crypto projects themselves, just because they don't know anything that gives near similar returns. Not one-off success, but 5-10 or more different avenues of making money there (but certainly none of them was about "trading coins" or passively investing in them).
Just to be clear I'm not saying that my aquaintences didn't make money. Just that they are vague.
But ultimately if you have friends making hundreds of millions of dollars and there is enough of them then that essentially proves there will be many more losers than winners.
I personally don't partake for the same reason I didn't partake in Amway in college. It's functionally a pyramid scam and on a personal level a boring way to make a living.
How do you know it’s boring? The guy above clearly has some bright ideas about it.
It’s on par with inventing an axe and now living in a forest god mode. Is that boring, or is that……… why I’m even asking, an ability to spend $e5/mo covers allmost all personal interests in the world.
What? It's my personal opinion which I explicitly pre-qualified. Why do you care what I think?
Move on and live your life.
Just curious, how think.
I have enough money to live comfortably for the rest of my life working on interesting problems even if they don't make me a hundred-millionaire.
Everything that's optimised for making money, is a scam.
> memecoins and utility-free cryptocurrency
As opposed to what?
During the previous wave of crypto, there were all sorts of ambitious if doomed plans to do interesting things with blockchains. Even Bitcoin was originally supposed to be a means of exchange, not an "investment".
Now we don't even pretend that $DOGE/$TRUMP/whatever has any utility aside from speculation.
As far as I know the only difference between these so-called memecoins and 'reputable' cryptocoins is that the former have a funny name. Other than that they're essentially the same product.
Bitcoin, ETH, and Monero all have utility in one way or another. Bitcoin is accepted by most black markets (and Monero is even better for privacy). And software is built on top of the ETH chain. No one is buying stuff using DOGE or Trump coin. There's a clear difference between memecoins and legitimate cryptocurrencies whether you like them or not.
The question is: what makes a cryptocoin legitimate, in your opinion, considering that 'ilegitimate' memecoins are usually just a copy-paste version of a supposedly 'legitimate' cryptocoin?
It was an offline multi-sig wallet. Hackers seem to have musked the transaction when the owners signed it as it looked good to them.
Wow it must have been really musked then, huh?
A “musked” transaction consists of payload obfuscation and spoofing, more often than not malicious actors create a genuine looking UI with legit transaction details, while being malicious underneath.
It’s basically phishing at a transaction signing level.
I only found the term a few weeks ago and thought I was the one left out, sorry for not defining it earlier.
It’s got an eerie ring to it though, right?
And only a few weeks ago the lawsuit started payout the 'early lump sum' repayment option for creditors.
"Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
From the article. Not that I endorse crypto, in fact I despise it. But at least per this statement, it seems to have been handled offline. How a hacker could get access to this is another story to unpack.
edit: I guess this is the story that "unpacks". One more reason to not believe in crypto.
https://x.com/benbybit/status/1892963530422505586
By "online wallet" they were likely referring to the Bybit website being the wallet of those customers that held their coins there rather than keeping them in their own private wallets, and not whether the hack involved a hot wallet or a cold wallet. Calling it a custodial wallet would have been more accurate.
There's some info and speculation in these two (distinct) articles, but I'd love to know technical details of where the gaffs were.
eg. Was client software compromised? Did the multisig keyholders succumb to social engineering? Were the signers using airgapped machines / hardware devices?
https://archive.ph/YMZrq
https://blockworks.co/news/bybit-hack-raises-security-questi...
Here is what the CEO wrote on X:
"Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address."
[yes, it says 'musked', assuming they meant masked. @safe is https://safe.global/wallet]
Unfortunately most hardware wallets can't interpret EVM smart contract transactions and asks you to sign a big binary blob that is supposed to match what you see on your computer screen (it's literally called blind signing). He said in the tweet and later on a live stream that they verified that the URL was correct, and there were several signers in different locations on different machines.
Logically the UI must have been manipulated for all of them, which I can think of a few different ways to do:
- The signing link was replaced somehow over whatever medium they sent it to each other, pointing to something that either looks like the original UI (perhaps IDN homograph domain) or is the actual site if it has some weakness that allows script injection to manipulate the page
- The server side was exploited to serve a manipulated page
- Client side malware that injects something in the browser to manipulate the page
- Some kind of network/DNS attack combined with mis-issued TLS certificate (or injected CA)
It points to some level of sophistication and long-term observation of their internal systems to know what the process looks like and devising an attack.
Will be interesting to read when/if they release a full analysis.
One of the links says the following:
> According to crypto security firm Groom Lake, a Safe multisig wallet was deployed on Ethereum in 2019 and on the Base layer-2 in 2024 with identical transaction hashes. Ethereum’s alphanumeric transaction hashes are 64 characters long, so deploying the same smart contract transaction hash twice should be mathematically impossible.
> The same transaction hash appearing on both Ethereum and Base indicates an attacker could have found a way to make a single transaction valid on more than one network or could be reusing crypto wallet signatures or transaction data across networks, pseudonymous Groom Lake researcher Apollo said.
Is it possible that this was an inside job?
Are we sure he didn't mean the transaction got DOGEd?
Oh, when I read this yesterday I assumed "musked" was a clever play on the idea that someone is tricked into agreeing to things against their interests.
A huge problem with signing EVM transactions using hardware wallets is that is common to be blind signing messages. The device has no knowledge of the SAFE EVM contract functions or any other context, it just asks you to sign an gobblygook opaque binary message so you may have no idea what's being signed, is my experience using multiple different vendor HW wallets. Not sure if that's what happened, but possible this type of problem contributed to the exploit. BTC TXs are simple enough that all HW wallets can basically display what's happening, but with turing-complete arbitrary computations in EVM this becomes very difficult.
