AbeloHost - Offshore Hosting Solutions - Dronten Bitcoin ...

Bob The Magic Custodian



Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses.
Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes.

First, some background. Here is a summary of how custodians make us more secure:

Previously, we might give Alice our crypto assets to hold. There were risks:

But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
See - all problems are solved! All we have to worry about now is:
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are!

"On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid".
"Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since."

"As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!"
"Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?"

"Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party."
"Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!"

"What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven."
"Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!"

"We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies.
And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often".

How many holes have to exist for your funds to get stolen?
Just one.

Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so?
If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security.

The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle.

And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet?

Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds.
So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever.

Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see.
It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation.
A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.

History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance.
Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.)
Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive.

Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today.
Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well.
Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do.

Facts/background/sources (skip if you like):



Thoughts?
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

Weekly Update: $BOMB SWOT Analysis, HYDRO dApp store, Silent Notary Consilium, Job Opening at OST... – 20 Sep - 26 Sep'19

Weekly Update: $BOMB SWOT Analysis, HYDRO dApp store, Silent Notary Consilium, Job Opening at OST... – 20 Sep - 26 Sep'19
Hiya folks! Happy Diwali to everyone. Here’s your week at Parachute + partners (20 Sep - 26 Sep'19):

Tons of quizzes and contests this week at Parachute + TTR. Doc Vic hosted a trivia on medicine and another one on WW2 this week in TTR. A total of 50k $PAR given away. Victor hosted another trivia there too for 25k $PAR. Sweet! The Big Brother contest came to a close with the finale this week. The winner of Big Brother was Michie, who sadly no one picked. So all 21 participants won 5K $PAR each! Another 70k $PAR was given out to other winners. Plus, $202,500 PAR have been awarded in the various Big Brother contests earlier. Huge! Thank you Gian for doing all of this. And did you get a chance to partake in Tiproom’s Mememania? 50k $PAR in prizes – 25k for top 10 winners and another 25k for 100 memes. Next week’s update will feature some of the funniest memes from the contest. Richi hosted a Movie Trivia in Tiproom for a 25k $PAR prize pot for 10 questions. Woot!
Looking good Alexis!

Catch up on the latest at aXpire from the weekly update video compiled by Joakim. This week’s 20k $AXPR burn can be tracked here. CEO Gary Markham, who sits on the board of Hedge Fund Association, travelled to an HFA event to spread the word on the project. In the last update, we shared that 2gether was hosting a blockchain and tokenization based contest named Crypto Talent in partnership with IEB Spain for students and professionals. Read more about it here. News of the competition was shared on Cointelegraph as well. You can also listen in to Founder Salvador talk about the contest here and here. Check out the 2gether T-shirt that the team wore to the South Summit next week. Neat! CEO Ramon spoke at the Finnovista Pitch Day about FinTech innovation. Salvador’s interview along with a profile of 2gether was published in The Blockchain Land. The winner of the Birdchain Art Contest was announced this week. Congratulations! Plus, some news updates on the app were shared as well.
Birdchain Art Contest winner. Wicked!
Last week we shared that the $XIO ERC20:BEP2 bridge testnet trials have gone well. Here’s a sneak peek into how it looks. Once activated (condition to the acceptance of the Binance Dex listing application), the bridge will be open for roughly a month*. Dash also talked about 3 marketing mistakes that crypto startups make commonly – paying for PR (earned media > paid media), focus on follower count (organic reach > vanity metrics), airdrops (unless done strategically). If you had questions on how the XIO system will work and help startups scale, then fret not. Zachary wrote an article and video explaining it all. The community also voted this week to opt in for an SMS update option if there were ever one. The $BOMB community survey results are also out. This set the basis for a detailed SWOT analysis of the token. An excerpt from Benjamin’s 4% burn report was published on Coinbeat as well. In this week’s discussion series, Zachary reflects on market movements and the nature of the XIO incubator program.
\*[As of today, the switch to Binance Chain has been shelved. $XIO will stay on Ethereum. But there will still be a token swap. Details will be shared in a later update]
BOMB survey results show that the community is well distributed across the globe
Fantom’s Statheros stablecoin project will be partnering with a South African bank working on a mainnet launch. Initial details of the tie-up were released. The news was covered by CFN as well. CMO Michael travelled to a CFN event in London. Click here for pics. Technical Update #14 came out too. The big exclusive at Uptrennd this week was bagging an interview Andreas Antonopoulos. Awesomeness! Loopring CMO Jay sat down with founder Jeff to talk about the road ahead for the company. In this week’s public vote, the community voted to get TomoChain a free review from Altcoin Buzz. Community member Jackson Jerry took the initiative to deliver a presentation on the platform to thousands of students during a University Blockchain Awareness tour. Writers were in for a treat with the start of an article writing challenge with a 1,750 $1UP prize pool. Say what! Like last week, this week’s Meme Monday event saw some hilarious submissions. Uptrennd also got coverage on Micky News’ PR piece. Noice! Welcome to the Sentivate crew Jack! Learn about domain extensions and universal domain systems in this detailed article and thread by Sentivate founder Thomas. Tech enthusiasts were in for a treat this week with discussion threads on 5G and packet puzzles. The latest District Weekly from District0x covers mostly dev updates from the past week. Classic memes was the theme for this week’s Meme contest :p
Old school memes FTW! Lmao
Hydro got nominated for the Florin Asia Innovation Award. Good Luck! The Hydrogen dApp store was opened up for beta testers. The store is also open source. Great! Click here to read up on the structure of the dApp store and how it was built. A number of third party partners joined the store this week including 3Box, TotleCrypto and Carbon. General Operations Manager Marcco Paez sat down for an AMA with Crypto Nation to talk about Hydro. Hope you got a chance to get your questions answered. The team was at InsureTech Connect to represent the project. Want to check out an awesome spectacle? Hydro’s article on visualising code activity in decentralised projects has some uber cool visualisations. You could create one too using Gource. The latest developer update summarises all work done in the past week on the dev front. Silent Notary announced the launch of a Consilium system which will be using its own blockchain network (IDL) for legal actions on the platform. This was necessary since the Ethereum chain is anonymous and legal proceedings require identifiable actors. The $SNTR token will continue to exist on both chains (Ethereum and IDL). For more titbits on the update click here, here, here and here. For updates on Ubikiri, make sure to join the ann channel on Telegram started recently. Full list of socials can be found here. The $LAW referral bonus started last week has seen 4000+ wallets receiving the tokens so far with more on the way. Plus, the presale details are now available on the IDL site.
Hydro dApp store dev visualisation. Beautiful
Last week, the Arena Match community voted to decide which exchange to pursue for a listing of the $AMGO token. DDEX emerged as the winner of the vote. This week, $AMGO got listed on DDEX. Also, the much awaited review of the project by the Uptrennd team was published in two parts (Part I, Part II). Blockfolio and Delta accepted $AMGO for listing on their platforms. Woohoo! Job opening alert on OST: the team is looking for a Product Lead. Apply if you’re up for it. CEO Jason explained how adding friction in early onboarding process helps achieve product-market fit in this tweet thread. Congratulations to SelfKey for becoming an official member of CryptoUK, a self-regulatory trade association based in UK. If you have considered opening an offshore bank account, check out this article on the best countries to choose from. You can make your first move using the Wallet marketplace as well. Hope you took some time out to vote for SelfKey for the Blockchain Identity Management Use Case Award. Constellation’s partnership with the US Air Force was covered by Forbes this week. The team also announced a partnership with StackPath to make node deployment scalable for enterprise clients. Co-Founder Wyatt travelled to USC, Los Angeles, to a Hyperledger meetup to talk about how blockchain protocols can achieve elasticity. Click here to watch his presentation. Bags token launched a 10k $BAGS giveaway contest for helping spread the word on the project. Sweet! The first promo video is up on the BAGS TV YouTube channel. Check it out! An Upcycle Event in the BAGS Bazaar allows you to exchange some of your tokens for $BAGS. This week, they held their 4th Bazaar Upcycle event.

And with that, it's a wrap for this week at Parachute + partners. Ciao!
submitted by abhijoysarkar to ParachuteToken [link] [comments]

Understanding Fundamental Effects on Price

Another really huge issue with the btc community in general, and this reddit especially, is the lack of nuance on price. And again, an unwillingness to accept critique.
There are several scenario that can play out with price, but in some of those scenario, we may even see a huge price pump, while *still failing at adoption*. And I think that's an important distinction to make. Just because wallstreet pumps the price for reasons that only concern the rich and institutions, does not equate to adoption. It does not equate to us making vital changes for the betterment of the network and adoption. It just doesn't.

Wallstreet is perfectly content with hyper regulated bitcoin that is totally irrelevant for the common man and unadopted and unused, they are perfectly fine treating bitcoin as a glorified sovereign bond and international form of settlement. That is how the institutions and rich see it. They see it much like they see bonds and gold, and are willing to treat it as such. This is even a positive in some regard because it brings monetary transparency into the banking and wealth sector.

But it does not address cypherpunk, emancipatory politics, or global poverty, or individual sovereignty. And it is acheived largely through extreme centralization and hyper invasive surveillance. Be clear, they can pump the price to 250,000 while still controlling everything through Patriot Act, AMLD5, NDAA, and FACTA and the banking secrecy Act. All of which Bitcoin is entirely ideologically incompatible with. But that's just fine, because the rich already comply with those laws (mostly). They already price in the regulatory and compliance costs of an institution, of an offshore tax haven.

That's just it. IT's fine for them to do this to btc, because the laws are designed for them. They create the barriers only they can afford to play in, while hurting it for everyone else.

The average common man in the world, and any developing country should be able to easily acquire btc without kyc. Period. It shouldn't be a surveillance state. I recently listened to Peter McCormack interview a darkmarket guy and I completely agree. We need to engineer away from on ramps, we need to engineer away from payment gates that involve fiat, and we need to all use coinjoiners and mixing technology. It needs to be the standard. There are so many reasons to use coinjoining for non illegality. Privacy is a fundamental need.

And internet 4.0 for finance is contingent on a lot of technology. These aren't really coins either. It is backbone technology to better facilitate bitcoin. But we have to have layer two solutions. It doesn't matter whether it's RSK or plasma, or both, we just need the secondary layer to pay for distributed processing, server function, matching, liquidity, file storage, atomic swaps, network gas, etc. DeFi network value cannot be conflated with the supply and demand of btc itself, we don't need permissioned side chains, we need permissionless open source side chains and interoperatibilty platforms that will protect the privacy of bitcoin and facilitate it on decentralized exchanges. On exchanges that cannot be taken down. To do that we need staggering amounts of technology innovation and thoroughput, that will require people to host nodes, mine and stake these ancillary services to protect the backbone of bitcoin commerce.

Anyone who is into toxic maximalism. Let it be known that you are willfully promoting corporate bitcoin supported by massive centralized players who will treat it as a bond or settlement statist instrument. You're promoting the support of bitcoin on an entirely captured regulatory framework and an entirely captured unsafe unsecure regular internet controlled by the clearnet and amazon and google and heavily surveiled. .Org just privatize for fuck sakes. And any DNS can be compromised, any .com site can be siezed. This normal backbone is entirely inappropriate for bitcoin. Centralized exchanges and payment apps like cash app are entirely inappropriate for bitcoin.

You should be able to visit a IFPS site, connect a hardware wallet to any DEX or DAPP and immediately trade with the same speed and liquidity of binance and bitmex. The user interface should be simple and approachable to the layman. We need a liquidity interbank controlled by SPV server and dark node. Payment incentives for people to host liquidity to the network on plasma, radon, cosmos, uniswap, eventually all the DEX will simply be connected by interchain liquidity.

Crypto has to be extremely unfettered. The regulators and wallstreet have strangled it and will continue to do so. Some people have forgotten that this is a battle for financial sovereignty and protection against wealth confiscation. Only when they realize that they can't control us, will they be forced to sit down at the legislative table and negotiate with common people. You have to bring your government to heel.
submitted by samdane7777 to Bitcoin [link] [comments]

ASEAN Countries and Crypto: Yay or Nay?


Source

Just two months ago, Writer Angaindrankumar Gnanasagaran summarised the latest policies and attitudes Southeast Asia had towards blockchain technology in an article titled Blockchain gaining ground in Southeast Asia, featured on The Asean Post. He reported that blockchain technology has “gained significant currency in Southeast Asia [as] many governments within the region have warmed up to the prospect of promoting the integration of this technology into businesses and the public sector”.
Just how true is this progression? Let’s have a look.

Philippines

https://preview.redd.it/qgdk2omc4wf21.png?width=1600&format=png&auto=webp&s=4d07949ca67e07c67d12b3b576a65165091c2074
On 8th August last year, the government-owned Cagayan Economic Zone Authority (CEZA) announced its latest partnership with private property developer Northern Star Gaming & Resorts Inc. – the development of Crypto Valley of Asia, a fintech and cryptocurrency hub set to be built on the Cagayan Special Economic Zone and Freeport, and intended to house up to 25 crypto firms on its premise.
A few months later in October, Ateneo de Manila University and health-tech company MediXserve jointly launched the AMBERLab (Ateneo-MediXserve Blockchain Education & Reasearch Lab) to research future applications of blockchain in health-tech, fintech, edutech, Artificial Intelligence (AI), data analytics and other related industries.
This year, about a week ago on 7 February, The Philippines, through the Cagayan Economic Zone Authority (CEZA), approved the Digital Asset Token Offering (DATO) regulations that recognises CEZA as the principal regulating authority and The Asia Blockchain and Crypto Association (ABACA) as the designated self-regulatory organization (SRO) that will implement and enforce the new DATO regulations.
The rules are simple. All DATOs must submit proper documentation, providing details on the issuer, project, advisors, and certificates of experts and DA agents involved. Tokens can only be listed on licensed Offshore Virtual Currency Exchange (OVCE) and stakeholders must submit appropriate documentation with accredited wallet providers and custodians.
The regulations also classify DATO into three tiers:
Tier 1: Assets and investments ≤ $5M with payment in digital tokens
Tier 2: Assets and investments from $6M to $10M
Tier 3: Assets and investments ≥ $10M
Clearly, unlike its vague position last year, the Philippines has been gearing up for blockchain technology and has implemented new measures as a result to regulate the wave of digital tokens crashing into the local market. One of the largest banks, UnionBank of Philippines, even announced on 11 February that it plans to launch an ATM that will facilitate digital assets trade in the national currency, the Philippine Pesos. If the Philippines keeps up this optimistic outlook, she may just fulfil her vision of being the Crypto Valley of Asia.

Thailand

https://preview.redd.it/hmwg4sde4wf21.png?width=1600&format=png&auto=webp&s=50878be44e8ee3b0b347823d76670c4dc7fc78af
If the Philippines seems supportive towards cryptocurrency, then Thailand is definitely a crypto wonderland. While others were still grappling to understand the blockchain technology and its idiosyncrasies, Thailand was quick to jump on the crypto train in 2018. Within the span of a few months, the Thai government enacted the emergency decree that allowed it to roll out a new law for the budding blockchain industry: the Digital Asset Business Decree.
This decree differs from other countries by skipping the core debate that demanded the differentiation between security tokens in cryptocurrency. Instead, it classifies cryptocurrencies as “a medium of exchanging goods” and digital tokens as “rights to participate in an investment, or to receive specific goods”. It even amended its tax regulations to include the taxation of cryptocurrency firms. For instance, firms raising funds through Initial Coin Offerings (ICOs) will be taxed 15% on their income while others undertaking Initial Public Offering are not. The two laws went effective as of 14 May 2018 and set the standard for other countries delving into the blockchain industry.
Now, at the time of writing, the Thai securities and exchange commission (SEC) has granted four operating licenses to applications from blockchain-based businesses applying for licenses to conduct local operations. The four applicants who were successfully awarded a license are: Bitcoin Exchange Co., Ltd., Bitkub Online Co., Ltd., Satang Corporation, and Coins TH Co., Ltd. The former three are digital asset exchanges, while the latter is a cryptocurrency brokerage.
That being said, Thailand’s friendliness towards the crypto trade is not to be mistaken with leniency or a laxation in security measures. While the above four were granted operating licenses, two other applications from Cash2coin and Southeast Asia Digital Exchange Co. (SEADEX) were rejected, having failed to meet the required criteria set out by the SEC.Thailand’s intention to retain a tight grip on the cryptocurrency industry is a smart move on the country’s part as news of cryptocurrency scams continue to flood the market. In November last year, Thai regulators even released their own web-based platform to host potential ICOs, ensuring the country is kept up with the latest projects in the cryptocurrency industry. The reason behind this scrutiny has been speculated by some to be Thailand’s way of conducting research and accumulating data in order to release a national cryptocurrency in time.

Indonesia

https://preview.redd.it/3rcbwzdg4wf21.png?width=255&format=png&auto=webp&s=e11280d3c40e746f00c711fcffaf5b20d8c3d6bf
In late 2017, the central bank of Indonesia, Bank Indonesia declared cryptocurrency to be illegal in the country under the Law No. 7/2011 and penned the BI Regulation, stating all financial transactions had to be conducted in the Indonesia rupiah. Yet, despite the bank’s firm opposition against these digital fledglings, it is clear to the world that the Indonesia government does not share its skepticism. On 3 June 2018, Beppebti, the Indonesian Trade Ministry’s Futures Exchange Supervisory Boards legalised cryptocurrencies as commodities in the country in spite of the central bank’s disapproval, making cryptocurrency trade legal in the eyes of the government. In fact, Indonesia Digital Asset Exchange (INDODAX) — the largest Indonesian cryptocurrency exchange — announced in March 2018 that the number of users on its platform had surpassed that of the Indonesia Stock Exchange.
While the bank remains vehement in its denial of cryptocurrency, the local citizens have embraced it. Indonesian media company Coinvestasi has organised the Indonesia Cryptocurrency Festival 2019 that is currently in the midst of its tour across various cities, sparking the conversation about cryptocurrency nationwide.

https://preview.redd.it/92qi1z1i4wf21.png?width=1600&format=png&auto=webp&s=583350528eff7c96fb57a6da0f431641d2025cbe
Roadshow Timeline of Coinfest Indonesia 2019
Unfortunately, due to the nation’s vague stance, the local Bitcoin market holds less than one percent of the global cryptocurrency market, with only two Indonesia Bitcoin exchanges available for Bitcoin purchases at a fixed rate.

Malaysia

https://preview.redd.it/o1xquxnk4wf21.png?width=1600&format=png&auto=webp&s=afd89d4a5f8757b7fe3fc5e5a01a403a50f88368
2019 brings new beginnings and new regulations for digital asset offerings in Malaysia. Based on a notice from Malaysia’s Securities Commission (SC), the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 has been enacted since Jan. 15.The Order meant that token offerings and exchanges are required to seek approval from SC before operations can begin. However, despite Malaysia’s strict clampdown on ICOs, it appears that the country is not adverse to digital assets after all. Finance Minister Lim Guan Eng stated: “In particular, we believe digital assets have a role to play as an alternative fundraising avenue for entrepreneurs and new businesses, and an alternate asset class for investors.”In December last year, the SC and Malaysia’s central bank, Bank Negara Malaysia, jointly released a statement explaining that the purpose of these new regulations was to make digital assets “within the remit of securities laws to promote fair and orderly trading and ensure investor protection.”

Singapore

https://preview.redd.it/70k0qgbm4wf21.png?width=1600&format=png&auto=webp&s=04b87cc9e3bb3301c8bdf02db3cf3eb8347d4876
Singapore has always embraced the potential of digital assets and its ability to transform the future. In November 2017, the Monetary Authority of Singapore (MAS) released the Payment Services Bill (PSB) in the Singaporean Parliament. In essence, the Bill subjected digital currency to the same laws regulating domestic and international money transfers, and foreign exchange transactions. The MAS also released a set of guidelines for parties interested titled “A guide to digital token offerings”. The document listed on their website contained general advice on application procedures and rules for companies to be legally qualified in offering and issuing digital tokens in Singapore. When confronted with security breaches in major cryptocurrency exchanges, MAS updated their Bill in January 2019 to safeguard the interests of cryptocurrency investors. The Bill proposes to implement a dual-track regulatory guideline for both major and smaller financial institutions respectively.

In summary…
While countries like Philippines, Thailand, Indonesia, Malaysia and especially Singapore embrace the future of cryptocurrency, other ASEAN countries continue to sit on the fence regarding digital currency. Vietnam remains undecided, as evident from the confusing debates wranged out amongst authorities and the ban on crypto trading despite possession of digital assets being legal. Laos approaches digital currencies with caution and Cambodia has ironically forbade finance firms from cryptocurrency transactions while creating its own national cryptocurrency. Other countries like Myanmar and Brunei continue to distance themselves from the world of digital assets and remain vague on their policies and governance.
Despite the uncertainty, however, ASEAN is clearly becoming an important market for traders of digital assets. As digital assets continue to gain prominence within the region, what better way to jump into the crypto market than with 1SG, a fiat-backed stablecoin pegged to Singapore’s own fiat currency, the Singapore Dollar?
About 1SG:1SG is a stable coin, issued by the Mars Blockchain Group which overcomes the problems of today’s cryptocurrencies, while providing open, transparent, efficient KYC/AML process. With the key features of stable value and high liquidity, Mars Blockchain is a start-up committed to becoming a leading stable coin in global cryptocurrency market. 1SG circumvents the volatility of other major cryptocurrencies by maintaining a fixed peg to $1 SGD through financial markets.For more details, check out www.1.sgTo trade 1SG now, head over to these exchange platforms:P2PB2B: https://p2pb2b.io/BitMart: https://www.bitmart.com/TOP.ONE: https://top.one/indexKryptono: https://kryptono.exchange/k/homeOEX: https://www.oex.com/indexFor more information on 1SG, keep up with its following social media:Telegram: https://t.me/SGoneReddit: https://www.reddit.com/use1-SG/Twitter: https://twitter.com/1SG_2018Instagram: https://www.instagram.com/1sg_sg/YouTube: https://www.youtube.com/channel/UC_p_8y1geOe0lmB4F3i6Fpg
submitted by 1-SG to 1SG_ [link] [comments]

Bitcoin Air

2018 have been such a refreshing year when it comes to emerging cryptoprojects and the level of innovation they introduce. Gone are the stupid infographics trying to solidify Coin-X as the highest amount of transactions per second (who cares?).

Instead there seems to be a steady influx of new projects with developers who are innovating for real.

A couple of months back I stumbled across Haven Protocol which caused me to write my first crypto-article ever, fast forward a month-or-so and the first fork of Haven, Bitcoin Air, was quietly announced.

Now many initially dismissed Bitcoin Air as nothing but a Haven Protocol clone, but that is a severe misjudgement. I’ve been lucky enough to follow the development of this project from the inside for a while, and I’ve witnessed first hand that this project has set its sight on introducing a host of new features to the world of cryptocurrencies.

In this Q&A with Bitcoin Air’s Lead Dev, Anthony, I get answers to a lot of questions that should give a good understanding about what Bitcoin Air is aiming to accomplish.

Enjoy.

First of all, how would you summarise what Bitcoin Air is all about for someone who reads about it for the first time?

The first thing we want people to think of when they see, hear, or speak “Bitcoin Air” is simplicity and transparency.
The reason for this being, cryptocurrency is this currently ecstatic and mysterious world that a lot of people are afraid to dive into due to these unknowns. When someone approaches Bitcoin Air, we want them to understand that we are a lightweight, secure, and decentralized payment system that also ofers a static crypto-backed reserves system that allows for a user to print their own fiat currency (AirCash).
In layman’s terms, we want to give the power of the Mint, Reserve, and Banking System all to the consumer and merchant!
What sparked the idea for the project we now know as Bitcoin Air?

