Skip to content

Instantly share code, notes, and snippets.

@MrChrisJ

MrChrisJ/20170201--r-BitcoinMarkets_on_Reddit.md

Last active February 2, 2017 03:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MrChrisJ/648ba86b6fda220da5d83e6f30dd3484 to your computer and use it in GitHub Desktop.
Save MrChrisJ/648ba86b6fda220da5d83e6f30dd3484 to your computer and use it in GitHub Desktop.
Download ZIP
BFXIN - Chain of Custody for BTCVix filed on Thu 02 Feb 2017
Raw
20170201--r-BitcoinMarkets_on_Reddit.md

From r/BitcoinMarkets on Reddit

BTCVix comments sharing Drak's 'warning' to Zane at Bitfinex

Link: https://www.reddit.com/r/BitcoinMarkets/comments/5qtxqh/so_whats_the_deal_with_bitfinex_and_coinfloor

=== Begin Paste ===
[–]pitchbend 11 points 2 days ago Bitfinex is the only exchange with good liquidity where you can trade with margin and without providing KYC/AML info as long as you deposit/withdraw with crypto. That's why people keep using them, they are trying their best to payback users (it looks like they might succeed) and there is really no alternative. permalinkembedsavereportgive goldreply

[–]h3rlihy 12 points 1 day ago I honestly think they are doing a cracking job recovering the only way they reasonably can permalinkembedsaveparentreportgive goldreply

[–]BTCVlX 0 points 1 day ago they however should have never gone against the tried and true method of the cold/hot wallet system in favor of a 3rd party all hot system against the advisement of core devs. It is still unexcusable quite frankly and a reason a I left BFX 2 years prior because I could see the growing incompetence problem permalinkembedsaveparentreportgive goldreply

[–]bfx_drew 2 points 13 hours ago

against the advisement of core devs Get your facts straight.
permalinkembedsaveparentreportgive goldreply

[–]BTCVlX 0 points 8 hours ago you mean the facts of the hack that you released in a timely matter ? oh yeah that is right still 6 months later you have posted nothing regarding to how the hack happened -- also on hangout btcdrak discussed with Zane the issues regarding multi-sig not being cold storage. permalinkembedsaveparentreportgive goldreply

[–]MrChrisJ 1 point an hour ago

also on hangout btcdrak discussed with Zane the issues regarding multi-sig not being cold storage.

Link please. Paging /u/btcdrak & /u/zanetackett I'd love to get this hearsay dealt with once and for all. If you have facts I'd love to learn more but I do require direct evidence. I have already asked but not yet received anything.

Feel free to reach out in public or private. permalinkembedsaveparenteditdisable inbox repliesdeletereply

[–]BTCVlX 1 point 59 minutes ago* also on hangout btcdrak discussed with Zane the issues regarding multi-sig not being cold storage. I will have to dig through archives again I had it timestamped -- do know I have 100s of hours to dig through to find the exact part including both listed and unlisted recordings, it is actually one that is in regards to just Zane and drak talking about proof of reserves not to BFX specifically but it still applies, Zane is going on and on about how great proof of reserves and multi-sig is and drak is detailing how that doesn't inherently mean more transparency or security as drak has said many times in public how the whole proof of reserves angle is a snakeoil sold to exchanges.

Edit: Here is the episode where proof of reserves and multi-sig is discussed between drak and Zane https://www.youtube.com/watch?v=Mk4Dl4aaBuo&index=20&list=PL-1FPbuCqlhXXJg0JQOJRRBKpv4uCCpuD

With that said it is no secret that BFX mislead traders as far as their roll out of BitGo -- it was initially pitched as a way to show users that BFX wasn't doing fractional reserve with their BTC holdings but Phil revealed not to long ago it was actually done as a benefit to BFX when dealing with LE, they could simply point them to the address and not have to provide more information, this is supported not only by Phil's own admission on TS but also the fact that very few people were interested in opting into the proof of reserves style system that eventually without any knowledge of the traders everyone became a user of that system without the ability to opt-in/out or even be informed of the new system.

