Bitcoin Trader Monster SIM 1

Bob The Magic Custodian



Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses.
Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes.

First, some background. Here is a summary of how custodians make us more secure:

Previously, we might give Alice our crypto assets to hold. There were risks:

But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
See - all problems are solved! All we have to worry about now is:
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are!

"On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid".
"Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since."

"As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!"
"Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?"

"Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party."
"Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!"

"What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven."
"Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!"

"We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies.
And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often".

How many holes have to exist for your funds to get stolen?
Just one.

Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so?
If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security.

The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle.

And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet?

Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds.
So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever.

Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see.
It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation.
A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.

History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance.
Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.)
Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive.

Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today.
Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well.
Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do.

Facts/background/sources (skip if you like):



Thoughts?
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

The events of a SIM swap attack (and defense tips)

Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CryptoCurrency [link] [comments]

The events of a SIM swap attack directed at Coinbase (and defense tips)

The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CoinBase [link] [comments]

Weekly Update: 2gether has 40k users, $BOMB on Uniswap, Ghost data service, Constellation State of the Union…– 5 Jun - 11 Jun'20

Weekly Update: 2gether has 40k users, $BOMB on Uniswap, Ghost data service, Constellation State of the Union…– 5 Jun - 11 Jun'20
Hey everyone! This is Part IV of VI from our May-June update catchup series (5 Jun - 11 Jun'20):

Yosma's Cheerful Cassowary beat Eva's Bright Beetle in a quick finale to win this week's Parena which had a massive $PAR pot thanks to a generous donation from Tony. Gamer Boy’s “Random Gk” and “Renewal from January” quizzes in Tiproom were fun as always. Plus, there were 10k $PAR in prizes. Cool! Charlotte’s “Mega Trivia” got everyone scratching their heads. CoD Mobile gamers were in for an epic time this week with Tavo hosting a tournament with a 3k $PAR pot in the Parachute War Zone. Two-for-Tuesday slid into the "rap, reggae and reggaeton" mode this week. Click here to listen to the playlist. Thanks Sebastian for setting it up! If you have been around for a while, you’ll know that Clinton’s charity, For Living Independence, does some amazing work. So the next time you shop on Amazon, don’t forget to show some love though AmazonSmile.
Cap and crew made their voices heard in NYC this week in solidarity with George Floyd
Congratulations to 2gether for crossing the 40k user mark this week. A new way for account top ups was introduced as well. This week’s CEO email covers news on the latest UX and the 2GT token. Youtuber Funontheride featured the email in his video. Filippo Angeloni covered the latest updates in his newest video as well. Founder Savador Casquero wrote about crypto staking in an Investing.com article. MakerDAO covered the 2gether card in its blog post on crypto debit cards. Following the XIO dApp update from last week, Citizens brainstormed about the UI this week. Citizens also talked about some of their contrarian beliefs in crypto. Bomb community started a Uniswap rewards program. Voyager raised USD 2.1M through a private placement from investors such as Streamlined Ventures, Susquehanna, Market Rebellion etc. Their stock has seen some enormous growth this year too. CEO Stephen Ehrlich shared his thoughts on the crypto market in a recent Bloomberg article. The team also took inputs from the community on which crypto to list next. John McAfee announced a Ghost cell phone data service to be released in September. Check out how the eSIM will work from the sneak peek video. The list of supported phones is mentioned here. And hope you had good fun in ParJar Gaming while winning some cool $ESH. A new set of upgrades were pushed to the Fantom Wallet. For the latest technical update on the project, click here. This week, I also wrote a Hackernoon article (with my co-author Rohit) exploring projects which had unique variations to Proof-of-Stake for their chain consensus. Among the projects featured were Fantom, COTI and Harmony. Jeff from Uptrennd will be speaking at the LA Blockchain Summit in October this year. The winners of the Blockchain Awards were announced. The newest Opacity release allows expired accounts to be revived within 2 months of expiry.
Fantom, Harmony and COTI take up a tiny but growing slice in the global staking pie
Catch up on the latest District0x weekly update and dev update from here and here respectively. The Q1 2020 report was released as well. The project is still sitting on a healthy crypto asset base of USD 4M+. Hydro team shared a guide to choosing a prepaid debit card program manager. Their PaaS report was also covered by Finovate this week. A new research page for featuring all of Hydro’s fintech research material was released. The successful applicants of the Project Hydro Decentralization Ambassador Program (which started in May) were voted upon this week and 7 DAs were elected. Silent Notary, Ubikiri and IDL integrations were completed this week with Silent Notary now appearing in Applications section of Ubikiri. A roundup of the latest updates was published as well. Sentivate founder Thomas Marchi sat down for an interview with MineYourBiz Monday’s NrdGrl007. Mycro announced that Chaia.io will be hosting a campaign on the Mycro Hunter App soon. SelfKey’s Data Breach compendium was updated this week. And if you’re a Product Designer looking for remote work, don’t forget to check out this opening at SelfKey. What next for Constellation? Watch the Constellation Network State of The Union to find out. Their educational group Startdust Collective made a brand video and a high level explainer article on the HyperGraph Transport Protocol. Pynk is thinking about doing a global crowdfunding campaign as opposed to one that is restricted to certain countries only. In light of this, the Pynk Crowd Wisdom was put to work to find out the best way to go about this.
Results of the Project Hydro DA Elections
Wibson’s latest app update was covered by Cointelegraph and Europe World News. Click here to catch up on this week’s detailed work thread from the Harmony project. A recent Harmony ecosystem is the SmartStake dashboard to check staking stats. Sprout Wallet now supports core utilities of HRC20 tokens. The team sat down for an AMA with Binance India and KuCoin this week. Next week they will be doing another AMA with the larger Binance community. Some insights about the Harmony grants were shared in this week’s community call. Read up on Intellishare founder Raymond Xiong’s thoughts on DAOs which he shared as part of a speaker panel at the 2020 Digital Innovation Project Exchange Conference. The team also published a post on how they aim to solve the DeFi congestion. The TestNet is expected to arrive soon as well. After the latest livestream of DI-RECT’s concert which saw ~10k attendees, GET Protocol announced that they will be facilitating tickets to the follow-up show as well. A recap of the COTI journey was published to mark the one-year anniversary of the project and the occasion was celebrated with a fun trivia. DoYourTip community voted to have liquidity rewards for pooling $DYT on Uniswap.

And with that, it’s a wrap! See you again with another update. Ciao!
submitted by abhijoysarkar to ParachuteToken [link] [comments]

