Coinbase Review 2020: Buy & Sell Crypto - Is it Safe? All ...

Best bitcoin wallet in malaysia coinbase & luno review

Make money with cryptocurrency mining opportunity with guideline best bitcoin wallet in malaysia coinbase & luno review with atm debit card cash out
submitted by farazkhanniazi to u/farazkhanniazi [link] [comments]

Coinbase App Review – Coinbase Bitcoin Wallet

Coinbase App Review – Coinbase Bitcoin Wallet submitted by ososru to Bitcoin4free [link] [comments]

Coinbase App Review – Coinbase Bitcoin Wallet

Coinbase App Review – Coinbase Bitcoin Wallet submitted by Rufflenator to 3bitcoins [link] [comments]

Bitcoin Tipping Buttons Review and Comparison: There is an open source, wallet agnostic, option that is superior the Coinbase one.

Bitcoin Tipping Buttons Review and Comparison: There is an open source, wallet agnostic, option that is superior the Coinbase one. submitted by yeh-nah-yeh to Bitcoin [link] [comments]

CoinBase Review - It's Time To Open Your Bitcoin Wallet

CoinBase Review - It's Time To Open Your Bitcoin Wallet submitted by xezirone to Bitcoin [link] [comments]

A quick review of some of the native bitcoin wallets available for iOS: CoinPocket, bitWallet, breadwallet. Also mentioned: greenaddress.it, Blockchain.info, Coinjar and Coinbase

A quick review of some of the native bitcoin wallets available for iOS: CoinPocket, bitWallet, breadwallet. Also mentioned: greenaddress.it, Blockchain.info, Coinjar and Coinbase submitted by chrismarquardt to Bitcoin [link] [comments]

Review: Blockchain vs Coinbase Online Bitcoin Wallets

Review: Blockchain vs Coinbase Online Bitcoin Wallets submitted by muhammadharoonbr to Bitcoin [link] [comments]

Newfination - CoinBase Review - It's Time To Open Your Bitcoin Wallet

submitted by Kupsi to BitcoinInMedia [link] [comments]

Proposal: The Sia Foundation

Vision Statement

A common sentiment is brewing online; a shared desire for the internet that might have been. After decades of corporate encroachment, you don't need to be a power user to realize that something has gone very wrong.
In the early days of the internet, the future was bright. In that future, when you sent an instant message, it traveled directly to the recipient. When you needed to pay a friend, you announced a transfer of value to their public key. When an app was missing a feature you wanted, you opened up the source code and implemented it. When you took a picture on your phone, it was immediately encrypted and backed up to storage that you controlled. In that future, people would laugh at the idea of having to authenticate themselves to some corporation before doing these things.
What did we get instead? Rather than a network of human-sized communities, we have a handful of enormous commons, each controlled by a faceless corporate entity. Hey user, want to send a message? You can, but we'll store a copy of it indefinitely, unencrypted, for our preference-learning algorithms to pore over; how else could we slap targeted ads on every piece of content you see? Want to pay a friend? You can—in our Monopoly money. Want a new feature? Submit a request to our Support Center and we'll totally maybe think about it. Want to backup a photo? You can—inside our walled garden, which only we (and the NSA, of course) can access. Just be careful what you share, because merely locking you out of your account and deleting all your data is far from the worst thing we could do.
You rationalize this: "MEGACORP would never do such a thing; it would be bad for business." But we all know, at some level, that this state of affairs, this inversion of power, is not merely "unfortunate" or "suboptimal" – No. It is degrading. Even if MEGACORP were purely benevolent, it is degrading that we must ask its permission to talk to our friends; that we must rely on it to safeguard our treasured memories; that our digital lives are completely beholden to those who seek only to extract value from us.
At the root of this issue is the centralization of data. MEGACORP can surveil you—because your emails and video chats flow through their servers. And MEGACORP can control you—because they hold your data hostage. But centralization is a solution to a technical problem: How can we make the user's data accessible from anywhere in the world, on any device? For a long time, no alternative solution to this problem was forthcoming.
Today, thanks to a confluence of established techniques and recent innovations, we have solved the accessibility problem without resorting to centralization. Hashing, encryption, and erasure encoding got us most of the way, but one barrier remained: incentives. How do you incentivize an anonymous stranger to store your data? Earlier protocols like BitTorrent worked around this limitation by relying on altruism, tit-for-tat requirements, or "points" – in other words, nothing you could pay your electric bill with. Finally, in 2009, a solution appeared: Bitcoin. Not long after, Sia was born.
Cryptography has unleashed the latent power of the internet by enabling interactions between mutually-distrustful parties. Sia harnesses this power to turn the cloud storage market into a proper marketplace, where buyers and sellers can transact directly, with no intermediaries, anywhere in the world. No more silos or walled gardens: your data is encrypted, so it can't be spied on, and it's stored on many servers, so no single entity can hold it hostage. Thanks to projects like Sia, the internet is being re-decentralized.
Sia began its life as a startup, which means it has always been subjected to two competing forces: the ideals of its founders, and the profit motive inherent to all businesses. Its founders have taken great pains to never compromise on the former, but this often threatened the company's financial viability. With the establishment of the Sia Foundation, this tension is resolved. The Foundation, freed of the obligation to generate profit, is a pure embodiment of the ideals from which Sia originally sprung.
The goals and responsibilities of the Foundation are numerous: to maintain core Sia protocols and consensus code; to support developers building on top of Sia and its protocols; to promote Sia and facilitate partnerships in other spheres and communities; to ensure that users can easily acquire and safely store siacoins; to develop network scalability solutions; to implement hardforks and lead the community through them; and much more. In a broader sense, its mission is to commoditize data storage, making it cheap, ubiquitous, and accessible to all, without compromising privacy or performance.
Sia is a perfect example of how we can achieve better living through cryptography. We now begin a new chapter in Sia's history. May our stewardship lead it into a bright future.
 

Overview

Today, we are proposing the creation of the Sia Foundation: a new non-profit entity that builds and supports distributed cloud storage infrastructure, with a specific focus on the Sia storage platform. What follows is an informal overview of the Sia Foundation, covering two major topics: how the Foundation will be funded, and what its funds will be used for.

Organizational Structure

The Sia Foundation will be structured as a non-profit entity incorporated in the United States, likely a 501(c)(3) organization or similar. The actions of the Foundation will be constrained by its charter, which formalizes the specific obligations and overall mission outlined in this document. The charter will be updated on an annual basis to reflect the current goals of the Sia community.
The organization will be operated by a board of directors, initially comprising Luke Champine as President and Eddie Wang as Chairman. Luke Champine will be leaving his position at Nebulous to work at the Foundation full-time, and will seek to divest his shares of Nebulous stock along with other potential conflicts of interest. Neither Luke nor Eddie personally own any siafunds or significant quantities of siacoin.

Funding

The primary source of funding for the Foundation will come from a new block subsidy. Following a hardfork, 30 KS per block will be allocated to the "Foundation Fund," continuing in perpetuity. The existing 30 KS per block miner reward is not affected. Additionally, one year's worth of block subsidies (approximately 1.57 GS) will be allocated to the Fund immediately upon activation of the hardfork.
As detailed below, the Foundation will provably burn any coins that it cannot meaningfully spend. As such, the 30 KS subsidy should be viewed as a maximum. This allows the Foundation to grow alongside Sia without requiring additional hardforks.
The Foundation will not be funded to any degree by the possession or sale of siafunds. Siafunds were originally introduced as a means of incentivizing growth, and we still believe in their effectiveness: a siafund holder wants to increase the amount of storage on Sia as much as possible. While the Foundation obviously wants Sia to succeed, its driving force should be its charter. Deriving significant revenue from siafunds would jeopardize the Foundation's impartiality and focus. Ultimately, we want the Foundation to act in the best interests of Sia, not in growing its own budget.

Responsibilities

The Foundation inherits a great number of responsibilities from Nebulous. Each quarter, the Foundation will publish the progress it has made over the past quarter, and list the responsibilities it intends to prioritize over the coming quarter. This will be accompanied by a financial report, detailing each area of expenditure over the past quarter, and forecasting expenditures for the coming quarter. Below, we summarize some of the myriad responsibilities towards which the Foundation is expected to allocate its resources.