In almost all cases EVM smart contract interaction looks like a function call which can be easily decoded into JSON if you know ABI.
HW wallet doesn't need to understand the contract logic, it just needs ABI, which is generally a simpler task. Also it can show the name of function you're calling as selector is a hash of a name.
Safe is a bit more complex as it also wraps it in EIP-712 message, but that can also be decoded in a systematic way.
> with turing-complete arbitrary computations in EVM this becomes very difficult.
I have very limited knowledge about EVM, but those computations are bounded by gas, right? Evaluating them is a finite process.
Yes, each opcode has a gas cost. Some are quite expensive, like writing storage (changing network state). Each block has a target gas limit. Say 30 million. A single transaction cannot exceed that. Additionally, a transaction specifies a bid on how much they are willing to spend, in ether, per gas. That said, transferring funds does not typically require significant gas.
But the space of their effects on the Blockchain state is vast. You need software to translate those effects to a form human can interpret as "what I want"/"not what I want".
Ie. engineering work needs to happen in the UI they used to confirm the tx
What you suggest is possible (evaluate the side effects of the transaction and present that information to the prospective signer). But at present they don't do that. I'm not sure about this specific case but often it's just a supplied text string (that can say anything) that's displayed. Basically the system depends on trust in whatever came up with the transaction payload.
Thanks for spelling this out, the explanation makes a lot of sense.
You'd think they could at least show a blockie representing the contract, or reputational party who cryptographically vouched for it.
https://x.com/tayvano_/status/1847877011462901915 This thread has some info about very similar past attacks, should give some insights into the level of sophistication that goes into something like that.
This was interesting, thanks!
Society has devolved a bit when not long ago a heist like this would involve sieging Nakatomi Plaza, now it takes just finding a bug in someone's defective Python codes.
It has been this way since the dawn of electronic banking. I once had complete access to all digital wallets for the Seattle metro, which I gained by looking at two cards and noticing the numbers were incrementing. Even with all of the flaws of electronic transactions, it's still better than walking to the bank and hoping a check won't bounce.
You don't even have to break into a wierd high-tech vault to get an unreasonably slow (or fast) billion-dollar progress bar with a snazzy custom UI toolkit these days. Not sure if technology or inflation is most to blame!
yes, this part won't play well in the movie: it takes just as long to transfer a billion as a dollar; the progress bar won't allow any time to build suspense... will they finish in time? cuts between parallel timelines...
I wonder how many programmers resort to crime after they were laid off and couldn't find a job. Like soldiers after a war.
Relevant comedy sketch? "Secret agent squad, but they're all just the hacking guy."
https://youtu.be/cL7lhbtWwbY?feature=shared
not related to the current western market, but countries like Romania pre EU had a huge surplus of soviet-educated young people and no jobs. This definitely increased their involvement with "informal" economies for some time.
That might make for a good book or movie plot.
It was the basis of the plot of the first Jurassic Park movie. All shenanigans started because Dennis Nedry, the parc IT manager, disabled some security system at a bad time so he could sell some company secrets to concurrents.
There are interesting character analysis to do between the book and the movie version, where the book version or Dennis Nedry is way more sympathetic (even if flawed), he's a extremely talented IT guy who was undersold the amount of work to do in the park, kinda stuck doing unpaid overwork in a remote island and generally been fleeced by a way more villainous book John Hammond.
Starring Rami Malek, Tom Holland, Kyla Pratt, and George Clooney?
You just gotta trust the wrong people.
Don’t forget FTX willingly hired the Ultimate Bet “god mode” guy.
As Frank Drebin would say, “Nothing to see here.”
https://youtube.com/watch?v=aKnX5wci404
A crypto exchange WazirX was hacked for ~$300M, roughly 50% of the users fund gone.
There is no action on the CEO since the hack in July 2024. He sits in Dubai. He just got a nod from Supreme Court of SG to just average out the funds and distribute it among the users.
No action has been initiated against the company/ceo for losing the fund. He is geared up to launch another company/exchange.
What action can be taken? There's no law against getting hacked or being a moron.
There is a law against gross negligence. Holding client money comes with other obligations too.
It’s not money though. It’s property at best. It doesn’t get held to the same standards.
CryptoBros are all about “no laws, do whatever” right up until the, inevitable, point at which /they/ are getting swindled and then they want to cry foul and run to the authorities.
It’s just like the whole DAO situation which showed “Crypto is immutable and we want to live and die by the code unless of course someone finds a flaw in the code and steals our money, then we will roll back the immutable chain to recover it” what a farce.
Ethereum wasn't rolled back after TheDao hack, they simply forked. Also crypto is about uncensorable transactions, not lawlessness.
[dead]
I'm a huge crypto believer but I can admit that we don't have a serious system if a person can just transfer over $1.5B from a well known crypto cold wallet to different accounts with nothing flagging it and no way to reverse it.
In the face of the never-ending list of these kinds of events, the laughably impossible task of average nontechnical individuals protecting their own assets (and the consequence of total financial ruin when they fail to do so), the overwhelming number of and size of scams, rug pulls, fraud, outright Ponzi schemes, and on and on and on… what exactly is left to keep anyone a “huge believer”?
Put differently, it’s been seventeen years of constant and escalating mayhem. What would finally be enough to shake your faith?
Maybe when it stops escalating and getting bigger and bigger and continually growing over time?
> what exactly is left to keep anyone a “huge believer”?
I don't really engage in the ponzibucks part and don't touch exchanges except to on and off-ramp, and use crypto to pay for things like hosting, seedboxes, or other services I might not necessarily want my debit card directly attached to.