Recap of AMA with Zac on July 3 and Q2 report

Dear Pundians,
Thank you for participating in the AMA session with Pundi X co-founder and CEO Zac Cheah.
For those of you who may have missed it, the live recording of the AMA session held on July 3 at 10:00 am GMT+8, tackling Q2 progress and addressing questions and concerns by the community members, can be viewed here. A side note that today’s AMA video quality and setting was not ideal. We acknowledge this situation and will make improvement for our next AMA session.
You may also find a summary of the Q2 progress presentation as well as all the detail Q&A below.
## Pundi X Q2 2019 Highlights
* Pundi X has integrated more public chains into our products. In Q2, we completed integration of Binance Chain. NEM chain is in the work. As of today we’ve launched BNB, the Binance Chain native Coin and XEM, NEM native coin on Pundi X payment platform. We will integrate at least one more public chain in Q3.
* The transactions on XPOS for Q2 is 15.5 million in USD, which is close to 300% quarterly growth. The number of transactions is 29,367, which leads to a 11% growth QoQ.
* XPOS has successfully received FCC and KC certifications. A new certification for Latin American market is on the way. * To expand XPOS footprint, Pundi X’s integration with a new leading mainstream point-of-sales device is in the work. Stay tuned for the announcement.
* Pundi X Open Platform was launched in May, 2019, which now supports ERC20 and BEP2 token listing. Moving forward, we will continue to support tokens from other public chains.
* A 3,000 XPASS order from DigiX, a gold-based token, and a 10,000 XPASS order from BitCobie this quarter.
* XPOS is spread in use in over 30 countries. We’ve published a map of XPOS location of self-report XPOS merchant directory. You can find a list of selected XPOS merchants at [https://www.pundix.com/products\](https://www.pundix.com/products). * The QoQ growth of XWallet is tremendous at 43%. In the previous quarter, we have less than 20k users, whereas in Q2 we have hit 297k XWallet users.
More updates on XWallet:
* Supported BNB and NEM tokens; 2FA, face ID, and optimized SMS serviceAvailable on iOS, Android as well as in Samsung Galaxy Store
New features coming up in Q3:- DApp integration - Decentralized wallet- In-app crypto payments - Chat service, which will be compatible with a commonly used chat app- f(x) testnet features to be rolled out first in XWallet
## Other notices coming up in Q3 2019
* The Q2 token removal will take place on July 14, 2019, which will involve in total 34 billion of NPXS and NPXSXEM (22 million worth in USD) removal. In the past 365 days, we’ve removed a total of 36.1 million US dollar worth of NPXS and NPXSXEM.
Before Q2 removal, the total supply of NPXS ERC20 is 266,962,422,906.53 and NPXSXEM is 95,816,218,929. [See Q1 removal here.](/pundix/recap-of-ama-with-zac-on-july-3-and-q2-report-a23de165dd28)
* [NPXSXEM will be ported to Binance Chain from July 20](/pundix/npxsxem-will-be-on-binance-chain-c6485f17726b). * XPhone pre-order will start in late July with a new product name. Stay tuned. Check out the teaser video that we are releasing it across our communication channels. ## Q&A
## On XPOS
* **Where are we on official global location of XPOS?**
Zac: We have made a map on our official website that merchants can self report and feature their locations. It’s at [https://www.pundix.com/product\](https://www.pundix.com/product). We’ll be increasing and updating the map once we have permission form the merchants to update their locations.
* **The marketing from pundi has shifted from 100,000–700,000 xpos units by 2021 to 100,000. I understand the bear market has affected this but please share the strategy moving forward to hit your goal. How do you feel about hitting this goal?**
Zac: The 100K XPOS target has always been the initial goal and it’s stated in our whitepaper. And we are still working on achieving the goal by the end of 2021. Part of our growth strategy is to also explore the possibility to port our platform to traditional POS manufacturers to increase the adoption, which is ongoing at the moment.
* **1 year ago you sent 5000 XPOS somewhere. When, at least half of them, will be working? 3 year target was 100,000 by 2021. Now we have only 150 units, how do you expect to reach this goal?**
Zac: Yes, we have shipped thousands of XPOS to over 30 countries in the world. The 150 you’ve mentioned are the featured merchants which are published on the map. The active XPOS devices are deployed over 33 countries and we are actively talking to B2B partners to have higher wholesale and big deployments.
* **How many XPOS are live and used?**
Zac: We have gone through a very serious bear market, and some of the initial inbound requests for XPOS are not delivered. However, we are working slowly but surely with our Business Development team to not just roll-out into individual buyers, such as what we did on Pizza Day, but also to B2B partners. With the certifications approved, that will also help us to officially roll out to some of the key markets.
Individual merchants can use XWallet collection feature to accept crypto payment with QR code. For the merchants who have physical offline storefronts, they can use XPOS to enable the instant crypto transaction seamlessly. Moreover, as mentioned previously, we are exploring the integration on leading traditional POS terminal so that their distributors have option to enable crypto transaction feature. As for the challenge to adopt XPOS, it is the regulatory compliance in different countries. For this, our legal team think ahead and encourage our merchants to complete KYC.
I must be very honest to say the activation takes longer time than we expect but it will be worth at the end.
* **What’s the average number of transactions per xpos in use?**
Zac: The transaction number has increased very well. The number of each XPOS differs, due to the frequency of using crypto currency to purchase item or crypto assets. There’s no standard answer to this, but overall we see the transaction number and volume are going up.
* **How do you plan to reach the target of 100,000 by 2021?**
Zac: One of the challenges that we have is regulatory compliances in different countries. There are certain markets that do not allow crypto currencies and some require a clear approval for us to deploy XPOS. We are working on both challenges by talking to governments and applying for certifications. So how we plan to reach 100,000 XPOS user by 2021 is to work with distributors, B2B partners on a government / business level, and with existing POS companies to integrate our software solution into the system.
* **We understand as there was bear market and hence Xpos usage demand was low. Are you guys seeing growth of Xpos usage with current market conditions. Can you guys put some statistics comparison like last 30 days Xpos usage vs any month from bear market usage?**
Zac: It is very clear that as we moved out from the bear market, the demand for XPOS has been increasing. As we’ve shared just now both the transaction number and volume of Q2 have beaten Q1. We’ll be able to share more transaction numbers once we receive approval from our XPOS merchants.
One exciting thing is that, with the listing of different tokens, we also see users using these tokens as a way to transact on XPOS, which means we will be having more ways to transact and this is a growth point for XPOS.
* **When will there be more details for XPHONE and XPOS HANDY?**
Zac: For XPOS handy, we have finished production and it will be released in Q3
* **When will the iOS version of XWallet and XPOS be fully translated to other languages?**
Zac: Right now, the XWallet has Traditional Chinese, Korean, Spanish, German and English. With the latest version update, it now includes Portuguese. XPOS also comes with many languages and we hope to finish with more language, either working with professionals or volunteers. If you’re interested in volunteering, please contact us.
* **When will the Merchant back office have Product Registration and SKU id ability and also integrate with other POS software?** * **When will the top-up feature go away for XPOS to allow liquidity for XPOS**
Zac: We constantly update features in XPOS and merchant backend to make it easier for distributors and merchants to use. We understand that one of the ways for mass adoption is to enhance our distributor management system. With that, the distributors can manage manay XPOS at one time with different merchants.
Please stay tuned as we announce more and more functions of this feature.
## On Dubai
* **When will we see the deployment of the XPOS in Dubai?** * **Can we spend NPXS on the Dubai XPOS?**
Zac: As with all big projects there are a lot of moving parts, that includes working very closely with the local government, in Dubai’s case, the Credit Bureau of the Finance Ministry. Things are progressing for the Dubai project but due to confidentiality agreements with the parties involved, we cannot reveal much. All we can say is that we and our Dubai partners are working hard to have XPOS roll-out in the Dubai market and the UAE.
We are also discussing aggressively with Dubai partners whether to include crypto assets in the XPOS in Dubai. That clearly will involve local compliance and legal for that to happen.
* **Your system upgrades expect merchants to have downtime on their XPOS terminals, can you explain if you plan to run a business why this would be considered feasible (specially at the rate you have been doing your upgrades)?**
Zac: Yes, the benefit / strength of the XPOS is that most of the updates can be done on the fly. For example, when we have a token update on our XPOS where developers submit their tokens on Open Platform, the updates of this token are on the fly, which means that once we approve the token on our Open Platform, it will automatically appear on XPOS without any software updates.
The great thing that we believe about XPOS is not just the support of crypto assets, but also the ability to update most things on the fly, which means that whenever we have a good feature or a new token, the updates will be done instantaneously.
* **Can you guys arrange at least a community voting which is the next blockchain we would like to see next in XPOS? Voting will help to prioritize to chose the projects.**
Zac: One of the reasons why BNB is being listed on the XPOS is simply because of its popularity and also our user demand, in a way that we are already answering to our community’s request.
Right now, our main focus is getting all the tokens submitted on Open Platform to be listed on the XPOS. The submission process includes legal and compliance valid, so our legal and compliance teams are working hard to make sure that we have more tokens to roll out onto Open Platform, which means that they will be on XPOS, XWallet, and XPASS.
As to a specific voting mechanism, we’d like to consider that and hopefully we’ll be able to run a specific voting for the chain which users would like to see.
* **While comparing Xpos handy to Square POS devices at least with mobile it’s very cheap like under $30 and easy to use. When can we expect such light weight and cheaper version for XPOS? Is team working on such devices ?**
Zac: There are different POS companies around the globe and pour focus is to work with these POS companies with our software, so that a crypto sales feature will be part of the existing POS system. The more support of crypto asset usage using our software on existing POS, the better it is for global adoption.
We actually strongly believe that the pricing of our POS system is competitive in the market. And one of the great features of the XPOS is that the merchants will not need not to pay a certain percentage to existing acquirer but to be able to earn certain percentage from each transaction. That is the key differentiator for merchant to want to adopt this.
* **From the website with some of the key Countries for XPOS adoption looks great. However, the concern is for Venezuela, there is no reference link like the others have. Can you guys add the link with details to clear the ambiguity?**
Zac: Let’s give a little bit more patience so that we can actually release more information about our Venezuelan partnership. The good news is that we expect concrete news from Venezuela in the coming 2 weeks. So stay up-to-date about our Venezuelan roll out on XPOS, the best way is to subscribe to our telegram group for Venezuela.
## On Partnerships
* **Are there some major partnership in the works? I’m also interested in how you do immediate transactions? Do you anticipate scaling issues?**
Zac: The way XPOS is being designed is that when you use your crypto assets to purchase, it will have instantaneous confirmation because the action is an off-chain process. An on-chain action happens when a user who owns crypto assets in our system transferring the assets out of the Pundi X ecosystem to their own wallets; or to transfer crypto assets in Pundi X from an off-chain to a private wallet, which we will have very soon on XWallet itself.
That is why we are able to handle scaling. When a person wants to use crypto currency to buy a coffee, the transaction will happen instantaneously.
For specific partnership, especially with B2B partnership, we oblige to the NDA that we have signed. But if you follow us closely, you’ll know that we go to different parts of the world, talking to major companies to try to land more deals so that NPXS usage will increase dramatically.
* **Any big partnerships for making xphone or using the software for xBlockchain?**
Zac: These partnerships are also subjected to NDA, so please be patient for us to release more news.
* **When will XPOS have approval to process Visa and MasterCard payments?**
Zac: We have met representatives from these players including some of the key management people. They are obviously looking into crypto currency attentively, and we hope that there’s something we can do with MasterCard and/or Visa.
This is something that the community has suggested and we agree fully. Please allow us with some time to work on this. We have also showcased XPOS to the CEO of MasterCard. For what or when will anything happen, please wait for our official announcement.
* **What’s the status on Quantum fund and their contribution or involvement with Pundi’s project?**
Zac: We announced last year that we are creating a fund to invest in projects beneficial to our ecosystem. We’ve identified some interesting projects, and we have invested in at least 1 project. The reason why we’re investing in that project is because of the services that it will bring onto the Pindi X ecosystem. So the purpose of the investment of the companies is that these companies in turn will benefit on our ecosystem. This is our key consideration.
The team has evaluated the projects that will benefit the Pundi X / Function X ecosystem. Vic and his team will be able to reveal more details on the companies we have invested in and how they will contribute to our ecosystem in Q3.
* **Recent update on NPXSXEM is highly ambiguous as mentioned that it will be now BEP token and later once FX goes live it will get back to Fx platform. Why you guys had so rush to use Binance chain only for few months? Isn’t you guys switching to much in a short time span?**
Zac: Liquidity and utility have been an issue for NPXSXEM. Due to the design philosophy and the limit of token that can be created on NEM’s smart contract, we are only able to create a small number of tokens on NPXSXEM. By moving into the Binance chain for NPXSXEM, the BEP2 token version will be able to support all the NPXSXEM tokens, which means that we’ll migrate and also be able to make sure all the NPXSXEM tokens are under the same contract address.