Maintain and enhance core Sia software

Arguably, this is the most important responsibility of the Foundation. At the heart of Sia is its consensus algorithm: regardless of other differences, all Sia software must agree upon the content and rules of the blockchain. It is therefore crucial that the algorithm be stewarded by an entity that is accountable to the community, transparent in its decision-making, and has no profit motive or other conflicts of interest.
Accordingly, Sia’s consensus functionality will no longer be directly maintained by Nebulous. Instead, the Foundation will release and maintain an implementation of a "minimal Sia full node," comprising the Sia consensus algorithm and P2P networking code. The source code will be available in a public repository, and signed binaries will be published for each release.
Other parties may use this code to provide alternative full node software. For example, Nebulous may extend the minimal full node with wallet, renter, and host functionality. The source code of any such implementation may be submitted to the Foundation for review. If the code passes review, the Foundation will provide "endorsement signatures" for the commit hash used and for binaries compiled internally by the Foundation. Specifically, these signatures assert that the Foundation believes the software contains no consensus-breaking changes or other modifications to imported Foundation code. Endorsement signatures and Foundation-compiled binaries may be displayed and distributed by the receiving party, along with an appropriate disclaimer.
A minimal full node is not terribly useful on its own; the wallet, renter, host, and other extensions are what make Sia a proper developer platform. Currently, the only implementations of these extensions are maintained by Nebulous. The Foundation will contract Nebulous to ensure that these extensions continue to receive updates and enhancements. Later on, the Foundation intends to develop its own implementations of these extensions and others. As with the minimal node software, these extensions will be open source and available in public repositories for use by any Sia node software.
With the consensus code now managed by the Foundation, the task of implementing and orchestrating hardforks becomes its responsibility as well. When the Foundation determines that a hardfork is necessary (whether through internal discussion or via community petition), a formal proposal will be drafted and submitted for public review, during which arguments for and against the proposal may be submitted to a public repository. During this time, the hardfork code will be implemented, either by Foundation employees or by external contributors working closely with the Foundation. Once the implementation is finished, final arguments will be heard. The Foundation board will then vote whether to accept or reject the proposal, and announce their decision along with appropriate justification. Assuming the proposal was accepted, the Foundation will announce the block height at which the hardfork will activate, and will subsequently release source code and signed binaries that incorporate the hardfork code.
Regardless of the Foundation's decision, it is the community that ultimately determines whether a fork is accepted or rejected – nothing can change that. Foundation node software will never automatically update, so all forks must be explicitly adopted by users. Furthermore, the Foundation will provide replay and wipeout protection for its hard forks, protecting other chains from unintended or malicious reorgs. Similarly, the Foundation will ensure that any file contracts formed prior to a fork activation will continue to be honored on both chains until they expire.
Finally, the Foundation also intends to pursue scalability solutions for the Sia blockchain. In particular, work has already begun on an implementation of Utreexo, which will greatly reduce the space requirements of fully-validating nodes (allowing a full node to be run on a smartphone) while increasing throughput and decreasing initial sync time. A hardfork implementing Utreexo will be submitted to the community as per the process detailed above.
As this is the most important responsibility of the Foundation, it will receive a significant portion of the Foundation’s budget, primarily in the form of developer salaries and contracting agreements.

Support community services

We intend to allocate 25% of the Foundation Fund towards the community. This allocation will be held and disbursed in the form of siacoins, and will pay for grants, bounties, hackathons, and other community-driven endeavours.
Any community-run service, such as a Skynet portal, explorer or web wallet, may apply to have its costs covered by the Foundation. Upon approval, the Foundation will reimburse expenses incurred by the service, subject to the exact terms agreed to. The intent of these grants is not to provide a source of income, but rather to make such services "break even" for their operators, so that members of the community can enrich the Sia ecosystem without worrying about the impact on their own finances.

Ensure easy acquisition and storage of siacoins

Most users will acquire their siacoins via an exchange. The Foundation will provide support to Sia-compatible exchanges, and pursue relevant integrations at its discretion, such as Coinbase's new Rosetta standard. The Foundation may also release DEX software that enables trading cryptocurrencies without the need for a third party. (The Foundation itself will never operate as a money transmitter.)
Increasingly, users are storing their cryptocurrency on hardware wallets. The Foundation will maintain the existing Ledger Nano S integration, and pursue further integrations at its discretion.
Of course, all hardware wallets must be paired with software running on a computer or smartphone, so the Foundation will also develop and/or maintain client-side wallet software, including both full-node wallets and "lite" wallets. Community-operated wallet services, i.e. web wallets, may be funded via grants.
Like core software maintenance, this responsibility will be funded in the form of developer salaries and contracting agreements.

Protect the ecosystem

When it comes to cryptocurrency security, patching software vulnerabilities is table stakes; there are significant legal and social threats that we must be mindful of as well. As such, the Foundation will earmark a portion of its fund to defend the community from legal action. The Foundation will also safeguard the network from 51% attacks and other threats to network security by implementing softforks and/or hardforks where necessary.
The Foundation also intends to assist in the development of a new FOSS software license, and to solicit legal memos on various Sia-related matters, such as hosting in the United States and the EU.
In a broader sense, the establishment of the Foundation makes the ecosystem more robust by transferring core development to a more neutral entity. Thanks to its funding structure, the Foundation will be immune to various forms of pressure that for-profit companies are susceptible to.

Drive adoption of Sia

Although the overriding goal of the Foundation is to make Sia the best platform it can be, all that work will be in vain if no one uses the platform. There are a number of ways the Foundation can promote Sia and get it into the hands of potential users and developers.
In-person conferences are understandably far less popular now, but the Foundation can sponsor and/or participate in virtual conferences. (In-person conferences may be held in the future, permitting circumstances.) Similarly, the Foundation will provide prizes for hackathons, which may be organized by community members, Nebulous, or the Foundation itself. Lastly, partnerships with other companies in the cryptocurrency space—or the cloud storage space—are a great way to increase awareness of Sia. To handle these responsibilities, one of the early priorities of the Foundation will be to hire a marketing director.

Fund Management

The Foundation Fund will be controlled by a multisig address. Each member of the Foundation's board will control one of the signing keys, with the signature threshold to be determined once the final composition of the board is known. (This threshold may also be increased or decreased if the number of board members changes.) Additionally, one timelocked signing key will be controlled by David Vorick. This key will act as a “dead man’s switch,” to be used in the event of an emergency that prevents Foundation board members from reaching the signature threshold. The timelock ensures that this key cannot be used unless the Foundation fails to sign a transaction for several months.
On the 1st of each month, the Foundation will use its keys to transfer all siacoins in the Fund to two new addresses. The first address will be controlled by a high-security hot wallet, and will receive approximately one month's worth of Foundation expenditures. The second address, receiving the remaining siacoins, will be a modified version of the source address: specifically, it will increase the timelock on David Vorick's signing key by one month. Any other changes to the set of signing keys, such as the arrival or departure of board members, will be incorporated into this address as well.
The Foundation Fund is allocated in SC, but many of the Foundation's expenditures must be paid in USD or other fiat currency. Accordingly, the Foundation will convert, at its discretion, a portion of its monthly withdrawals to fiat currency. We expect this conversion to be primarily facilitated by private "OTC" sales to accredited investors. The Foundation currently has no plans to speculate in cryptocurrency or other assets.
Finally, it is important that the Foundation adds value to the Sia platform well in excess of the inflation introduced by the block subsidy. For this reason, the Foundation intends to provably burn, on a quarterly basis, any coins that it cannot allocate towards any justifiable expense. In other words, coins will be burned whenever doing so provides greater value to the platform than any other use. Furthermore, the Foundation will cap its SC treasury at 5% of the total supply, and will cap its USD treasury at 4 years’ worth of predicted expenses.
 
Addendum: Hardfork Timeline
We would like to see this proposal finalized and accepted by the community no later than September 30th. A new version of siad, implementing the hardfork, will be released no later than October 15th. The hardfork will activate at block 293220, which is expected to occur around 12pm EST on January 1st, 2021.
 
Addendum: Inflation specifics
The total supply of siacoins as of January 1st, 2021 will be approximately 45.243 GS. The initial subsidy of 1.57 GS thus increases the supply by 3.47%, and the total annual inflation in 2021 will be at most 10.4% (if zero coins are burned). In 2022, total annual inflation will be at most 6.28%, and will steadily decrease in subsequent years.
 

Conclusion

We see the establishment of the Foundation as an important step in the maturation of the Sia project. It provides the ecosystem with a sustainable source of funding that can be exclusively directed towards achieving Sia's ambitious goals. Compared to other projects with far deeper pockets, Sia has always punched above its weight; once we're on equal footing, there's no telling what we'll be able to achieve.
Nevertheless, we do not propose this change lightly, and have taken pains to ensure that the Foundation will act in accordance with the ideals that this community shares. It will operate transparently, keep inflation to a minimum, and respect the user's fundamental role in decentralized systems. We hope that everyone in the community will consider this proposal carefully, and look forward to a productive discussion.
submitted by lukechampine to siacoin [link] [comments]

Buying something off empire market today what security precautions should I take?

I already disabled JavaScript, covered up my laptop camera, and use a VPN, are there any more steps I should take to secure my privacy?
submitted by Loss-My-Mitochondria to darknet [link] [comments]

Help with claiming BCH

Hi, So someone gave me 20 dollars worth of BCH in here and I’m totally new to cryptocurrency so I have no clue how to get it. I downloaded some app called Greem Wallet but now I hear it doesn’t support BCH. What app should I use to get it? A lot of the apps On the AppStore have bad reviews. I don’t know what to do
submitted by Boring_username1234 to btc [link] [comments]

How to convince Youtube that my account is hacked?

My channel is terminated on 24 September 2020. The reason of termination is violation of community guideline (scam / spam). Also my Google account was suspended due to suspicious activity. I had no idea what happened and sent appeal without knowing what caused the suspension. The first and second response was slow so I think it's human reviewed. I don't think that YouTube really human-reviewed other appeal as they respond so fast (800+ characters appeal reason).

Recently, I received that "my videos" has age restriction. All of notifications I receive are about cryptocurrency scam video (Free Unlimited bitcoin Hack Telegram With Termux Auto Claim DogeCoin, hack Coinbase wallet hack blockchain wallet 22 07 2019, #script #10 BTC #HACK # BTC #HackBTC FREEBITCOIN HACK SCRIPT 2019 10 BTC in a few minutes! ). I am ultimately confident that I didn't upload those videos. But I have no proof that I was hacked, they could say that I give my access to someone and make it look like hacked. Even the Google account suspicious activity didn't help me. What should I do?
submitted by mmknightx to youtube [link] [comments]

Best places to trade your Ripple/XRP (longer read)

In the past when you heard the word ‘cryptocurrency’, the first thing that came to everyone’s minds was Bitcoin. To some, this is still the case; they believe that Bitcoin is the cryptocurrency and the vice versa to also be true.
Of course, the statement is correct in one way; Bitcoin is a cryptocurrency, but cryptocurrency is not made up of only Bitcoin but a host of other currencies. One of these currencies is Ripple.
When it comes to the top five cryptocurrencies with the highest capitalization, Ripple needs no introduction as it has managed to secure a position of being the third most traded cryptocurrency around the world. Perhaps this is due to the fact that Ripple is the only cryptocurrency with a backing from traditional legacy financial institutions.
In addition, the coin has been integrated into the operation of thousands of small businesses around the world.
At this juncture, it is only fair that you learn how to be a part of this great innovation. Thankfully, that is what this guide is all about, showing you some of the best trading platforms for Ripple.
There are numerous exchanges that offer decent exchange rates and well-matched trading pairs, but I’ll only narrow down to some of our best picks to help you get started fast.

