Binance Review - 5 Things to Know Before Signing Up (2020 ...

The events of a SIM swap attack (and defense tips)

Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CryptoCurrency [link] [comments]

BitcoinBCH.com accidentally publishes on-chain proof that they fake BCHs adoption metrics. Post to r/btc gets deleted and OP is now permanently banned.

Everybody who has posted this on btc has been banned according to modlog. Total of 9 users so far. Don't post this on btc or you will get banned. If you get banned comment on this thread or PM me.

May 2020:

According to btc modlogs, mc-78 has been banned because he questioned the April report with this comment.

According to btc modlogs, BCH4TW has been banned because he questioned the April report with this comment.

March 2020:

According to btc modlogs, bch4god has been banned because he questioned the February report with this comment.

According to btc modlogs, ISeeGregPeople has been banned because he linked to this thread in his comment.

February 2020:

According to btc modlogs, whene-is-satoshi has been banned because he linked to this thread in his comment.

January 2020:

According to btc modlogs, cryptokittykiller's post has been removed for linking to this thread.

According to btc modlogs, bashcalf has now been banned for linking to this thread.

According to btc modlogs, EnterLayer2 has now been banned for this post pointing out that this thread has reached 1000 upvotes.

This article was posted by bitcoinsatellite on btc here. Once it reached frontpage it got deleted and OP was banned from btc and bitcoincash as a result.

Disclaimer: I am not and have never been affiliated with any of the mentioned parties in a private or professional matter.
Presumably in an attempt to smear a local competitor, Hayden Otto inadvertently publishes irrefutable on-chain proof that he excluded non-BCH retail revenue to shape the "BCH #1 in Australia" narrative.
  • Scroll down to "Proof of exclusion" if you are tired of the drama recap.
  • Scroll down to "TLDR" if you want a summary.

Recap

In September 2019, BitcoinBCH.com started publishing so called monthly "reports" about crypto retail payments in Australia. They claimed that ~90% of Australia's crypto retail revenue is processed via their own HULA system and that ~92% of all crypto retail revenue happens in BCH.
They are aggregating two data sources to come up with this claim.
One is TravelByBit (TBB) who publishes their PoS transactions (BTC, LN, ETH, BNB, DASH, BCH) live on a ticker.
The other source is HULA, a newly introduced POS system (BCH only) and direct competitor to TBB run by BitcoinBCH.com - the same company who created the report. Despite being on-chain their transactions are private, not published and not verifiable by third parties outside BitcoinBCH.com
Two things stood out in the "reports", noted by multiple users (including vocal BCH proponents):
  • The non-BCH parts must have tx excluded and the report neglects to mention it (the total in their TBB analysis does not match what is reported on the TBB website.)
  • The BCH part has outliers included (e.g. BCH city conference in September with 35x the daily average)
The TBB website loads the historic tx data in the browser but hides transactions older than 7 days from being displayed, i.e. you can access more than 7 days worth of data if you understand JavaScript and can read the source code (source).