I like sending vendors $100 and spending $0.00005 in transaction fees and knowing that they'll get $100 (or $99 with some 3rd party integration like Coinbase Commerce) versus spending $100, of which Stripe gets $5 of and the vendor only sees ~$95 if I don't feel like I need the protections of a card, which is frequent but not all the time.
Crypto fits a niche in my life well, despite the wider crypto world having dumb controversies. Just like my HSBC bank account fits a niche well, despite HSBC's wikipedia page being ~50% controversy section by word count.
Your transfer fees are a bit off.
Coinbase is 10,200x more than you stated ($0.51 to send $100) BUT that’s only if I send directly on Coinbase. Coinbase Commerce takes 1% so it would actually be 20,000x more than you listed.
Stripe is 64% of what you stated ($3.20), and that’s with no processing fee discounts like you can get with higher volume.
Now, obviously, $3.20 > $1 but it’s not apples to apples. You can claw back your money with a card for one. there are many cases where I would prefer to pay the extra $2.20.
Credit card interchange fees being ridiculously high is pretty much a US thing:
> In the United States, the fee averages approximately 2% of transaction value. In the EU, interchange fees are capped to 0.3% of the transaction for credit cards and to 0.2% for debit cards, while there is no cap for corporate cards.
Sensible regulation can make a big difference.
FWIW, I can pay bills by initiating a transfer both in HK and the EU instantaneously and for free.
Note also in your comparison of costs that most people still use fiat, and then pay the enormous fees of exchanges like Coinbase or Bybit that (for retail investors) are ridiculously high. So, a fiat-crypto-transfer-crypto-fiat round trip has another 2% or so on top (plus volatility).
https://en.wikipedia.org/wiki/Interchange_fee
It's also not even 2% in reality.
It goes to rewards which go straight back to the consumer.
My main credit card gives me 2% back on all purchases. In cash. Zero annual fee. And it's a card anyone with a normal credit score can get. Nothing special about it.
It really only makes sense to compare interchange fees after subtracting the proportion of them that get paid back to consumers.
Sure, smart consumers can claw back some of that. But what you have then is merchants raising average prices, and consumers that use such credit cards being subsidized by those that don't.
Solana is the main chain I use for these transfers, and it’s 0.000005 SOL * $170/SOL = $0.00085 to transfer any amount of USDC. so I was a little off there. My apologies for a $0.0008 error.
By the way, I specifically mentioned Coinbase commerce takes about a dollar: > $100 (or $99 with some 3rd party integration like Coinbase Commerce)
Stripe fees vary, but in a frequent case where a user is using an international card in a foreign currency it’ll very easily get close to 5%.
For me, yeah $2.2 is relatively immaterial. For a provider who’s doing $1MM in crypto transactions? Somehow I suspect that a few percentage points are quite meaningful, and I get the benefit of not having to explain what a seedbox is to my bank if they ever call me.
Again, crypto as a payment method is not for everything. But it’s quite nice to have the option.
> What would finally be enough to shake your faith?
Permanent and major market crashes is the only thing I can think of .
After the last crash a lot of fraud and incompetence got out because they couldn’t stay solvent, stuff like Celsius or FTX etc got exposed only because of the crash we had in 21/22.
It will take a few crashes, like that, until then scams or incompetence like this incident will not make people loose their money.
Few crashes, then most believers will loose their savings then the faith will shatter not until then.
Most people are after all investing in crypto because it goes up and not because they believe in decentralized currencies. As long as they hear how someone is making money on crypto they will keep believing no matter how many meme coins pull the rug, or exchanges fail or pig butchering or myriad of other scams come to light
> what exactly is left to keep anyone a “huge believer”?
Bias. I expect believers to have earned a profit or still hold significant quantities of crypto assets.
But in their favor, trust in any currency is the foundation of its value. States create it by collecting taxes and paying employees. Crypto currencies generally lack that heavy weight central authority, so they kind of have to believe to the point where they get burned.
Movement of funds from one sovereign nation's jurisdiction to another is important when one jurisdiction is in crisis or restricting capital flows.
> What would finally be enough to shake your faith?
Crypto scams run by top government officials? Oh, wait...
and the existence of financial scams isn't the same for fiat because...?
Have you seen the absurd lengths people have to go to to actually scam people out of significant sums of actual money?
It doesn’t even remotely compare and if you can’t acknowledge that, you’re willfully ignorant or a future mark yourself.
They've seen other people make loads of money (or maybe made a load themselves) and are still in the game hoping to make loads more.
[dead]
My faith would shake when scams, rugs, fraud, and ponzis completely stop outside of crypto.
The "oh but there's crime in fiat" argument holds no water.
Sure, HSBC facilitated money laundering and drug trafficking in Mexico. And when it came out, the fiat response was a huge outcry and putting a stop to it.
The crypto response is to say "screw the laws, let's go all in with money laundering and drug trafficking".
It's like noticing that kitchen knives are occasionally used for murder, and then concluding that it's a good idea to sell machine guns at every corner.
Fiat is indispensable, and (due to regulation) better for legitimate purposes than for crime.
Crypto is entirely dispensable, and (due to its inherent limitations (inefficient, slow, cumbersome)) better for crime than legitimate purposes.
Fiat currencies have collapsed in the past due to bad monetary policy (regulation is only good right?). Ask Argentinians how they feel about stablecoins after rapid inflation.
Alternative currencies offer competition and access. Why is that such a problem?
You like decentralized money without laws and accountability, but would like to have a central thing (TBD) that is accountable and respect laws? How would that work?