We believe with the strong liquidity, we will be able to give our NPXSXEM token holders a good reason of what the token holders have been waiting for. We hope to bring NPXSXEM to match the level of NPXS.
* **When #XRP?**
Zac: Our OpenPlatform is a currency agnostic platform, which means that we will work on integrating public chain as well as tokens that are most requested by the users. We’ll also be looking into the listing of different tokens that are being mentioned by the community.
As said, we will have at least one more public chain integration in Q3, perhaps even more.
* **Are you as a company going to try and connect with libra? If they have said they want to be a payment remittance service, have Square, PayPal, Visa on board I as an investor would prefer you try to join them rather than beat such large competitors**
Zac: Of course, we’ll be delighted to work with Facebook and also the Libra coin. Pundi X and XPOS is a currency agnostic / currency neutral platform, if there’s opportunity to list Libra coin or work with Facebook in different ways to promote crypto currency adoption, we’ll certainly look into that and work on reaching out to them.
## On Trading
* **Can you confirm during AMA, Pundi team is not involved with any trading with their own token like selling over time to manage the fund to run the company.**
Zac: All the wallet addresses of the team holdings are disclosed and transparent. This is one of the first things that we did after ICO. Hence, our token holdings are transparent and everyone can monitor our fund transactions. Also, we have strict internal financial regulation and compliance, shows that we are here to build a long-term project.
The best way to make NPXS or the NPXSXEM to rise is real daily life use case.
* **When will you stop manipulating NPXS chart?**
Zac: Our focus has always been and will be building great products. The more product usage, the demands for NPXS and NPXSXEM will increase. Let’s address again that, Pundi X the company is NOT involved in any manipulation of the NPXS price.
There are trading teams, market makers, financial institutions that profit from the drop and rise of token prices in the crypto market. The good thing about NPXS is that we have managed to create a high liquidity by listing on 40+ exchanges and having global trades and demand from all over the world. We hope this and coupled with the fact that we are a solid product and roll out the use cases, the demand of NPXS will only continue to rise and will be able to deter any of the traders or speculators there is for NPXS.
These traders gain profit from manipulating tokens whether BTC or other tokens. In fact, the traditional financial markets have similar challenges as well. What I want to stress is that, we at Pundi X, do NOT speculate or manipulate the price. We work very hard to create demands for NPXS and as a company, it is only beneficial for us to see the prices of NPXS and NPXSXEM rise.
* **Can we please address the elephant in the room which is the Binance bot with huge sell walls and buy walls causing huge distress and concern among users?**
Zac: First, I cannot confirm nor deny that whether Binance has a bot. I think this is something that you need to ask Binance. We need to work with Binance because Binance has one of the biggest liquidities, if not the greatest liquidity, for NPXS. The best way to counter manipulators is to create more use case, more demand and more acceptance of our tokens.
* **Why on almost all exchanges do you not offer a USDT trading pair?**
Zac: We have USDT trading pairs on Bittrex, Bittrue, and more. In addition, we have fiat pairs in Korean Won, IDR, INR, and Turkish liras. We will continue to work on adding trading pairs for NPXS to make it more liquidate.
* **Why don’t you offer a stable coin sell and purchase on the xpos to help with adoption? Places in Africa with volatile currencies would go crazy for this.**
Zac: It’s a great observation. This is a request that’s been asked from many users. We’re working on stable coin listing on XPOS and hopefully it’ll come soon. Stable coin requires a greater compliance and legal validate, which we have been working on since months ago and we hope to have the stable coin up in XPOS soon.
* **When will you add an active tracker for coin burn, whether its measured in usd, NPXS or whatever you choose. The community has been asking for this on twitter, reddit and telegram for this entire year.**
Zac: It will be hard for us to have a daily tracker of the coin burn, but what we might be able to work on is a tracker which have shown all of the tokens that have been removed from the usage. Thank you for giving us this great suggestion and we will work on it in some form.
Zac: Our token supply has always been specified in our white paper, and as promised in our white paper, we will continue to remove tokens through usage and use cases, which we’re working on all the time.
* **Price movement. When will NPXS go to which price?**
Zac: We cannot comment on the change of the price. Our focus is on building products. We hope by doing that the NPXS value will go up. Again, there’s no way that we can comment on the price.
**I believe that burning tokens every 14 weeks keeps the price suppressed and will only lead to huge pumps and dumps. Imo, If the burns were more frequent, the price would move organically.**
Zac: We continue removing tokens quarterly per advised by our legal and compliance team.
**Is it mandatory npxs swap? What happens for token we have in binance?**
Zac: No it’s not a mandatory NPXS swap for FX.
**How many NPXS or NPXSXEM was converted?**
Zac: In Q2, we will remove 29B NPXSXEM and 9B NPXS.
## On XWallet
* **Why not put in XWallet like the place where we can buy and sell like restaurants and shops?**
Zac: You are correct. In fact, if you look at XWallet, there is a merchant feature, whereby you can register as a merchant. By becoming a merchant, you will be able to print out your QR code and stick it on your restaurant. People are able to make payment through this QR code. This will act like a mini-XPOS.
* **In addition to that having multiple different blockchain in XWallet will increase the XWallet adoption. Hence, we would like to see aggressive game plan and execution from the team and would like to hear that**
Zac: That’s a great suggestion. Every day we want to increase use cases for XWallet. In fact, our XWallet update is one of the most frequent in the market. Within 5 months, we have over 10 updates on iOS and Google Play. This does not include soft update which happens every several days. In my view, the effort is very tremendous.
* **Is there any plan to add Swap option within XWallet so that people can trade the coins within XWallet?**
Zac: Yes, there’s such plan and in fact there is an upcoming feature that people will be able to use coins in XWallet to exchange into other things. The exact form and format have not been reviewed. We hope to share more when we have concrete example. But what you suggested is what we are planning for months ago.
* **When will XPOS and XWallet have fiat on ramps?**
Zac: This is a good question. It’s not only involved with regulatory compliance but also involved the technical part. This is also something we are planning for months. Once approved, hopefully we are able to support fiat currency on ramps and off ramps on XWallet.
**On Others*\*
* **How is the internal organization doing? Currently how many employees work for Pundi? Currently how many job positions are open?**
Zac: Pundi X has grown tremendously. We are now having over seven offices around the globe. I’m sitting in the Singapore office. We have office in Jakarta, Taiwan, Tokyo, Shenzhen, São Paulo and London. These are the places we have physical offices and house approximately 100 full time employees of Pundi X.
The positions open from Pundi X are legal associate in Singapore and other offices. We are looking for more R&D people, especially in Taiwan. We are looking at marketing and PR people in different parts of the world. And we are looking for POS distributors. As a POS distributor, you will work with our business development team and also our technical team to roll out many XPOS which you have a network to control in your local market.
* **Would you consider removing the KYC to allow u.s. holder to stake and be rewarded?**
Zac: We would love to have more users, including US. However, our compliance and legal advisors have not allowed us to accept US holders to stake and be rewarded.
I’m sorry to say that but this is after serious consideration to make such a decision. In fact, it is a very hard decision because we have healthy user base in the US.
will continue to monitor the situation in the different markets and be compliant. There are also ways to be rewarded when using XWallet service without KYC. We are looking into to explore more on this and launch new features. Hopefully we are able to bring the beta version for you to test this week or next.
**On XPhone*\*
* **Where are we on pre-sale announcement of Xphone? It was highlights of Q2 goal. If we are getting delay, that’s ok. But at least community will have some clarification why it’s getting late and when approximately it coming?**
Zac: Pre-sale order will start this month. It’s likely the end of July. Pre-sale will take place in different channel including the official website and XWallet. Apart of our own channel, the pre-sale will go live on a 3rd party channel. People will be able to pre-order crypto either in crypto or in fiat.
* **Can you discuss in AMA, is participants can pay with Crypto or Credit/debit card or in both ways?**
Zac: As a crypto company, we prefer payment in crypto, but fiat, Visa, MasterCard, and other traditional payment methods will be accepted on different pre-order channels. Stay tuned for pre-order which will happen in late July.
* **Will the Xphone be open to purchase in all regions of the world?**
Zac: Yes, pre-orders will be able to be done on-line, and products will be shipped from our offices to users in different parts of the world.
* **Will the blockchain mode on the Xphone be operable during the testnet or will this function not work until mainnet?**
Zac: XWallet and XPhone are the first channel and avenue for Function X testnet, so once the testnet is operateble, we will start to engage certain services on XWallet and XPhone into Function X testnet, and ultimately into mainnet. Slowly but surely.
* **Does Xphone have hard protective cover,extra Sim slot, also is it enhanced with ip68 water rating?**
Zac: XPhone will not be waterproof, so please do not submerge XPhone into water. XPhone will definitely be eavesdrop-proof because we’re using a blockchain mode, only you and you control your own conversation.
* **Which country accept the Xphone?** * **Will I also be able to use the SIM-card?** * **The blockchain modus will work in every country (what in the absense of nodes)?** * **Will the XPhone I buy now support updates in the future?**
Zac: People from any country will be able to buy XPhone on-line. You will be able to use a SIM for we have built a SIM slot. Wherever you are, the XPhone can be turned on to become a node.
Will XPhone support future updates? Yes, of course. Just like the XPOS, we support silent update. It will be like how we support XPOS, many updates. The updates will always be supported on XPhone.
**On Function X*\*
* **When is the detail white paper coming for FunctionX? Why the team is very resistive to have well documented white paper? We need scientific approach and well documentation on FunctionX to have developers to be more involved.**
Zac: Yes, developer involvement is a key criterion of the growth of Function X. We have done 2 things, one is that we have set up Function X Foundation which is led by David Ben Kay and will involve third party adviser and board members. Second, we have set up a developer relations team led by one of our own members as well. This team will work on creating developer documents, developer demos and sample, so that excellent developers can tap into working with Function X resources.
The first version of developer documentation is ready in English and Chinese. We are still polishing up the documents and hopefully to release them soon.
We are also working with third party developers, and are engaging at least 2 third party developer companies, so that we can help create their services on Function X and also XWallet.
We are hoping to showcase a smooth and usable service to the audience, we think this is the key criterion of the Function X growth.
Thank you for this suggestion. We need to update more often on github developer documentation as well.
As for the white paper, we did not have one per se because Function X did not do an ICO. But we will continue to update our white paper and include not only technical details, but also details on the chain and how we can get more developers and users so that the future hardware will be added as a node and you will be rewarded financially, at least through our ecosystem genesis fund. Please stay tuned and there are a lot of things going on in the company. Each and one of us is working hard.
* **Why does the FX ecosystem need a decentralized OS?**
Zac: The mantra of Function X is decentralization and having private control of your data. A full private control of your data comes with a decentralized system not just in transmission of your data, but with the operating system built fully for decentralization , which includes a transmission protocol replacing http. The apps uploaded into Function X will be decentralized as well as the data that is stored on the app, which means that how BitCoin or crypto assets are verified on different nodes will also be part of the way we store data and content.
The decentralized OS is key to fulfilling a decentralized environment for a more private and free usage.
* **What about FX are you most excited about?**
Zac: We are actually creating a shift of how people view of blockchain and how decentralization is not just about transacting commercial commodity, but also data, including your identity, are all decentralized. That is what we are most excited about.
The only way for us to achieve this is to have developer support, for we need the developers to build on the foundation we have to offer those exciting services.
* **We understand that developing a new blockchain is time consuming. As a community we are in a dark space to understand where exactly the development of FX right now.**
Zac: We are working hard on creating the testnet and eventually the mainnet. For the latest updates of Function X, what I can encourage you to do is to go on and subscribe to the Function X telegram group where discussions are made. We have formed the Function X Foundation and created the developer relations team, so that the Function X progress will go smoother and with more partnership from outside, whether it’s developers, third party companies, teleco, etc.
* **When FX goes live on the mainnet, will FX coin be used to stake and earn NPXS? how will staking work on that new mainnet?**
Zac: The NPXS/NPXSXEM staking will last till March 9, 2020 as announced. What we are committed is to create more use cases. For FX tokens, the use cases will be focusing on the Function X Chain and the use cases on Function X that include DApp on Function X and different hardware/software services.
* **When fx testnet will be available?**
Zac: First I would like to thank you for your constant support. In Q3, we plan to open Function X testnet so that we will be migrating and creating certain use cases that can be used on Function X testnet, starting with our own XWallet. Which means, the XWallet will migrate some features into Function X testnet, and slowly followed by our other Pundi X products, including XPhones, XPASS, Open Platform and Function X own developer related products from third parties.
submitted by crypt0hodl1 to PundiX [link] [comments]