Hayden Otto's reaction

In direct response to me publishing these findings on btc, Hayden Otto - an employee at BitcoinBCH.com and the author of the report who also happens to be a moderator of /BitcoinCash - banned me immediately from said sub (source).
In subsequent discussion (which repeated for every monthly "report" which was flawed in the same ways as described above), Hayden responded using the same tactics:
"No data was removed"
"The guy is straight out lying. There is guaranteed no missing tx as the data was collected directly from the source." (source)
"Only data I considered non-retail was removed"
"I also had these data points and went through them to remove non-retail transactions, on both TravelbyBit and HULA." (source)
He admits to have removed non-BCH tx by "Game Ranger" because he considers them non-retail (source). He also implies they might be involved in money laundering and that TBB might fail their AML obligations in processing Game Ranger's transactions (source).
The report does not mention any data being excluded at all and he still fails to explain why several businesses that are clearly retail (e.g. restaurants, cafes, markets) had tx excluded (source).
"You are too late to prove I altered the data"
"[...] I recorded [the data] manually from https://travelbybit.com/stats/ over the month of September. The website only shows transactions from the last 7 days and then they disappear. No way for anyone to access stats beyond that." (source)
Fortunately you can, if you can read the website's source code. But you need to know a bit of JavaScript to verify it yourself, so not an ideal method to easily prove the claim of data exclusion to the public. But it laters turns out Hayden himself has found an easier way to achieve the same.
"The report can't be wrong because it has been audited."
In response to criticism about the flawed methodology in generating the September report, BitcoinBCH.com hired an accountant from a regional Bitcoin BCH startup to "audit" the October report. This is remarkable, because not only did their reported TBB totals still not match those from the TBB site - their result was mathematically impossible. How so? No subset of TBB transaction in that month sums up to the total they reported. So even if they excluded retail transactions at will, they still must have messed up the sum (source). Why didn't their auditor notice their mistake? She said she "conducted a review based on the TravelByBit data provided to her", i.e. the data acquisition and selection process was explicitly excluded from the audit (source).
"You are a 'pathetic liar', a 'desperate toll', an 'astroturf account' and 'a total dumb ass' and are 'pulling numbers out of your ass!'"
Since he has already banned me from the sub he moderates, he started to resort to ad hominems (source, source, source, source).

Proof of exclusion

I published raw data as extracted from the TBB site after each report for comparison. Hayden responded that I made those numbers up and that I was pulling numbers out of my ass.
Since he was under the impression that
"The website only shows transactions from the last 7 days and then they disappear. No way for anyone to access stats beyond that." (source)
he felt confident to claim that I would be
unable to provide a source for the [missing] data and/or prove that that data was not already included in the report. (source)
Luckily for us Hayden Otto seems to dislike his competitor TravelByBit so much that he attempted to reframe Bitcoin's RBF feature as a vulnerability specific to TBB PoS system (source).
While doublespending a merchant using the TBB PoS he wanted to prove that the merchant successfully registered the purchase as complete and thus exposed that the PoS sales history of TBB's merchants are available to the public (source), in his own words:
"You can literally access it from a public URL in the Web browser. There is no login or anything required, just type in the name of the merchant." (source)
As of yet it is unclear if this is intentional by TBB or if Hayden Ottos followed the rules of responsible disclosure before publishing this kind of data leak.
As it happens, those sale histories do not only include the merchant and time of purchases, they even include the address the funds were sent to (in case of on-chain payments).
This gives us an easy method to prove that the purchases from the TBB website missing in the reports belong to a specific retail business and actually happened - something that is impossible to prove for the alleged HULA txs.
In order to make it easier for you to verify it yourself, we'll focus on a single day in the dataset, September 17th, 2019 as an example:
  • Hayden Otto's report claims 20 tx and $713.00 in total for that day (source)
  • The TBB website listed 40 tx and a total of $1032.90 (daily summary)
  • Pick a merchant, e.g. "The Stand Desserts"
  • Use Hayden's "trick" to access that merchants public sale history at https://www.livingroomofsatoshi.com/merchanthistory/thestanddesserts, sort by date to find the 17th Sep 2019 and look for a transaction at 20:58 for $28. This proves that a purchase of said amount is associated with this specific retail business.
  • Paste the associated crypto on-chain address 17MrHiRcKzCyuKPtvtn7iZhAZxydX8raU9 in a blockchain explorer of your choice, e.g like this. This proves that a transfer of funds has actually happened.
I let software aggregate the TBB statistics with the public sale histories and you'll find at the bottom of this post a table with the on-chain addresses conveniently linked to blockchain explorers for our example date.
The total of all 40 tx is $1032.90 instead of the $713.00 reported by Hayden. 17 tx of those have a corresponding on-chain address and thus have undeniable proof of $758.10. Of the remaining 23, 22 are on Lightning and one had no merchant history available.
This is just for a single day, here is a comparison for the whole month.
Description Total
TBB Total $10,502
TBB wo. Game Ranger $5,407
TBB according to Hayden $3,737

What now?

The usual shills will respond in a predictive manner: The data must be fake even though its proof is on-chain, I would need to provide more data but HULA can be trusted without any proof, if you include outliers BCH comes out ahead, yada, yada.
But this is not important. I am not here to convince them and this post doesn't aim to.
The tx numbers we are talking about are less than 0.005% of Bitcoin's global volume. If you can increase adoption in your area by 100% by just buying 2 coffees more per day you get a rough idea about how irrelevant the numbers are in comparison.
What is relevant though and what this post aims to highlight is that BitcoinBCH.com and the media outlets around news.bitcoin.com flooding you with the BCH #1 narrative are playing dirty. They feel justified because they feel that Bitcoin/Core/Blockstream is playing dirty as well. I am not here to judge that but you as a reader of this sub should be aware that this is happening and that you are the target.
When BitcoinBCH.com excludes $1,000 Bitcoin tx because of high value but includes $15,000 BCH tx because they are made by "professionals", you should be sceptical.
When BitcoinBCH.com excludes game developers, travel businesses or craftsmen accepting Bitcoin because they don't have a physical store but include a lawyer practice accepting BCH, you should be sceptical.
When BitcoinBCH.com excludes restaurants, bars and supermarkets accepting Bitcoin and when pressed reiterate that they excluded non-retail businesses without ever explaning why a restaurant shouldn't be considered reatil, you should be sceptical.
When BitcoinBCH.com claims the reports have been audited but omit that the data acquisition was not part of the audit, you should be sceptical.
I expect that BitcoinBCH.com will stop removing transactions from TBB for their reports now that it has been shown that their exclusion can be provably uncovered. I also expect that HULA's BCH numbers will rise accordingly to maintain a similar difference.
Hayden Otto assumed that nobody could cross-check the TBB data. He was wrong. Nobody will be able to disprove his claims when HULA's BCH numbers rise as he continues to refuse their release. You should treat his claims accordingly.
As usual, do your own research and draw your own conclusion. Sorry for the long read.