I'm not too sure but few things come to mind:
1. Upgrade protocol to include protections for well known cold wallets held by exchanges (ex: API call has to be made to the exchange's security endpoint to validate each transaction out of the wallet. Exchange staff would need to manually allowlist large transactions before they are transmitted).
2. Decentralized voting on reversal of transactions (90-95%+ vote needed to reverse to avoid 51% attacks)
Ethereum is programmable, such a protocol can be implemented as a smart contract.
This is getting pretty close to the banking system, at which point one needs to ask - maybe just improve existing protocols?
> 2. Decentralized voting on reversal of transactions (90-95%+ vote needed to reverse to avoid 51% attacks)
Couldn't you technically just 'git checkout' a previous commit from before the fraudulent transaction occurred and pretend it never happened? Isn't the real problem that you'd have to convince a majority of users to do the same?
Not going to work, otherwise it would already have been done.
People who control or take advantage of cryptocurrency don't want this to happen.
Good luck getting 90% of a large group of people to vote the sky is blue.
> let's reinvent the banking system except worse in every way
Right on. My bank calls me every time I send money out. And I'm talking like $50. I used to find it annoying, but now I'm blown away every financial system doesn't...
On the one hand, I understand banks attempting to protect customers and limit liability, on the other hand, frankly I have better things to do with my time than spend 30 minutes waiting in a phone queue because I had the audacity to go on holiday and attempt to spend $20 on ice cream.
Those all sound like stated objectives of crypto.
Code is law, no?
Solutions have existed for years (eg Gnosis Safe), they just aren’t being used by that exchange.
Bybit was quite literally using Gnosis Safe for the compromised wallet.
I can't believe someone posted that without knowing they actually used Gnosis Safe
Believe it, baby
lol. Good times.
Can’t tell if you’re trolling here or not, but good one either way!
It's obviously not a cold wallet if it's connected to the exchange.
It's also not reassuring that the CEO claims cold wallets are safe and secure, just after losing 1.46B
Cold usually means it needs multiple physical people to sign from offline devices to move it. Hot wallet usually is automated. Here it looks like the «hackers» found a way to trick enough people to sign this transaction
Or the cold wallet was, at best, room temperature.
Perhaps their servers have cryogenic cooling
It could still be cold. "took control of the specific ETH cold wallet" sounds like stealing the physical hardware. Like someone stealing the vault key, or the HDCP master key getting leaked.
Yes. This sounds like a variant of “rubber hose decryption.” “We beat him with a sock full of doorknobs until he gave us the device.”
They could have gotten the recovery phrase off some paper, then imported it wherever. More likely than guessing the pin on a ledger with a short number of tries before wiping.
Yeah this makes no sense whatsoever.
> [The hacker] took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address.
Did the hacker physically break into their office or what?
Possibly yes
Or some part of their system failed and the key was compromised without them realising it (like the Debian insecure keys debacle or whatever)
There should be something like a "finalizing transaction", which both the sender and receiver need to sign after the first transaction has been mined, i.e. like an in-built escrow. If it's not signed by both, then funds are returned. This wouldn't protect against key leakage, but in this case, the tx was signed by accident. This would also protect against sending to wrong address.
There are cryptocurrencies in which transactions must be signed by both sender and receiver, such as those implementing the pure Mimblewimble protocol.
> Both the sender and receiver need to sign after the first transaction has been mined
That makes no sense; miners don't mine transactions unless they're guaranteed to be valid. All signing must be done before transactions are even published. Otherwise one could DoD-attack the network by having it forward tons of invalid transactions.
You’d mine the first transaction which is a nominal value but the rest of the transaction won’t get mined until that first transaction is signed by both parties indicating acceptance. You could even break it down into an arbitrarily multi-stage process where the next stage is exponentially larger more money (i.e. transfer $100, then transfer $1000, then $1000, etc). This would make the accident “hit a button and lose a B right away” much harder to pull off. Of course, in this case I don’t know that it would help as I believe the attacked party signed approval to change the contract itself.
What does DoD stand for, in this context?
Department of Defense; after the research funding cuts, the bureaucrats had to get creative about money sources.
I think they meant DoS.
Correct. Noticed typo too late to edit...
This would also protect againts dusting attacks.
Illicit addresses sending to thousands of random recipients and making them all marked by automated KYC systems.
Can someone even explain what Bybit is actually about? I searched around when the hack was announced, but I'm very confused. Mostly what I saw said "scam" on it.
This isn't your run-of-the-mill Coinbase style exchange, right?
It's the second largest crypto exchange by volume globally, behind Binance. Specialized in derivatives but they have lots of regular retail products that you might find at Coinbase. Basically like a bigger version of Coinbase from Asia.
Also a major sponsor of Red bull Racing in Formula 1.
What are the chances that a Bybit insider is behind this?
Or former insider.
I spent several years pointing out to my last employer that every former employee could have walked off with secrets that allowed them access to our backends. The were already slowly working on hardening write access but read access was still being worked on a couple months before I left, when I got to write about half of the last mile code for the user facing bits.
This is not a unique experience by any means. I’ve seen this sort of thing enough to pay attention when acquaintances bitch about it too.
Are these business-owned exchanges and managed wallets not fundamentally incompatible with making guarantees of security? Is anyone doing it the "right" way and what does the right way even look like?
I don't know the answer to that, I only have guesses.
But one mistake we make over and over is that we write code that just does its best to answer questions as quickly as possible. And when those questions show up 10x as quickly as they have any other time in our company history, they either just plug right along or maybe throw an error.
Someone shouldn't be able to empty a billion dollars out of an exchange in 10 minutes, unless they do $250B in daily traffic. And I suspect most of them can be, and in even less time than that.
10000%. You would have to be soft in the head to not conclude that's the case.