The idea for Bitcoin Air was sparked from a protocol concept originally designed by the administrative team. The main idea coming from the fact that Bitcoin is subject to high volatility, and Tether is both manipulatable and a separate entity from what should be a joint efort for Bitcoin.
Beyond this, we feel the need to bring cryptocurrency to a form of widespread acceptance through applying modern technology to age old tactics of in person payments. This will of course be accompanied by all of the amazing features that come with cryptocurrency and it’s secure nature.
The Bitcoin Air project is a fork of Haven, how essential has the Haven teams work been for your concept and project development?

Haven Protocol’s work hasn’t been significant in our development. Their initial idea was sparked to allow users to “offshore” their value to a secure storage environment in some different country.
This idea, to our team, seemed unapproachable and limited it’s greatest potential. We followed through with the idea of offshoring, and instead made it far more approachable and adaptable and instead of creating an internal contract system, devised a bilateral blockchain system that will operate as a dual auditing blockchain.
How would you differentiate what Bitcoin Air will be, compared to Haven, what are your most obvious differences between the two?

Haven Protocol is based on an internal smart contract system that will offshore the value of your coins to a safe storage environment, this will allow you to mint and burn between Haven Protocol and XHVD, safely offshoring your value from volatility.
Bitcoin Air is a bilateral blockchain that will allow one end of the chain to operate in volatile value and conduct basic cryptocurrency transactions including sending and receiving through any basic exchange as well as our internal wallet exchange. The second side of the chain will operate in static value and will operate as a crypto-backed reserve chain for Bitcoin Air.
This static chain will have strictly mint and burn protocols that will allow the creation of Bitcoin Air or AirCash. This static side chain will not allow person to person sends and will instead be specifically designed as a reserves and fiat system for day to day use.
How many developers are actively contributing to your project now?

Currently we have over 8 active developers working around the clock on establishing our test net, minimum viable product, and a proof of concept design that can be presented to the public.
The goal is to operate our development much like an ICO without intentions of gathering funding from the public. We are a privately funded, Non-ICO, Non-VC funded development backed by a handful of guys who simply are very in tune with the cryptocurrency community.
We hope to deliver a well-rounded and established development for the people.
Is there any field in which you are looking for contributions from the community, if so, what are these?

We are always open to as much community contribution as possible. We are 110% focused on community input and transparency and that goes down to every vote and choice we have.
Ultimately we feel that a larger consensus brings the greatest discussions to a situation along with calculated execution. This being said, we are opening an Ambassadors and Evangelists Program that will operate much like a permanent bounty hunters program.
Top level representatives from all countries can apply and voice their expertise on why they should be an Ambassador for Bitcoin Air. This will in turn gain them access to the private Ambassador Panel where they can participate in tasks to earn monthly points for payouts based on worth ethic! Additionally, we are always open to community open-source developers who seek some lead into the cryptocurrency world.
We are always thrilled to teach and learn from other professional development teams as we are seeking to develop the most community driven coin of 2019!
Is the launch of the Bitcoin Air and the air protocol in any way dependant on the Haven teams Offshore Storage smart contracts. Will you have to wait until they release this feature or is the work on the Air Protocol completely independent of that effort?

We are in no way tied to the Haven Protocol development and are developing our own dual chain protocol that will not use smart contracts.
What we hope through our fork with Haven Protocol, is to allow a transition/bridge in between USDAP and XHVD that will bridge both the privacy and clear coin chains to allow for a user based choice of chain use.
We feel privacy is important, but not necessary thanks to the secure nature of cryptocurrency, but we still want to give our users a option to go into a privacy coin at some point effciently without worry of value loss.
Correct me if I’m wrong, Bitcoin Air is a Haven & Bitcoin fork, while Haven originated as a pure Monero fork. If I understand that correctly what does this mean for XAP, for instance; will Monero features like RingCT be a part of your project or will Monero-Specific features not be a part of the overall Bitcoin Air project?

Bitcoin Air is a bilateral merge fork joining Peercoin with Bitcoin, and forking Haven Protocol into our side chain.
This means that, in the end, there will be 2 chains operating together with one being accessible to exchanges and basic user features like sending and receiving; while the other operates privately in the background of this chain only accessible via wallet interface for means of minting/burning and staking/mining.
The Haven Protocol end of the chain will not feature basic usage like sending and receiving, and will instead carry the latest features for minting, burning, and printing of fiat Air Cash.
If I understand correctly, you have two options for binding your cryptocurrency into a static dollar (or similar) value, the first one is $USDAP — which I imagine works more or less like Haven’s $XHVD, right?

$XHVD will operate much like $USDAP, except for the fact that they are using smart contracts and we are applying a new solid blockchain. This static resource backed currency chain will operate to back the overall reserves and value of $XAP and Air Cash
And the second one, Air Cash, I find especially interesting. You will allow users to print their own QR coded “paper money” for use at retailers, etc. Does this money exist on its own sidechain, or is it more or less a physical version of the $USDAP?

This is correct. Air Cash will be the physical, fiat form of $USDAP. Users will be able to customize their own fiat currency sheets with predesigned templates that they can then add to their basic home printer.
The user would choose the denomination (Sheets would print in size of 8 bills) and they could choose to set the bills equally, or to diferent denominations. The wallet would then generate private key, and print the denomination value of $USDAP on the bill front along with the QR code generated Private Key as the center. The wallet would send the wallet to this address and it would be removed from the wallet entirely. The Air Cash would now maintain the value of the $USDAP and can be used in store or handed over to another person.
The merchant or user could then sweep the Air Cash into their wallet and receive $USDAP. The paper would then become worthless and could be recycled as needed.
Will the creating of Air Cash require any form of miner fee, and if so will that fee be a “static value” bound to it or a fluctuating value? In other words, will it be tied to cents or to “satoshis”?

The creating of Air Cash will require a static fee tied to $USDAP that will only vary based on a the amount you send. These ranges would most likely be $0.01-$10,000, $10,001-$100,000, and $100,001+. These fees will most likely be extremely small ranging from $0.05-$0.15 accordingly.
We are not going to allow miners/stakers to set the price on this as people should not be held back from when they need fiat, but all things take resources to create, and we feel a small fee should be in line to provide back resources to the mining and staking community securing and operating our network.
Also, what happens if a user looses an Air Cash bill before they get the ability to spend it. Will it be lost forever, like “normal currency” or will it only be lost if someone manages to spend it before you have time to move the currency to another address, and print a new bill?

The user will have a maintained track record of all of the bills they print within their private Air Cash Ledger. This ledger will not be available to the public due to the Haven Protocol/Monero Privacy Features. The user will be able to swap an Air Cash bill if it has not been swept into the receiving parties wallet if they set the loss prevention feature on within their wallet.
If the bill has been swept into the receiving parties wallet, they will not be able to cancel the bill. This feature will be available via desktop and mobile to ensure the quickest response to lost funds. This would encourage people to ensure that the receiving party sweeps their funds immediately, as you would want to ensure the value is on the bill!
Also, as a miner, I’m curious about how I can obtain Bitcoin Air through mining. I’ve seen you describe the project as “Hybrid Dynamic Proof of Stake and Proof of Work coin” — does this mean that one can both mine and stake in order to participate in the network?

We are currently developing a new consensus algorithm that we are dubbing “Proof of Risk”. We prefer not to release much information on our new consensus algorithm for now, but we plan to release extensive information once it is perfected. Just know for now, you will be allowed to both mine, and stake. It will also be HIGHLY encouraged, if not required, to do so in some sort of way.
Can you tell us a bit more a bout the planned merchant platform, what are its base features and how will it work?

The future merchant platform will be available to both in-person and online merchants. Small Business that accept Bitcoin Air will be able to use any tablet that allows them to download the Bitcoin Air PoS Application. This will allow their tablet to turn into a mobile PoS system with Sweep features thanks to the cameras on most tablets. Merchant can establish their item list and can have the consumer scan the QR code shown on the screen to automatically set the amount and receiving address.
Consumers will confirm the amount and proceed to process the transaction in $XAP. When the merchant receives confirmation, the system will automatically convert their $XAP to $USDAP so they can avoid market volatility until they choose to re-enter and sell to fiat. For online merchants, it will allow integration with most e-commerce platforms available. This means people can proceed to pay for their items with Bitcoin Air via their Desktop or Mobile wallets wherever accepted.
When you fork, you have — in your latest community update — listed the following existing chains that will be receiving Airdrops of either $XAP or $UDSAP:

Bitcoin ($BTC) holders will receive Bitcoin Air ($XAP)
Peercoin ($PPC) holders will receive Bitcoin Air ($XAP)
Haven Protocol ($XHV) holders will receive USD Air Protocol ($USDAP)
I find it interesting that $BTC and $PPC holders will receive $XAP as a result of the fork, while $XHV holders will receive $USDAP instantly without needing to mint them, will this mean that every $XHV holder is guaranteed a re-mintable (or is it burnable, perhaps:) value of ~1$ USD for each $XHV they are holding while the $PPC and $BTC holders will get a coin of fluctuating value?

This is somewhat correct. $XHV holders will receive a static value $USDAP after the snapshot for the fork. Bitcoin and Peercoin holders will receive $XAP, which is subject to market health and volatility due to access via exchanges. Bitcoin and Peercoin holders who would like to exit the volatility can simply mint into $USDAP whenever they would like to.
Full Disclosure: I’m currently a part of the Bitcoin Air team and will help them with their marketing. This is a great chance for me to get “an insiders view” on the development of a new cryptocurrency, and as such I see this as a great opportunity for me to get to write some more interesting articles on Bitcoin Air and its development process as it moves along. Stay tuned.

https://bitcoinair.org/
submitted by 67vader to Crypto_General [link] [comments]

Stablecoins — Carrying the Way to the Crypto Promised Land

Stablecoins — Carrying the Way to the Crypto Promised Land

What are Stablecoins?