TLDR

  • BitcoinBCH.com claimed no transactions were removed from the TBB dataset in their BCH #1 reports and that is impossible to prove the opposite.
  • Hayden Otto's reveals in a double spend attempt that a TBB merchant's sale history can be accessed publicly including the merchant's on-chain addresses.
  • (For example,) this table shows 40 tx listed on the TBB site on Sep 17th, including their on-chain addresses where applicable. The BitcoinBCH.com report lists only 20 tx for the same day.
  • (Most days and every months so far has had BTC transactions excluded.)
  • (For September, TBB lists $10,502 yet the report only claims $3,737.
No. Date Merchant Asset Address Amount Total
1 17 Sep 19 09:28 LTD Espresso Lightning Unable to find merchant history. 4.50 4.50
2 17 Sep 19 09:40 LTD Espresso Binance Coin Unable to find merchant history. 4.50 9.00
3 17 Sep 19 13:22 Josh's IGA Murray Bridge West Ether 0x40fd53aa...b6de43c531 4.60 13.60
4 17 Sep 19 13:23 Nom Nom Korean Eatery Lightning lnbc107727...zkcqvvgklf 16.00 29.60
5 17 Sep 19 13:24 Nom Nom Korean Eatery Lightning lnbc100994...mkspwddgqw 15.00 44.60
6 17 Sep 19 14:02 Nom Nom Korean Eatery Binance Coin bnb1w5mwu9...552thl4ru5 30.00 74.60
7 17 Sep 19 15:19 Dollars and Sense (Fortitude Valley) Lightning lnbc134780...93cpanyxfg 2.00 76.60
8 17 Sep 19 15:34 Steph's Cafe Binance Coin bnb124hcjy...ss3pz9y3r8 57.50 134.10
9 17 Sep 19 19:37 The Stand Desserts Binance Coin bnb13f58s9...qqc7fxln7s 18.00 152.10
10 17 Sep 19 19:59 The Stand Desserts Lightning lnbc575880...48cpl0z06q 8.50 160.60
11 17 Sep 19 20:00 The Stand Desserts Lightning lnbc575770...t8spzjflym 8.50 169.10
12 17 Sep 19 20:13 The Stand Desserts Lightning lnbc202980...lgqp5ha8f4 3.00 172.10
13 17 Sep 19 20:21 The Stand Desserts Lightning lnbc577010...decq7r4p05 8.50 180.60
14 17 Sep 19 20:24 Fat Dumpling Lightning lnbc217145...9dsqpjjr6g 32.10 212.70
15 17 Sep 19 20:31 The Stand Desserts Lightning lnbc574530...wvcpp3pcen 8.50 221.20
16 17 Sep 19 20:33 The Stand Desserts Lightning lnbc540660...rpqpzgk8z0 8.00 229.20
17 17 Sep 19 20:37 The Stand Desserts Lightning lnbc128468...r8cqq50p5c 19.00 248.20
18 17 Sep 19 20:39 The Stand Desserts Lightning lnbc135220...cngp2zq6q4 2.00 250.20
19 17 Sep 19 20:45 The Stand Desserts Lightning lnbc574570...atcqg738p8 8.50 258.70
20 17 Sep 19 20:51 Fat Dumpling Lightning lnbc414190...8hcpg79h9a 61.20 319.90
21 17 Sep 19 20:53 The Stand Desserts Lightning lnbc135350...krqqp3cz8z 2.00 321.90
22 17 Sep 19 20:58 The Stand Desserts Bitcoin 17MrHiRcKz...ZxydX8raU9 28.00 349.90
23 17 Sep 19 21:02 The Stand Desserts Bitcoin 1Hwy8hCBff...iEh5fBsCWK 10.00 359.90
24 17 Sep 19 21:03 The Stand Desserts Lightning lnbc743810...dvqqnuunjq 11.00 370.90
25 17 Sep 19 21:04 The Stand Desserts Lightning lnbc114952...2vqpclm87p 17.00 387.90
26 17 Sep 19 21:10 The Stand Desserts Lightning lnbc169160...lpqqqt574c 2.50 390.40
27 17 Sep 19 21:11 The Stand Desserts Lightning lnbc575150...40qq9yuqmy 8.50 398.90
28 17 Sep 19 21:13 The Stand Desserts Lightning lnbc947370...qjcp3unr33 14.00 412.90
29 17 Sep 19 21:15 The Stand Desserts Binance Coin bnb1tc2vva...xppes5t7d0 16.00 428.90
30 17 Sep 19 21:16 Giardinetto Binance Coin bnb1auyep2...w64p6a6dlk 350.00 778.90
31 17 Sep 19 21:25 The Stand Desserts BCH 3H2iJaKNXH...5sxPk3t2tV 7.00 785.90
32 17 Sep 19 21:39 The Stand Desserts Binance Coin bnb17r7x3e...avaxwumc58 8.00 793.90
33 17 Sep 19 21:47 The Stand Desserts BCH 32kuPYT1tc...uFQwgsA5ku 18.00 811.90
34 17 Sep 19 21:52 The Stand Desserts BCH 3ELPvxtCSy...4QzvfVJsNZ 36.00 847.90
35 17 Sep 19 21:56 The Stand Desserts Lightning lnbc677740...acsp04sjeg 10.00 857.90
36 17 Sep 19 22:04 The Stand Desserts BCH 38b4wHg9cg...9L2WXC2BSK 54.00 911.90
37 17 Sep 19 22:16 The Stand Desserts Binance Coin bnb14lylhs...x6wz7kjzp5 18.00 929.90
38 17 Sep 19 22:21 The Stand Desserts BCH 3L8SK3Hr7u...F3htdSPxfL 90.00 1019.90
39 17 Sep 19 22:30 The Stand Desserts Binance Coin bnb19w6tle...774uknv57t 5.00 1024.90
40 17 Sep 19 22:48 The Stand Desserts BCH 3Qag8c4UYg...9EYuWzGjhs 8.00 1032.90
submitted by YeOldDoc to CryptoCurrency [link] [comments]