And they keep everything in one wallet why?!?!
Surely you'd allocate a new wallet/1m roughly and always keep it spread.
"Please rest assured that all other cold wallets are secure."
Unreal.
He means "...secure. (For now.)"
He just left off the implied part.
> have a wallet, work at bybit > understand backdoor > steal money from your account, some from others > bybit pays you back > still have money you stole
In case of a state actor just imagine the weapons that could be bought with this kind of money and the potential lives lost due to this mess
Their English Wikipedia page is deleted as of 1:42am pst. Any idea what that’s about?
https://en.m.wikipedia.org/wiki/Bybit shows the history of deletions and creations of the page.
The current deletion is for reasons that include lack of NCORP (Notability (organizations and companies)). And they back that in turn by saying that the sources are weak.
I understand on one side that they don’t want every company in the world to have a Wikipedia page. Because the point of Wikipedia is not to promote or legitimise every company in the world.
But you’d think that at the point where widely covered news of a hack leading to a loss of a billion dollars and a half, would be reason to have a Wikipedia article about it.
And instead they went and deleted the article today.
There’s probably additional editing of the page itself that you can dig into the history of if you want to see what happened during the past couple of days leading up to the page being deleted again.
For me, I’ll file this under Wikipedia Editors gonna Edit. They have all kinds of edit wars and page deletions going on all the time in the background that the rest of us mostly don’t even notice most of the time. And all over I’m still happy with Wikipedia for all of the information it has collected within.
It could be resurrected if there are multiple news stories making it notable for being hacked. It would have to be rewritten, though, to give it substantially different content.
https://en.wikipedia.org/wiki/Wikipedia:Speedy_deletion#G4
Here's the discussion from the second time it was deleted:
https://en.wikipedia.org/wiki/Wikipedia:Articles_for_deletio...
They're basically saying "nah, that's spam". So when it was recreated yet again, of course it was speedily terminated with prejudice because it just looks like another spam attempt.
Not sure if there's a rule against covering news stories. Seems like we wouldn't want an article on every news event (I'm pretty sure there is a rule against that), but Crowdstrike got an article.
> Article 12 – dealing directly with the acquisition and disposition of interests (including security interests) in “controllable electronic records,” which would include Bitcoin, Ether, and a variety of other digital assets ... a good faith purchaser for value who obtains control (a “qualifying purchaser”) takes its interest free of conflicting property claims... Control under Article 12 is designed to be a technology-neutral functional equivalent of “possession.” It generally encompasses circumstances when a party has the “private key”
I think (I assume but could be wrong) in the average CEO X-tweet "control" likely only means 'control' nobody was reading through UCC Article 12 while drafting this message
As in: "The hacker gained access to" "The hacker took charge of" "The hacker assumed authority over"
Those are all equivalent to exclusive control of the private key, which is the meaning within UCC Article 12.
What is the purpose of this comment?
It describes the legal status of stolen cryptocurrency changing after the first sale. This HN story is about stolen cryptocurrency. In particular:
> The wallet has sold around $200 million worth of stETH so far
If some of those sales took place within jurisdiction of a U.S. state that has ratified UCC Article 12, then the buyer of the stolen cryptocurrency is now the new legal owner.
The hacked coins are not "free of conflicting property claims."
> The hacked coins are not "free of conflicting property claims."
2023, American Bar Association, https://www.americanbar.org/groups/business_law/resources/bu...
I think you're saying this is different to theft-of-car. A stolen car could be sold/bought a number of times, but any amount of years later the car belatedly identified as the one stolen from the rightful owner means it is returned. A fraudulently created title isn't enough to protect the bagholder from having to return the car.
It is important everyone is thinking real hard about how this is different from traditional theft: there is no way to actually prove the operators didn't just steal everything themselves vs actual real hack theft.
There is. ZachXBT has already gotten a bounty for unambiguously pinning this on the Lazarus Group (North Korea).
[dead]
When even professional companies that have billions of dollars under management can't securely manage their crypto assets, how likely is it that individuals can?
It's a different ball game. The resources that went into executing this kind of hack were probably far higher than most wallets are worth anyway.
Maybe not - a number of high-value past hacks have been very low effort
I have yet to see a thorough explanation of what specifically was hacked here anyhow
Whelp, you better shorted $SAFE.
We are in the middle of the bull market. fyi.
Who says ByBit can cover the loss? The article title says that but the article quotes do not. The CEO only said that their other cold wallets are intact and that withdrawals remain normal.
Bybit claims to be regulated by the Virtual Assets Regulatory Authority of Dubai.[1] But the lookup page at VARA says they only have "In-principle approval", not a full license. "Applicants holding an IPA are strictly prohibited from initiating operations, conducting any virtual asset activities, or servicing clients until they have obtained their full VASP licence from VARA."
Uh oh.
[1] https://www.vara.ae/en/licenses-and-register/public-register...
> Who says ByBit can cover the loss?
CEO on X
When has the CEO of a cryptocurrency exchange ever lied before?
What possible motivation would he have to not tell the truth, the whole truth, and nothing but the truth?
Harumph!!!
Gentleman, please, rest your sphincters!
https://www.youtube.com/watch?v=g2Bp8SqYrnE
They're probably just saying that to avoid a run.
I wouldn't be surprised if Bybit cuts a deal with the hacker to return the funds. There's no way that $1.46 billion of marked ETH can be liquidated and off-ramped to fiat.
That’s well within the daily trading volume.
Well within real daily trading volume is less clear.
https://www.forbes.com/sites/javierpaz/2022/08/26/more-than-...