Edit: Here is the episode where we discuss BitGo and BFX and what they supposedly offered: https://www.youtube.com/watch?v=LWrjixFzsMQ&list=PL-1FPbuCqlhXXJg0JQOJRRBKpv4uCCpuD&t=100s&index=12

Edit: Phil Potter : "We recieved so many LE requests that we wanted to take ourselves out of the process with segregated wallets" https://www.youtube.com/watch?v=PoM7X7TI5YM&t=3s You will have to ask swap why the video got taken down but it was there and that is the direct quote from the video : http://imgur.com/a/mo7zR === End Paste ===

Raw
20170202T0313UTC-CoC-BFXIN-git.objects--3b94283b325813c2d2fdc09def4d55c1fbf4a929182decee450f3578c1c9d2f8.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Block: 451162
Hash: 0000000000000000028e30ed774db2f68851b2b42e67ce7d59218025c40c4481
Merkle Root: feef7a048d229cf2152258fe24fe1efaa0d6e700cc1ed85b2cf1591459a38b8b
CoC Filename: 20170202T0313UTC-CoC-BFXIN.md
Object Tree:
.git/objects/21/0343e5483f0c0b5430185549cd541e09e07bc9
.git/objects/d9/3587c2caa9372916262f562547a4fac814900b
.git/objects/22/d61464c0ea296cb460ac7abcb03f9c5289601a
Verify this message here: https://keybase.io/verify
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJYkqTmAAoJEOw2pfEsR+bQv08H/2uEiVgXehx9AqFywatwt4qb
NRMVinQzhRzL3TMEwHSNiAIcbX0nw84xHo6KeNpX2i7iHJnH3p7bMSfHaeQLaKZc
MSLcF8V5/jXacZgTgk0pkwWVpZcjbMLXQIEz2lxp60LwyvGEaXNcJZoNpj9hOpKN
ttS57w1b+SaBltga6IRun5E/wiGpbgU7VQdRLBuoIjU8+oSM7MiaSU3lmwe2eNEe
0xkZ3HFqzbGB9BuHo83DXHE+pMsvvhYwZqydnlX08kUQzIWaFVcfOSg2J3bms/QY
T6Fgoa8VTE/WKfnBip6OPi6aDmzXG+4YLQfm2HQJE5D5/EJeitfyAqc/lVJ4+Zk=
=dbN0
-----END PGP SIGNATURE-----
Raw
20170202T0313UTC-CoC-BFXIN.md

BFXIN - Chain of Custody filed on Thu 02 Feb 2017

Git Object Tree

CoC file: 20170202T0313UTC-CoC-BFXIN-git.objects--3b94283b325813c2d2fdc09def4d55c1fbf4a929182decee450f3578c1c9d2f8.txt

This file is for the attention of Reddit user /u/btcvix

Below is a file list, git object hashes and a timestamp at which the file was timestamped on the Bitcoin blockchain. These can be used for your personal records and for the accountability of the author.

Filename: 20170201--r-BitcoinMarkets_on_Reddit.md
Git Object Hash: 22d61464c0ea296cb460ac7abcb03f9c5289601a
Timestamped: Wed 01 Feb 2017 02:47:19 UTC+0000
Description: A local copy of the Reddit comments between /u/MrChrisJ and /u/BTCVix on /r/BitcoinMarkets
Hyperlink: https://www.reddit.com/r/BitcoinMarkets/comments/5qtxqh/so_whats_the_deal_with_bitfinex_and_coinfloor

Filename: WCHangout_11_--_BitFinex_--_Who_They_Are,_Alphapoint_Rollout,_&_Improvements.mp4
Git Object Hash: 210343e5483f0c0b5430185549cd541e09e07bc9
Timestamped: Thu 02 Feb 2017 02:32:12 UTC+0000
Description: A local copy of the Youtube video hosted by BTCVix
Hyperlink: https://www.youtube.com/watch?v=Mk4Dl4aaBuo

Filename: Partial_Transcript_of_WCHangout_11_--_BitFinex_--_Who_They_Are,_Alphapoint_Rollout,_&_Improvements.md
Git Object Hash: d93587c2caa9372916262f562547a4fac814900b
Timestamped: Thu 02 Feb 2017 02:32:12 UTC+0000
Description: A partial transcript of "WCHangout_11_--_BitFinex_--_Who_They_Are,_Alphapoint_Rollout,_&_Improvements.mp4"
Raw
Partial_Transcript_of_WCHangout_11_--_BitFinex_--_Who_They_Are,_Alphapoint_Rollout,_&_Improvements.md

Partial Transcript of WCHangout 11 -- BitFinex -- Who They Are, Alphapoint Rollout, & Improvements

Link: https://www.youtube.com/watch?v=Mk4Dl4aaBuo

Timecodes: [mm:ss]

=== Begin Transcript ===
[49:19]
BTCVix(BV): Anyways Drak I know you wanted to hit hard on security so let's open up that bag.

BTCDrak(BD): Yeah so Bitfinex has become now pretty much the number one exchange that we can see. And there are huge quantaties of fiat being stored in the lending markets for example and obviously huge quantaties of bitcoin are being stored so can you walk us through a little bit about the security protocols you have? Not necessarily the specifics of it but the kind of things you're doing to make sure you don't get Bitstamped or MtGoxed.