The events of a SIM swap attack directed at Coinbase (and defense tips)

The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CoinBase [link] [comments]

How To End The Cryptocurrency Exchange "Wild West" Without Crippling Innovation


In case you haven't noticed the consultation paper, staff notice, and report on Quadriga, regulators are now clamping down on Canadian cryptocurrency exchanges. The OSC and other regulatory bodies are still interested in industry feedback. They have not put forward any official regulation yet. Below are some ideas/insights and a proposed framework.



Many of you have limited time to read the full proposal, so here are the highlights:

Offline Multi-Signature

Effective standards to prevent both internal and external theft. Exchange operators are trained and certified, and have a legal responsibility to users.

Regular Transparent Audits

Provides visibility to Canadians that their funds are fully backed on the exchange, while protecting privacy and sensitive platform information.

Insurance Requirements

Establishment of basic insurance standards/strategy, to expand over time. Removing risk to exchange users of any hot wallet theft.


Background and Justifications


Cold Storage Custody/Management
After reviewing close to 100 cases, all thefts tend to break down into more or less the same set of problems:
• Funds stored online or in a smart contract,
• Access controlled by one person or one system,
• 51% attacks (rare),
• Funds sent to the wrong address (also rare), or
• Some combination of the above.
For the first two cases, practical solutions exist and are widely implemented on exchanges already. Offline multi-signature solutions are already industry standard. No cases studied found an external theft or exit scam involving an offline multi-signature wallet implementation. Security can be further improved through minimum numbers of signatories, background checks, providing autonomy and legal protections to each signatory, establishing best practices, and a training/certification program.
The last two transaction risks occur more rarely, and have never resulted in a loss affecting the actual users of the exchange. In all cases to date where operators made the mistake, they've been fully covered by the exchange platforms.
• 51% attacks generally only occur on blockchains with less security. The most prominent cases have been Bitcoin Gold and Ethereum Classic. The simple solution is to enforce deposit limits and block delays such that a 51% attack is not cost-effective.
• The risk of transactions to incorrect addresses can be eliminated by a simple test transaction policy on large transactions. By sending a small amount of funds prior to any large withdrawals/transfers as a standard practice, the accuracy of the wallet address can be validated.
The proposal covers all loss cases and goes beyond, while avoiding significant additional costs, risks, and limitations which may be associated with other frameworks like SOC II.

On The Subject of Third Party Custodians
Many Canadian platforms are currently experimenting with third party custody. From the standpoint of the exchange operator, they can liberate themselves from some responsibility of custody, passing that off to someone else. For regulators, it puts crypto in similar categorization to oil, gold, and other commodities, with some common standards. Platform users would likely feel greater confidence if the custodian was a brand they recognized. If the custodian was knowledgeable and had a decent team that employed multi-sig, they could keep assets safe from internal theft. With the right protections in place, this could be a great solution for many exchanges, particularly those that lack the relevant experience or human resources for their own custody systems.
However, this system is vulnerable to anyone able to impersonate the exchange operators. You may have a situation where different employees who don't know each other that well are interacting between different companies (both the custodian and all their customers which presumably isn't just one exchange). A case study of what can go wrong in this type of environment might be Bitpay, where the CEO was tricked out of 5000 bitcoins over 3 separate payments by a series of emails sent legitimately from a breached computer of another company CEO. It's also still vulnerable to the platform being compromised, as in the really large $70M Bitfinex hack, where the third party Bitgo held one key in a multi-sig wallet. The hacker simply authorized the withdrawal using the same credentials as Bitfinex (requesting Bitgo to sign multiple withdrawal transactions). This succeeded even with the use of multi-sig and two heavily security-focused companies, due to the lack of human oversight (basically, hot wallet). Of course, you can learn from these cases and improve the security, but so can hackers improve their deception and at the end of the day, both of these would have been stopped by the much simpler solution of a qualified team who knew each other and employed multi-sig with properly protected keys. It's pretty hard to beat a human being who knows the business and the typical customer behaviour (or even knows their customers personally) at spotting fraud, and the proposed multi-sig means any hacker has to get through the scrutiny of 3 (or more) separate people, all of whom would have proper training including historical case studies.
There are strong arguments both for and against using use of third party custodians. The proposal sets mandatory minimum custody standards would apply regardless if the cold wallet signatories are exchange operators, independent custodians, or a mix of both.

On The Subject Of Insurance
ShakePay has taken the first steps into this new realm (congratulations). There is no question that crypto users could be better protected by the right insurance policies, and it certainly feels better to transact with insured platforms. The steps required to obtain insurance generally place attention in valuable security areas, and in this case included a review from CipherTrace. One of the key solutions in traditional finance comes from insurance from entities such as the CDIC.
However, historically, there wasn't found any actual insurance payout to any cryptocurrency exchange, and there are notable cases where insurance has not paid. With Bitpay, for example, the insurance agent refused because the issue happened to the third party CEO's computer instead of anything to do with Bitpay itself. With the Youbit exchange in South Korea, their insurance claim was denied, and the exchange ultimately ended up instead going bankrupt with all user's funds lost. To quote Matt Johnson in the original Lloyd's article: “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
ShakePay's insurance was only reported to cover their cold storage, and “physical theft of the media where the private keys are held”. Physical theft has never, in the history of cryptocurrency exchange cases reviewed, been reported as the cause of loss. From the limited information of the article, ShakePay made it clear their funds are in the hands of a single US custodian, and at least part of their security strategy is to "decline[] to confirm the custodian’s name on the record". While this prevents scrutiny of the custodian, it's pretty silly to speculate that a reasonably competent hacking group couldn't determine who the custodian is. A far more common infiltration strategy historically would be social engineering, which has succeeded repeatedly. A hacker could trick their way into ShakePay's systems and request a fraudulent withdrawal, impersonate ShakePay and request the custodian to move funds, or socially engineer their way into the custodian to initiate the withdrawal of multiple accounts (a payout much larger than ShakePay) exploiting the standard procedures (for example, fraudulently initiating or override the wallet addresses of a real transfer). In each case, nothing was physically stolen and the loss is therefore not covered by insurance.
In order for any insurance to be effective, clear policies have to be established about what needs to be covered. Anything short of that gives Canadians false confidence that they are protected when they aren't in any meaningful way. At this time, the third party insurance market does not appear to provide adequate options or coverage, and effort is necessary to standardize custody standards, which is a likely first step in ultimately setting up an insurance framework.
A better solution compared to third party insurance providers might be for Canadian exchange operators to create their own collective insurance fund, or a specific federal organization similar to the CDIC. Such an organization would have a greater interest or obligation in paying out actual cases, and that would be it's purpose rather than maximizing it's own profit. This would be similar to the SAFU which Binance has launched, except it would cover multiple exchanges. There is little question whether the SAFU would pay out given a breach of Binance, and a similar argument could be made for a insurance fund managed by a collective of exchange operators or a government organization. While a third party insurance provider has the strong market incentive to provide the absolute minimum coverage and no market incentive to payout, an entity managed by exchange operators would have incentive to protect the reputation of exchange operators/the industry, and the government should have the interest of protecting Canadians.

On The Subject of Fractional Reserve
There is a long history of fractional reserve failures, from the first banks in ancient times, through the great depression (where hundreds of fractional reserve banks failed), right through to the 2008 banking collapse referenced in the first bitcoin block. The fractional reserve system allows banks to multiply the money supply far beyond the actual cash (or other assets) in existence, backed only by a system of debt obligations of others. Safely supporting a fractional reserve system is a topic of far greater complexity than can be addressed by a simple policy, and when it comes to cryptocurrency, there is presently no entity reasonably able to bail anyone out in the event of failure. Therefore, this framework is addressed around entities that aim to maintain 100% backing of funds.
There may be some firms that desire but have failed to maintain 100% backing. In this case, there are multiple solutions, including outside investment, merging with other exchanges, or enforcing a gradual restoration plan. All of these solutions are typically far better than shutting down the exchange, and there are multiple cases where they've been used successfully in the past.