Exchanges will blacklist the addresses that hold the hacked ETH. They won't be able to deposit, or if they can deposit, the ETH will be frozen by the exchange.
Tornado cash and similar exist
I am sure there are still plenty of suckers who believe the whole "cryptocurrencies are fungible" narrative, and would get those ETHs with a discount.
It is on eth and they can use decentralized exchanges.
It's all traceable. Some of the ETH has already been run through a mixer and then bridged to BTC.
In any case, since this hack was performed by a nation state actor (Lazarus Group/North Korea), being caught is effectively meaningless.
[flagged]
Given how many of these exchanges have been hacked (or were fraudulent), how is it that people still use them?
> "Please rest assured that all other cold wallets are secure. All withdrawals are normal," he added.
There are no American infidels in Baghdad. Never!
I'd probably bet on this being and staying the case. Bybit needs to look as strong as possible here and they probably have a bunch of willing lenders.
The second they have to pause withdrawals and look weak, it could be game over from the (additional) reputational damage.
Chemical Ali ?
>Bybit CEO Ben Zhou wrote on X that a hacker "took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address."
Um how tf does a cold wallet get hacked?
Have to wait for a post-mortem, but there was some speculation from Ben earlier in his spaces.
They used a gnosis safe which is a smart contract multi-sig wallet that is pretty much the gold standard for Ethereum.
They believed that all of the signers' pcs were hacked and that the UI for signing was staged with a fake element to make it appear like a normal transfer.
They were signing with hardware wallets, but it's hard to verify what you're signing from a ledger typically.
What they ended up signing instead was an upgrade to the smart contract giving control of the gnosis safe to the hacker who then drained it.
Terrifying to imagine how much funding terrorist states might be getting by hacks like this.
One in particular gets about 1 billion dollars a year. Already hit their quota in February
Remember the golden rule that when it comes to crypto it is a scam 100% of the time. Congrats to the Bybit CEO on his newfound wealth.
These are not hacks, just like Mtgox, Celsius, FTX etc etc etc were not hacks. These are crypto insiders supporting the stablecoin so they can print and set a floor on prices before/during potential mass sell off events.
My understand is that the original transaction was a small fraction of the total balance of ETH in the wallet. How then were they able to liquidate the entire ETH wallet?
Kim Jong 1337 hacker strikes again
woops
More like byebit.
Unregulated asset exchanges. Haven't we been there before a loong time ago?
The entirety of the cryptocurrency world is so obviously a "Chesterton's Fence" situation.
Every pseudo-intellectual thinks that the fiscal world is "too complicated" and they're going to "simplify" it by making some token, only for people to realize that the monetary world is just complicated, and they have to reinvent everything that already existed in the traditional banking system.
I had to do some work on an ACH system a couple years ago [1], and I read through a large chunk of the ACH standard, which was about 800 pages. It's easy to see and hear that and think "that's way too complicated, what could possibly be so hard about money transfers that necessitates an 700 page specification??", but as I read it and saw how many edge cases it took into account, it was easy to see why it got so huge. It turns out that dealing with money is just a really hard problem at scale.
I fell for the cryptocurrency hype of 2021, and I will fully acknowledge that that came out of a complete lack of understanding of how fiscal systems work. I wish everyone else would just grow up already.
[1] Usually disclaimer: not hard to find my work history, it's not hidden, but I ask that you do not post anything about it (or at least any proper nouns about it) here.
For what it’s worth, I’m a “crypto believer” and I have never considered ease of use to be one of its selling points.
What you are describing are the systems of power which create a stable financial system. That is, one where you can put a nickel into a bank account and expect it to be there in a year or a hundred years.
That indeed requires a complex web of power structures, because its top line goal is to be stable and dependable. And stability within a complex landscape requires an equally complex network of power.
Crypto provides the exact opposite value: it cannot be controlled, no matter how robust your power structure is. It can be insured, at a significant cost, but not controlled.
That means in the face of even totalitarian powers someone could still move crypto across any boundary that is permeable to information, which it turns out is a set that roughly approximates the set of all boundaries.
This is a terrible way to pay for candy bars, because candy bars are not worth insuring.
But what I think the crypto opponents miss is that there is a set of transactions—some criminal, some legal, some immoral, some righteous—which cannot be made in a state controlled financial systems.
And that these transactions are what gives crypto value as a currency.
To me, where I would like the debate to go is not “is crypto a scam?” but “how does society protect people from the violence facilitated by crypto?”
Yes, financial “violence”, which can be insured against, but also real violence: human trafficking, extortion, etc.
We anarchists sometimes like to pretend that without rulers we will be freed to care for each other. But in the shadow of a history of violence, there will be more violence too.
And the “crypto is a scam” argument I fear is a red herring that distracts from this, the real issue.
Power structures can absolutely control crypto. They can make it illegal - it won't eradicate it altogether (see: war on drugs), but it will severely decrease its influence. No one is bragging about investing their retirement savings into cocaine, and Paypal does not offer it to me either.
Or if government is smarter, they can slowly gain control over it. Allow trading traceable currencies via official channels, but with good KYC measures. Do not allow fully anonymous systems. Go after mixers. Prosecute exchanges which do not verify their customers. Once there are plenty of government-sanctioned exchanges in the country, there will be little incentive to create unsanctioned ones, and someone with coins that were marked "North Korean-originated" won't be able to spend them in the country.
Your “if government is smarter scenario” is exactly what’s playing out right now.
> Crypto provides the exact opposite value: it cannot be controlled, no matter how robust your power structure is. It can be insured, at a significant cost, but not controlled.
This is such a naive claim parroted by crypto enthusiasts. Lots of criminal things can't be 'controlled' (e.g. stopping people murdering, stealing, etc.), but there are consequences if you do them.
Crypto could easily be controlled by laws or punitive taxes. KYC is a step in that direction. But still this claim keeps coming out. All they need to do is control the off-ramps.
It's like the one "but, but, there will only ever be a fixed amount of BTC, so it's valuable!". There will only ever be a fixed amount of my turds, but I don't see them up for auction. It also doesn't explain why BTC is the valuable one but not all the clones (spoiler: it's the brand name).
It's easier to just parrot some grifter's justifications than actually thinking for yourself I guess.
You wouldn't be the first person to pump and dump their own turds.
Some people even brand their own turds with their own name, and drop a $TRUMP and dump.
The crypto community continues to speed run the history of traditional finance. [1] https://news.ycombinator.com/item?id=31777761
It's only a matter of time until we get a railroad track laying network secured by proof of railroad track (PoRT) and recreate the panic of 1873.
I don’t know anyone working in crypto who complains about the physical world being too complex. Imaginary dragons are easily slayed.
If you read the original bitcoin paper, it complains about bank centralization and “issues” with traditional finance for a not-insignificant amount of it, and presents cryptocurrency as a solution.
I will admit I used a bit of shorthand, but the paper is providing a “simple” solution to a “complex” problem.
[flagged]
^Yep
When you decentralize finance like this what becomes okay to do according to system rules is exactly what is possible to do according to system rules. We don't have humans in that loop anymore to enforce moral judgments about what constitutes unlawful theft (except for 1 or 2 rare "hard-forks" of various blockchains to reverse devastating transactions).
I feel bad for people who lose large volumes of cryptocurrency to malicious actors in the same way I feel bad for people who lose large volumes of real money to a casino.
It is 2025 now and we all know that anyone who can somehow get your private-key to whatever blockchain backed assets you have "owns" those assets just as much as you do and they are permitted to take them under the rules of the system so whatever you do do not lose that key.
There is no higher arbiter of justice in this space so use it at your own risk.
Being doomed to spending millions of real dollars litigating to buy a trash dump full of used diapers and toxic waste, just to dig around in it looking for a hard disk drive for the rest of your life, seems to be a particularly satisfying Sisyphean form of justice.
https://en.wikipedia.org/wiki/Bitcoin_buried_in_Newport_land...
Yes!
A "cleverly masked exploit that altered the smart contract logic"[1] = congratulations!! the contract gives you $1.46B free money!!
I anticipate that the defi community will celebrate the inexorable operation of their logical contracts.
[1] https://cryptonews.com/news/bybit-crypto-exchange-faces-1-5-...
In this case yes - everything went by the design and law of the underlying code. There was no exploited bug or vulnerability flaw besides human laziness here.
1) Their multi-signature wallet signing employees lazily clicked through in unison to approve a new smart contract without examining the contents to see if it was unusual.
2) Bad security architecture to keep too much in a single wallet that wasn't properly kept cold. There should have been a few fully cold wallets, that only rarely transact with mostly-cold intermediary "airlock" wallets which are also separated from the exchange operations and wallets. The signers also need to be different combinations of people for each of those wallets - preferably some of those signers being additionally liable 3rd party technical experts.
>There was no bug or vulnerability flaw
when code is law, there can't be any bugs or vulnerabilities, only features.
I see this quote repeated here often, but working in the industry I've never heard it said unironically by any of my peers or thought leaders in the space. Best I can tell it is a sort of lazy straw man repeated by skeptics. Does it have an origin?
https://blockchain-society.science/?p=218
https://ethereumclassic.org/blog/2024-04-03-ethereum-classic...
Are those appropriate sources?
I suppose so, however Ethereum Classic is a fork of Ethereum that failed. I don't think it's generally well regarded in the space. I doubt many of the newer entrants to the ecosystem have even heard of it.
This would be like finding a quote from some old poorly maintained Linux distribution and attributing quotes from the maintainers as being representative of all kernel developers.
Thanks for a good faith response. This is what makes this website excellent.
While I must admit that I have some anti-cryptocurrency biases, I am also not that familiar with the cryptocurrency world. I really appreciate you sharing your knowledge.
The original idea with crypto was that the "code" was so strong, it removed the need for physical banks, tellers, FDIC, law enforcement, etc. The theory was, we can have everything the banking system has, but cheaper, because the only way to steal money was to break the crypto itself, hence "code is law".
The industry cannot appeal to the protections of law enforcement, civil tort, and other features of the regulated banking system, without simultaneously undermining the "crypto" part. If you're going to summon authorities when hackers hack, you're no better off than if you just acted like any other bank and stored the client's balance in an excel sheet.
> The original idea with crypto was that the "code" was so strong, it removed the need for physical banks, tellers, FDIC, law enforcement, etc.
Is this really an accurate characterization of "the original idea"? And according to whom?
Yes it is. Me and many other people.
“skibidi is toilet”
what r u talkin ab?
another "exchange was hacked" story, why I am not surprised.
"Oops, we were hacked, hehe, guess we'll have to shutdown. Oh and our CEO will be moving to another country."
[flagged]
Maybe so, but please don't post unsubstantive / snarky / tropey comments here. It leads to generic / repetitive / nasty discussion, and we're hoping to avoid that here.
https://news.ycombinator.com/newsguidelines.html
The genius behind crypto is that it's not just the extremely gullible. I know a fair number of really smart people, academics even, that have bought into the cryptocurrency hype.
It has this kind of veil of "high techness" to it that is appealing to smart-but-uninformed people (like me in 2021). I'm embarrassed that I fell for it, but on the bright side it does make me a bit more sympathetic for other people who also fell for it.
> The genius behind crypto is that it's not just the extremely gullible.