Zane Tackett(ZT): Alight, well two things well Bitstamp is BTC, Gox is also BTC and then you are talking about fiat. Fiat is stored in the bank, so that's more on the bank side of things and banks they have extensive regulations that they have to meet. And their security is top notch, so our fiat is stored there. So that shouldn't be an issue.
As towards where our BTC is stored: 99.5% of our coins are in multi-sig wallets and a lot of that is cold storage. In this vain we do have an announcement coming up, which we are pretty excited and will be pretty big. You know it will be one of the first of its kind in its industry. I can't really release what exactly it is but it will be coming up in not too long and I think it will be the first of its kind, it will really go a long way in kind of adding to security of the exchange and kind of putting people's minds at ease.

BD: So our minds will be put at ease at some point in the future? Laughs

ZT: Umm... I know the whole "next two weeks" is kind of a lot of fun but just give it a little bit of time we'll have something that comes out and you won't be, you won't be worrying about it anymore.

BD: Sure, I think I have an idea. So the lead-in sort of, the way this connects to privacy is that Bitfinex has always been very privacy orientated, there's minimal verification unless you have contact with sending fiat in to and out of the exchange and then it's normal KYC. But something that concerns me considerably with that Bitstamp did was that they outsourced their multisig solution to BitGo. BitGo is a US company and it... I mean Bistamp itself appears to not really care about customer privacy as we saw recently... who's clicking something?... Yeah so Bitstamp showed in the recent thing with that FBI... that rogue FBI agent that they were overstepping the boundaries possibly of their willingness to disclose information about their customers. And the problem with BitGo and the Bitstamp enviroment is that a third party American company is now involved in the customer relationships with Bitstamp. So that's another place customer privacy can be broken. I mean I love the whole multi-signature thing but I think it's possibly a terrible idea to be outsourcing it and there's no need to outsource it. The whole point of Bitcoin is that this kind of technology that can be done in house. So I would be very concerned if this announcement that you guys are going to make would change the privacy aspect of Bitfinex because so far Bitfinex has been really top notch in protecting customer privacy.

[53:30]

ZT: That's definitely one thing we will continue to aim to protect but I think that remaining compliant is a must and you are talking about Bitstamp overstepping bounds with the FBI agent, they do have a duty to report any um...

BD: Yeah but I think you're missunderstanding, we're not talking about not complying with regulations. For example Bitstamp... um Bitfinex complies with all the anti money laundering regulations that it needs to and that is if customers are dealing with, you know, with real cash then in to and out of the exchange then you verify and you have all the reporting requirements and so on. It's kind of, it's if you're just dealing with bitcoin currently no regulations which say anything about that. So you can actually join the Bitfinex exchange with just the username and go about with bitcoin trading, right?
Now, where it gets ugly is if you involve a company like BitGo who is now a US company who can be subpoenaed so "Oh, there was funds sent to this multi sig address" you know? "Do you own that?" you know?... "What customer data do you have on that?" etc etc. You understand? It becomes a privacy leak by default. Now it's entirely, it's not about not following regulations what I am saying is that this is when you are following regulations but you are not being required to disclose stuff that third party company now is a leak. You understand?

ZT: I mean I do understand where you're going but I'm not sure I agree with it because the unverified users will continue to have their privacy and privacy is something that Bitfinex as a Bitcoin company very much holds in high regard. And it's something that we've continued to show that we aim to protect and it's something we do want to protect that our users have privacy.

BD: For example though you guys are not an American company and therefore you're not required to disclose data if you get subpoena, it would have to be in BVI or whatever, right? Now my point is if you are now dealing with third parties with which you have to share data about your customers with and those third parties are now the United States then it becomes a problem.
ZT: But for unverified users there isn't that data, there is no data. So we won't be sharing any data.

DB: But it's still a problem for users who verify for people who might use Bitfinex and verify are consciously choosing Bitfinex over Coinbase and instead of verifying with Coinbase exchange they're verifying with Bitfinex because of the security you know because of the privacy.

BV: I don't want to get too philosophical in this because I feel like we're going down that rabbit hole. There're certainly concerns, I think you have raised some great concerns Drak especially many of the people in here being US citizens and using Bitfinex and that going forward so if we just wanna leave that way for right now and just something to be cognizant of it. Anybody in this space should kind of have that. We're not all safe with privacy if we're using any third party. It's not our cold storage wallet basically.

[56:27]

[BTCVix segues on to other topics]
=== End Transcript ===

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment