How many mistakes? Reused address. Round amount. Mixed script types (not sender's fault). Then receiver sends straight to exchange with zero obfuscation.

Honestly tinfoil may be required in the face of this 🤡 behaviour.

For what it's worth: heard on the Risky Business podcast (IT security stuff), their working theory is that (a) perp is a teenager, heard from multiple sources, (b) the coins were actually seized they think most likely, by some govt agents "popping a shell" (or otherwise hacking) and simply sending the funds out of the perp's wallet. Interesting! No idea if true.

@waxwing Bitcoin was a blockchain proof of concept. It is not meant to be used as a currency.

If you want anonymous and untraceable digital cash look at #Monero

@nosat Inferior security; inferior scalability; nontransparent amounts may be a bug not a feature (see: real inflation bugs in zcash and monero); and by Monero proponents' own standards, it is strictly inferior to Zcash as a design, since there is still a transaction graph, thus it is by no means perfectly untraceable.

Digicash was perfectly private. But centralized.

To cut the scalability/auditability/privacy Gordian knot, only a layered approach makes sense.

@waxwing

Monero is open source the code has been audited and the math and cryptogrophy is sound.

There is no scalability issue with monero, there is with Bitcoin, this was already proven.

Monero requires no trusted 3rd party set up like zcash thus superior in security.

You can never attain privacy on a 2nd layer if the base is not private, common sense.

@nosat

> Monero is open source the code has been audited and the math and cryptogrophy is sound.

I'm referring to actual bugs; one which was on mainnet (small subgroup attack effectively) and one which didn't make it because Jonas Nick of Blockstream noticed the construction was unsound. Next time you might be less lucky and you get invisible inflation for an undefined period that no one knows about. That's my point.

(1/2)

@nosat

> Monero requires no trusted 3rd party set up like zcash thus superior in security.
Mostly not a factor today after Sapling, imo (see: powers of tau). And, even in that first version, it was a very unlikely risk of backdooring; the *real* risk was the one that eventuated: invisible inflation potential, because of a bug - again. And I predicted this in a panel in Lisbon mid 2018 btw, it's on youtube, while the zcash team was keeping secret that it had already happened!).

(2/n)

@nosat

> You can never attain privacy on a 2nd layer if the base is not private, common sense.

Sure, just like it's common sense that we didn't build TLS on top of TCP/IP but baked it in.

The world isn't that simple. Even banknotes are not always fungible. There's a lot more nuance here than "make the base layer perfectly private". That's exactly what digicash did, but because it didn't pay attention to what *really* mattered (that the system can't be shut down), it was an abject failure.

@nosat i don't have a particular beef with Monero (see e.g. this article I wrote on ring signatures: joinmarket.me/blog/blog/ring-s ), what I have an issue with is this oversimplified "just use Monero" narrative, thinking it's a slam dunk and Bitcoin is useless. It's not just wrong, itt also hasn't worked for years and it's not going to; the world is not that simple.

Most proponents have almost no idea what they're talking about.

@waxwing

You have a point, however there is also a just use Bitcoin narrative. This is even worse, at least with Monero you have some privacy by default and pretty hard to screw it up.

@waxwing

Minimal risk trade-off for vast benefit. Sending value anonymously in an uncensorable secure fashion to anyone in the wrold.

There might be a bug in your car's ECU that kills you, yet you drive around in it. Minimal risk, massive benefit.

Not saying Monero is the end all be all, but it qualifies as a currency, BTC does not.

LN is meh at this point, need 1000 to receive 1000, pretty dumb.

BTC has a place and so does Monero

@nosat "LN is pretty dumb because it needs capacity in channels".
That's not much of a limitation even today. I can lease inbound liquidity (and I've actually done it, it's pretty easy already for the tech inclined, still that's developing).

There's even wallets that give you inbound for free but that's obviously a loss leader thing.

"LN is meh", sure, OK, I hear that all the time. But it works very well for me, I use it all the time, and it's extremely cheap and extremely fast. Shrug.

@nosat still, it is fair to say: you can't just say everything is solved by a LN or similar second layer. The base layer still has to function. My argument is essentially that you can deal with the specific characteristics of a base layer as part of a tradeoff (and that layers are needed to deal with that tradeoff). The base layer blockchain is a very strange beast.

@nosat You don't argue with @waxwing when it comes to cryptocurrency privacy, my man 😅

@waxwing what can we learn from the reused addresses?

im sure the feds have a huge index of people associated with wallet addresses, but assuming inside job, does anyone outside of intel have access to such info

@thisisthebreath

> what can we learn from the reused addresses?

I don't know. When I looked at it the only thing I noticed is: a wallet using bech32 and sending change back to the same address: I think it fits blockchain.com (blockchain.info)? Because they changed to segwit recently right? But then are they really still using a 1 address wallet? I suspect not. So .. I don't know. Note that this would be the wallet of the pipeline people.

@waxwing whoopsie!

And didn't it end up on Coinbase, home of surveillance?

Whoever did it, friend or foe, they're fucking n00bs.

@beachbardave don't know if it's verified to be Coinbase yet, but seems reasonable. Weird case.

@waxwing indeed, the idea that someone could be advanced enough to hack but not understand bitcoin basics seems pretty mental, unless it turns out it's another 17 year old kid like the Twitter hack...

@waxwing if that is the case, i how they figured out what computer to hack, i mean, do spy nodes give enough confidence of the real origin of a transaction to warrant action like that
might be they had some evidence outside of bitcoin, of course, for all we know they staged the entire attack from that server 🙂

@orionwl well from the accounts of those podcasters, the implication seemed to be that they knew who he was (see: teenager), so i just assumed the hacking was based on that.

@waxwing @orionwl Oh I heard they just subpoena'd the service where the coins were sent to and took it from there...

@stevenroose @orionwl i think I've heard 3 or 4 different theories now.

@waxwing @orionwl Yeah buying from Facebook isn't something I'd feel comfortable with in the first place though. And if they include Spyware, for sure not :/

@stevenroose @orionwl yeah that's the issue. They require FB acct. For now I'm sticking with Valve. It looks like Valve are threatening to come out with a wireless option at some point, but i think it won't touch the pain points that push people to FB - the need for PC plus lighthouses, nor cost. I think.

Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!