Saturday, March 1, 2014

Stay Secure: Welcome to the Post-Gox Era of Cryptocoins

In what probably shouldn't come as much of a surprise to anyone following my blog, I think the demise (or at least full shutdown for the time being) of MtGox is probably all for the best -- not just for Bitcoins, but for cryptocurrencies in general. It always struck me as a bit odd that the first major Bitcoin exchange managed to deal in numerous fiat currencies but never even made an attempt to branch out into other cryptocurrencies. Oh sure, there were talks on and off about supporting Litecoin, but if you can't properly run an exchange dealing with just one cryptocurrency, how would you support two, five, ten, etc. cryptocurrencies? So, farewell MtGox; you had your day in the sun, now it's time to move on.

Of course, the shutdown of MtGox does have some really odd aspects to consider. There was difficulty with getting fiat out of MtGox for close to a year now, and the result was that the price of Bitcoins on the exchange tended to be about 10% higher than on other exchanges. Just prior to the halting of BTC withdrawals, MtGox was trading at closer to $900 while places like BTC-e were closer to $800. I think that led to a lot of users putting BTC into MtGox and trading it for virtual fiat, in the hopes of then buying back in at a lower rate. When MtGox halted all BTC withdrawals, the reverse happened -- everyone that hadn't already converted their BTC to a fiat currency now panicked. The result was that prior to the closing of the web interface, MtGox was trading at closer to $100 where most other exchanges bottomed out in the $400-$500 range.

So here's where things get a bit interesting. No one could withdraw BTC from MtGox, and suddenly people were dumping BTC at crazy-low prices in order to recover any potential money. Who would want to buy BTC on a failing exchange that wasn't allowing anyone to withdraw? I have at least one good answer: MtGox. Just sit in the background, buy up chunks of BTC at prices 75% lower than the rest of the BTC world, and when the dust settles and everything has cleared up, even after losing 8000+ BTC due to their negligence (i.e. zero confirmation approved transfers that became subject to transaction malleability) MtGox ought to have a whole ton of BTC sitting in cold storage somewhere. Refund all of the people that didn't sell and weren't able to withdraw, so that you didn't "steal" anything, and MtGox still has a big pile of BTC they can either hold or trade on other exchanges.

Conspiracy theory? Perhaps, but in this wild west world of little to no government oversight or regulations, it's entirely possible. And while we're on the subject of exchanges, there are other goings-on of the past week that are worth noticing. For one, Coinmarket.io went down because their system is basically designed to shut down if something unexpected happens -- which isn't really a bad idea as it should hopefully prevent anyone from withdrawing a ton of coins via some hack. The site remains offline after several days, and they're apparently "rewriting" (more likely debugging) the back-end for the site; we'll see if/when they return.

Another exchange with some woes: C-CEX.com, who I have used quite a bit for trading DRK in the past couple of weeks. Apparently some buggy code got deployed and one user, lojack, somehow ended up with a few hundred BTC in his account. Since it wasn't "real" BTC -- it was a glitch in the C-CEX system -- he decided to buy up a different cryptocurrency and withdraw that. That currency was DRK, and he caused the price to spike from around 0.002 BTC to 0.008 BTC. Then he transferred the DRK to Poloniex and dumped it, causing a price crash there, and shortly thereafter mayhem ensued. Feeling some remorse after the fact, lojack/Nathan has tried to return the coins, and at least personally I got my 2400 or so DRK back (but lost my 6.6 BTC in the process). Others are apparently still waiting, and I've personally pulled all my coins out of C-CEX for the time being.

But wait, there's more! If you're starting to think that maybe the current selection of exchanges may not be entirely secure and that you should avoid storing a large balance of coins on any of them, give yourself a pat on the back. Both Poloniex.com and CryptoRush.in have had some issues in the past few days as well, with the sites both being down on occasion. Other exchanges continue to experience rather erratic performance -- Cryptsy and CoinedUp for instance go from being very fast to suddenly taking 30+ seconds to refresh -- and CryCurex (who? Yeah, exactly) continues to operate in manual mode for withdrawals and deposits. I have about $12 worth of coins I initially transferred there as a test that I haven't yet withdrawn, and I probably won't ever send anything more to the exchange unless something pretty dramatic occurs. I'd encourage anyone that doesn't already follow such practices to start now -- only leave coins on an exchange than you can "afford" to lose.

And for that matter, the same goes for mining pools; withdraw your balance regularly -- I generally have my auto-payouts set to run at least a couple times per day based on my pool hash rate, so if I generate 500K of some new coin in a day, I'll set my auto-payout to 100K. And whatever you do, don't have a pool pay directly to an exchange in this fashion, or you run the risk of losing all the coins should something go wrong.

Getting back to the topic of staying secure, one of the cool things about cryptocurrencies is that you can send pseudo-anonymous payments to pretty much anyone in the world and without hours at most they're able to use the coins or convert them to some other currency. Some people say, "Okay, neat -- but who wants to wait for six confirmations?" That leads to some adopting a policy of allowing coins to be used after only a few confirmations, or maybe even zero confirmations. "Hey, it's a pending order on the blockchain; I trust Bitcoin so we'll just release the funds right now." This is more or less what MtGox was doing, and it came back to bite them in the butt in a big way. They then pointed the finger at Bitcoin and tried to blame transaction malleability as a flaw, but really this was a known issue for more than a year (more like two) and "best practices" were to require six confirmations so that transaction malleability wouldn't affect you. Whose fault is it that MtGox decided to go their own way? And who ends up paying for their arrogance?

Another important consideration is that there are also no roll-backs or returns with cryptocoins, so if you steal a pile of BTC there's not much others can do to stop you from using them. If you offer to trade coins with a person -- either on a forum or via email or whatever -- and you decide to trust them and send coins directly to them, you're opening the door to be scammed.

In short, whether you're dealing with an exchange, a pool, or an individual, think about things in this way: what would you do if you were using hard currency? When you buy something online, you don't mail them an envelop with a wad of cash and hope for the best. Considering cryptocurrencies are about as easy to recover as hard currency if you happen to lose/misplace them, the best advice I can give is to be more circumspect. Don't be rash or impulsive (unless you just like taking risks?) because the end result will eventually catch up to you.

And if you really don't care about your coins, then send them to me -- I'll be happy to keep a safe watch on them for you. Or as an alternative, if you want to know what I'm currently mining, send me a small donation (at least worth a couple dollars after conversion) and an email message (jarred.walton [at] gmail -- and please pay attention to the spelling of the first name; Jared Walton is probably tired of getting my messages) with a note of the donation, and I'll be happy to tell you what I'm up to and why. Basically, I'm debating on whether there's any use in a sort of "subscription" service for that kind of advice. I might talk about some things publicly, but sometimes I wonder if it might just be best to shut my big yapper on occasion. Hahaha -- fat chance of that happening. Happy mining and trading!

BTC: 153qS9Ze32hnV3fwirZLWNka4wBAowc21E
DOGE: DD9iTWf8diPkvKdB8roPJepTyp6BGVQtct
DRK: Xd3EaCJg6G8ZnGuKkpvwyRMwyHzbaRDnob
LTC: LfCLyykrNFftzpdWejR73hf478ZtBzQ9jE
MAX: mf5DXTLiZFCnJC2x13MXSyigyUjmBnrwjG
MRC: 1Ctnz6cHcMYiF9fz2pyd6orFuo1mDhKdWj
VTC: VaNuRCj73JVAwR1YMnt8CXaqoiPgykiMTk

5 comments:

  1. Great advice! Sounds like someone has been taking advantage of you...? :(

    ReplyDelete
    Replies
    1. Not really -- I just figure it might be better to see if I can beg for a few extra donations for more specific advice. If I ever wanted to turn this into a full-time job (this blogging/cryptocurrency stuff), I'd need to get a lot more donations than I currently receive!

      Delete
  2. Would you care revealing what your are mining now? I'm your number one fans! ha ha ha...

    ReplyDelete
  3. Have you tried running google adsense. Always used to pay best with least amount of grief for me on sites. Ads region specific to users, e.g. i'm UK based, amazon.com no use unless sending to friends in north america. I'm always click happy on sites I like with adsense :)

    ReplyDelete