In cryptocurrency, most avid traders prefer having an option for stability to trade out of their volatile holdings while still maintaining decentralized assets that avoid the need to exchange into Fiat currency. We traders sometimes need a period of rest for our crypto portfolios to not have the potential to significantly increase or decrease in value. This is exactly what the appropriately named stablecoins allow us to accomplish.
These crypto tokens are designed to peg their values closely to the value of various currencies, such as the ever popular dollar, at an approximate 1:1 ratio. By doing so, cryptocurrency traders are able to use them as a means of exchange in order to essentially liquidate their other volatile cryptocurrencies. Doing so negates the risk of major price fluctuations in their portfolios.
https://preview.redd.it/ia5a60tz07811.jpg?width=3500&format=pjpg&auto=webp&s=3018751381778aeebc7f4a7a1f411e2defcf5ea8
The availability of stablecoins is still just two and a half years old, and the power that they hold are entirely up to the markets. But, According to Phil Glazer at Bitwise Asset Management, he believes that as time goes on, a successful cryptocurrency that has a fixed price relative to our main Fiat currencies will have a major positive effect on cryptocurrency as a whole. He states,
“A fixed price cryptocurrency would enable a greater number of use cases than current cryptocurrencies allow. At the moment, cryptocurrencies are primarily held by investors and speculators seeking to profit from price appreciation. Few people hold and use cryptocurrencies like they would US dollars (receiving a salary, paying for groceries, etc.) because prices fluctuate significantly day-to-day.”
In the current landscape of cryptocurrency exchanges, only a select number of cryptoassets can be exchanged for currently tradeable stablecoins. Trading pairs involving stablecoins are some of the most heavily exchanged. In fact, the combination of trading USDT (aka Tether, which I’ll talk about more later in this piece) for Bitcoin is currently the most popular trading pair among exchanges where this pair is offered.
Why is USDT so highly exchanged when its value intentionally doesn’t garner a profit or loss? Well, stablecoins are, by design, not the roller coaster ride in value the way most other cryptocurrencies are, and that is precisely what gives them appeal. If you are riding recent highs in Bitcoin and decide it’s time to sell off a portion of them temporarily, Tether allows you to do so at Bitcoin’s market price. If BTC loses 15% of its value relative to the dollar the following day, your holdings that were converted to Tether did not actually lose any value.
Tether and other stablecoins allow you to essentially “sit out” from the market highs and lows any time you please, and be comfortable knowing those coins do not change in value relative to the dollar.
The existence of stablecoins on exchanges allows traders to cycle in and out of positions in Bitcoin and other volatile coins with ease while keeping their holdings out of the centralized bank systems. Swapping heavily volatile coins like Bitcoin for the least volatile coins available (stablecoins) on an exchange any time the trader so chooses is a huge advantage for anyone looking to de-risk and protect their portfolio values for any given timeframe. Investors and traders need stability in their own holdings on and off in order to counter the large spikes in crypto market volatility that occurs on both short-term and long-term time scales. They also need a quick way to exit and enter their positions when major news occurs and prices may react at a moment’s notice.
https://preview.redd.it/kn7nvznb17811.jpg?width=1733&format=pjpg&auto=webp&s=430c7de0c6ff6889b03c4139c057b643f67a189b
But why can’t we simply convert any of our cryptocurrency holdings to actual US dollars at the drop of a hat? Why do we even need a specialized stable token designed to replicate the true value of the US dollar around the clock? We already have something that is easily used for exchanging goods and services, both in person and on the internet. It’s called the dollar. And additionally, traditional stocks and equities can be bought and sold using USD in just about every online brokerage out there. However, there are a couple reasons that stablecoins are alternatively offered by most exchanges:
  • There are no money transmission laws applicable to sending cryptocurrency from one location to another. The same cannot be said about the dollar.
  • The overwhelming majority of altcoins simply do not have the volume and following yet for exchanges to justify offering direct fiat buying and selling. But remember that the keyword is “yet”.
  • From a global perspective, there are many countries experiencing hyperinflation that have crypto traders looking for ways to easily exchange their holdings for something pegged to the value of the US dollar. In countries like Nigeria or Egypt, the volatility of their country-based currencies far outweigh the dollar, making Tether a convenient, easy, and uncomplicated option to trade for and convert their own volatile currencies into.

The Not so Stable History of Crypto’s Top Stablecoin

The often notorious and polarizing Tether coin (USDT) has been around and circulated through cryptocurrency exchanges and wallets around the globe since early 2016. The questionable aspect to the world’s currently most traded stablecoin lies with their concerningly underwhelming track record regarding their transparency of their fund backing. The coin’s team claims that each USDT coin is backed by a dollar of hard currency reserves. However, only grainy, highly questioned evidence has been provided to disprove the notion that they do not have all of their tokens backed by real dollars. Bringing forth evidence of hard USD currency backing through periodic audits of the company would alleviate concerns and instill confidence in traders’ minds.
https://preview.redd.it/l0u7213t17811.jpg?width=1880&format=pjpg&auto=webp&s=a6561f29fd9ed12623bb84d3ce808ded6e00d8fa
Frequent inquiries for proof of this claim have been met with mostly radio silence from the Tether team. As of June 1, 2018, the stablecoin had a market cap of an astonishing $2.55 billion. Shortly after this date, a transparency report was released with the backing of law firm Freeh Sporkin & Sullivan LLP that unofficially stated that their investigation found Tether to have the fund backing they claimed. The company was supposedly investigated by the law firm without warning, and it was announced that Tether’s bank account records exceeded its June 1st market cap by $7 million, thus indicating that it has full backing of its market supply of tokens. However, the vagueness and lack of many specific details of this report only temporarily silenced critics.
A week prior to the time of this writing, Bloomberg conducted an investigative report that heavily questioned Tether’s transparency report. In it, they noted that the popular cryptocurrency exchange, Kraken, has been the host to numerous suspicious Tether trades, many of which are indicative signs of blatant market manipulation. Wash trading and very specific trade amounts have been triggered and met with almost no temporary price movements in the overall value of Tether. It is unclear whether there are people associated with Tether or the exchange who have anything to do with these market manipulation tactics, but it seems as though Tether at least would have knowledge of these trades based on the lack of price movement to numbers that would normally move the value of their coin considerably.
Wash trading is the act of both buying and selling a coin simultaneously in order to mislead traders into assuming false information about a specific coin or entire market. Many suspect that these peculiar trades have occurred on the exchange without proper price movement. As a result of these scandals and several others involving the largest stablecoin, red flags are up, and Tether remains controversial as a legitimate stablecoin.
Yes, as I stated earlier in this article, stablecoins are designed to not have significant price movement. However, several who have looked into the matter have concluded that these significant trades should be at least temporarily moving the price of Tether to around $1.10, which would cause Tether to issue more coins into circulation and inevitably bring their value back to the intended $1.00. Instead, the price has only seemed to range from approximately $0.99 to $1.01, causing analysts to question if these orders are actually real or just showing up in order books to create false impressions of heavy market demand.
In addition, the Bloomberg report referenced a passage by University of Texas professor John Griffin, who said that there are some very specific orders that are “suggestive of wash trading”.
On top of all the confusion surrounding this so-called transparency report and the abundance of polarizing opinions it received, there had already been a $33 million hack of Tether coins in November, 2017. This opened doors to questions regarding the safety, vulnerabilities, and susceptibility to future security breaches of a coin that ironically is intended to instill a sense of calm in surrounding heavily fluctuating markets.
Despite the lack of fund backed evidence, which would be a major concern in virtually any other investable sector in the world, Tether is still a highly owned token constantly being exchanged throughout the cryptocurrency world. Not only that, but many are unaware that US Tether (USDT) is currently the second most traded cryptocurrency behind only Bitcoin. Stablecoins can also be used as helpful market indicators regarding the overall sentiment of the market based on how they are being traded. According to Joseph Young, an analyst at News BTC,
“The daily trading volume of USDT can be considered as a direct representation of the volatility in the cryptocurrency market; if the volume of Tether is abnormally large in a downward trend, it signifies that traders are selling cryptocurrencies to USDT, and if the volume of Tether is unusually large in a bull market, it demonstrates that traders are selling their USDT reserves to acquire more cryptocurrencies.”
https://preview.redd.it/rp686awx77811.jpg?width=1880&format=pjpg&auto=webp&s=3399cd67d8cd26bda5953973b44928883b63bfa9

Available Stablecoin Options

Lately, many exchanges have been following Coinbase’s footsteps and slowly implementing USD trading for top traded coins like Bitcoin and Ethereum. But trading into centralized Fiat currencies is not exactly a great option if you are a believer in decentralized currency as the future. These fiat-pegged stablecoins I will be listing below are intended to be a convenience for users to exchange, not a burden that traders should feel forced into as an alternative to US dollars. There are three main types of stablecoins that currently are available for traders to get their hands on:
  • Fiat collateralized coins are coins that have a central entity that holds the equivalent amount of currency they intend to represent in currency. These fund-backed tokens are expected to be based on the reserve of fiat currency that allows them to place the appropriate 1:1 ratio between the value of a single token and a single dollar. Examples of these coins are:
https://preview.redd.it/pv25riuq97811.png?width=249&format=png&auto=webp&s=c4ed9ff91fe126229882c3fc55fbcc703e1c6ad6
  • Tether (USDT), the leading stablecoin which I have already discussed in depth, has been circulating on exchanges since early 2016. Originally known as Realcoin, it is currently the largest asset backed token that acts as a link between crypto and fiat. Due to security and liquidity issues regarding their dollar reserves, external audit intentions by the company that so far have yet to exist, and a theft of $31 million USDT in November 2017 that caused a temporary cease of trading, their reputation has taken a minor, but not yet devastating hit.
https://preview.redd.it/rl3yap4t97811.png?width=247&format=png&auto=webp&s=b824a299b125f8d1c4524c200a5cdd3c4d6e2f0e
  • True USD (TUSD) is a relatively new fiat collateralized option for investors that is already available on several exchanges. They have capitalized on the controversy surrounding USDT, and they attempt to address particulars that people worry about with Tether, such as transparency of assets through daily proof of bank account information and monthly audits. TUSD was created with the intention of solving a few use cases, such as financial services and online commerce. They ideally see themselves as a replacement for USD on crypto exchanges. And for what it’s worth, the tokens run on the Ethereum blockchain as opposed to Tether’s Bitcoin blockchain.
  • Cryptocurrency collateralized stablecoins are the decentralized answer to fiat collateralized coins. Instead of being backed by Fiat currency, these coins are backed by actual cryptocurrency, such as Bitcoin or Ethereum and the use of smart contracts:
https://preview.redd.it/ga9jfqbz97811.png?width=147&format=png&auto=webp&s=0a99a6fadc5d5ec4c3521a89dbd20ebb01b8393b
  • Maker Dao (DAI) has some similarities to Tether and other stable coins, such as their soft-pegged price to a US dollar, non-minable nature, and collateral-backed asset type. However, instead of being backed by fiat US dollars, DAI uses overcollateralized Ethereum smart contracts. It is also issued on the Ethereum blockchain, as opposed to the Bitcoin blockchain. Their use case intends to lend toward four markets:
    • Gambling markets
    • Financial markets
    • International trade
    • Transparent accounting systems
https://preview.redd.it/gd2y0wv2a7811.png?width=277&format=png&auto=webp&s=911dcfe0db82fc93fa7a392c134649ea2b2beb4b
  • BitUSD (BITUSD) is an interesting price-stable cryptocurrency, as it is backed by the BitShares core currency, BTS. Traders have the ability to convert them to an exchange rate that is dependent on their “trustworthy price feed” that is based on the median of several sources which are updated hourly. An intriguing claim by BITUSD is that their token is always expected to be worth at least $1.00, which would imply that the coin has the ability to be worth at least one US dollar at all times, but never less. We have already seen USDT and TUSD have a value below one dollar, so this would be a very valuable aspect of a stablecoin. However, keep in mind that they are used exclusively to buy BitShares, making converting to Fiat more tedious than alternative options.
  • Non-collateralized stablecoins are interesting in the fact that there is no collateral backing associated with these types of coins. These coins usually implement an algorithm or some form of an expanding and contracting supply of its own value, which is based on the price and demand of it by traders.
https://preview.redd.it/kfqz5pc9a7811.png?width=245&format=png&auto=webp&s=6429cbfa4c9867d953370e737b8225164ee791e2
  • Basis is an upcoming non-collateralized stablecoin that algorithmically adjusts its own supply based on the demand it is receiving in order to accurately peg itself to the value of a dollar without any need for a fiat or crypto backing. I will be releasing a feature article on this coin shortly as it gets closer to its public availability. Many consider the idea of it to be revolutionary to the crypto world, and if successful, could become an actual threat to the Federal Reserve and its centralized monetary policy.
https://preview.redd.it/gja88mjk97811.png?width=112&format=png&auto=webp&s=88ac4a98b505f58f60e37270e839b3490deeef27
  • Haven (XHV), which claims to be untraceable, is a fork of the popular privacy coin, Monero (XMR). The coin works by implementing a “mint and burn” system which takes a transaction from a user’s wallet that they trigger, and sends it to a smart contract that in turn retains the Haven’s value at the moment of transaction. This balance stays on the blockchain, and is impossible to track back to the person making the transaction. By using this unique method, XHV’s use case allows users to send funds to offshore storage contract, while simultaneously being able to retain blockchain fund value to give the user the ability to trade their Haven and respond to market fluctuations.
In addition to the several tokens I have named, there are also several other stablecoins that are expected to be made readily available for cryptocurrency traders in the near future, including Kowala, Augmint, and Carbon. With several existing, emerging, and soon to be planned options in the stablecoin landscape, traders and investors have some options moving forward in how to prevent portions of their crypto portfolios from violently fluctuating. If stablecoins are able to accomplish what is expected and required of them (maintaining stability in an extremely volatile sector) without doubts in their validity, their existence will be a major boon for cryptocurrency.
Mass adoption of crypto in general will be an extreme uphill battle without these safe, reliable stablecoins for traders to buy and sell in and out of when waters get choppy. The currency-pegged tokens will open wide doors for Bitcoin, Ethereum, and other top coins if they are able to scale to a global audience. Chrisjan Pauw, an author at Cointelegraph, states,
“For truly decentralized stablecoins to work, there must also be a system in place that can reliably obtain the exchange rate between the stablecoin and the pegged asset, without leaning on third-party institutions that can be manipulated.”
This is precisely what we need from a stablecoin to lift up all of cryptocurrency, and we will see in the months and years to come how well these coins can execute the goals that they set out to accomplish.
Read more about cryptocurrency and find out how to successfully trade at: https://samsa2.samsa.ai/
This article and related content is for informational purposes only. It should not be considered investment advice, and you should consult a financial advisor and do your own research and due diligence prior to making any investments. Where securities or commodities are referenced, it is only for illustrative purposes only, and does not imply any position on securities or commodities classification. To the extent that Samsa services are offered or discussed, those services are available only for Samsa whitelisted assets only.
submitted by SamsaPlatform to Samsa_ai [link] [comments]

Bitcoin Air — Q&A

2018 have been such a refreshing year when it comes to emerging cryptoprojects and the level of innovation they introduce. Gone are the stupid infographics trying to solidify Coin-X as the highest amount of transactions per second (who cares?).
Instead there seems to be a steady influx of new projects with developers who are innovating for real.
A couple of months back I stumbled across Haven Protocol which caused me to write my first crypto-article ever, fast forward a month-or-so and the first fork of Haven, Bitcoin Air, was quietly announced.
Now many initially dismissed Bitcoin Air as nothing but a Haven Protocol clone, but that is a severe misjudgement. I’ve been lucky enough to follow the development of this project from the inside for a while, and I’ve witnessed first hand that this project has set its sight on introducing a host of new features to the world of cryptocurrencies.
In this Q&A with Bitcoin Air’s Lead Dev, Anthony, I get answers to a lot of questions that should give a good understanding about what Bitcoin Air is aiming to accomplish.
Enjoy.
First of all, how would you summarise what Bitcoin Air is all about for someone who reads about it for the first time?
The first thing we want people to think of when they see, hear, or speak “Bitcoin Air” is simplicity and transparency.
The reason for this being, cryptocurrency is this currently ecstatic and mysterious world that a lot of people are afraid to dive into due to these unknowns. When someone approaches Bitcoin Air, we want them to understand that we are a lightweight, secure, and decentralized payment system that also ofers a static crypto-backed reserves system that allows for a user to print their own fiat currency (AirCash).
In layman’s terms, we want to give the power of the Mint, Reserve, and Banking System all to the consumer and merchant!
What sparked the idea for the project we now know as Bitcoin Air?
The idea for Bitcoin Air was sparked from a protocol concept originally designed by the administrative team. The main idea coming from the fact that Bitcoin is subject to high volatility, and Tether is both manipulatable and a separate entity from what should be a joint efort for Bitcoin.
Beyond this, we feel the need to bring cryptocurrency to a form of widespread acceptance through applying modern technology to age old tactics of in person payments. This will of course be accompanied by all of the amazing features that come with cryptocurrency and it’s secure nature.
The Bitcoin Air project is a fork of Haven, how essential has the Haven teams work been for your concept and project development?
Haven Protocol’s work hasn’t been significant in our development. Their initial idea was sparked to allow users to “offshore” their value to a secure storage environment in some different country.
This idea, to our team, seemed unapproachable and limited it’s greatest potential. We followed through with the idea of offshoring, and instead made it far more approachable and adaptable and instead of creating an internal contract system, devised a bilateral blockchain system that will operate as a dual auditing blockchain.
How would you differentiate what Bitcoin Air will be, compared to Haven, what are your most obvious differences between the two?
Haven Protocol is based on an internal smart contract system that will offshore the value of your coins to a safe storage environment, this will allow you to mint and burn between Haven Protocol and XHVD, safely offshoring your value from volatility.
Bitcoin Air is a bilateral blockchain that will allow one end of the chain to operate in volatile value and conduct basic cryptocurrency transactions including sending and receiving through any basic exchange as well as our internal wallet exchange. The second side of the chain will operate in static value and will operate as a crypto-backed reserve chain for Bitcoin Air.
This static chain will have strictly mint and burn protocols that will allow the creation of Bitcoin Air or AirCash. This static side chain will not allow person to person sends and will instead be specifically designed as a reserves and fiat system for day to day use.
How many developers are actively contributing to your project now?
Currently we have over 8 active developers working around the clock on establishing our test net, minimum viable product, and a proof of concept design that can be presented to the public.
The goal is to operate our development much like an ICO without intentions of gathering funding from the public. We are a privately funded, Non-ICO, Non-VC funded development backed by a handful of guys who simply are very in tune with the cryptocurrency community.
We hope to deliver a well-rounded and established development for the people.
Is there any field in which you are looking for contributions from the community, if so, what are these?
We are always open to as much community contribution as possible. We are 110% focused on community input and transparency and that goes down to every vote and choice we have.
Ultimately we feel that a larger consensus brings the greatest discussions to a situation along with calculated execution. This being said, we are opening an Ambassadors and Evangelists Program that will operate much like a permanent bounty hunters program.
Top level representatives from all countries can apply and voice their expertise on why they should be an Ambassador for Bitcoin Air. This will in turn gain them access to the private Ambassador Panel where they can participate in tasks to earn monthly points for payouts based on worth ethic! Additionally, we are always open to community open-source developers who seek some lead into the cryptocurrency world.
We are always thrilled to teach and learn from other professional development teams as we are seeking to develop the most community driven coin of 2019!
Is the launch of the Bitcoin Air and the air protocol in any way dependant on the Haven teams Offshore Storage smart contracts. Will you have to wait until they release this feature or is the work on the Air Protocol completely independent of that effort?
We are in no way tied to the Haven Protocol development and are developing our own dual chain protocol that will not use smart contracts.
What we hope through our fork with Haven Protocol, is to allow a transition/bridge in between USDAP and XHVD that will bridge both the privacy and clear coin chains to allow for a user based choice of chain use.
We feel privacy is important, but not necessary thanks to the secure nature of cryptocurrency, but we still want to give our users a option to go into a privacy coin at some point effciently without worry of value loss.
Correct me if I’m wrong, Bitcoin Air is a Haven & Bitcoin fork, while Haven originated as a pure Monero fork. If I understand that correctly what does this mean for XAP, for instance; will Monero features like RingCT be a part of your project or will Monero-Specific features not be a part of the overall Bitcoin Air project?
Bitcoin Air is a bilateral merge fork joining Peercoin with Bitcoin, and forking Haven Protocol into our side chain.
This means that, in the end, there will be 2 chains operating together with one being accessible to exchanges and basic user features like sending and receiving; while the other operates privately in the background of this chain only accessible via wallet interface for means of minting/burning and staking/mining.
The Haven Protocol end of the chain will not feature basic usage like sending and receiving, and will instead carry the latest features for minting, burning, and printing of fiat Air Cash.
If I understand correctly, you have two options for binding your cryptocurrency into a static dollar (or similar) value, the first one is $USDAP — which I imagine works more or less like Haven’s $XHVD, right?
$XHVD will operate much like $USDAP, except for the fact that they are using smart contracts and we are applying a new solid blockchain. This static resource backed currency chain will operate to back the overall reserves and value of $XAP and Air Cash
And the second one, Air Cash, I find especially interesting. You will allow users to print their own QR coded “paper money” for use at retailers, etc. Does this money exist on its own sidechain, or is it more or less a physical version of the $USDAP?
This is correct. Air Cash will be the physical, fiat form of $USDAP. Users will be able to customize their own fiat currency sheets with predesigned templates that they can then add to their basic home printer.
The user would choose the denomination (Sheets would print in size of 8 bills) and they could choose to set the bills equally, or to diferent denominations. The wallet would then generate private key, and print the denomination value of $USDAP on the bill front along with the QR code generated Private Key as the center. The wallet would send the wallet to this address and it would be removed from the wallet entirely. The Air Cash would now maintain the value of the $USDAP and can be used in store or handed over to another person.
The merchant or user could then sweep the Air Cash into their wallet and receive $USDAP. The paper would then become worthless and could be recycled as needed.
Will the creating of Air Cash require any form of miner fee, and if so will that fee be a “static value” bound to it or a fluctuating value? In other words, will it be tied to cents or to “satoshis”?
The creating of Air Cash will require a static fee tied to $USDAP that will only vary based on a the amount you send. These ranges would most likely be $0.01-$10,000, $10,001-$100,000, and $100,001+. These fees will most likely be extremely small ranging from $0.05-$0.15 accordingly.
We are not going to allow miners/stakers to set the price on this as people should not be held back from when they need fiat, but all things take resources to create, and we feel a small fee should be in line to provide back resources to the mining and staking community securing and operating our network.
Also, what happens if a user looses an Air Cash bill before they get the ability to spend it. Will it be lost forever, like “normal currency” or will it only be lost if someone manages to spend it before you have time to move the currency to another address, and print a new bill?
The user will have a maintained track record of all of the bills they print within their private Air Cash Ledger. This ledger will not be available to the public due to the Haven Protocol/Monero Privacy Features. The user will be able to swap an Air Cash bill if it has not been swept into the receiving parties wallet if they set the loss prevention feature on within their wallet.
If the bill has been swept into the receiving parties wallet, they will not be able to cancel the bill. This feature will be available via desktop and mobile to ensure the quickest response to lost funds. This would encourage people to ensure that the receiving party sweeps their funds immediately, as you would want to ensure the value is on the bill!
Also, as a miner, I’m curious about how I can obtain Bitcoin Air through mining. I’ve seen you describe the project as “Hybrid Dynamic Proof of Stake and Proof of Work coin” — does this mean that one can both mine and stake in order to participate in the network?
We are currently developing a new consensus algorithm that we are dubbing “Proof of Risk”. We prefer not to release much information on our new consensus algorithm for now, but we plan to release extensive information once it is perfected. Just know for now, you will be allowed to both mine, and stake. It will also be HIGHLY encouraged, if not required, to do so in some sort of way.
Can you tell us a bit more a bout the planned merchant platform, what are its base features and how will it work?
The future merchant platform will be available to both in-person and online merchants. Small Business that accept Bitcoin Air will be able to use any tablet that allows them to download the Bitcoin Air PoS Application. This will allow their tablet to turn into a mobile PoS system with Sweep features thanks to the cameras on most tablets. Merchant can establish their item list and can have the consumer scan the QR code shown on the screen to automatically set the amount and receiving address.
Consumers will confirm the amount and proceed to process the transaction in $XAP. When the merchant receives confirmation, the system will automatically convert their $XAP to $USDAP so they can avoid market volatility until they choose to re-enter and sell to fiat. For online merchants, it will allow integration with most e-commerce platforms available. This means people can proceed to pay for their items with Bitcoin Air via their Desktop or Mobile wallets wherever accepted.
When you fork, you have — in your latest community update — listed the following existing chains that will be receiving Airdrops of either $XAP or $UDSAP:
  1. Bitcoin ($BTC) holders will receive Bitcoin Air ($XAP)
  2. Peercoin ($PPC) holders will receive Bitcoin Air ($XAP)
  3. Haven Protocol ($XHV) holders will receive USD Air Protocol ($USDAP)
I find it interesting that $BTC and $PPC holders will receive $XAP as a result of the fork, while $XHV holders will receive $USDAP instantly without needing to mint them, will this mean that every $XHV holder is guaranteed a re-mintable (or is it burnable, perhaps:) value of ~1$ USD for each $XHV they are holding while the $PPC and $BTC holders will get a coin of fluctuating value?
This is somewhat correct. $XHV holders will receive a static value $USDAP after the snapshot for the fork. Bitcoin and Peercoin holders will receive $XAP, which is subject to market health and volatility due to access via exchanges. Bitcoin and Peercoin holders who would like to exit the volatility can simply mint into $USDAP whenever they would like to.
Full Disclosure: I’m currently a part of the Bitcoin Air team and will help them with their marketing. This is a great chance for me to get “an insiders view” on the development of a new cryptocurrency, and as such I see this as a great opportunity for me to get to write some more interesting articles on Bitcoin Air and its development process as it moves along. Stay tuned.
https://bitcoinair.org/
submitted by 67vader to cryptocurrencynewico [link] [comments]