I don't know about you, but I barely follow cryptocurrency news, and I've still been hearing about major players getting "hacked" several times a year for over a decade.
Either it's Mt Gox or FTX or The DAO or Bitfinex or QuadrigaCX or Terra/Luna or rug-pull meme coins or dollar-backed coins that actually aren't or any of a dozen other things.
Anyone who isn't being extremely careful to avoid scams, given the constant drumbeat of reports about how you have to be extremely careful to avoid scams when dealing with cryptocurrency, is pretty gullible.
Ironically I think being more educated might sabotage you more with cryptocurrency.
My parents, both smart people but neither of which know much about distributed systems or concurrent computing or cryptocurrency, see the news reports about Mt Gox or BitConnect and think "that sounds like a scam", avoid it, and put money into a Vanguard or something.
On the other hand, you have people like me (and probably a not-insignificant percentage of people on HN), who have learned a fair amount of distributed and concurrent programming, and see the "neatness" factor of cryptocurrency, and since the crypto is laundered through interesting tech, we fall for it.
I haven't touched any cryptocurrency since I fell for the unregistered security calling itself Gemini Earn [1] (so almost three years now), but I did think that stuff like Filecoin was pretty cool. Hell, I'll still acknowledge the coolness factor of stuff like Filecoin and Storj and Sia. I just think that the currency itself is wishful-thinking-at-best, and fraudulent at worst (probably somewhere in between).
I don't think I'm an especially gullible person, but no one thinks that they're gullible, so I'll acknowledge that I probably am, but I think a lot of the educated people who got into crypto got into it because they kind of had horse-blinders on when looking at the interesting tech.
[1] Not my opinion, but the SEC's for what it's worth: https://www.sec.gov/newsroom/press-releases/2023-7
This essay scared me away from Ethereum, among other coins, for good:
https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-forest
Being smart or academic does absolutely not mean these people aren't gullible.
I know, but it is inversely correlated.
I don't think most academics would fall for the "Nigerian Prince" chain emails, or the "Romance Scams" you see on YouTube, which are things I usually associate with extremely gullible people.
To be honest, a distributed logic execution engine is an interesting tech, it just isn't something to build any high value economy on top of.
Sure, I'll totally acknowledge that some of the distributed algorithms that have spun out of the blockchain are pretty cool, and I'll even go as far as to say that maybe someday we'll find some very cool high-value uses from them.
Pretend money, at least in my opinion, is not one of those uses.
It’s been about 15 years now. The killer app for blockchain is Bitcoin.
I don't know, I think some of the papers for distributed consensus might lead to something cool; if nothing else it does seem to be increasing the use of formal methods, which I think is neat.
These things can take time; it might be thirty years or more before someone does anything actually useful with the stuff learned from the crypto world.
Crypto: where Kernighan’s Law meets con artistry.
What is the gullibility here?
Thinking you can store your crypto with some 3rd party that _definitely_ won't get hacked (or """hacked"""), also thinking your crypto won't become worthless from a singular unusual event. Actually the most gullible are the people who think of cryptocurrency as an "investment" XD
I don't know. I always store my crypto offline. I bought $1000 worth of bitcoin when it was less than $100 per bitcoin because it seemed like something that could get big at some point, and I was willing to risk $1000 on that thought.
My thought was it will some day either be worth a lot or be worth 0 and I'm OK with both of those possibilities. I don't really think I was gullible about anything and yes I thought about it as a risky investment that turned out to pay off quite well.
It’s an investment the same way that playing the lottery is. I had a family member win ~$30MM back in the 80s, but he had played the same numbers for decades; someone who knew of this stole the winning tickets and he ended up only getting 7.5MM of the winnings after a protracted court case.
Crypto is the same thing. You put money in and you may cash out quickly with a big number, but someone who knows can swoop in and steal your money in a way that is much easier than if you used more traditional investment and banking vehicles.
¯\_(ツ)_/¯
https://www.web3isgoinggreat.com/
[flagged]
So salty! And yet...How's ETH Classic doing? It was the right move at the time to fork. And pretty obviously would be the wrong move today.
For context, guluarte is referring to a moderately contentious hardfork done by the Ethereum developers and mining community to reverse TheDAO Hack in 2016 or so. The stakes were much larger then -- Ethereum was newer, not yet battle tested, and TheDAO had something like 10% of all ETH in it.
A fork was formed -- "ETH Classic" -- ticker ETC -- which did not reverse the DAO hack, and you can see from valuations that the public preferred the reversal.
I mean, the public comprised of the developers of Ethereum who had significant financial incentive to pretend the hack did not happen and to forever publicize their chain of history.
Code is law, up until it costs me.
it was actually up to the node operators to update their clients or not, which resulted in a contentious chain split. just like Bitcoin. decentralization worked as intended.
let’s not forget that Satoshi rolled back Bitcoin in 2010, whereas Ethereum was a surgical state change within a smart contract
What are you talking about in 2010?
https://en.bitcoin.it/wiki/Value_overflow_incident
Other transactions besides the one that created 184 billion BTC in that block was effectively “rolled back” on the working chain.
Thank you.
Old man yells at cloud vibes every time a crypto post comes on HN.
No interesting discussions ever. Just axes being sharpened and people who dislike it taking the opportunity to gloat. I would characterize the pro crypto people but I don’t see any. Which is said because over the last 5 years I have found crypto, bitcoin, and stable coins to be extremely useful when helping family members in emerging markets.
But hey it’s all trash, the west doesn’t need it so let’s all dance on its grave.. i guess we will keep dancing for another 15 years.
There's no interesting discussion to be had. That's the simple reason you always miss.