Why is the link at the top of this article ('cyber•Fund') to https://cyber.fund/system/Paragon, a page for 'Paragon', a very shifty high-budget ICO?
Given the other things Paragon has paid big bucks for (anything you can imagine, from paying Youtubers 5 figures per video to get their subscribers to 'invest' in them to paying for mass reddit vote manipulation to buying very expensive ads and sponsorship programs to lying about their company model, CEO, etc), it seems really out of place to me that this article links to them as the first link.
At first, I thought you might be hyperbolic or had fallen for some sort of propaganda (for lack of a better term). I don't know much about ICOs and I know/knew less about Paragon.
I figured I'd check and just let you be, figuring I'd not get involved.
So, I went to Google and entered, "Paragon ICO complaints Reddit."
In two minutes, probably less, I'd confirmed that they were as bad as you claim. I spent about a half hour and read a bunch. If anything, you didn't even mention some of the biggest issues.
The whole thing is shady as hell. They mysteriously went from two to five 'programmers' retroactively. Not only will they not name the programmers, they won't show any of their previous work, such as a GitHub account. The owner probably isn't the owner, but is her husband and he has a storied past that makes me question his ethics.
And it goes on and on. It's like the Equifax of crytocurrency, with regards to a continued stream of negative results. One of the complaints is that they are just in it for the money. Well, yeah... I can see that. I can even rationalize that. But, instead of sticking with their agreed pre-sale amount, they sold like five times as many coins.
How the heck is this even legal? I bet US currency was involved and it has been shown before that that's all it takes for the US Feds to get involved and go stomping across borders.
Seriously, how is it legal?
You didn't even exaggerate! They appear worse than your claim!
As for how they ended up on that site and as the top-most link, I find it hard to give the benefit of doubt. It took me one single search to confirm what you said. I only spent the additional time because I like a good train wreck.
I will give them some credit, their balls must need a cart to carry them around. This kind of money attracts strong enemies, regardless of the legality. There is no way in hell that this is legal.
Haha, I appreciate the response, I'm glad that upon doing your own investigation you found that my wording was reasonable.
As far as legality goes, it's difficulty to say. I think that a project like this is likely paying lawyers good money to make sure they stay 'in the green', but lawyers can only do so much to protect you when you do the things that they're doing. We all know that projects like Paragon and many others are the reasons why regulations will come even harder in these areas.
As for to what extent the law needs to protect investors from making terrible investments, I'm not sure, the game changes a lot when companies start completely lying to their investors, and that does seem to me (as a non-lawyer) like one of the many good places where lines can be drawn.
The only thing you might be guilty of is minimizing it.
I figured if I was doubtful, other people might be doubtful. Rather than have you be dismissed, it seemed to me that confirming your post was the prudent thing to do.
I was pretty shocked. That's fodder for a whole HN link and thread. I really figured you were blowing it out of proportion. Nope... Hell, the list of complaints goes on and on.
I'm reminded of when drones were gaining in popularity and people, notably on Slashdot, were saying all the things they were doing and how nobody could stop them. I told them that is how you end up with draconian regulations. I was moderated quite heavily in the downward direction. Fast forward a few years and they are complaining about draconian regulations.
Which is to say you're right. They are going to end up coming down on this, and coming down on this hard. I'm sure some rebels will say it can't be prevented, but laws don't work like that. They don't prevent anything. They'll just make cryptocurrency illegal, use and possession, and selectively prosecute the offenders.
That's worst case scenario, I guess. They may just regulate ICOs heavily and stop the regular person from investing. I doubt that will bother the wealthy and established players much. Even better, they'll be doing it 'for your own protection.' Those sound bites will appeal to the masses.
By the way, this is one of those times I wish an HN poster had been wrong.
Had you not added the "/s obviously" then I may actually have believed you to be serious.
There are going to be some regulatory changes coming down the pipe, I think. They don't have to try to use tech to prevent the use of cryptocurrency, they need only make it against the law and make use of discretionary prosecution. That's probably one of the weaker tools in their arsenal.
Aren't these the temporary deposit addresses that exchanges give out? You deposit and then they sweep the balance to their hot/cold wallets as necessary?
Also the ReplaySafeSplit and related contracts were due to the ETH/ETC split, you had to move your coins to be safe.
That was my first thought. Everything they describe sounds exactly like temporary exchange deposit addresses. And the transaction volume associated with them sounds about like what i'd expect.
Yeah, this was my thought as well. 67% of all ETH transaction volume in a mixer seems pretty high, particularly when you consider the volume traded on each of the exchanges
I was wondering that too. I know at least some exchanges (maybe even all the major ones?) use temporary addresses like that. I wonder when they started doing that. There's the huge spike in "mixer" activity from March this year onward, but that's also when Ethereum gained a lot of value. Maybe it's just a lot more trading started happening on the exchanges?
They have as long as I can remember, but the volume has skyrocketed over the past year along with more exchanges.
I don't understand how the author could group all temporary addresses, see the top inputs/outputs as all exchanges, and then claim some nefarious mixer was responsible.
This actually is possible. Every Ethereum transaction has a data field that can store an arbitrary amount of data.
Normally this is used for function calls to contracts. An exchange could make a contract that lets the user put in their userId when sending eth, and then everybody would be sending to the same address while still being identifiable. It would even be possible to reject deposits which do not include the userId, or which have an unknown userId.
I think the main reason exchanges don't do this is that they deal with lots of cryptocurrencies, so they use the simplest method that works for all of them: just make a unique deposit address for each user.
Yes, that's what I said. The ABI-intended input field could easily be used as personal ID. Furthermore in some cases you need to transfer money to other wallet specifically so it could call some method, and this way you would literally run any method by passing #methodIdarg1arg2. Clumsy but tx cost saving
> The re-shuffling of the coins is for the exchanges security and accounting
Neither requires re-shuffling. It's just for convenience and what be even more convenient if every blockchain tx included who they are trying to deposit to providing inputdata even for regular transfers. Like a tag, "these 10 eth for personal_Hash=abc123"
Actually that would put the onus on the sender to include extra pieces of data, and the exchanges would have to deal with errors from people who send without the hash.
So I'm pretty certain even if it were supported, individual addresses would still be the better choice due to ease of use.
This is obvious if you've ever poked through a few random transactions on etherscan. The big exchanges use temporary accounts to move funds to users. It makes sense that would make up a majority of eth transactions because fiat is the only way to purchase ether.
Is the story that 68% of the traffic is naked laundering or that 68% of the traffic is people buying into ICO that are not already enfranchised in ethereum?
Could be laundering but even with that you wouldn't want all of the source currency to be illegitimate so only a fraction of it would be. So it would probably cover both cases.
It's not laundering, it's spoofing by some of the earliest Ethereum holders who are trading with themselves on the exchanges to create the appearance of volume and liquidity to drive up the value of their coins.
This mixing ramped up around the same time as the price did.
Etherium was around $8 at the beginning of 2017, where it had been for years. By midyear it was in the $300-$400 range.
Is this mixing somehow involved with a scheme to pump the price?
First, Ethereum was found to be the perfect Ponzi scheme platform by dubious “ICO“ initiators.
Then, early investors made a huge bunch of money on these ICOs.
Then the price skyrocketed, as more people wanted some of that easy ICO money.
This in turn made the mixing services insanely popular, as all of those ICOs had to cash out, and knowing that their business was of dubious nature, many decided to obfuscate the target addresses of their ether via mixers to protect either OTC buyers or their personal accounts on exchanges from being linked with the ICO addresses.
I would say it is not actually a mixer. The point you are making actually points more towards them being temp addresses for exchanges. More people entering the market on exchanges, higher volume in exchanges, higher volume in this tempwallet "mixer"
If the transactions are just going to the deposit addresses that exchanges shuffle around, than it's possible that 67% of ETH activity as of late is tied to people sending to and from exchanges.
Doesn't this screw up people's taxes, making them liable for realised capital gains, and also making them completely screwed if the value of the currency goes back down again
You are only liable for CGT if you sell an asset (= realised gain).
So, if you buy a stock at $10 and it goes up to $100, your CGT liability is a certain percentage of $90 ($100 - $10) upon liquidation.
If you buy a stock at $100 and it goes down to $10, you end up with a $90 (generally carry forward, some jurisdictions allow carry backwards) loss that can be used to offset other gains.
yes - but isn't that what's essentially happening here when you run your coin thru a mixer and mix it with other coin (which must have the same value) - you sell your coin and get back a new one with today's value - voila a taxable event ....
I would assume you would argue that you merely moved money (or assets) around, just like you would wire money from A to B. Moving stocks with unrealised gains from broker A to B is also not taxable.
The only person you would ever have that conversation with would be the IRS (or your local tax authority outside of the US), and they are bound by confidentially.
If I go get change for $10,000 in $100 bills and ask for all $1's do I realize 10,000 dollars in capital gains because those are "other people's dollars"
but they're dollar bills, the currency we pay taxes in, they're always worth $10k no matter what happens to their actual intrinsic value ... a better example is:
I buy 10oz of gold for $1000 (this was a while ago), this week I exchange my gold for a different 10oz of gold (less a small commission to the exchange) currently worth $10,000 - is that a taxable transaction? I suspect yes
The first analysis about temporary addresses makes sense. Addresses used only for one hour. But what bearing does "transaction value" has? The real metric of a mixer controlling a currency would have been number of transactions. Mixing is about spreading the transactions far and wide and across many addresses to make it difficult to trace. When you look at the graph below, the mixer accounts for barely 11% of the transaction volume.
If I go further and read about the core and shell, the analysis falls apart even more.
The idea proposed is that the shell accounts are the ones responsible for generating output and inputs to external accounts like the exchanges and also talk to core which consists of 90% temporary accounts. Fair enough.
"In the end, it turned out that the total amount transferred into and out of the core is 4 times higher than the total that entered and left the shell and the core taken together." How is this even possible?
If assume flow of 1 ETH ignoring fees. Poloneix -> Shell -> core -> Shell -> Kraken
From the statement "total that entered and left the shell and the core taken together" = 1 ETH into shell + 1 ETH into core + 1 ETH out of core + 1 ETH out of shell = 4ETH
Total for core is 2 ETH - 1 in and 1 out. If shell is there to interact with the core, how is core doing 4 times the amount. Unless of course the confusion is dividing the total in and out of 4 by actual transaction of 1 ETH.
All exchanges need to segregate customer amounts to ensure everything works smoothly. Let's assume I have 1 ETH, then sent it to Kraken. No trades done and simply withdrew the ETH. Here's what will happen:
Me -> Kraken Temp account + network fees (mostly pool accounts ~ 0.0002) -> Me + Kraken account for withdrawal fee ie 0.005 + network fees (again pool)
In which case, two scenarios can occur:
a. Kraken temp account is tagged - So my account and pool accounts can be considered to be the shell. The in and out total for me is 1.9946 worth of ETH (1 ETH out + 0.9946 ETH in after Kraken and network fees). On the block fees side, in and out of the shell is 0.0004 ETH. Total is 1.995 in and out of the shell. While Kraken is doing 0.005 ETH.
b. The worse case scenario - Kraken temp account is unmarked. In this case the temp account becomes the shell while my personal account and pool becomes the so called core. Now this happens:
Core transaction volume - 1.995 ETH
Shell or Kraken temp account - 0.9998 In (after fees) + 0.9946 out (after Kraken and network fees) = 1.9944 ETH
Kraken - 0.005 ETH
Actual volume is 1 ETH but counting the transaction volume blows this thing up.
Let's say you hand me a $100 bill, and that you have marked that bill. I then take that bill to a bank and ask for 3 $20 bills and 4 $10 bills. The bank takes that $100 and puts into the vault, and takes out the bills I asked for out of the vault. Later, someone comes in with $100 worth of bills, and asks for a $100 bill. The bank goes to the vault and gets the marked $100 and gives it to that customer.
Tracking the bill doesn't help, because as soon as it's in the bank, what happens to it (and how it's exchanged), is hidden from you. Mixers work the same way.
You're right, but the article didn't find a mixer. They found the temporary deposit addresses every exchange uses and then wrote a FUD article to drive traffic and awareness of their sketchy ICO.
2. Their address is always transferring money to accounts.
3. Sometime after you pay them, some amount, not quite the same, leaves their address to an address you control, but which has no established connection to you.
So an observer can see:
1. That you put money into the mixer.
2. The full list of addresses the mixer payed 'out' to (very long).
Which allows them to say if an address has "mixed" money but not to determine which account is connected to which person. If you're careful and you don't transfer any coins to addresses linked to your 'real world' persona, it becomes difficult to trace the account containing the 'mixed' coins to you (though trivial to identify it as coming from the mixer).
A well designed mixer would not be so easy to detect. In a perfect world, you'd have matching clients all the time, and the only contamination is the fee being siphoned off. If the fee is managed well it could be very difficult to determine coins that went or came from the mixer.
In reality, you probably need to batch a few customers together: 10 customers putting in 1 BTC, 1 customer putting in 10. But these don't need to be long-lived groups, if the mixer has the volume. So "their address" would only be the same for a few customers. An attacker would need to constantly make transactions to determine the addresses involved.
Most mixers give you completely "clean coins": That is there's no transaction chain from your inputs to your outputs. So they are probably doing some sort of system similar to what I describe.
Sort of. It seems to me though that once you've missed coins from many sources in various ways 90+ times then the coins are distributed in parts to many end recipients its then very hard to to say if some fraction of a coin came had any one source. If I were designing a way to launder cryptocoins that may or may not have a questionable source I think this is pretty much what I'd come up with.
Kinda, the problem is once you've moved through a couple wallets (many wallets, in the case of the mixing services), it becomes very hard to tell the difference between one person moving their coins around, and one person paying another person.
A --> B
A --> B --> C --> ...--> Z
Pretend you know who A is already. Who are B through X? Is the person in control of A also in control of Z? Or any of the other wallets? These are answers the blockchain doesn't give you.
Wouldn't an interested party just assume A and B are both guilty and given the current taste for asset forfeiture laws, require proof of the origination of the funds? At one point does it not become possible to "capture" people this way? 10k wallets? 100k? I may be too simple to understand the math here, but in the end you've got people with guns to deal with.
You can assume all you want, but then you can end up with thousands of tainted addresses that participated in tumbling. Good luck proving anything with that to the jury.
RE: your question about inherent privacy, there is Monero (XMR) and ZCash which implement transactional privacy in different ways.
In my opinion XMR/Monero are the only implementation to do it all the way through, so it's what I prefer but as with all things, you should research what the differences are and which is better for you. ZCash has a higher value per coin right now and is probably more accepted than XMR/Monero.
Except no large systems support receiving shielded zcash transactions because of the CPU and RAM involved. They recently made some improvements, but it still takes many seconds of solid CPU time. Maybe in the future it'll be fast enough to be practical and they can make it the default.
ZCash is ideal, theoretically. If they get the performance amped up so that private transactions don't take forever, it could really work cause they could make privacy mandatory. Though a 10% tax of all coins is rather questionable. The CEO of the company did say he felt zcash could be made traceable enough to be uninteresting to money launderers, whatever that means. Sounds like the opposite of fungible.
Monero's less theoretically secure, and indeed, there's no info on how to safely "launder" coins through Monero. Ringsize is very small, at 5. But it seems to be a proper community effort and probably the best contender right now.
Dash is mired in mishaps, from its inception and instamine as Darkcoin. A single user or group of users hold magical keys that can undo 24 hours of blocks. They have centralized nodes and the mixing scheme isn't even theoretically secure.
I should add that Monero doesn't use mixing in the same sense. The ring size works so that you cannot see which of the different choices is the correct output until spent. This is different from having the participants swap coins as you do when mixing. The ring size isn't directly comparable to the number of mixing participants or mixing rounds as the former isn't susceptible to blockchain analysis. You can only make probabilistic guesses or IP tracing.
There is no "official" recommendation of how to securely launder coins in Monero. What you can do is to send the coins to yourself a number of times using the default ringsize or "churning".
Sending coins to yourself, aka churning, might not work so well after all, according to the latest MRL report. They say:
"
We at the Lab previously thought that one possible solution to knacc's described attack would be churning, where one sends funds to oneself multiple times before using at a merchant. Unfortunately, this leads to chains of self-referential transactions, which leave an undesirable and identifiable statistical signal.
"
Now the follow-up I've gotten says that this just means you can't churn too quickly. There is still no analysis of how often to churn, how long you need to wait, and on and on, until you're safe. The Monero wallets offer no way to manage your inputs either, so if you ever re-use a wallet (exchange->WalletA->WalletB a couple times) you'll leave even more of an trace.
So the number one idea that springs to mind, Exchange->Monero->Exchange, might be a worst-case scenario where you can easily be linked with a high probability. Especially when the approximate input time is known.
For instance, if you know a target exchanged Bitcoin in a certain transaction, you can simply trace all possible chains from that output and see when one hits an exchange, prioritizing shortest first: if an exchange output goes right back to an exchange, that's probably enough to get a warrant or targeted investigation.
Furthermore, an attacker could make a bunch of transactions so other transactions use known inputs, reducing effective ringsize even more. This wouldn't be very expensive at current volumes.
Even still, Monero still seems far ahead of competition. My biggest concern is that they don't put any sort of disclaimers, and incorrectly state it's untraceable. This will get people into trouble. The Tor Project does a far better job of being clear with the risks and shortcomings. The Monero community, mostly, seems to just advertise as if everything was solved. That plus the ridiculously low ring sizes feel rather irresponsible.
I'm really interested in Monero but I lack a comprehensive understanding of the underlying technology.
Is there a good resource (apart from the Monero community itself) that explains Ring signatures and similar technologies, including their limitations?
From your answer, you sound very knowledgable in this area - could you advise some good resources to learn more?
Given the other things Paragon has paid big bucks for (anything you can imagine, from paying Youtubers 5 figures per video to get their subscribers to 'invest' in them to paying for mass reddit vote manipulation to buying very expensive ads and sponsorship programs to lying about their company model, CEO, etc), it seems really out of place to me that this article links to them as the first link.