NB: Каталог onion сайтов

Русскоязычные ресурсы, или где есть ссылки на русскоязычные ресурсы в TOR.
Каталоги, wiki, поисковики:
http://hss3uro2hsxfogfq.onion/ Поисковик в сети TOR
http://zqktlwi4fecvo6ri.onion — HiddenWiki
http://dirnxxdraygbifgc.onion/ — Каталог онион сайтов
https://ahmia.fi/search/- домен в клирнете, но ищет в tor. По факту каталог с мордой поисковика
http://kpynyvym6xqi7wz2.onion/links.html— Сборник адресов сайтов, в том числе и онион. Много мертвого, но покопаться можно
Торговые площадки и сервисы:
https://blockchainbdgpzk.onion — Зеркало в онион известного онлайн биткоин-кошелька. Дает из под тора регистрировать кошелек и делать переводы. Есть миксер. Интерфейс русифицирован.
http://rusilkusru6f57uw.onion —Russian SilkRoad. Торговая площадка на базе форума.Работает без JavaScript. Для продавцов статус дилера бесплатный, ежемесячных платежей нет, комиссия по факту сделки(платит продавец или покупатель по договоренности). Есть автоматический прием платежей. Моментальные магазины есть.
http://r2d2akbw3jpt4zbf.onion —R2D2. Торговая площадка на базе форума. Раньше регистрация была по инвайтам. Для работы требует включенного в браузере JavaScript. Статус продавца платный + комиссия (платит продавец или покупатель по договоренности). Автоматического приема платежей нет. Моментальных магазинов нет.
http://amberoadychffmyw.onion —Amberoad. Торговая площадка на базе форума. Для работы частично требует включенного в браузере JavaScript. Для продавцов статус дилера платный + комиссия(платит продавец или покупатель по договоренности) + ежемесячные платежи. Автоматического приема платежей нет. Моментальных магазинов нет.
http://www.lwplxqzvmgu43uff.onion— Runion. До недавнего времени информационный ресурс по безопасности. Сейчас добавили платные услуги по торговле. Написано, что есть автоматическая торговля. Комиссию платит продавец или покупатель по договоренности.
http://malina2ihfyawiau.onion —Malina. Торговая площадка на базе форума. Для работы требует включенного в браузере JavaScript. Статус продавца платный + комиссия (платит продавец или покупатель по договоренности). Автоматического приема платежей нет. Моментальных магазинов нет.
Разное:
http://rospravovkdvaobr.onion —Росправосудие. Зеркало известного сайта в онионе.
http://ajyltarwd6xmvhlu.onion —Русский чат. Тематика не указана.
http://xz5sdhbwrm4vvkxh.onion —Киберберкут в онионе.
Englisn onion
Introduction points, forums, links, search engines, information, chat, personal blogs”normal sites”
The Hidden Wiki http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page
The Uncensored Hidden wiki http://uhwikih256ynt57t.onion/wiki/index.php/Main_Page
Vault 43 (useful) http://vault43z5vxy3vn3.onion/
Imperial Library of TOR http://xfmro77i3lixucja.onion/
Yet another tor directory http://bdpuqvsqmphctrcs.onion/
Grams (search) http://grams7enufi7jmdl.onion/
The Hub (forum) http://thehub7dnl5nmcz5.onion/
Agora Forum http://lacbzxobeprssrfx.onion/
Onion soup (links n stuff) http://soupksx6vqh3ydda.onion/
TORUM (forum) http://torum4kqr55yqui6.onion/
Overchan (alittle of everything it seems) http://oniichanylo2tsi4.onion/
TORCH (search) http://xmh57jrzrnw6insl.onion/
French IRC Tor http://fitwebwmjekqsyrw.onion/
TORsearch http://kbhpodhnfxl3clb4.onion/
Yacy (search) http://yacy2tp5a2dhywmx.onion/
OnionDir (links) http://dirnxxdraygbifgc.onion/
Burnout (links) http://burnoutxf6o2yvsw.onion/
TOR Hidden Service (search) http://msydqstlz2kzerdg.onion/search/
Q&A(like yahoo answers) http://pequ3i77q5l4w4sw.onion/
Benji’s Blog http://sonntag6ej43fv2d.onion/en
Secret Stash (blog) http://dn4hcr3qhlpaiygr.onion/
Cruel Onion forum (forum for “bad* things) http://cruel2ijkqggizy5.onion/forum/
The Plague (links and things) http://zseijor556d5t4yf.onion/
Dark News (forum) http://xhb4vpn4a67sug7t.onion/
Spreadit (looks alittle like reddit) http://jdl3nf2hr3ehzyoc.onion/
Wizardry & Steamwork (search) http://kaarvixjxfdy2wv2.onion/
Myles Braithwaite http://gvvsa367g2zkzjj3.onion/
TOR links http://torlinkbgs6aabns.onion/
Nudist Paradise (site for nudists) http://qvchmzewlf4efhcw.onion/
DeepWeb Ministries (religios site) http://hxnibog5m2ocjeef.onion/
SIN Strategic INtelligence Network (be prepared for any situation) http://4iahqcjrtmxwofr6.onion/
Add any link (links) http://vizpz65utiopch7t.onion/
Shadow Life (news) http://shadow7jnzxjkvpz.onion/
Usenet file search http://wbyi72yt6gitdcqd.onion/
Liberty blog (free blogs) http://crylibertytwta4s.onion/
Intel Exchange (forum) http://rrcc5uuudhh4oz3c.onion/
GUROChan (message board) http://gurochanocizhuhg.onion/
Maxima Culpa (virtual confessions) http://nsmgu2mglfj7za6s.onion/
Onion DIR (links) http://chl7b5p6rr64po3s.onion/
Leonhard Weese (personal blog) http://liongrasr5uy5roo.onion/
YHIMA (links) http://ogbinmlotgjwgkeo.onion/
Sanctioned Suicide (forum) http://suicideocymrgxq7.onion/
anon confessions http://confessx3gx46lwg.onion/
OnionNet (links news etc) http://ubbchzof2pxs4swi.onion/
Surveilance Law http://7vrl523532rjjznj.onion/
BLue Onion (books) http://blue3237xytrz5rk.onion/blueonion/
The Hidden Forum http://ewd5a7hnvc4necnf.onion/index.php
SImple Store http://dharyyzdhok5eudi.onion/store/
Bad Ideas Forum http://7x5rg44gkhtovwjt.onion/forum/index.php
FUD (discussion board) http://bssjumzkbj3vlhiy.onion/
Hidden links http://hidhost5gk6w7ahf.onion/hidlinks/links.php
Facebook on tor? https://facebookcorewwwi.onion/
FBI Chan http://fbichanc6yfagl4l.onion/
Readers Club http://c3jemx2ube5v5zpg.onion/
Weblog http://6e3i6bqjgnmtn3fu.onion/
Marketplaces and stores
EasyCoin – Bitcoin Wallet with free Bitcoin Mixer. http://easycoinsayj7p5l.onion/
WeBuyBitcoins – Sell your Bitcoins for Cash, PP and more. http://jzn5w5pac26sqef4.onion/
OnionWallet – Anonymous Bitcoin Wallet and Bitcoin Laundry. http://ow24et3tetp6tvmk.onion/
EuCanna – ‘First Class Cannabis Healthcare’ http://rso4hutlefirefqp.onion/
Peoples Drug Store – The Darkweb’s Best Drug Supplier! http://newpdsuslmzqazvr.onion/
Smokeables – Finest Organic Cannabis shipped from the USA. http://smoker32pk4qt3mx.onion/
CannabisUK – UK Wholesale Cannabis Supplier. http://fzqnrlcvhkgbdwx5.onion/
DeDope – German Weed and Hash shop. (Bitcoin) http://kbvbh4kdddiha2ht.onion/
BitPharma – EU vendor for cocaine, speed, mdma, psychedelics. http://s5q54hfww56ov2xc.onion/
Brainmagic – Best psychedelics on the darknet. http://ll6lardicrvrljvq.onion/
NLGrowers – Coffee Shop grade Cannabis from the netherlands. http://25ffhnaechrbzwf3.onion/
Kamagra for Bitcoin – Same as Viagra but cheaper! http://k4btcoezc5tlxyaf.onion/
Mobile Store – unlocked iphones and other smartphones. http://mobil7rab6nuf7vx.onion/
UK Guns and Ammo – Selling Guns and Ammo from the UK. http://tuu66yxvrnn3of7l.onion/
Rent-A-Hacker – Hacking, DDOS, Social Engeneering etc. http://2ogmrlfzdthnwkez.onion/
Onion Identity Services – Selling Passports and ID-Cards. http://abbujjh5vqtq77wg.onion/
HQER – High quality euro bills replicas / counterfeits. http://y3fpieiezy2sin4a.onion/
USD Counterfeits – High quality USD counterfeits. http://qkj4drtgvpm7eecl.onion/
USA Citizenship – Get a real USA passport. http://xfnwyig7olypdq5r.onion/
Apples4Bitcoin – Cheap Apple products for Bitcoin. http://tfwdi3izigxllure.onion/
ccPal – CCs, CVV2s, Ebay, Paypals and more. http://3dbr5t4pygahedms.onion/
EuroGuns – Your #1 european arms dealer. http://2kka4f23pcxgqkpv.onion/
UK Passports – Original UK Passports. http://vfqnd6mieccqyiit.onion/
USfakeIDs – High quality USA Fake Drivers Licenses. http://en35tuzqmn4lofbk.onion/
Tech, technology, computers, hackers for hire, hacking/anarchy related materials
MacLemon (security, news, links) http://fzybdgczph7xfdnr.onion/
TOR Status – Tor network status http://jlve2y45zacpbz6s.onion/
TorPGP public key server http://torpgp3ujaysucll.onion/
Altera Praxis (not sure what this is tbh) http://ncivdawfxihoh7sj.onion/about.html
keybase (some sort of hackestalker tool idk) http://fncuwbiisyh6ak3i.onion/
Tor Web Devolper (for hire) http://qizriixqwmeq4p5b.onion/
Web Programmer (for hire) http://kobrabd77ppgjd2r.onion/
Ozy’s Hacking Service (hacker for hire) http://ozy7mnciacbc5idc.onion/
Pioopioo’s Services (hacker for hire) http://rowtogxp2akwem6n.onion/
Hacker place http://hackerw6dcplg3ej.onion/
Parazite (anarchy info mainly) http://kpynyvym6xqi7wz2.onion/
DNS support forum http://mj6vjwhtyahcj6fx.onion/
BitMessage mail gateway http://bitmailendavkbec.onion/
Keys Open Doors http://wdnqg3ehh3hvalpe.onion/
Hidden Service howto http://nfokjgfj3hxs4nwu.onion/
JRAT (java remote administration tool) http://jratoc334zo7zgis.onion/
FILTH (fuck i love to hack) http://om2ak3coziov3dbc.onion/forum/index.php
Onion Domains & MD5sums http://xlmvhk3rpdux26dz.onion/
Soylent News http://skgmctqnhyvfava3.onion/
Bluish Coder http://mh7mkfvezts5j6yu.onion/
Cable Viewer (idk what this is but its techy) http://leakager742hufco.onion/
Xerbot http://xfthw4bq7lx2y726.onion/
Hack Canada http://hackcanl2o4lvmnv.onion/
Imperial anarchist despotism http://rgeo5wj7gneidzh3.onion/
Directory Listing Denied (anon web ftp) http://wtutoxfznz45gf6c.onion/
Anarplex (some kind of computer anarchy) http://y5fmhyqdr6r7ddws.onion/
GhostDeveloper (freelance programmer) http://develggxuazrcokn.onion/
SKS Onion key server http://lbnugoq5na3mzkgv.onion/index.html
GNUPG http://ic6au7wa3f6naxjq.onion/
Cat facts http://2v7ibl5u4pbemwiz.onion/
Chess (game) http://theches3nacocgsc.onion/
Necro town (links n stuff) http://nekrooxwwskakacj.onion/
Encryption Password Generator http://pwgenmwi7eqsys76.onion/
rows.io jabber http://yz6yiv2hxyagvwy6.onion/
M5S leaks http://33pvcdba2nm3afnj.onion/
A cgi proxy http://x5yd2gfthlfgdqjg.onion/
FIT French IRC TOR http://fit2v7z4plpfyh2h.onion/
The Linux Documentation Project http://3c2rvufmbcggnqi6.onion/
Crypto Party http://cpartywvpihlabsy.onion/
Hive Archives http://thehivemwon6a5mp.onion/
txtorcon (python contril library for tor) http://timaq4ygg2iegci7.onion/
Rhodium (science stuff) http://rhodiumio4b7b4rm.onion/
Hackerspace Prague http://pmwdzvbyvnmwobk5.onion/
Political, activists, groups, journalism, whistle blowing etc
Youth Rage forum http://neyigf7eragkp5nq.onion/forum/
Associated Whistleblowers http://w6csjytbrl273che.onion/#/
Community X recruitment http://gp5tycij54ri7xcz.onion/
Code Green (ethical hacktivism) http://pyl7a4ccwgpxm6rd.onion/
Infodio Leaks http://ymi7h25hgp3bj63v.onion/#/
Wiki Leaks http://zbnnr7qzaxlk5tms.onion/
Zwitterion’s Domain http://3il6wiev2pnk7dat.onion/
Secure wildlife whistle blowing http://ppdz5djzpo3w5k2z.onion/#/
Freedom of the press foundation http://freepress3xxs3hk.onion/
the loli advocacy server http://lolikaastbgo5dtk.onion/
Global Leaks http://h73hx2munq7q465s.onion/#/
Tactical Technology http://hrkdpwrkh3lbow2l.onion/
Fund the islamic struggle http://teir4baj5mpvkg5n.onion/
Internet Governance Transparency http://k52lcjc5fws3jbqf.onion/
We fight censorship http://3kyl4i7bfdgwelmf.onion/
Anon Insiders http://imtrjn3qe2tzh5ae.onion/
Map Mos Maiorum (refugee help) http://iuektur6bicvfwcq.onion/ushahidi/
wiki leaks http://jwgkxry7xjeaeg5d.onion/
Anonymity, Security
includes secure email, chat, etc Anonet wiki http://xz2rtmpjjwvdw44p.onion/
Secure Messaging http://sms4tor3vcr2geip.onion/
MailTor http://mailtoralnhyol5v.onion/src/login.php
Lelantos email http://lelantoss7bcnwbv.onion/
Onion Mail http://p6x47b547s2fkmj3.onion/
JitJat (messaging) http://jitjatxmemcaaadp.onion/login.php
TOR PasteBin http://postits4tga4cqts.onion/
RetroShare chat server http://chat7zlxojqcf3nv.onion/
ProtectTOR55 http://protector55z5s7j.onion/
Zerobin http://zerobinqmdqd236y.onion/
TOR chat roulette http://tetatl6umgbmtv27.onion/
SIGAINT (email) http://sigaintevyh2rzvw.onion/
Offshore mail server http://inocncymyac2mufx.onion/
web/irc chat thing http://6ejbuiwnp77gu67h.onion/
FreeFor (chat) http://tns7i5gucaaussz4.onion/
Volatile (chat n stuff) http://vola7ileiax4ueow.onion/
Hosting, web, file, image
Onionweb File Hosting (100mb limit) http://3fnhfsfc2bpzdste.onion/
Hidden Hosting http://7zzohostingx4mes.onion/
Free Hosting links http://a5ok374pjcq7bsyp.onion/
Darknet services http://darknet4x3hcv5zp.onion/
Infernet Dark Hosting http://a5ok374pjcq7bsyp.onion/
IMG.BI (image hosting) http://imgbifwwqoixh7te.onion/
Secure Drop http://v6gdwmm7ed4oifvd.onion/
CYRUSERV http://cyruservvvklto2l.onion/
Free TOR Hosting http://zuxtem3jcv2fvmgk.onion/
Home Hosting (how to) http://dmru36nvfgtywx47.onion/
Real Hosting http://hosting6iar5zo7c.onion/
TorSafe (file hosting) http://torsafeiwttlkul6.onion/accounts/login/
Real Hosting http://ezuwnhj5j6mtk4xr.onion/
TOR VPS http://torvps7kzis5ujfz.onion/index.php/TorVPS
Kowloon (hosting) http://kowloon5aibdbege.onion/
Onion Pastebin http://pastetorziarobi7.onion/
Popfiles (file hosting) http://popfilesxuru7lsr.onion/
Hidden Hosting http://offshore6gq7ykr7.onion/
Darknet Solutions (hosting and design) http://darknet47je5xwm6.onion/
Onion uploader (file hosting up to 100mb) http://nk3k2rsitogzvk2a.onion/
Media, music, movies, art, cartoons, comics etc*
Skeletor.bit http://okzatvfk2jzgvmf4.onion/
Yay Ponies http://ponieslzi3ivbynd.onion/
HFS (music) http://wuvdsbmbwyjzsgei.onion/
Sea Kitten Palace (torrents) http://wtwfzc6ty2s6x4po.onion/
Manga http://negimarxzov6ca4c.onion/
Comics http://7etxnv26hro7mmuu.onion/
Deep Tune (music) http://tune4xs6mj2evcr6.onion/
TorFlix (movies) http://jl4m7ubpotnu2yos.onion/
No name, not sure if its music or speak but its mp3’s http://xf3fjq4b7j6pswuq.onion/
Gone Things (printable images) http://32ixi6myw3things.onion/
ORVoice (music) http://orvoicemur72h7rx.onion/TO
Index of (music) http://uuxrei5or65anucg.onion/
My little pony http://mlpfimf74svi6y4q.onion/s01/
The audiobook vault http://xmctuxj7dsymumwf.onion/
Разное:
DOXBIN http://doxbinbircrfbqvg.onion/ This is a big list of peoples personal information basicly, seems like a dump for info that hackers might want to retreive at a later date, but also seems like a show off site. Im not sure how to interpret all this
Riseup http://zsolxunfmbfuq7wf.onion/rc/
Thunder’s Place (penis enlargement) http://thundersplv36ecb.onion/
Smart5 (forum, for what idk though) http://smart5ywvuwbmzfd.onion/
German TOR Library (documents, files, on what subject idk) http://pqfja3rzroprkfq6.onion
Dying Breed (forum, idk what for) http://g6o7aurv4c3ixalq.onion/index.php
Hers some random cords. lat/long http://4k2oq3fswx35a72s.onion/
Zyprexa kills http://tdkhrvozivoez5ad.onion/
Cat out of the bag http://vkpriz2cjzymgpsp.onion/
XL33tVill3 (links and idk what) http://tt75atziadj4duff.onion/sindex.html
i really dont know what to say http://rjzdqt4z3z3xo73h.onion/
Solar display http://zgypn3izock2oqny.onion/
GIF files (global intelligence files) http://gkqmy7ioqptiru5o.onion/gifiles/
Hacked http://7o46qra2jkz3k3kx.onion/
GreatDumps http://www.greatobxvv7etokq.onion/?login.do/
International journal of proof of concept or GTFO http://pocgtfo7tu77thrp.onion/
Elize chatbot http://opnju4nyz7wbypme.onion/
Cryptome (im not sure where to put this so its here) http://y6q2mnorhmsfdm3r.onion/
Pastebin http://5aklnwbibkhrtbs6.onion/
submitted by Jayson_Roger to JRHarbor [link] [comments]