r/Bitcoin recap - May 2019

Hi Bitcoiners!
I’m back with the 29th monthly Bitcoin news recap. (sorry a bit late this month)
For those unfamiliar, each day I pick out the most popularelevant/interesting stories in Bitcoin and save them. At the end of the month I release them in one batch, to give you a quick (but not necessarily the best) overview of what happened in bitcoin over the past month.
You can see recaps of the previous months on Bitcoinsnippets.com
A recap of Bitcoin in May 2019
Adoption
Development
Security
Mining
Business
Research
Education
Regulation & Politics
Archeology (Financial Incumbents)
Price & Trading
Fun & Other
submitted by SamWouters to Bitcoin [link] [comments]

A Beginners Guide to Bitcoin, Blockchain & Cryptocurrency

As cryptocurrency, and blockchain technology become more abundant throughout our society, it’s important to understand the inner workings of this technology, especially if you plan to use cryptocurrency as an investment vehicle. If you’re new to the crypto-sphere, learning about Bitcoin makes it much easier to understand other cryptocurrencies as many other altcoins' technologies are borrowed directly from Bitcoin.
Bitcoin is one of those things that you look into only to discover you have more questions than answers, and right as you’re starting to wrap your head around the technology; you discover the fact that Bitcoin has six other variants (forks), the amount of politics at hand, or that there are over a thousand different cryptocurrencies just as complex if not even more complex than Bitcoin.
We are currently in the infancy of blockchain technology and the effects of this technology will be as profound as the internet. This isn’t something that’s just going to fade away into history as you may have been led to believe. I believe this is something that will become an integral part of our society, eventually embedded within our technology. If you’re a crypto-newbie, be glad that you're relatively early to the industry. I hope this post will put you on the fast-track to understanding Bitcoin, blockchain, and how a large percentage of cryptocurrencies work.