Proof of Reserves/Transparency/Accountability
Canadians need to have visibility into the backing on an ongoing basis.
The best solution for crypto-assets is a Proof of Reserve. Such ideas go back all the way to 2013, before even Mt. Gox. However, no Canadian exchange has yet implemented such a system, and only a few international exchanges (CoinFloor in the UK being an example) have. Many firms like Kraken, BitBuy, and now ShakePay use the Proof of Reserve term to refer to lesser proofs which do not actually cryptographically prove the full backing of all user assets on the blockchain. In order for a Proof of Reserve to be effective, it must actually be a complete proof, and it needs to be understood by the public that is expected to use it. Many firms have expressed reservations about the level of transparency required in a complete Proof of Reserve (for example Kraken here). While a complete Proof of Reserves should be encouraged, and there are some solutions in the works (ie TxQuick), this is unlikely to be suitable universally for all exchange operators and users.
Given the limitations, and that firms also manage fiat assets, a more traditional audit process makes more sense. Some Canadian exchanges (CoinSquare, CoinBerry) have already subjected themselves to annual audits. However, these results are not presently shared publicly, and there is no guarantee over the process including all user assets or the integrity and independence of the auditor. The auditor has been typically not known, and in some cases, the identity of the auditor is protected by a NDA. Only in one case (BitBuy) was an actual report generated and publicly shared. There has been no attempt made to validate that user accounts provided during these audits have been complete or accurate. A fraudulent fractional exchange, or one which had suffered a breach they were unwilling to publicly accept (see CoinBene), could easily maintain a second set of books for auditors or simply exclude key accounts to pass an individual audit.
The proposed solution would see a reporting standard which includes at a minimum - percentage of backing for each asset relative to account balances and the nature of how those assets are stored, with ownership proven by the auditor. The auditor would also publicly provide a "hash list", which they independently generate from the accounts provided by the exchange. Every exchange user can then check their information against this public "hash list". A hash is a one-way form of encryption, which fully protects the private information, yet allows anyone who knows that information already to validate that it was included. Less experienced users can take advantage of public tools to calculate the hash from their information (provided by the exchange), and thus have certainty that the auditor received their full balance information. Easy instructions can be provided.
Auditors should be impartial, their identities and process public, and they should be rotated so that the same auditor is never used twice in a row. Balancing the cost of auditing against the needs for regular updates, a 6 month cycle likely makes the most sense.

Hot Wallet Management
The best solution for hot wallets is not to use them. CoinBerry reportedly uses multi-sig on all withdrawals, and Bitmex is an international example known for their structure devoid of hot wallets.
However, many platforms and customers desire fast withdrawal processes, and human validation has a cost of time and delay in this process.
A model of self-insurance or separate funds for hot wallets may be used in these cases. Under this model, a platform still has 100% of their client balance in cold storage and holds additional funds in hot wallets for quick withdrawal. Thus, the risk of those hot wallets is 100% on exchange operators and not affecting the exchange users. Since most platforms typically only have 1%-5% in hot wallets at any given time, it shouldn't be unreasonable to build/maintain these additional reserves over time using exchange fees or additional investment. Larger withdrawals would still be handled at regular intervals from the cold storage.
Hot wallet risks have historically posed a large risk and there is no established standard to guarantee secure hot wallets. When the government of South Korea dispatched security inspections to multiple exchanges, the results were still that 3 of them got hacked after the inspections. If standards develop such that an organization in the market is willing to insure the hot wallets, this could provide an acceptable alternative. Another option may be for multiple exchange operators to pool funds aside for a hot wallet insurance fund. Comprehensive coverage standards must be established and maintained for all hot wallet balances to make sure Canadians are adequately protected.