What is Ripple (XRP)?

Ripple is a cryptocurrency, a currency exchange, a real-time gross settlement payment system, and a remittance network powered by Ripple. As I mentioned before, this is the third most capitalized cryptocurrency asset after Bitcoin and Ethereum.
XRP allows enterprises such as banks and other financial service providers to offer their clients a reliable option to source for liquidity for cross-border currency transactions.
Ripple is a distributed, open-source platform that seeks to capitalize on the weaknesses of the conventional money payment systems such as credit and debit cards, PayPal, bank transfers, among others. According to Ripple, these payment systems expose users to a lot of transaction delays and restrict the fluidity of currencies.
The platform aims at replacing traditional payment systems through offering a faster, safer, and more convenient alternative for making payments.
Both the platform’s exchange and tokens are called Ripple, and their mantra states one frictionless experience to send money globally.

Where Can I Trade XRP?

Most exchanges that trade Ripple are limited to crypto-to-crypto transactions. This means that you can only trade Ripple with another cryptocurrency and not fiat currencies such as the euro or the dollar.
You’ll need to acquire the currency you wish to trade with XRP on a platform that accepts fiat, and once that happens, you can proceed to trade the two currencies.
There are several great platforms that offer XRP trading; below are just a few:

Buying XRP on Binance

Binance is an exchange that was established in 2017 but has bagged a reputation worth over 10 years of existence. This, the team claims, is due to a number of features offered by the platform including better security controls, low trading fee (0.05%), as well as its faster transacting speeds.
To buy or trade XRP on Binance, you’ll need to set up an account on the exchange. The platform offers a fast signup process and actually accepts users from all around the world.
Once you’re done signing up, navigate to the fund’s section and click on “Deposits”. You will find all the listed cryptocurrencies supported by the Binance platform.
Since Binance does not support the purchase of Ripple using fiat currencies, you’ll need to acquire another cryptocurrency such as Bitcoin or Ethereum and use it to acquire XRP.
This will require you to use a platform such as Coinbase that accepts fiat currencies when buying cryptos. Getting started on Coinbase is quite simple. Head over to their website and click on the “Get Started” icon on the top right corner of your screen.
Fill in the required fields and read through their User Agreement and Privacy Policy documents, then create your account.
You’ll receive an email that will require you to verify your signup details together with your phone number.
You will then gain access to your created account.
Proceed to buy your coins; preferably, choose either Bitcoin or Ethereum as they have higher liquidities. Once you’re done, your coins will be received in your online Coinbase account.
Head over to the menu indicated as “Account” and click on it.
Click on “Send” and enter the number of coins you wish to send to your Binance wallet. Copy and paste the address of your Binance account to Coinbase, then click send to transfer the funds.
The purchased cryptocurrency will be received and on Binance, you can go ahead and trade it with Ripple.

Buying XRP on Bittrex

Just like on Binance, you’ll need to create an account on Bittrex to get started.
The process is pretty much straightforward, only requiring you to sign up using your email address and password.
Once you’re done signing up, click on the wallet tab. You will be taken to a page where you can view all the deposit addresses of the cryptocurrencies on the Bittrex platform.
You can then choose the currency to use to purchase XRP, after which, you will be required to type in the code of the currency you will be using to purchase Ripple. If you’re using Ethereum, you can type in the search bar “ETH” and then click on the green arrow to reveal the deposit address. In case you will be sending the funds from a different exchange, you’ll need to paste the address to that platform.
Next, you’ll need to send funds to your Bittrex account. Bittrex permits payments using both fiat and cryptocurrencies. So, depending on what you will be using, send money to your online wallet and proceed to trade it with Ripple.

Buying XRP on Changelly

Changelly is another Ripple exchange that requires you to use either Bitcoin or Ethereum to acquire XRP.
The exchange doesn’t have an inbuilt wallet, so you’ll need to store your funds on a separate hardware or software wallet. You can pretty much use any type of wallet, but the most secure ones are the hardware ones as they store your coins in an offline cold storage area.
Ripple prefers not to have many unutilized accounts being set up on its platform; this is why you’ll need to have a minimum of 20 XRP in your account for you to get started. However, if your first transaction will be more than 20 XRP, then you’re all set.
Once you have a wallet ready for your Ripple, head to the Changelly site and click on “input currency”. Here, you will be able to enter the currency you wish to trade for Ripple.
You can basically pick and use any coin listed on the site, but it is highly recommended that you use either Bitcoin or Ethereum due to their high liquidity.
The output section will have Ripple, which is the currency you wish to receive.
The next step will require you to key in your XRP address, which is your Ripple address and the destination tag, which is a description of the transaction.
You can now proceed to trade your chosen coins for Ripple. The transaction shouldn’t take long, and you will be able to receive the coins in your Ripple wallet.

Cryptmixer

Cryptmixer is a platform that assists users to swap XRP with 5 other assets freely. The interface lets users convert assets directly from one’s wallet, without having to create an account or register. Besides, the service helps to compare different providers and find a suitable deal for handling Ripple transactions securely, rapidly, and at the best rate.
The process of using Cryptmixer is quite simple:
  1. Go to the main page, choose the currency you’d like to swap, and enter the amount.
  2. Choose XRP to receive.
  3. Review the amount to see how much you will receive. Cryptmixer will automatically find the best rates for your trade.
  4. Click Exchange.
  5. Then, enter the wallet address that you wish to use.
  6. Send in the deposit to the generated wallet address and wait for the transaction to be processed.
What makes Cryptmixer a great fit is that it provides a very simple layout and quick process so it’s not chore when you trade your crypto. The support line also takes on the job of solving the cases by cooperating with users with top priority.
To learn more on how to exchange XRP at the best rate check https://cryptmixer.com

Buying XRP on Coinmama

Coinmama is a cryptocurrency exchange that has been around for quite a while now. The Coinmama team has been adding more coins on their platform over time to be able to provide its users with a wider variety of trading pairs.
More recently, the platform included Ripple on its platform. However, Coinmama does not allow US-based users to purchase Ripple due to some stringent laws and regulations surrounding the coin.
But for non-US users, you can proceed to create your account on the platform and locate Ripple among the listed assets.
Once you’ve created your account, navigate your way to the area with the list of assets. Select one of the provided packages and proceed.
You’re required to have a crypto wallet prior to making any purchase on the platform, so be sure to have a valid wallet address before completing the purchase. Once that’s done, purchase your Ripple coins and they will be delivered to your wallet.

Storing Your Ripple Coins

Online storages are never safe for cryptocurrency assets. Individuals have woken up to all sort of horrific sceneries on their accounts that left them bankrupt with no one to turn to.
One of the most important concepts you need to grasp about online businesses is the security of your transactions.
Cryptocurrency burglars are everywhere and are getting smarter by the day; this means that traditional ways of guaranteeing the security of your online assets are no longer effective.
Most exchanges have top-notch security standards, but the safety of your cryptos begins with you. A great way of ensuring that your funds are secure is by getting an offline storage device for your coins. I’ve seen great reviews on two hardware wallets that I highly recommend; these are the Ledger Nano S and Trezor wallets.
After getting the wallet of your choice, keep your personal data such as passwords and secret words private; this will ensure that no one else gains access to your wallet even if you misplace it. Writing your password or PIN on open places or somewhere in your phone might not be a good idea; yes, it may be convenient for you, but it will be for the burglar too.

What method of purchasing XRP is considered to be the best?

The most secure and common way of acquiring Ripple is through buying Ethereum or Bitcoin from Coinbase or Coinmama, then transferring the same to Cryptmixer to use to exchange with Ripple.
This is because Ripple is currently not available for purchase by using fiat currencies.

What is the best trading platform for Ripple?

Ripple is available on a decent number of exchanges including Binance, Coinmama, Coinbase, Bittrex, Cryptmixer, and more. However, among the stated ones, I have found Cryptmixer to be more secure and easier to use while it also offers the best trading rates and fees.

The Bottom Line

As we conclude, you now have some of the best choices when it comes to the exchange to acquire Ripple coins. After buying your XRP coins, store them offline on a secure device due to the risk of being faced by threats such as hacking or system failures.
If you’re serious about making cryptocurrency your investment vehicle in the long run, consider investing in a more lasting security solution such as a hardware storage device. You may not get them for a few pennies, but trust me when I say they are worth every last dime you spend on them.
submitted by MonishaNuij to MonMonCrypto [link] [comments]

7 Ways to Earn LTC/Litecoin ASAP

Earning free Litecoin works similarly to earning free Bitcoin. There are several online platforms that give users free Litecoins for performing small tasks or playing online games.
Let’s explore some of the most popular ways to get free Litecoin.