Community Terminology

Altcoin: Short for alternative coin. There are over 1,000 different cryptocurrencies. You’re probably most familiar with Bitcoin. Anything that isn’t Bitcoin is generally referred to as an altcoin.
HODL: Misspelling of hold. Dank meme accidentally started by this dude. Hodlers are much more interested in long term gains rather than playing the risky game of trying to time the market.
TO THE MOON: When a cryptocurrency’s price rapidly increases. A major price spike of over 1,000% can look like it’s blasting off to the moon. Just be sure you’re wearing your seatbelt when it comes crashing down.
FUD: Fear. Uncertainty. Doubt.
FOMO: Fear of missing out.
Bull Run: Financial term used to describe a rising market.
Bear Run: Financial term used to describe a falling market.

What Is Bitcoin?

Bitcoin (BTC) is a decentralized digital currency that uses cryptography to secure and ensure validity of transactions within the network. Hence the term crypto-currency. Decentralization is a key aspect of Bitcoin. There is no CEO of Bitcoin or central authoritative government in control of the currency. The currency is ran and operated by the people, for the people. One of the main development teams behind Bitcoin is blockstream.
Bitcoin is a product of blockchain technology. Blockchain is what allows for the security and decentralization of Bitcoin. To understand Bitcoin and other cryptocurrencies, you must understand to some degree, blockchain. This can get extremely technical the further down the rabbit hole you go, and because this is technically a beginners guide, I’m going to try and simplify to the best of my ability and provide resources for further technical reading.

A Brief History

Bitcoin was created by Satoshi Nakamoto. The identity of Nakamoto is unknown. The idea of Bitcoin was first introduced in 2008 when Nakamoto released the Bitcoin white paper - Bitcoin: A Peer-to-Peer Electronic Cash System. Later, in January 2009, Nakamoto announced the Bitcoin software and the Bitcoin network officially began.
I should also mention that the smallest unit of a Bitcoin is called a Satoshi. 1 BTC = 100,000,000 Satoshis. When purchasing Bitcoin, you don’t actually need to purchase an entire coin. Bitcoin is divisible, so you can purchase any amount greater than 1 Satoshi (0.00000001 BTC).

What Is Blockchain?

Blockchain is a distributed ledger, a distributed collection of accounts. What is being accounted for depends on the use-case of the blockchain itself. In the case of Bitcoin, what is being accounted for is financial transactions.
The first block in a blockchain is referred to as the genesis block. A block is an aggregate of data. Blocks are also discovered through a process known as mining (more on this later). Each block is cryptographically signed by the previous block in the chain and visualizing this would look something akin to a chain of blocks, hence the term, blockchain.
For more information regarding blockchain I’ve provided more resouces below:

What is Bitcoin Mining

Bitcoin mining is one solution to the double spend problem. Bitcoin mining is how transactions are placed into blocks and added onto the blockchain. This is done to ensure proof of work, where computational power is staked in order to solve what is essentially a puzzle. If you solve the puzzle correctly, you are rewarded Bitcoin in the form of transaction fees, and the predetermined block reward. The Bitcoin given during a block reward is also the only way new Bitcoin can be introduced into the economy. With a halving event occurring roughly every 4 years, it is estimated that the last Bitcoin block will be mined in the year 2,140. (See What is Block Reward below for more info).
Mining is one of those aspects of Bitcoin that can get extremely technical and more complicated the further down the rabbit hole you go. An entire website could be created (and many have) dedicated solely to information regarding Bitcoin mining. The small paragraph above is meant to briefly expose you to the function of mining and the role it plays within the ecosystem. It doesn’t even scratch the surface regarding the topic.

How do you Purchase Bitcoin?

The most popular way to purchase Bitcoin through is through an online exchange where you trade fiat (your national currency) for Bitcoin.
Popular exchanges include:
  • Coinbase
  • Kraken
  • Cex
  • Gemini
There’s tons of different exchanges. Just make sure you find one that supports your national currency.

Volatility

Bitcoin and cryptocurrencies are EXTREMELY volatile. Swings of 30% or more within a few days is not unheard of. Understand that there is always inherent risks with any investment. Cryptocurrencies especially. Only invest what you’re willing to lose.

Transaction & Network Fees

Transacting on the Bitcoin network is not free. Every purchase or transfer of Bitcoin will cost X amount of BTC depending on how congested the network is. These fees are given to miners as apart of the block reward.
Late 2017 when Bitcoin got up to $20,000USD, the average network fee was ~$50. Currently, at the time of writing this, the average network fee is $1.46. This data is available in real-time on BitInfoCharts.

Security

In this new era of money, there is no central bank or government you can go to in need of assistance. This means the responsibility of your money falls 100% into your hands. That being said, the security regarding your cryptocurrency should be impeccable. The anonymity provided by cryptocurrencies alone makes you a valuable target to hackers and scammers. Below I’ve detailed out best practices regarding securing your cryptocurrency.

Two-Factor Authentication (2FA)

Two-factor authentication is a second way of authenticating your identity upon signing in to an account. Most cryptocurrency related software/websites will offer or require some form of 2FA. Upon creation of any crypto-related account find the Security section and enable 2FA.

SMS Authentication

The most basic form of 2FA which you are probably most familiar with. This form of authentication sends a text message to your smartphone with a special code that will allow access to your account upon entry. Note that this is not the safest form of 2FA as you may still be vulnerable to what is known as a SIM swap attack. SIM swapping is a social engineering method in which an attacker will call up your phone carrier, impersonating you, in attempt to re-activate your SIM card on his/her device. Once the attacker has access to your SIM card he/she now has access to your text messages which can then be used to access your online accounts. You can prevent this by using an authenticator such as Google Authenticator.

Authenticator

The use of an authenticator is the safest form of 2FA. An authenticator is installed on a seperate device and enabling it requires you input an ever changing six digit code in order to access your account. I recommend using Google Authenticator.
If a website has the option to enable an authenticator, it will give you a QR code and secret key. Use Google Authenticator to scan the QR code. The secret key consists of a random string of numbers and letters. Write this down on a seperate sheet of paper and do not store it on a digital device.
Once Google Authenticator has been enabled, every time you sign into your account, you will have to input a six-digit code that looks similar to this. If you happen to lose or damage the device you have Google Authenticator installed on, you will be locked out of your account UNLESS you have access to the secret key (which you should have written down).

Hardware Wallets

A wallet is what you store Bitcoin and cryptocurrency on. I’ll provide resources on the different type of wallets later but I want to emphasize the use of a hardware wallet (aka cold storage).
Hardware wallets are the safest way of storing cryptocurrency because it allows for your crypto to be kept offline in a physical device. After purchasing crypto via an exchange, I recommend transferring it to cold storage. The most popular hardware wallets include the Ledger Nano S, and Trezor.
Hardware wallets come with a special key so that if it gets lost or damaged, you can recover your crypto. I recommend keeping your recovery key as well as any other sensitive information in a safety deposit box.
I know this all may seem a bit manic, but it is important you take the necessary security precautions in order to ensure the safety & longevity of your cryptocurrency.

Technical Aspects of Bitcoin

TL;DR
  • Address: What you send Bitcoin to.
  • Wallet: Where you store your Bitcoin
  • Max Supply: 21 million
  • Block Time: ~10 minutes
  • Block Size: 1-2 MB
  • Block Reward: BTC reward received from mining.

What is a Bitcoin Address?

A Bitcoin address is what you send Bitcoin to. If you want to receive Bitcoin you’d give someone your Bitcoin address. Think of a Bitcoin address as an email address for money.

What is a Bitcoin Wallet?

As the title implies, a Bitcoin wallet is anything that can store Bitcoin. There are many different types of wallets including paper wallets, software wallets and hardware wallets. It is generally advised NOT to keep cryptocurrency on an exchange, as exchanges are prone to hacks (see Mt. Gox hack).
My preferred method of storing cryptocurrency is using a hardware wallet such as the Ledger Nano S or Trezor. These allow you to keep your crypto offline in physical form and as a result, much more safe from hacks. Paper wallets also allow for this but have less functionality in my opinion.
After I make crypto purchases, I transfer it to my Ledger Nano S and keep that in a safe at home. Hardware wallets also come with a special key so that if it gets lost or damaged, you can recover your crypto. I recommend keeping your recovery key in a safety deposit box.

What is Bitcoins Max Supply?

The max supply of Bitcoin is 21 million. The only way new Bitcoins can be introduced into the economy are through block rewards which are given after successfully mining a block (more on this later).

What is Bitcoins Block Time?

The average time in which blocks are created is called block time. For Bitcoin, the block time is ~10 minutes, meaning, 10 minutes is the minimum amount of time it will take for a Bitcoin transaction to be processed. Note that transactions on the Bitcoin network can take much longer depending on how congested the network is. Having to wait a few hours or even a few days in some instances for a transaction to clear is not unheard of.
Other cryptocurrencies will have different block times. For example, Ethereum has a block time of ~15 seconds.
For more information on how block time works, Prabath Siriwardena has a good block post on this subject which can be found here.

What is Bitcoins Block Size?

There is a limit to how large blocks can be. In the early days of Bitcoin, the block size was 36MB, but in 2010 this was reduced to 1 MB in order to prevent distributed denial of service attacks (DDoS), spam, and other malicious use on the blockchain. Nowadays, blocks are routinely in excess of 1MB, with the largest to date being somewhere around 2.1 MB.
There is much debate amongst the community on whether or not to increase Bitcoin’s block size limit to account for ever-increasing network demand. A larger block size would allow for more transactions to be processed. The con argument to this is that decentralization would be at risk as mining would become more centralized. As a result of this debate, on August 1, 2017, Bitcoin underwent a hard-fork and Bitcoin Cash was created which has a block size limit of 8 MB. Note that these are two completely different blockchains and sending Bitcoin to a Bitcoin Cash wallet (or vice versa) will result in a failed transaction.
Update: As of May 15th, 2018 Bitcoin Cash underwent another hard fork and the block size has increased to 32 MB.
On the topic of Bitcoin vs Bitcoin Cash and which cryptocurrency is better, I’ll let you do your own research and make that decision for yourself. It is good to know that this is a debated topic within the community and example of the politics that manifest within the space. Now if you see community members arguing about this topic, you’ll at least have a bit of background to the issue.

What is Block Reward?

Block reward is the BTC you receive after discovering a block. Blocks are discovered through a process called mining. The only way new BTC can be added to the economy is through block rewards and the block reward is halved every 210,000 blocks (approximately every 4 years). Halving events are done to limit the supply of Bitcoin. At the inception of Bitcoin, the block reward was 50BTC. At the time of writing this, the block reward is 12.5BTC. Halving events will continue to occur until the amount of new Bitcoin introduced into the economy becomes less than 1 Satoshi. This is expected to happen around the year 2,140. All 21 million Bitcoins will have been mined. Once all Bitcoins have been mined, the block reward will only consist of transaction fees.

Technical Aspects Continued

Understanding Nodes

Straight from the Bitcoin.it wiki
Any computer that connects to the Bitcoin network is called a node. Nodes that fully verify all of the rules of Bitcoin are called full nodes.
In other words, full nodes are what verify the Bitcoin blockchain and they play a crucial role in maintaining the decentralized network. Full nodes store the entirety of the blockchain and validate transactions. Anyone can participate in the Bitcoin network and run a full node. Bitcoin.org has information on how to set up a full node. Running a full node also gives you wallet capabilities and the ability to query the blockchain.
For more information on Bitcoin nodes, see Andreas Antonopoulos’s Q&A on the role of nodes.

What is a Fork?

A fork is a divergence in a blockchain. Since Bitcoin is a peer-to-peer network, there’s an overall set of rules (protocol) in which participants within the network must abide by. These rules are put in place to form network consensus. Forks occur when implementations must be made to the blockchain or if there is disagreement amongst the network on how consensus should be achieved.

Soft Fork vs Hard Fork

The difference between soft and hard forks lies in compatibility. Soft forks are backwards compatible, hard forks are not. Think of soft forks as software upgrades to the blockchain, whereas hard forks are a software upgrade that warrant a completely new blockchain.
During a soft fork, miners and nodes upgrade their software to support new consensus rules. Nodes that do not upgrade will still accept the new blockchain.
Examples of Bitcoin soft forks include:
A hard fork can be thought of as the creation of a new blockchain that X percentage of the community decides to migrate too. During a hard fork, miners and nodes upgrade their software to support new consensus rules, Nodes that do not upgrade are invalid and cannot accept the new blockchain.
Examples of Bitcoin hard forks include:
  • Bitcoin Cash
  • Bitcoin Gold
Note that these are completely different blockchains and independent from the Bitcoin blockchain. If you try to send Bitcoin to one of these blockchains, the transaction will fail.

A Case For Bitcoin in a World of Centralization

Our current financial system is centralized, which means the ledger(s) that operate within this centralized system are subjugated to control, manipulation, fraud, and many other negative aspects that come with this system. There are also pros that come with a centralized system, such as the ability to swiftly make decisions. However, at some point, the cons outweigh the pros, and change is needed. What makes Bitcoin so special as opposed to our current financial system is that Bitcoin allows for the decentralized transfer of money. Not one person owns the Bitcoin network, everybody does. Not one person controls Bitcoin, everybody does. A decentralized system in theory removes much of the baggage that comes with a centralized system. Not to say the Bitcoin network doesn’t have its problems (wink wink it does), and there’s much debate amongst the community as to how to go about solving these issues. But even tiny steps are significant steps in the world of blockchain, and I believe Bitcoin will ultimately help to democratize our financial system, whether or not you believe it is here to stay for good.

Final Conclusions

Well that was a lot of words… Anyways I hope this guide was beneficial, especially to you crypto newbies out there. You may have come into this realm not expecting there to be an abundance of information to learn about. I know I didn’t. Bitcoin is only the tip of the iceberg, but now that you have a fundamental understanding of Bitcoin, learning about other cryptocurrencies such as Litecoin, and Ethereum will come more naturally.
Feel free to ask questions below! I’m sure either the community or myself would be happy to answer your questions.
Thanks for reading!

Related Links

Guides

Exchanges

submitted by MrCryptoDude to Bitcoin [link] [comments]

TestGains

Crypto News Summary- September 20
🔹 General News: 💥 Crypto community jumps on EA Sports’ ‘Crypto’ tweet 📱 Verizon awarded patent for Blockchain-based virtual SIM cards 🚀 CME Group to launch options on Bitcoin Futures in Q1 2020 🇺🇸 US Congress schedules Sept. 24 hearing with SEC — Crypto on the Agenda 🇮🇷 Iran considers new system of annual registration for Crypto miners 🇸🇬 Singapore bank giant OCBC joins JPMorgan’s Blockchain network 🧬 Nebula Genomics launches Blockchain-based DNA sequencing
🔹 Exchanges: ➕ Coinbase to add support for Telegram and 16 other digital assets ↕️ Seed CX exchange cuts trading fees to gain market share 🔥 Binance will list Beam and open trading at 2019/09/21, 12:00 PM UTC
🔹 Misc: ⬆️ Bitcoin ATM installations up 500% since 2016 🇰🇬 Kyrgyzstan cuts off power to 45 Crypto miners for Overconsumption
💡 Did you know 🇺🇸 For a fourth straight day, the New York Federal Reserve Bank today will inject another 75 billions into US money markets, totaling more than $275 billion in four days. Bitcoin's total supply remained the same over the same period of time, and will never change.
🔹 Cool tech fact: Ubuntu is one of the more popular distributions of Linux. The word Ubuntu comes from an African word meaning “I am because of you”.
💬 Quote of the day: "Even if you fall on your face you’re still moving forward."— Victor Kiam
🔹 Brought to you by @GainsANN
submitted by gainsTest to CryptoNews [link] [comments]

Best Cryptocurrency Exchanges for Beginners

Best Cryptocurrency Exchanges for Beginners
Best Cryptocurrency Exchanges for Beginners
Before we get into exchanges, let’s refresh our minds about what cryptocurrency is. The concept behind cryptocurrencies is relatively simple, while the math and technology are not. Essentially, a cryptocurrency is a virtual or digital currency that utilizes cryptography as a means for protection and security.
Cryptography is also used to regulate the creation of additional units, so as to not drive the overall digital currency market wild. One of the greatest appeals of cryptocurrencies is that they are not regulated by any government agencies. The most popular digital asset is the bitcoin, followed by ethereum.

What Are Cryptocurrency Exchanges?

Cryptocurrencies can be traded through cryptocurrency exchanges. These cryptocurrency exchanges are platforms through which you can purchase or sell digital currencies for dollars, euros, and pounds, as well as other digital assets. For example, you can sell bitcoins and purchase dollars with the sold bitcoins, or you could exchange bitcoins for ether. These exchanges are a vital part of the virtual currency expansion rate.
There are private exchanges, which are exclusive and operate by invite only, as well as those available for the public. Local exchanges also exist. Some are easier to use than others are; certain exchanges are so flexible that digital assets can be traded directly through the built-in chat features of specific popular messengers, like Telegram.

What to Consider When Picking the Best Cryptocurrency Exchanges

Here are a few things you will want to consider before picking the best cryptocurrency exchange suited for your trading and speculative needs.
Fees – Almost all exchanges charge fees for you to do business on their platforms. Make sure that when you are signing up or committing yourself to a specific exchange that you know everything about its fees.
Verification Requirements and Security – These are vital to understand before starting out on an exchange. Most exchanges require some sort of identity verification in the form of a passport, driver’s license, proof of residence, or other similar document before joining. The more complex the verification process, the safer the exchange platform.
Exchange Rates – Exchange rates are also important, as you don’t want to join a cryptocurrency exchange that charges draconian fees for transactions and exchanges. That just wouldn’t be fair to you or financially savvy.
Reputation – The best cryptocurrency exchanges always have ups and downs. However, the general opinion of the top ones is positive. The best exchanges have a solid reputation and are well trusted by traders.
Region – It’s also important to find an exchange that supports your geographic region. Some exchanges may support all of the countries in South America, while not supporting any of the countries in Asia, and vice versa. If you are living in Russia, for example, make sure you pick the best exchange platform that supports your region.
Now, let’s take a look at some of the best cryptocurrency exchanges out there.

Security

Something which is important to bare in mind when choosing a cryptocurrency exchange to make your trades and purchases on is their security measures. It is well-known that many exchanges have been hacked in the past, most notably the Mt Gox exchange, which people are still feeling the fall-out from ever since.
You should know that the your funds or coins on an exchange or not really yours, unless you own the private keys to the wallet of your coins you are relying on someone else to be custodian of your funds.
Luckily there are some basic measures you can take when using an exchange. The most important is to never store more there than you are willing to lose, if you have a significant balance, you should withdraw it back to your own wallet and for extra security, use a Hardware wallet to secure these funds.
Exchanges should be used for quick purchases of your desired cryptocurrency or for trading an amount you are happy with. They should never be used as your primary wallet, that is not their intended function.
Another important step to take is to use all the security options available on the site, make sure that two-factor authentication (2FA) is setup correctly and you use an app like Authy or Google authenticator. Do not use the mobile phone option which texts you a code, this is not safe as their have been a number of high-profile hacks involving sim-swaps which allow a would-be hacker to take over your phone number and then gain access to your account.

Coinbase

Coinbase is one of the, if not the, most trusted cryptocurrency exchange platforms in the world. It is also the largest digital asset exchange platform in the world. The platform supports more than 32 countries and has more than 4 million active users. Traders are allowed to acquire and sell bitcoins using their bank account, credit card, PayPal, and other payment methods, as well. In order to begin trading on Coinbase, you will have to set up an e-wallet for buying and selling cryptocurrencies. Furthermore, users have to be able to link a valid bank account in order to purchase bitcoins.

https://preview.redd.it/dauw912k1ze31.jpg?width=808&format=pjpg&auto=webp&s=25f1df9624cea90cc1359160ac7fd8b133eba1e7
Currently, fully verified U.S. residents are only allowed to hold up to 50,000 bitcoins per day. Overall, Coinbase has a great reputation and is highly respected in the trader community. Most transactions through Coinbase only have a 1 percent transaction fee in addition to any fees that your selected payment method may carry.
As with CEX, you can only purchase a few currencies: Bitcoin, Ethereum and Litecoin. You would then need to use Changelly to convert these to other crypto currencies.
Another benefit of registering with Coinbase is the fact you are then able to use the Coinbase Pro exchange which is owed by the same company. Coinbase Pro allows to more advanced trading features such as margin trading and Market, Limit, & Stop Orders. Coinbase Pro also has lower fees than Coinbase.
Read our full Coinbase Review here to learn more. We have also conducted a thourough look at Coinbase’s security measures here.
Visit Coinbase

Binance

Binance is a newer exchange but one we have grown to love, it has a wide range of cryptocurrencies available to purchase and trade and has a basic and advanced view which you can switch between easily. Their fees are very reasonable and they allow you to register and trade immediately without having to verify your account. You will then be able to make withdrawals of up to 2 BTC per day, if you want to withdraw higher amounts you will then need to upload your photo ID and a “selfie” photo.

https://preview.redd.it/01yawgfl1ze31.jpg?width=808&format=pjpg&auto=webp&s=28c23efac9899a48ce174693ed30a6dba08d94db
The public opinion of Binance at this time is very high with people praising the speed of the site, ease of use and cheap fees.
For more details you can read our complete review of Binance here.
Visit Binance

KuCoin

KuCoin is a new but very exciting exchange based in South Korea. They operate similarly to Binance in the fact that they list new altcoins much quicker than other exchanges so it’s a good place to purchase cryptocurrencies shortly after their ICO meaning there is a greater opportunity to profit by getting in early.
The interface is very clean and modern and much easier to operate than other older and more clunky exchanges.
They also offer their own token KCS which allows all holders to receive a daily share of profits of the platform, this is a great token to hold as you are paid in the many different currencies that the site allows people to trade in.

https://preview.redd.it/qav0qx9m1ze31.jpg?width=808&format=pjpg&auto=webp&s=2635f1242f7474a56f21fe123c0ad1c7718a8ee8
Visit Kucoin

LocalBitcoins

LocalBitcoins is a peer-to-peer cryptocurrency exchange used in most big cities around the world. The general principle behind this exchange is that you can find people who live in your area or city and meet with them in person to conduct an exchange. The platform also offers options for purchasing digital currencies via PayPal, Square, direct-to-bank transfers, and many other payment-processing methods. The platform charges a small fee of 1 percent per transaction in cases where sellers apply their own exchange rate.

https://preview.redd.it/p3igqf3n1ze31.jpg?width=808&format=pjpg&auto=webp&s=2eae56e0e8dbe452e1d327f24ecc96642de2bc70
Similar to the way Uber passengers and drivers are rated, LocalBitcoins applies a rating to each trader that uses the platform, and this rating is publicly displayed. Trades first have to undergo an escrow process to ensure that nobody will be scammed by using the platform. Once everything is verified, the funds and cryptocurrencies transfer between traders. LocalBitcoins takes a commission of 1 percent from sellers. W
Take a look at our LocalBitcoins Review to find out more.
Visit LocalBitcoins

CoinMama

CoinMama is a large bitcoin brokerage that allows users to acquire coins with their debit or credit cards. The platform issues small fees for transactions. To make up for this, however, the limits for how many bitcoins a user can buy are much higher in comparison to Coinbase. Users can acquire up to $5,000 of coins per day or up to $20,000 per month. All users need to do to use CoinMama is to set up an account, log in, and navigate to the profile page section to fill in personal information.

https://preview.redd.it/rafwelwn1ze31.jpg?width=808&format=pjpg&auto=webp&s=e1ee6986f8f04ebfb40f0110fabab246203c2c66
Following this, users will be introduced to a page that allows them to select how many bitcoins they would like to purchase, and once a fitting amount has been selected, users will be allowed to add their preferred payment methods and bitcoin addresses. Users will also be required to verify their phone number and email address. CoinMama does not require most users to upload their government-issued ID. After completing the aforementioned steps and passing the verification process, users will be able to acquire bitcoins through CoinMama.
Read our complete CoinMama Review here.
Visit CoinMama

CEX.IO

CEX.IO is one of the oldest cryptocurrency exchanges in the world. However, despite being referred to as a cryptocurrency exchange, CEX.IO can only be used with bitcoins and ethereum which are the main two trading pairs for alt-coins. If you want to purchase other currencies, you can use CEX and then a service named Changelly to convert them to many other cryptos.
The platform is registered with the FINCEN and applies KYC and AML principles. In other words, users have to completely verify their identity before they can get involved in any trades with this platform. Currently, the platform supports purchases with credit cards, wire transfers, or SEPA transfers for European residents.