Warning: DrugsList is extremely insecure [x-post /r/DarkNetMarkets]

DISCLAIMER: I have no affiliation with any marketplace. My interest is only seeing a more secure and trustworthy underground drug market. I have reported numerous issues to other drug markets and have had them successfully fixed. I have never accepted payment from any drug market for security services. I am only an interested observer and occasional customer.
EDIT: here is the original thread at /DarkNetMarkets
The Drugslist website makes numerous simple security errors in its implementation, and is completely unfit as an underground drug marketplace storing bitcoin wallets.

Error 1: The PGP error

As drug market users you have likely noticed that it is always reinforced that you should use PGP for all private message. A lot of users struggle with PGP since you have to download an application, learn public key cryptography, learn how to sign/encrypt and manage keys etc. There is a reason why it is complicated, because ease of use and security are a direct tradeoff. Were PGP to be simple, it likely wouldn't be effective.
This is why you have never seen a serious drug marketplace that attempts to implement PGP on the web, or inside a browser - because it is insecure. You can only guarantee the security of PGP and your messages if you use a desktop app.
I noticed yesterday that drugslist was making a huge error and had implemented PGP in a web browser as part of the their drugs marketplace. This is a huge red flag, because not only is it not secure, but it also teaches users that pasting private keys into a web form is ok, when it is far from. Security conscious people spend a lot of time reiterating into people basic security practices and when Drugslist does something like implement PGP in a browser and ask users to paste a private key into a web form, they undo a lot of that security advocacy performed by others.
I'm going to try and explain in the simplest terms of why PGP in the browser is a bad idea, because I explain what Drugslist did:
When you install PGP normally on the desktop - you go to a trusted site and download the package, and almost all PGP tutorials will, as a second step, show you how you can verify that the package you downloaded is the same one the developers signed off on - to guarantee that it either hasn't been backdoored or manipulated on the server, or that it hasn't been backdoored or manipulated in transit to your computer. You only have to do this once, when you install the application. From then on your can use the PGP app a thousand times and be confident that it hasn't been backdoored (there are ways around this, such as a trojan on your system, but it won't be backdoored by the developer).
This is an essential part of establishing the trust relationship between developer and user, you can guarantee that it hasn't been compromised using cryptography (Bitcoin also does this, as does Tor).
When you use PGP in a browser, your browser downloads a new copy of PGP every time you use it, and has no way of checking the signature. Worse, it doesn't even check if is downloading it from the correct server. That means someone could easily insert a backdoor into it, or weaken it, and you would never notice. It doesn't matter how much you check the code the first time you use it, you can't guarantee that it would be the same every subsequent time.
This isn't a hypothetical attack, there are at least two known cases where the US Government has taken advantage of web-based cryptography to read 'encrypted' messages for users: Hushmail and Lavabit. In the Hushmail case users had no idea that Hushmail had changed the code to give the government access. In the Lavabit case, because they were using web based crypto they were also vulnerable to a subpoena, which they ended up receiving when Snowden became a user. This is why web-based crypto is bad, because it can't be protected or guaranteed.
Drugslist present their web-based PGP alternative as a direct replacement for desktop PGP, which is not the case. Web based PGP is never secure.
They place a link to it right above the box where you send private messages:
Don't know PGP? Check out our client-side PGP encryption tool. No data transferred and everything stays on your device!
All throughout the site, in the FAQ, there on the private message box, it mentions the web-based PGP implementation as an alternative to desktop based PGP, which it certainly is not.
Now this part I can't stress enough: to a security professional, this is a very simple mistake - it is something that even a security professional with only hours of experience would know is a red flag. This is like a mechanic pointing out that the tyre in your car is wobbly and about to fall off.
I noticed that Drugslist have this feature yesterday in their thread about their API. I knew very very little about Drugslist at this time, I had signed up a week earlier and then forgotten about it - not even looking at what vendors are there, etc.
Here is the thread announcing the API:
http://www.reddit.com/DarkNetMarkets/comments/1w2rq9/drugslist_launching_optional_new_full_api/
I got to this second paragraph and immediately stopped reading:
Our site now offers, a fully featured API escrow, auto withdraw for vendors, 1% commission payments on any money spent by anyone whom you refer, a fully integrated forum and email system, client side pgp encryption and decryption as well as a very active customer support and development team.
I immediately had to see this for myself - surely they don't mean PGP in the browser, that would be lunacy. I open the site, find the feature - and sure enough they have implemented PGP in a browser using Javascript and are asking users to paste their private keys and secret messages into a web form. This is absolutely unacceptable, especially by a marketplace claiming to be security conscious.
Without reading the thread further, I then write this comment telling Drugslist that they need to change and remove the client-side PGP feature. Drugslist replied quickly, and they partly gave an indication that they understood the issue, but they mainly chose to ignore what I reported.
edit to add, while we were having this conversation despite denying it was a problem every time I went back and checked Drugs List they were adding warnings to the PGP tool that demonstrated they didn't understand the issue. I would check their page and the wording would change to include a warning, I would go back, leave a comment with a counter-point, check their page again and the warning would be updated again based on the comment I left. This shows that they weren't understanding the issue.
What proves it further is the message they have on the PGP page now:
http://drugslisvdknitqd.onion/pgp/index.html
This is in big red writing at the top, and was added after I raised the issue:
While our Javascript PGP implementation is secure, and can be verified by looking at the source code, understand that other websites claiming to have client-side Javascript PGP could be insecure. Be cautious of any site offering client-side PGP. You should always search through the source code looking for Javascript includes, XHR requests and HTML5 outbound data calls.
Note two things here: they are still misunderstanding the issue - there is no way to implement this securely, besides their reassurance. Also note that this is a feature that is supposed to be built for users who find desktop PGP complicated, yet it is asking them to conduct a thorough audit of the PGP code prior to using the tool each time. This is completely unrealistic.
Back on the comment thread, there was also a completely surreal situation where i'm left spending a dozen comments explaining to DrugsList what the actual problem is, since it is clear they don't understand what i'm actually reporting - in the meantime they continue to deny that there is a problem.
I had no idea at the time that this would lead to an hours-long conversation where drugslist would repeatably deny the existence of numerous security issues despite the clear evidence to the contrary.
I went back up to that original post and kept reading about the API. Two lines later and we have another security issue:

2. API Security Issues

I'll keep this brief. The problems with the API are:
  1. It asks you to place your marketplace password in the URL of the API. This is a big no-no, since many applications log URLs in plain text. A URL is 'non sensitive' data and all applications treat it that way, you should not be placing passwords into the URL
  2. The password used in the API is the same as that used in the API, so if your API somehow leaks, the person finding the password can login as you. This is poor design.
  3. The API client makes no effort to authenticate the server, and vice-versa. This means it would be incredibly simple to intercept the data passing between the API client and the API server. Running over Tor only makes it easier, since a lot of Tor configs have misconfigured DNS.
The drugslist response to these concerns is that they 'expect' API clients to know these problems and to use them securely.
I had now discovered a number of basic security issues in reading only two paragraphs of text from Drugslist, and in all these cases the Drugslist user had responded quickly, completely denying any issue or any problem - and dismissing the concern. This was becoming a pattern and it prompted me to look at the history of this user and this drug marketplace, it didn't take me long to find more hits.

Error 3: SQL Injection

I only had to scroll down 3 or 4 previous thread before finding this thread - where a user of reddit had reported an SQL Injection vulnerability to DrugsList.
Set aside for a moment what you may believe about how the person reporting that bug behaved or conducted themselves, because this is a very serious issue.
I could not believe what I was seeing as I scrolled through the screenshots attached. I haven't seen this type of elementary SQL Injection bug for years. This stuff used to work 10 years ago, but you rarely see it any more as most programmers and websites have wisened up to the simplest of SQL Injection bugs.
Make no mistake about this: what is being demonstrated in that bug is the ability to take control of the application and run whatever commands you wish on the database. This means you can take passwords, steal bitcoin, insert your own vendor account etc.
This is the exact same type of bug that cause both Sheep and BMR to be hacked, instead this bug was much, much simpler than either of those
This SQL Injection bug lead to what was now becoming a regular situation - the drugslist user coming in, denying that there was an error, and claiming that the user who found an SQL Injection had only found a 'small bug' and couldn't 'do anything'. He was daring the next attacker to delete/hack his entire site as a way of proving that a bug exists.
This lead to a completely surreal comment thread, the kind I have never really had before, where we have the admin of the drug market along with a mod from the sub trying to convince people that this wasn't a real bug - using terms that are taken from information security, but using them in such a way that makes it clear to anybody who knows the field that these guys have no idea of what they are talking about.
The sheer simplicity of the SQL Injection attack lead me to open up a browser and to go to Drugs Marketplace and to check for myself to see if I could find any other bugs (having a single simple bug on the main page usually means there are more).

Error 4: Multiple SQL Injection Points

Within 3 minutes of checking their app it was clear that both their search page and their product page are not filtering user input and allow a user to tamper with SQL queries in any way they want.
I private message Drugslist and tell him that he needs to take his site down and come clean about the security issues. I've never seen a site like this. A potential hacker with no knowledge of info sec would only require 10-12 hours of learning to take complete advantage of stealing everything from Drugs List.

Error 5: Server Leaking Info

After discovering the two bugs I come to the conclusion that there is no point in testing this further, since every parameter I test is vulnerable.
I look down at my logs and I can't believe what i'm seeing - the server is leaking critical information about itself that would make it simple for a dedicated adversary to trace down not only the location of the server, but the people running it.
This is worse than Silk Road in the early days, where similar output lead the authorities to the location of the Silk Road server.

Error 6: Consolidating everything in one market

The other problem with Drugs List is that in an effort to be convenient they consolidate everything into one website and behind one URL: market, wallets, email, forum and even PGP
Were the market hacked or taken over by LE, they would get everything - your emails, your messages, your PGP (via the web tool). This is why each vendor and buyer should host each of these separately - email should be with one host, wallet with another, marketplace on another, PGP on your desktop - this rule is the same as the 'diversify your holdings' rule in the finance world, you don't want a single point of vulnerability.
There is also a reason why other markets host their forums and their marketplaces on separate URLs, its so that you isolate them from each other. The threat model to a forum is very different to the threat model for a bitcoin drug marketplace - you don't want a bug in the forum leading to a complete compromise of your bitcoin drug marketplace.

Over-marketing and under-delivering

If you look at Drugs Lists claims, they keep reiterating security and how they have hired 'PHD's in math' and 'security experts'. There is no chance this is true. Drugs List has almost certainly been put together by a single person with a minor understanding of technology and almost no understanding of security who outsourced the work of programming the marketplace. It is likely that he has hired cheap offshore labour to build this site using a service like oDesk or Elance. I don't believe his programmers know that what they are building is being used as a drug marketplace.
When I search some of these marketplaces for 'bitcoin escrow marketplace' I get a number of hits for people attempting to hire cheap labour to build such a marketplace. Some of these sound a lot like Drugs List, and that would also match up with how the site has been implemented. This is exactly how SR1 was taken down and I have more than enough information to conclude that were a sufficiently motivated adversary interested in taking down Drugs List, they would likely do so in very short order.
It doesn't matter if you believe that I am out to "get" drugs list or not, there is a pattern in his communication where numerous people have reported security or other concerns to them and they are dismissed. So either all these people reporting concerns are crazy (which would include me, two other techs on the SQL injection thread, TMPSchultz and gwern on the multi-sig thread), or drugs list is negligent with user data and are in way over their heads with operating a secretive bitcoin based underground drug market.
Of the 3 issues I reported to them, his replies indicated that he didn't even understand 2 of them. It took me numerous messages to explain what was wrong with doing web-based PGP, despite their first response indicated that they understood the issue and thought it was ok.
There is a pattern here in how features are over-marketed and then under delivered and sheer negligence with security reports. The question vendors and buyers have to ask themselves is do they really trust their identity and money with someone who is not only incompetent in building a website but in utter denial about there being a problem.
IF YOU ARE A VENDOR OR BUYER: Don't trust me - please, find someone you know who is a programmer or a tech and ask them to take a look at these two threads:
  1. This one where I report the PGP error, which becomes very weird at the end
  2. This thread, where a user reports a simple SQL injection
That is the lest amount of due diligence you should do before using a drug marketplace, especially as a vendor. You will find that even those with a cursory knowledge of programming or info security will find those threads worrying to the point of being amusing.
submitted by the_avid to SilkRoad [link] [comments]

Bitcoin Web Hosting Bitcoin Wallet Wealth Manager How to Setup Offshore Hosting with Abelohost and install wordpress in 2 minutes Bitcoin For Beginners - Funding A Sportsbook Caricoin - The Bitcoin Wallet of Caribbean

Shinjiru is another offshore hosting provider that has been in this business since 2000. They have offshore VPS hosting, private email hosting, bitcoin hosting and all the tools you need to secure your identity. Also, they have now started accepting Bitcoin as a payment for all their services. Bitcoin VPS Offshore Hosting The full power of virtualization in your hands. Bitcoin VPS hosting is something like a bridge between shared hosting and a dedicated server. Provided space acts just like a dedicated server but in fact it is a physical part of it. Bitcoin VPS server will give you much more control over your business, for a fair and reasonable price. Having and maintaining a VPS ... Bitcoin VPS Hosting, Offshore VPS Hosting that Accept Bitcoin.Cheap Offshore VPS Hosting Bitcoin VPS Hosting in Netherland, Anonymous VPS Accept Bitcoin. https://abelohost.com - An offshore hosting provider in the Netherlands, which offers shared hosting, VPS solutions and dedicated servers for the lowest possible price and with the highest possible client satisfaction. Founded in 2012 in the center of the Netherlands (Dronten), AbeloHost set out to become a reliable and fast hosting provider for clients do not want to be tightened by the ... As the name suggests, Bitcoin Web Hosting accepts only Bitcoin and other crypto coins and no other payment methods like credit cards, PayPal, etc. The platform includes shared VPS, servers, and provides complete anonymity to its users. Though it is slightly costly compared to the other web hosting platforms, it is highly secure and is one of the most trusted hosting companies.

[index] [10632] [33204] [49224] [18333] [17882] [28813] [29622] [34175] [11796] [10316]

Bitcoin Web Hosting

Abelohost: https://bill.abelohost.com/aff.php?aff=186&page=ssd-shared-hosting-pro Benefits of Abelohost: Pay with bitcoin, anonymous hosting, Offshore accoun... Bitcoin wallet 2016 - How to protect your bitcoin? - Duration: 8:49. Alex Fortin TV 29,637 views. 8:49. Top 10 Offshore Tax Havens You Can Still Stash Your Cash - Duration: 5:48. ... Bitcoin For Beginners - Funding A Sportsbook. Easiest way to fund an online sportsbook using these 2 internet wallets. Deposit with any offshore book. Use this link to get FREE $10 when you join ... This video is unavailable. Watch Queue Queue. Watch Queue Queue BitWebhosting customer Brad reviews BitWebhosting.com service. BitWebhosting provides anonymous hosting services for privacy-conscious clients. Hosting includes Cpanel hosting, VPS and Dedicated ...

#