Earn free Litecoin through reputable faucets

The easiest and most popular way to earn free Litecoin is through a Litecoin faucet. A faucet is a website or an application that gives users free crypto coins for completing simple tasks. These tasks are usually easy tasks like completing some captchas, viewing adverts, or playing simple games.
After completing the microtasks, the faucet will reward you with a small amount of Litecoin (Lithoshi). Litoshi is the smallest unit of Litecoin and 1 Lithoshi is equivalent to 0.000000001 Litecoin.
There are various Litecoin faucets out there, many of them being scam faucets. Before you choose a faucet platform, make sure it’s legit. Here, we will highlight a few of the most popular and reputable ones.
It is safe to mention that you should only register on faucets that integrate micro-wallets like Coinpot. Micro-wallets allow you to collect and combine faucet payments easily.

Litecoin Faucet

Just like the previously mentioned faucet, Litecoin Faucet also allows users to earn free Litecoin by solving captchas. You can earn as much as 2,500,000 Litoshis every hour with no daily limitation on the platform.
The unique feature of Litecoin Faucet is that there is no withdrawal limit. Therefore, you can withdraw any amount of Litecoin.
Faucets are sure ways of earning free Litecoin, but you have to be very careful not to fall victim to scams. Before registering on any faucet, look out for the following:
Online reviews to know if it is legit or scam.
Coinpot or Faucethub micro — wallet integration for easy withdrawal.
Deposit before withdrawal feature — This is a typical feature of scam faucets. Faucets are supposed to be free ways to earn Litecoin without any down payment.
Earnings per hour — earnings from faucets are usually small. If a faucet promises an incredible amount of Litecoin, it is probably a scam or total waste of time.
Litecoins earnings from faucets are usually really small. If your earning expectations are high, this might not be the best option for you. There are more lucrative and legit ways to earn free Litecoin. Read on to learn about the other ways to get free Litecoin.

Litecoin cloud mining

Litecoin mining is one of the oldest ways to get free Litecoin. In recent times, earning profits from Litecoin mining can be a major hassle simply because of the cost of setting up the mining device, the cost of electricity, and many other factors.
With the introduction of cloud mining, you can earn free Litecoin without the headaches involved in setting up mining kits. You can find lots of free Litecoin cloud mining contracts online.
All you need to do is download the software on your device to start earning. These software work by using your device’s memory to generate the Litecoin. Which means the more powerful your device, the more free Litecoin you can earn.
However, some of these free Litecoin software contains malicious scripts that can compromise your security by stealing your data. You should only download mining software with great online reviews.
Back when LTC started, it was possible to mine with a standard computer’s CPU or GPU. Unfortunately, as coins grow in both age and popularity, it becomes harder and harder to mine with low-cost equipment. The days of easy mining are over, but that doesn’t mean you still can’t profit from LTC mining.
There are three ways to begin your LTC mining adventure:
Solo mining
Part of a mining pool
Cloud mining

Litecoin lending

Litecoin lending is one of the most lucrative ways to obtain free Litecoin. You can make money by purchasing some Litecoin and lending others on lending platforms.
Lending platforms like Coinloan.io allow you to make as much as 10.5% ROI by lending your LTC. It means if you lend 100 LTC, you earn free 10.5 LTC within a year without doing anything.
By lending your Litecoin, you are making your money work for you. All you need is a trusted and secure lending platform to start earning free Litecoin with this method.

Wager your Litecoin

Another way to get free Litecoin is by wagering your Litecoin. Gambling is not the best way to earn free Litecoin because 70% of gamblers tend to lose more than what they earn.
No doubt that some people have actually managed to become rich through gambling, this, however, is very rare. So if you are a big risk-taker or you really love gambling, Litecoin gambling is one way to earn free Litecoin.
Crypto gambling websites like fortunejack.com, bitstarz.com, and kingbillycasino.com allow you to wager your Litecoin on various casino games. Crypto gambling is probably the riskiest way to earn free Litecoin, and it is not for the faint-hearted.

Invest In Litecoin​

If you’re looking to invest in Litecoin, it’s important to remember that Litecoin is a currency. This means it doesn’t act like a stock or bond. Instead of buying shares of Litecoin, you are swapping your currency for Litecoin currency.
For example, 1 LTC is equal to about $47 USD today. The goal is for the value of Litecoin to rise, in which case, you could exchange your Litecoins back to dollars (from someone willing to do the exchange).​

Referral Links for Crypto Exchanges

This one is good for those out there with friends that are also crypto savvy. Various exchanges offer affiliate programs where you get paid out for inviting your friends and colleagues onto their platform.
Exchanges like Coinbase offer a one time payment when a new person joins their platform while others like Cryptmixer, for example, gives its members an impressive 50% of the revenue from the new clients they bring in. You can also use their exchange to swap the Bitcoin you receive to Litecoin, making it a great way to earn LTC.
submitted by MonishaNuij to MonMonCrypto [link] [comments]

Decentr ($DEC) - foundational cross-chain and cross-platform DeFi protocol

  1. SUMMARY
Decentr is a protocol designed to make blockchain/DLT mainstream by allowing DeFi applications built on various blockchains to “talk to each other”. Decentr is a 100% secure and decentralised Web 3.0 protocol where users can apply PDV (personal data value) to increase APR on $DEC that users loan out as part of of our DeFi dLoan features, as well as it being applied at PoS when paying for stuff online. Decentr is also building a BAT competitor browser and Chrome/Firefox extension that acts as a gateway to 100% decentralised Web 3.0
Allows DeFi Dapps to access all Decentr’s dFintech features, including dLoan, dPay. Key innovation is that the protocols is based on a user’s ability to leverage the value of their data as exchangeable “currency”.
  1. KEY CONCEPTS

  1. REVENUE MODEL
A fee is charged for every transaction using dPay whereby an exchange takes place between money (fiat and digital) and data, and vice versa, either as part of DeFi features or via a dApp built on Decentr. They are launching pilot programmes in the following industries:
  1. Banking/PSP Industry: On Product launch, due to Decentr’s powerful PSP connections (including the worlds #2 PSP by volume), a medium-scale pilot program will be launched, which will seed the network with 150,000 PSP customers in primarily the Spanish/LAC markets, generating revenue from day one.
  2. “Bricks and Mortar” Supermarket/Grocery Industry: Decentr aims to ensure the long-term competitiveness of “bricks and mortar” supermarkets against online-only grocery retailers, such as Amazon, by a) building secure tech that allows supermarkets to digitise every aspect of their supply chains and operational functions, while b) allowing supermarkets to leverage this incredibly valuable data as a liquid asset class. Expected revenue by Year 5: $114Mn per year.
  3. Online Advertising Industry: Decentr’s 100% decentralised platform credits users secure data with payable value, in the form of PDV, for engaging with ads. The Brave browser was launched in 2012 and in 8 years has reached over 12 million monthly active users, accented by as many as 4.3 million daily active users.
  4. TOKEN $DEC AND SALE
Decentr recently complete their token sale on a purchase portal powered by Dolomite where they raised $974,000 in 10 minutes for a total sale hardcap of 1.25M. The $DEC token is actively trading on multiple exchanges including Uniswap and IDEX. Listed for free on IDEX, Hotbit, Hoo, Coinw, Tidex, BKex. Listed on CoinGecko and Coinmarketcap. Listed on Delta and Blockfolio apps.
➡️ Circulating supply: 61m $DEC.
➡️ Release schedule and token distribution LINK -> NO RELEASE UNTIL 2021.
➡️Contract Address - 0x30f271C9E86D2B7d00a6376Cd96A1cFBD5F0b9b3
➡️Decimals - 18, Ticker - DEC
➡️Uniswap link: https://uniswap.info/pai0x3AEEE5bA053eF8406420DbC5801fC95eC57b0E0A
⭐️ HOW TO BUY VIDEO: https://www.youtube.com/watch?v=iloAiv2oCRc&feature=youtu.be
$DEC Token utility:
A tradeable unit of value that is both internal and external to the Decentr platform.A unit of conversion between fiat entering and exiting the Decentr ecosystem.A way to capture the value of user data and combines the activity of every participant of the platform performing payment (dPay), or lending and borrowing (dLend), i.e a way to peg PDV to tangible/actionable value.Method of payment in the Decentr ecosystem.A method to internally underwrite the “Deconomy.
  1. NOTABLE SUPPORTERS
Simon Dedic - chief of Blockfyre: https://twitter.com/scoinaldo/status/1283787644221218817?s=20https://twitter.com/scoinaldo/status/1283719917657894912?s=21
Spectre Group Pick : https://twitter.com/SPECTREGRP/status/1284761576873041920https://twitter.com/llluckyl/status/1283765481716015111?s=21
Patrons of the Moon/Lil Uzi: https://t.me/patronsofthemoon/6764
CryptoGems: https://twitter.com/cryptogems_com/status/1283719318379925506?s=09t
tehMoonwalker pick who is a TOP 5 influencer per Binance:https://twitter.com/tehMoonwalkestatus/1284123961996050432?s=20https://twitter.com/binance/status/1279049822113198080
Holochain was one of their earliest supporters and they share a deep connection (recently an AMA was conducted in their TG group): https://medium.com/@DecentrNet/decentr-holochain-ama-29d662caed03
  1. UPCOMING NEWS
--------------------------------------------
  1. RESOURCES:
Website: https://decentr.net
Telegram: https://t.me/DecentrNet
Medium: https://medium.com/@DecentrNet
Twitter: https://twitter.com/DecentrNet
Whitepaper: https://decentr.net/files/Decentr_Whitepaper_V1.4.pdf
Technical Whitepaper: https://decentr.net/files/Decentr_Technical_Whitepaper_Data_As_Economic_Currency.pdf
Recent Articles:
⚡️- https://medium.com/@DecentrNet/decentr-token-sale-metrics-and-distribution-483bb3c58d05
⚡️- https://medium.com/@DecentrNet/how-decentrs-defi-dloan-function-benefits-dec-holders-97ff64a0c105
⚡️- https://medium.com/@DecentrNet/3-vertical-revenue-streams-decentr-is-targeting-4fa1f3dd62de
⚡️- https://medium.com/@DecentrNet/brave-browser-the-good-the-bad-and-the-fundamentally-misguided-8a8593b0ff5b
⚡️- https://medium.com/@DecentrNet/how-decentrs-dfintech-replaces-swift-sct-inst-clearing-house-and-other-payment-solutions-78acacbb4c3f
Chad Gang STRONG Community: https://t.me/decentrtrading
Community News Channel: https://t.me/chadnews
Recent Uniswap trades: https://t.me/dectrades
Wallet holder tracker: https://t.me/DEC_WALLETS_COUNT
submitted by ldd999 to CryptoMoonShots [link] [comments]

Scaling Reddit Community Points with Arbitrum Rollup: a piece of cake

Scaling Reddit Community Points with Arbitrum Rollup: a piece of cake
https://preview.redd.it/b80c05tnb9e51.jpg?width=2550&format=pjpg&auto=webp&s=850282c1a3962466ed44f73886dae1c8872d0f31
Submitted for consideration to The Great Reddit Scaling Bake-Off
Baked by the pastry chefs at Offchain Labs
Please send questions or comments to [[email protected] ](mailto:[email protected])
1. Overview
We're excited to submit Arbitrum Rollup for consideration to The Great Reddit Scaling Bake-Off. Arbitrum Rollup is the only Ethereum scaling solution that supports arbitrary smart contracts without compromising on Ethereum's security or adding points of centralization. For Reddit, this means that Arbitrum can not only scale the minting and transfer of Community Points, but it can foster a creative ecosystem built around Reddit Community Points enabling points to be used in a wide variety of third party applications. That's right -- you can have your cake and eat it too!
Arbitrum Rollup isn't just Ethereum-style. Its Layer 2 transactions are byte-for-byte identical to Ethereum, which means Ethereum users can continue to use their existing addresses and wallets, and Ethereum developers can continue to use their favorite toolchains and development environments out-of-the-box with Arbitrum. Coupling Arbitrum’s tooling-compatibility with its trustless asset interoperability, Reddit not only can scale but can onboard the entire Ethereum community at no cost by giving them the same experience they already know and love (well, certainly know).
To benchmark how Arbitrum can scale Reddit Community Points, we launched the Reddit contracts on an Arbitrum Rollup chain. Since Arbitrum provides full Solidity support, we didn't have to rewrite the Reddit contracts or try to mimic their functionality using an unfamiliar paradigm. Nope, none of that. We launched the Reddit contracts unmodified on Arbitrum Rollup complete with support for minting and distributing points. Like every Arbitrum Rollup chain, the chain included a bridge interface in which users can transfer Community Points or any other asset between the L1 and L2 chains. Arbitrum Rollup chains also support dynamic contract loading, which would allow third-party developers to launch custom ecosystem apps that integrate with Community Points on the very same chain that runs the Reddit contracts.
1.1 Why Ethereum
Perhaps the most exciting benefit of distributing Community Points using a blockchain is the ability to seamlessly port points to other applications and use them in a wide variety of contexts. Applications may include simple transfers such as a restaurant that allows Redditors to spend points on drinks. Or it may include complex smart contracts -- such as placing Community Points as a wager for a multiparty game or as collateral in a financial contract.
The common denominator between all of the fun uses of Reddit points is that it needs a thriving ecosystem of both users and developers, and the Ethereum blockchain is perhaps the only smart contract platform with significant adoption today. While many Layer 1 blockchains boast lower cost or higher throughput than the Ethereum blockchain, more often than not, these attributes mask the reality of little usage, weaker security, or both.
Perhaps another platform with significant usage will rise in the future. But today, Ethereum captures the mindshare of the blockchain community, and for Community Points to provide the most utility, the Ethereum blockchain is the natural choice.
1.2 Why Arbitrum
While Ethereum's ecosystem is unmatched, the reality is that fees are high and capacity is too low to support the scale of Reddit Community Points. Enter Arbitrum. Arbitrum Rollup provides all of the ecosystem benefits of Ethereum, but with orders of magnitude more capacity and at a fraction of the cost of native Ethereum smart contracts. And most of all, we don't change the experience from users. They continue to use the same wallets, addresses, languages, and tools.
Arbitrum Rollup is not the only solution that can scale payments, but it is the only developed solution that can scale both payments and arbitrary smart contracts trustlessly, which means that third party users can build highly scalable add-on apps that can be used without withdrawing money from the Rollup chain. If you believe that Reddit users will want to use their Community Points in smart contracts--and we believe they will--then it makes the most sense to choose a single scaling solution that can support the entire ecosystem, eliminating friction for users.
We view being able to run smart contracts in the same scaling solution as fundamentally critical since if there's significant demand in running smart contracts from Reddit's ecosystem, this would be a load on Ethereum and would itself require a scaling solution. Moreover, having different scaling solutions for the minting/distribution/spending of points and for third party apps would be burdensome for users as they'd have to constantly shuffle their Points back and forth.
2. Arbitrum at a glance
Arbitrum Rollup has a unique value proposition as it offers a combination of features that no other scaling solution achieves. Here we highlight its core attributes.
Decentralized. Arbitrum Rollup is as decentralized as Ethereum. Unlike some other Layer 2 scaling projects, Arbitrum Rollup doesn't have any centralized components or centralized operators who can censor users or delay transactions. Even in non-custodial systems, centralized components provide a risk as the operators are generally incentivized to increase their profit by extracting rent from users often in ways that severely degrade user experience. Even if centralized operators are altruistic, centralized components are subject to hacking, coercion, and potential liability.
Massive Scaling. Arbitrum achieves order of magnitude scaling over Ethereum's L1 smart contracts. Our software currently supports 453 transactions-per-second for basic transactions (at 1616 Ethereum gas per tx). We have a lot of room left to optimize (e.g. aggregating signatures), and over the next several months capacity will increase significantly. As described in detail below, Arbitrum can easily support and surpass Reddit's anticipated initial load, and its capacity will continue to improve as Reddit's capacity needs grow.
Low cost. The cost of running Arbitrum Rollup is quite low compared to L1 Ethereum and other scaling solutions such as those based on zero-knowledge proofs. Layer 2 fees are low, fixed, and predictable and should not be overly burdensome for Reddit to cover. Nobody needs to use special equipment or high-end machines. Arbitrum requires validators, which is a permissionless role that can be run on any reasonable on-line machine. Although anybody can act as a validator, in order to protect against a “tragedy of the commons” and make sure reputable validators are participating, we support a notion of “invited validators” that are compensated for their costs. In general, users pay (low) fees to cover the invited validators’ costs, but we imagine that Reddit may cover this cost for its users. See more on the costs and validator options below.
Ethereum Developer Experience. Not only does Arbitrum support EVM smart contracts, but the developer experience is identical to that of L1 Ethereum contracts and fully compatible with Ethereum tooling. Developers can port existing Solidity apps or write new ones using their favorite and familiar toolchains (e.g. Truffle, Buidler). There are no new languages or coding paradigms to learn.
Ethereum wallet compatibility. Just as in Ethereum, Arbitrum users need only hold keys, but do not have to store any coin history or additional data to protect or access their funds. Since Arbitrum transactions are semantically identical to Ethereum L1 transactions, existing Ethereum users can use their existing Ethereum keys with their existing wallet software such as Metamask.
Token interoperability. Users can easily transfer their ETH, ERC-20 and ERC-721 tokens between Ethereum and the Arbitrum Rollup chain. As we explain in detail below, it is possible to mint tokens in L2 that can subsequently be withdrawn and recognized by the L1 token contract.
Fast finality. Transactions complete with the same finality time as Ethereum L1 (and it's possible to get faster finality guarantees by trading away trust assumptions; see the Arbitrum Rollup whitepaper for details).
Non-custodial. Arbitrum Rollup is a non-custodial scaling solution, so users control their funds/points and neither Reddit nor anyone else can ever access or revoke points held by users.
Censorship Resistant. Since it's completely decentralized, and the Arbitrum protocol guarantees progress trustlessly, Arbitrum Rollup is just as censorship-proof as Ethereum.
Block explorer. The Arbitrum Rollup block explorer allows users to view and analyze transactions on the Rollup chain.
Limitations
Although this is a bake-off, we're not going to sugar coat anything. Arbitrum Rollup, like any Optimistic Rollup protocol, does have one limitation, and that's the delay on withdrawals.
As for the concrete length of the delay, we've done a good deal of internal modeling and have blogged about this as well. Our current modeling suggests a 3-hour delay is sufficient (but as discussed in the linked post there is a tradeoff space between the length of the challenge period and the size of the validators’ deposit).
Note that this doesn't mean that the chain is delayed for three hours. Arbitrum Rollup supports pipelining of execution, which means that validators can keep building new states even while previous ones are “in the pipeline” for confirmation. As the challenge delays expire for each update, a new state will be confirmed (read more about this here).
So activity and progress on the chain are not delayed by the challenge period. The only thing that's delayed is the consummation of withdrawals. Recall though that any single honest validator knows immediately (at the speed of L1 finality) which state updates are correct and can guarantee that they will eventually be confirmed, so once a valid withdrawal has been requested on-chain, every honest party knows that the withdrawal will definitely happen. There's a natural place here for a liquidity market in which a validator (or someone who trusts a validator) can provide withdrawal loans for a small interest fee. This is a no-risk business for them as they know which withdrawals will be confirmed (and can force their confirmation trustlessly no matter what anyone else does) but are just waiting for on-chain finality.
3. The recipe: How Arbitrum Rollup works
For a description of the technical components of Arbitrum Rollup and how they interact to create a highly scalable protocol with a developer experience that is identical to Ethereum, please refer to the following documents:
Arbitrum Rollup Whitepaper
Arbitrum academic paper (describes a previous version of Arbitrum)
4. Developer docs and APIs
For full details about how to set up and interact with an Arbitrum Rollup chain or validator, please refer to our developer docs, which can be found at https://developer.offchainlabs.com/.
Note that the Arbitrum version described on that site is older and will soon be replaced by the version we are entering in Reddit Bake-Off, which is still undergoing internal testing before public release.
5. Who are the validators?
As with any Layer 2 protocol, advancing the protocol correctly requires at least one validator (sometimes called block producers) that is honest and available. A natural question is: who are the validators?
Recall that the validator set for an Arbitrum chain is open and permissionless; anyone can start or stop validating at will. (A useful analogy is to full nodes on an L1 chain.) But we understand that even though anyone can participate, Reddit may want to guarantee that highly reputable nodes are validating their chain. Reddit may choose to validate the chain themselves and/or hire third-party validators.To this end, we have begun building a marketplace for validator-for-hire services so that dapp developers can outsource validation services to reputable nodes with high up-time. We've announced a partnership in which Chainlink nodes will provide Arbitrum validation services, and we expect to announce more partnerships shortly with other blockchain infrastructure providers.
Although there is no requirement that validators are paid, Arbitrum’s economic model tracks validators’ costs (e.g. amount of computation and storage) and can charge small fees on user transactions, using a gas-type system, to cover those costs. Alternatively, a single party such as Reddit can agree to cover the costs of invited validators.
6. Reddit Contract Support
Since Arbitrum contracts and transactions are byte-for-byte compatible with Ethereum, supporting the Reddit contracts is as simple as launching them on an Arbitrum chain.
Minting. Arbitrum Rollup supports hybrid L1/L2 tokens which can be minted in L2 and then withdrawn onto the L1. An L1 contract at address A can make a special call to the EthBridge which deploys a "buddy contract" to the same address A on an Arbitrum chain. Since it's deployed at the same address, users can know that the L2 contract is the authorized "buddy" of the L1 contract on the Arbitrum chain.
For minting, the L1 contract is a standard ERC-20 contract which mints and burns tokens when requested by the L2 contract. It is paired with an ERC-20 contract in L2 which mints tokens based on whatever programmer provided minting facility is desired and burns tokens when they are withdrawn from the rollup chain. Given this base infrastructure, Arbitrum can support any smart contract based method for minting tokens in L2, and indeed we directly support Reddit's signature/claim based minting in L2.
Batch minting. What's better than a mint cookie? A whole batch! In addition to supporting Reddit’s current minting/claiming scheme, we built a second minting design, which we believe outperforms the signature/claim system in many scenarios.
In the current system, Reddit periodically issues signed statements to users, who then take those statements to the blockchain to claim their tokens. An alternative approach would have Reddit directly submit the list of users/amounts to the blockchain and distribute the tokens to the users without the signature/claim process.
To optimize the cost efficiency of this approach, we designed an application-specific compression scheme to minimize the size of the batch distribution list. We analyzed the data from Reddit's previous distributions and found that the data is highly compressible since token amounts are small and repeated, and addresses appear multiple times. Our function groups transactions by size, and replaces previously-seen addresses with a shorter index value. We wrote client code to compress the data, wrote a Solidity decompressing function, and integrated that function into Reddit’s contract running on Arbitrum.
When we ran the compression function on the previous Reddit distribution data, we found that we could compress batched minting data down to to 11.8 bytes per minting event (averaged over a 6-month trace of Reddit’s historical token grants)compared with roughly 174 bytes of on-chain data needed for the signature claim approach to minting (roughly 43 for an RLP-encoded null transaction + 65 for Reddit's signature + 65 for the user's signature + roughly 8 for the number of Points) .
The relative benefit of the two approaches with respect to on-chain call data cost depends on the percentage of users that will actually claim their tokens on chain. With the above figures, batch minting will be cheaper if roughly 5% of users redeem their claims. We stress that our compression scheme is not Arbitrum-specific and would be beneficial in any general-purpose smart contract platform.
8. Benchmarks and costs
In this section, we give the full costs of operating the Reddit contracts on an Arbitrum Rollup chain including the L1 gas costs for the Rollup chain, the costs of computation and storage for the L2 validators as well as the capital lockup requirements for staking.
Arbitrum Rollup is still on testnet, so we did not run mainnet benchmarks. Instead, we measured the L1 gas cost and L2 workload for Reddit operations on Arbitrum and calculated the total cost assuming current Ethereum gas prices. As noted below in detail, our measurements do not assume that Arbitrum is consuming the entire capacity of Ethereum. We will present the details of our model now, but for full transparency you can also play around with it yourself and adjust the parameters, by copying the spreadsheet found here.
Our cost model is based on measurements of Reddit’s contracts, running unmodified (except for the addition of a batch minting function) on Arbitrum Rollup on top of Ethereum.
On the distribution of transactions and frequency of assertions. Reddit's instructions specify the following minimum parameters that submissions should support:
Over a 5 day period, your scaling PoC should be able to handle:
  • 100,000 point claims (minting & distributing points)
  • 25,000 subscriptions
  • 75,000 one-off points burning
  • 100,000 transfers
We provide the full costs of operating an Arbitrum Rollup chain with this usage under the assumption that tokens are minted or granted to users in batches, but other transactions are uniformly distributed over the 5 day period. Unlike some other submissions, we do not make unrealistic assumptions that all operations can be submitted in enormous batches. We assume that batch minting is done in batches that use only a few percent on an L1 block’s gas, and that other operations come in evenly over time and are submitted in batches, with one batch every five minutes to keep latency reasonable. (Users are probably already waiting for L1 finality, which takes at least that long to achieve.)
We note that assuming that there are only 300,000 transactions that arrive uniformly over the 5 day period will make our benchmark numbers lower, but we believe that this will reflect the true cost of running the system. To see why, say that batches are submitted every five minutes (20 L1 blocks) and there's a fixed overhead of c bytes of calldata per batch, the cost of which will get amortized over all transactions executed in that batch. Assume that each individual transaction adds a marginal cost of t. Lastly assume the capacity of the scaling system is high enough that it can support all of Reddit's 300,000 transactions within a single 20-block batch (i.e. that there is more than c + 300,000*t byes of calldata available in 20 blocks).
Consider what happens if c, the per-batch overhead, is large (which it is in some systems, but not in Arbitrum). In the scenario that transactions actually arrive at the system's capacity and each batch is full, then c gets amortized over 300,000 transactions. But if we assume that the system is not running at capacity--and only receives 300,000 transactions arriving uniformly over 5 days-- then each 20-block assertion will contain about 200 transactions, and thus each transaction will pay a nontrivial cost due to c.
We are aware that other proposals presented scaling numbers assuming that 300,000 transactions arrived at maximum capacity and was executed in a single mega-transaction, but according to our estimates, for at least one such report, this led to a reported gas price that was 2-3 orders of magnitude lower than it would have been assuming uniform arrival. We make more realistic batching assumptions, and we believe Arbitrum compares well when batch sizes are realistic.
Our model. Our cost model includes several sources of cost:
  • L1 gas costs: This is the cost of posting transactions as calldata on the L1 chain, as well as the overhead associated with each batch of transactions, and the L1 cost of settling transactions in the Arbitrum protocol.
  • Validator’s staking costs: In normal operation, one validator will need to be staked. The stake is assumed to be 0.2% of the total value of the chain (which is assumed to be $1 per user who is eligible to claim points). The cost of staking is the interest that could be earned on the money if it were not staked.
  • Validator computation and storage: Every validator must do computation to track the chain’s processing of transactions, and must maintain storage to keep track of the contracts’ EVM storage. The cost of computation and storage are estimated based on measurements, with the dollar cost of resources based on Amazon Web Services pricing.
It’s clear from our modeling that the predominant cost is for L1 calldata. This will probably be true for any plausible rollup-based system.
Our model also shows that Arbitrum can scale to workloads much larger than Reddit’s nominal workload, without exhausting L1 or L2 resources. The scaling bottleneck will ultimately be calldata on the L1 chain. We believe that cost could be reduced substantially if necessary by clever encoding of data. (In our design any compression / decompression of L2 transaction calldata would be done by client software and L2 programs, never by an L1 contract.)
9. Status of Arbitrum Rollup
Arbitrum Rollup is live on Ethereum testnet. All of the code written to date including everything included in the Reddit demo is open source and permissively licensed under the Apache V2 license. The first testnet version of Arbitrum Rollup was released on testnet in February. Our current internal version, which we used to benchmark the Reddit contracts, will be released soon and will be a major upgrade.
Both the Arbitrum design as well as the implementation are heavily audited by independent third parties. The Arbitrum academic paper was published at USENIX Security, a top-tier peer-reviewed academic venue. For the Arbitrum software, we have engaged Trail of Bits for a security audit, which is currently ongoing, and we are committed to have a clean report before launching on Ethereum mainnet.
10. Reddit Universe Arbitrum Rollup Chain
The benchmarks described in this document were all measured using the latest internal build of our software. When we release the new software upgrade publicly we will launch a Reddit Universe Arbitrum Rollup chain as a public demo, which will contain the Reddit contracts as well as a Uniswap instance and a Connext Hub, demonstrating how Community Points can be integrated into third party apps. We will also allow members of the public to dynamically launch ecosystem contracts. We at Offchain Labs will cover the validating costs for the Reddit Universe public demo.
If the folks at Reddit would like to evaluate our software prior to our public demo, please email us at [email protected] and we'd be more than happy to provide early access.
11. Even more scaling: Arbitrum Sidechains
Rollups are an excellent approach to scaling, and we are excited about Arbitrum Rollup which far surpasses Reddit's scaling needs. But looking forward to Reddit's eventual goal of supporting hundreds of millions of users, there will likely come a time when Reddit needs more scaling than any Rollup protocol can provide.
While Rollups greatly reduce costs, they don't break the linear barrier. That is, all transactions have an on-chain footprint (because all calldata must be posted on-chain), albeit a far smaller one than on native Ethereum, and the L1 limitations end up being the bottleneck for capacity and cost. Since Ethereum has limited capacity, this linear use of on-chain resources means that costs will eventually increase superlinearly with traffic.
The good news is that we at Offchain Labs have a solution in our roadmap that can satisfy this extreme-scaling setting as well: Arbitrum AnyTrust Sidechains. Arbitrum Sidechains are similar to Arbitrum Rollup, but deviate in that they name a permissioned set of validators. When a chain’s validators agree off-chain, they can greatly reduce the on-chain footprint of the protocol and require almost no data to be put on-chain. When validators can't reach unanimous agreement off-chain, the protocol reverts to Arbitrum Rollup. Technically, Arbitrum Sidechains can be viewed as a hybrid between state channels and Rollup, switching back and forth as necessary, and combining the performance and cost that state channels can achieve in the optimistic case, with the robustness of Rollup in other cases. The core technical challenge is how to switch seamlessly between modes and how to guarantee that security is maintained throughout.
Arbitrum Sidechains break through this linear barrier, while still maintaining a high level of security and decentralization. Arbitrum Sidechains provide the AnyTrust guarantee, which says that as long as any one validator is honest and available (even if you don't know which one will be), the L2 chain is guaranteed to execute correctly according to its code and guaranteed to make progress. Unlike in a state channel, offchain progress does not require unanimous consent, and liveness is preserved as long as there is a single honest validator.
Note that the trust model for Arbitrum Sidechains is much stronger than for typical BFT-style chains which introduce a consensus "voting" protocols among a small permissioned group of validators. BFT-based protocols require a supermajority (more than 2/3) of validators to agree. In Arbitrum Sidechains, by contrast, all you need is a single honest validator to achieve guaranteed correctness and progress. Notice that in Arbitrum adding validators strictly increases security since the AnyTrust guarantee provides correctness as long as any one validator is honest and available. By contrast, in BFT-style protocols, adding nodes can be dangerous as a coalition of dishonest nodes can break the protocol.
Like Arbitrum Rollup, the developer and user experiences for Arbitrum Sidechains will be identical to that of Ethereum. Reddit would be able to choose a large and diverse set of validators, and all that they would need to guarantee to break through the scaling barrier is that a single one of them will remain honest.
We hope to have Arbitrum Sidechains in production in early 2021, and thus when Reddit reaches the scale that surpasses the capacity of Rollups, Arbitrum Sidechains will be waiting and ready to help.
While the idea to switch between channels and Rollup to get the best of both worlds is conceptually simple, getting the details right and making sure that the switch does not introduce any attack vectors is highly non-trivial and has been the subject of years of our research (indeed, we were working on this design for years before the term Rollup was even coined).
12. How Arbitrum compares
We include a comparison to several other categories as well as specific projects when appropriate. and explain why we believe that Arbitrum is best suited for Reddit's purposes. We focus our attention on other Ethereum projects.
Payment only Rollups. Compared to Arbitrum Rollup, ZK-Rollups and other Rollups that only support token transfers have several disadvantages:
  • As outlined throughout the proposal, we believe that the entire draw of Ethereum is in its rich smart contracts support which is simply not achievable with today's zero-knowledge proof technology. Indeed, scaling with a ZK-Rollup will add friction to the deployment of smart contracts that interact with Community Points as users will have to withdraw their coins from the ZK-Rollup and transfer them to a smart contract system (like Arbitrum). The community will be best served if Reddit builds on a platform that has built-in, frictionless smart-contract support.
  • All other Rollup protocols of which we are aware employ a centralized operator. While it's true that users retain custody of their coins, the centralized operator can often profit from censoring, reordering, or delaying transactions. A common misconception is that since they're non-custodial protocols, a centralized sequencer does not pose a risk but this is incorrect as the sequencer can wreak havoc or shake down users for side payments without directly stealing funds.
  • Sidechain type protocols can eliminate some of these issues, but they are not trustless. Instead, they require trust in some quorum of a committee, often requiring two-third of the committee to be honest, compared to rollup protocols like Arbitrum that require only a single honest party. In addition, not all sidechain type protocols have committees that are diverse, or even non-centralized, in practice.
  • Plasma-style protocols have a centralized operator and do not support general smart contracts.
13. Concluding Remarks
While it's ultimately up to the judges’ palate, we believe that Arbitrum Rollup is the bakeoff choice that Reddit kneads. We far surpass Reddit's specified workload requirement at present, have much room to optimize Arbitrum Rollup in the near term, and have a clear path to get Reddit to hundreds of millions of users. Furthermore, we are the only project that gives developers and users the identical interface as the Ethereum blockchain and is fully interoperable and tooling-compatible, and we do this all without any new trust assumptions or centralized components.
But no matter how the cookie crumbles, we're glad to have participated in this bake-off and we thank you for your consideration.
About Offchain Labs
Offchain Labs, Inc. is a venture-funded New York company that spun out of Princeton University research, and is building the Arbitrum platform to usher in the next generation of scalable, interoperable, and compatible smart contracts. Offchain Labs is backed by Pantera Capital, Compound VC, Coinbase Ventures, and others.
Leadership Team
Ed Felten
Ed Felten is Co-founder and Chief Scientist at Offchain Labs. He is on leave from Princeton University, where he is the Robert E. Kahn Professor of Computer Science and Public Affairs. From 2015 to 2017 he served at the White House as Deputy United States Chief Technology Officer and senior advisor to the President. He is an ACM Fellow and member of the National Academy of Engineering. Outside of work, he is an avid runner, cook, and L.A. Dodgers fan.
Steven Goldfeder
Steven Goldfeder is Co-founder and Chief Executive Officer at Offchain Labs. He holds a PhD from Princeton University, where he worked at the intersection of cryptography and cryptocurrencies including threshold cryptography, zero-knowledge proof systems, and post-quantum signatures. He is a co-author of Bitcoin and Cryptocurrency Technologies, the leading textbook on cryptocurrencies, and he has previously worked at Google and Microsoft Research, where he co-invented the Picnic signature algorithm. When not working, you can find Steven spending time with his family, taking a nature walk, or twisting balloons.
Harry Kalodner
Harry Kalodner is Co-founder and Chief Technology Officer at Offchain Labs where he leads the engineering team. Before the company he attended Princeton as a Ph.D candidate where his research explored economics, anonymity, and incentive compatibility of cryptocurrencies, and he also has worked at Apple. When not up at 3:00am writing code, Harry occasionally sleeps.
submitted by hkalodner to ethereum [link] [comments]