https://preview.redd.it/dvrr5yto1ze31.jpg?width=808&format=pjpg&auto=webp&s=46fa36889957b7742bf1eb1f682c6c8c31c1f164
Once you enter a trade, the platform automatically calculates the price of the transaction and freezes the exchange rate for 120 seconds, which is quite convenient. However, many users note that there are occasional hidden fees. CEX.IO has a flat fee of 7 percent for anything involving fiat currencies. For example, if you acquire $100 in bitcoins, you will only receive $93 in coins.
Read our indepth CEX Review here to learn more.
Visit CEX

Bittrex

Bittrex is well established and highly regarded crypto trading platform, with many coins and tokens to choose from. The interface is not for complete beginner’s but you should be able to find your way around after a little while.

https://preview.redd.it/xa00ycmp1ze31.jpg?width=808&format=pjpg&auto=webp&s=e42aedf2b51ff01005847ec0867c69ba94e8a7dd
Read our full review of Bittrex here.
Unsurprisingly, Bittrex’s most popular trading pairs are BTC and ETH. It must be noted that the exchange currently does not offer any kind of fiat-to-crypto pairs, e.g. with U.S. dollars, euros, or British pounds). One thing investors can do is buy USDT (Tether tokens) via wired bank transfers in order to use USDT for crypto-to-crypto exchanges.
However, you’ll need to be fully verified and willing to slap down at least $10,000 USD for Bittrex to even consider the transfer. And we here at Blockonomi don’t remind this approach anyways; there’s been a lot of controversy surrounding Tether lately, and it’s best just to stay away for now until further developments actualize.
Visit Bittrex

Conclusion

Picking the ideal cryptocurrency exchange platform for your specific needs may be a difficult and time-consuming process. Remember to pay attention to the fees, reputation, security, verification processes, and geographical services an exchange platform has to offer. Remember that you are not limited to using only one cryptocurrency exchange. Hopefully, the information provided will assist you in deciding which exchange platform to use.
We have selected 6 Cryptocurrency exchanges here which are trustworthy and easy to use for beginners to get started building their investment portfolios.
Original article link: https://blockonomi.com/cryptocurrency-exchanges/
submitted by Tokenberry to NewbieZone [link] [comments]

This Line Is Critical For Bitcoin + Binance Scandal BITCOIN MOVE INCOMING?!  Binance 20x Margin Vs. BitMEX & Bybit Do You Believe In The 1 Bitcoin Rule? Binance Buying CoinMarketCap & Why It's Great for Bitcoin Price Will the Bitcoin Price DUMP as soon as Binance re-opens? Earnings Binance [07.31.20] - Ethereum 2020 rallies as ... $500K BTC, Binance Debit Cards and Ethereum Overtaking Bitcoin as #1?? 7576$ Bitcoin, Komodo, Chainlink, NEO und Binance Coin in der Analyse Binance $100 Day Beginners Guide. To Crypto trading on Binance Altcoin of the Week: Episode 2 BINANCE!

Legale Kryptowährungen in der Welt. Kryptowährung: CDU will mit „digitalem Euro“ Facebooks Libra unterdrücken - WELT. Passiert Bitcoin legal, Passiert dieser Kauf von Seiten Waren mit Bitcoin legal, Ist los Investieren Einheit Kryptowährungen legal, Passiert Bitcoin-Mining legal, Ist los dieses Kapieren durch Jede einzelne ein paar versprengte Fiat-Währung welcher Welt wird durch ... Bitcoin is a distributed, worldwide, decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. You might be interested in Bitcoin if you like cryptography, distributed peer-to-peer systems, or economics. A large percentage of Bitcoin enthusiasts are libertarians, though people of all ... Das Prinzip: Um Bitcoin im Wert von z. B. 6.000 EUR zu kaufen, muss lediglich eine Margin in Höhe von z. B. 20 % bzw. 1.200 EUR eingezahlt werden. Steigt der Wert des Bitcoins dann um z.B. 10 %, wird mit dem CFD ein Gewinn in Höhe von 600 EUR bzw. 50% des geleisteten Einsatzes erzielt. Der Hebel wirkt allerdings in beide Richtungen und kann auch zu erheblichen Verlusten führen. En az 20 kişinin etkilendiği bir SIM Swap (takas) dolandırıcılığının arkasındaki isim olan Richard Yuan Li, uzun süren bir teknik takibin ardından yakalandı.İngilizce ismiyle SIM swap scam, bir mağdurun gelen çağrıları ve kısa mesajlarının farklı bir telefona yönlendirilerek, kimlik bilgisi, e-posta adresi, banka hesapları ve kripto para cüzdanları gibi hassas ... Der aktuelle Binance Coin-Kurs (26.90 $) im Live-Chart in EUR, USD & CHF im Überblick Binance Coin-Rechner Verfolge den aktuellen Kursverlauf live! SIM 1 WASSCE Cendant Corporation October 20,2020. Apply CasinoLand 0.025 btc underneath your mask Keep your lips protected from the Backstreet Boulevard 5 bitcoin with the LBX Pay 0.01 btc to pkr and GC Sean McGovern satoshi oisturizing VAN ROSSUM AVE95132 dash coin 2. Ray White Manurewa bitcoin 2014 earnings, meanwhile, underscored the impact from the coronavirus, which has killed about 18,00 ... Targeting Bitcoin Through SIM Swaps. SIM swaps have been happening for years. Many SIM swap targets fall into one if not both of the following categories: a celebrity with a prized social media account such as CEO of Twitter, Jack Dorsey, or someone who owns a reasonable amount of {"pageProps":{"article":{"id":2625,"title":"Binance Academy comemora 2 anos - Distribuição de U$1.000 em Bitcoin!","slug":"promotions","meta":"Estamos comemorando ... Binance Users Can Now Pay for Crypto With Credit Cards. Binance, the world's largest cryptocurrency exchange by adjusted trading volume, has just made it easier for users to buy cryptocurrencies. At launch, the exchange is supporting credit card purchase for bitcoin (BTC), ether (ETH), litecoin (LTC) and XRP. Binance is also matching donations up to $1 million. “Your $10 donation becomes $20,” the company tweeted. “Help fight coronavirus worldwide, starting with Italy, the USA, Spain and Germany ...

[index] [4501] [6083] [17993] [9059] [4573] [1470] [1555] [16909] [22485] [8957]

This Line Is Critical For Bitcoin + Binance Scandal

Do You Believe In The 1 Bitcoin Rule? The Modern Investor . Loading... Unsubscribe from The Modern Investor? Cancel Unsubscribe. Working... Subscribe Subscribed Unsubscribe 158K. Loading ... Blockchain Live Bitcoin Giveaway - Meeting Airdrop 10000 Bitcoin 比特币 Blockchain US 4,654 watching Live now Why Ku could be a top 20 exchange in 2018 - Duration: 5:24. Bitcoin Technical Analysis & Bitcoin News Today: Is Binance margin trading the new thing? On Binance you can now trade with up to 20x leverage on many cryptocurrencies. People are leaving BitMEX ... In this video I cover a case for a $500K bitcoin, the launch of Binance debit cards and also Ethereum dethroning Bitcoin as the largest market-cap crypto. Jo... 27.09.2019 - #Bitcoin #Altcoins #Trading Wir analysieren heute Bitcoin, Komodo, Chainlink, NEO und Binance Coin. Bitcoin & Altcoin Bollinger Band Indikator f... Earnings Binance [07.31.20] - Ethereum 2020 rallies as Bitcoin consolidates Віnаnсе Nеws. Loading... Unsubscribe from Віnаnсе Nеws? Cancel Unsubscribe. Working... Subscribe Subscribed ... Binance $100 Day Beginners Guide. To Crypto trading on Binance REGISTRATION Binance: https://clck.ru/JsEpq All Projects. Push! https://bitcoin-eng.blogsp... In today's video, we take a look at the binance expected acquisition of coinmarketcap and whether or not this is good for crypto. If you would like to be highlighted on my channel please reach out ... This video is unavailable. Watch Queue Queue This Line Is Critical For Bitcoin + Binance Scandal Altcoin Daily. Loading... Unsubscribe from Altcoin Daily? Cancel Unsubscribe. Working... Subscribe Subscribed Unsubscribe 161K. Loading ...

#