PSA: How to use crypto to sell/buy PMs on r/PMsForSale

TL;DR 1: this is not an investment recommendation. This is not an endorsement of any crypto coin, token, or service. This post (which is a bit longish) describes how to use crypto as another payment mechanism. It would just add another tool to your PM trading toolbox.
TL;DR 2: This is not an exhaustive review – it’s a simplified how-to. Calling me out on certain minute aspects is useless. However, if I made a mistake, or omitted something important PLEAESE correct me.
TL;DR 3: I’ll describe everything in chapters, so as you go down, if you feel this is irrelevant to you, you can stop without spending too much time reading it all.

Chapter 1: Why use crypto

  1. You control the entire transaction, end to end. You do not need a third party (Like PayPal or Google) telling you what you’re allowed to sell, and for how much. You do not need to resort to subterfuge (“use Friends & Family, and make sure to leave no notes!”).
  2. Crypto transactions add a level of privacy (depending on how you use them).
  3. Transactions are secure (read more about blockchain technology), and usually only involve you sharing your crypto address with your counterpart.
  4. Transactions are irreversible – good if you’re an established seller who’s afraid of chargebacks by scammers.
  5. Yet transactions can still be proven – they’re out there on the blockchain, available for all to see.
  6. Most of the time, transactions are fast (depending on network traffic and amount of gas paid).

Chapter 2: Types of crypto

I’m not going to go into technicalities, and definitely not recommend anything. Let’s just split the crypto world right now into 2 types of coins: stable, and unstable.
  1. Unstable coins (Bitcoin, Ether, Ripple etc.) can see their fiat value go up or down several times a minute. They’re volatile, and while they can be used to pay, the buyer and seller need to agree on the spot, convert fiat to the coin and start the transaction – at the end of which, the fiat value received may be higher or lower than when the transfer started. Because of that, I’ll avoid discussing them here.
  2. Stable coins usually run on the Ethereum blockchain, and use a technology called “smart contract” to attach their value to fiat. A stable coin like USDC, DAI, USDT etc. will always be worth $1 (give or take 1% at certain times). For all intents and purposes, if I quote you a price of $250 and you send me 250 USDC – we’re done.

Chapter 3: what do I need to have to trade in stable coins?

  1. An address – your crypto address allows you to control crypto on the blockchain. More specifically, it allows you to withdraw funds (since everyone can deposit to your address, whether you want it or not).
  2. A crypto wallet. A wallet is NOT where you hold your coins! Your “money” is on the blockchain, assigned to your address. Your wallet allows you to mange the coins in that address. You can either use one of the free wallets out there, or have one provided to you by an exchange. I recommend MetaMask. It runs as a browser extension (Chrome, Firefox, Brave) or a mobile app. Make sure you do your due diligence before selecting a wallet, so you wont use a scammy app, that will use your pass phrase to clean up your address!
  3. Some Ether (usually 0.05-0.1 ether is enough for several transactions) – every transfer on the blockchain has a fee, representing compensation for the computer work done to transfer funds from address to address. This fee, known as “gas” can go from fractions of a cent to several dollars – depending on the blockchain traffic at the time. You can control the amount of gas, and price of gas for your transactions, but generally speaking: the less you pay, the slower the transfer. Gas is paid in Ether only, so you need some in your wallet (see below on how to get it).
  4. If you want to sell using crypto – you’re done!
  5. If you want to buy using Crypto, you’ll need to convert some fiat to stable coins – see next chapter.

Chapter 4: Quickest way to get stable coins

The easiest way to start (in the US – your miles/kilometres may vary elsewhere) is to open a Coinbase account.
(Disclaimer: you can choose any other exchange. I’m not compensated by Coinbase, I have no stake in Coinbase, I don’t work there, or know anyone who does. There’s a reason I mention them: they make this simple.)
While Coinbase is the fastest and easiest way to go for noobs, there are some caveats:
  1. Coinbase is a registered financial company. They require full KYC (i.e. photo of your driver’s license). Everything you do gets reported to the IRS, authorities, etc. But then, your bank does the same.
  2. Coinbase doesn’t care where the funds come and go – unless law enforcement, IRS, SEC etc tell them to care. If you’re privacy-oriented, an exchange is not for you, go to the next chapter.

Let’s look at the steps of using Coinbase, and how much they’ll cost you:

  1. Open Coinbase account (free)
  2. Go through KYC needed to connect a bank account to your Coinbase account (free)
  3. Transfer fiat to your account (free if bank transfer, otherwise credit/debit card fee applies)
  4. Convert fiat to the stable coin USDC (FREE! Since Coinbase “owns” USDC, they don’t charge anything to convert back and forth between USD and USDC. And it’s always 1-1 conversion.)
  5. Transfer USDC to an external wallet (yours, or a sellers) (FREE! Again, another perk – Coinbase pays your transfer gas fee).
  6. If you’re content with using Coinbase as your wallet, you are done!
a. When you want to buy, you ask the seller for his address, and transfer USDC to him (free).
b. When you want to sell, you give the user your Coinbase USDC address and he sends there (free again).
c. Make sure you send the right address – there are no backsies in crypto!!!

Using your own wallet:

  1. Install MetaMask. Follow instructions to create your address. Make sure you keep the pass phrase safe (NOT ON YOUR COMPUTER).
  2. Go through steps 1-5 to convert some fiat to USDC for free.
  3. Buy some ether – Currently Ether spot is about $230, meaning it’ll cost you about $10-20 to get some Ether + whatever fee Coinbase has on trading.
  4. Send the USDC to your new address.
  5. Send the Ether to your new address.
  6. You are now good to send and receive payments!
  7. When you receive USDC from a buyer, you can either keep them in your wallet for further use, or send to Coinbase, convert to fiat and send to your bank account. Always remember: on Coinbase 1 USDC == $1.

Chapter 5: Doing it on your own – for advanced users only

If you don’t like sharing all your info with Coinbase, you can definitely just install your own wallet (MetaMask is still the best option, IMHO, but there are many more), and fund it personally.
The biggest challenge you’ll face is: how do I convert fiat to crypto? Here are some options:
  1. The easiest: get someone to sell you some. Someone who already went through the whole process, and will agree to give you some crypto. Once you have crypto, you can easily convert it to any other crypto, without using any exchange, using crypto swap apps.
  2. The more expansive: use a service like Changelly (and there are others – again: I have no stake) to “buy” crypto. Take into account that they have fees. There are also services (like LocalBitcoins) that will allow you to buy directly from other people, for lower fees.
  3. You can use a different exchange, perhaps even one in a different country. Take into account that you’ll need to get actual money there, so at one point, someone will know something about you.
As said, once you have ANY crypto in your wallet, it’s easy to convert it to stable coins, Ether, or everything else you need.

Summary

I tried covering the basics of using crypto for payment. I did my best to avoid techy aspects and jargon.
Crypto is here to stay. Next (and current) generations will use it, like we’re using credit cards and PayPal. It will have no “magic” or “hoax” attached to it. It’s not “good” or “bad” – it’s just another way to convey value.
I was taught all this by someone. I’m sharing this with you now, in the hope you’ll share it with other people. That’s how knowledge grows.
If anyone wants any clarification, or expansion on any item, feel free to comment below, or reach out to me.
submitted by Niceguy955 to Silverbugs [link] [comments]

The events of a SIM swap attack (and defense tips)

Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CryptoCurrency [link] [comments]

The events of a SIM swap attack directed at Coinbase (and defense tips)

The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CoinBase [link] [comments]

What is the best beginner hardware wallet for cryptocurrency?

I’m getting more into crypto and want to take the first step in making sure my wallet is secure. I have used coinbase before but I have looked more into how third party/mobile apps aren’t the best when storing crypto and I want to invest more money into bitcoin and alt coins so I was looking into hardware wallets like the ledger nano S. I’ve watched a couple reviews and read more into it, I want to buy it, but I’m not sure if there are other hardware wallets out there that are betteeasier to use for a beginner since I know that there are others out there I just haven’t heard or seen people use them (keepkey, trezor). Should I buy a hardware wallet instead of using a mobile phone wallet? I am looking to invest more into BTC, ETH, $OCEAN, $LINK, and other various alt coins I just need to find a wallet that supports my needs and has the security.
submitted by 6the6daily6evan to ask [link] [comments]

Defi Coins List In Detail

A Detail List Of Defi Coin

Lending

Trading

Payments

Wallets

Interfaces

Infrastructure

Analytics

Education

Podcasts

Newsletters

Communities

submitted by jakkkmotivator to Latest_Defi_News [link] [comments]

Best Bitcoin Wallet?

Has anyone actually been able to set up a wallet for crypto's and not had problems cos i was ripped off by Coinbase who are just a shitty company all round. i set up an account just fine, deposited money made a payment then a week or so later, They said i need to provide an address in the US where i do not live, there was no option to change this, i eventually was able to log in without it coming up but then they said i need a US id and there was no way to put any other id types, just a page that said you can but no way to actually give one. I am now unable to access my account and get my money back. Then i tried bitbargain.uk but their id upload didnt accept me even though the pictures were clear, then i tried blockchain and every time i click buy bitcoins its said oops theres is a fault on our end, and ive read reviews from others and most are really bad so i have no interest in trying to get it to work. Ive read review on all the top companies, and websites make them look good but customers seems to have so many problems with all of them. So has anyone been able to find a company that doesn't lock them out of their account or loose their money like ive seen so many people say on review sites? Thanks
submitted by AlfiesRedditUsername to BitcoinBeginners [link] [comments]

Coinbase Wallet - The Pro's and Cons - YouTube DO NOT USE COINBASE!  Coinbase Review - YouTube Sending Bitcoin to Your Wallet with Coinbase - YouTube Coinbase Wallet Mining (real Bitcoin adder) 2017 - YouTube How to Send Bitcoin from Coinbase to your Exodus wallet ...

While keeping your funds in the Coinbase wallet comes with its own security features, larger balances should be placed in the Coinbase Vault. In a nutshell, this allows you to set-up a 48-hour lock-up period on any future withdrawal requests. At any point in time before the 48-hour period passes, you as the account owner can cancel the withdrawal. This would be highly beneficial in the event ... Coinbase Wallet is an excellent cryptocurrency wallet that has great things in its future. While it's a little limited on the digital currencies it supports, it's not only easy to use but also the ... Coinbase is an online wallet for cryptocurrencies and platform where you can easily buy and sell Bitcoin (BTC), Ethereum (ETH) and Litecoin (LTC). Today they are the world’s largest Bitcoin company with more than 9 million users in over 30 countries. It’s a company with high security and reliability on the crypto market. Coinbase focuses on building safe products that are easy to use for ... Summary: Using of Coinbase Bitcoin Wallet. Create an account at Coinbase which would automatically leave you with a wallet. Go to the “Tools” page and select “Address” section. Click “Create New Address” to be able to receive BTC. To send bitcoins, go to the “Accounts” page and click “Send” button. To guarantee the safety of your Bitcoin wallet, it is advisable to move all your cash after each transaction. The wallet was principally used for the storage of ETH, ERC 20 tokens alongside other Coinbase wallet coins. However, in February 2019, Coinbase declared the app will now be supporting Bitcoin too. Just to bring to your attention, the wallet is non-identical to the one accessible on ...

[index] [23535] [938] [50457] [12360] [3974] [41463] [20136] [9620] [28469] [42089]

Coinbase Wallet - The Pro's and Cons - YouTube

bitcoin, bitcoin mining, bitcoin mining software, money, free, namecoin, bitcoin miner software, mining bitcoin, free bitcoin mining, mining crypto, crypto m... Today I am bringing you a video to explain why I do not recommend using Coinbase to purchase bitcoin. I personally do not think coinbase is a scam, but I do ... Do you know the good and the bad when it comes to the Coinbase wallet? Well, let's find out. Subscribe for more awesome videos and a chance at Free Bitcoin! ... In this Coinbase tutorial 2020 for beginners, we review Coinbase account setup/registration, with best guidelines on how to use your wallet to buy Bitcoin an... http://digimillionaires.org - A short video on How to “Sell” bitcoins in your Coinbase wallet, back to your checking account. For more information, please vi...

#