Current Draft Proposal

(1) Proper multi-signature cold wallet storage.
(a) Each private key is the personal and legal responsibility of one person - the “signatory”. Signatories have special rights and responsibilities to protect user assets. Signatories are trained and certified through a course covering (1) past hacking and fraud cases, (2) proper and secure key generation, and (3) proper safekeeping of private keys. All private keys must be generated and stored 100% offline by the signatory. If even one private keys is ever breached or suspected to be breached, the wallet must be regenerated and all funds relocated to a new wallet.
(b) All signatories must be separate background-checked individuals free of past criminal conviction. Canadians should have a right to know who holds their funds. All signing of transactions must take place with all signatories on Canadian soil or on the soil of a country with a solid legal system which agrees to uphold and support these rules (from an established white-list of countries which expands over time).
(c) 3-5 independent signatures are required for any withdrawal. There must be 1-3 spare signatories, and a maximum of 7 total signatories. The following are all valid combinations: 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7.
(d) A security audit should be conducted to validate the cold wallet is set up correctly and provide any additional pertinent information. The primary purpose is to ensure that all signatories are acting independently and using best practices for private key storage. A report summarizing all steps taken and who did the audit will be made public. Canadians must be able to validate the right measures are in place to protect their funds.
(e) There is a simple approval process if signatories wish to visit any country outside Canada, with a potential whitelist of exempt countries. At most 2 signatories can be outside of aligned jurisdiction at any given time. All exchanges would be required to keep a compliant cold wallet for Canadian funds and have a Canadian office if they wish to serve Canadian customers.
(2) Regular and transparent solvency audits.
(a) An audit must be conducted at founding, after 3 months of operation, and at least once every 6 months to compare customer balances against all stored cryptocurrency and fiat balances. The auditor must be known, independent, and never the same twice in a row.
(b) An audit report will be published featuring the steps conducted in a readable format. This should be made available to all Canadians on the exchange website and on a government website. The report must include what percentage of each customer asset is backed on the exchange, and how those funds are stored.
(c) The auditor will independently produce a hash of each customer's identifying information and balance as they perform the audit. This will be made publicly available on the exchange and government website, along with simplified instructions that each customer can use to verify that their balance was included in the audit process.
(d) The audit needs to include a proof of ownership for any cryptocurrency wallets included. A satoshi test (spending a small amount) or partially signed transaction both qualify.
(e) Any platform without 100% reserves should be assessed on a regular basis by a government or industry watchdog. This entity should work to prevent any further drop, support any private investor to come in, or facilitate a merger so that 100% backing can be obtained as soon as possible.
(3) Protections for hot wallets and transactions.
(a) A standardized list of approved coins and procedures will be established to constitute valid cold storage wallets. Where a multi-sig process is not natively available, efforts will be undertaken to establish a suitable and stable smart contract standard. This list will be expanded and improved over time. Coins and procedures not on the list are considered hot wallets.
(b) Hot wallets can be backed by additional funds in cold storage or an acceptable third-party insurance provider with a comprehensive coverage policy.
(c) Exchanges are required to cover the full balance of all user funds as denominated in the same currency, or double the balance as denominated in bitcoin or CAD using an established trading rate. If the balance is ever insufficient due to market movements, the firm must rectify this within 24 hours by moving assets to cold storage or increasing insurance coverage.
(d) Any large transactions (above a set threshold) from cold storage to any new wallet addresses (not previously transacted with) must be tested with a smaller transaction first. Deposits of cryptocurrency must be limited to prevent economic 51% attacks. Any issues are to be covered by the exchange.
(e) Exchange platforms must provide suitable authentication for users, including making available approved forms of two-factor authentication. SMS-based authentication is not to be supported. Withdrawals must be blocked for 48 hours in the event of any account password change. Disputes on the negligence of exchanges should be governed by case law.

Steps Forward

Continued review of existing OSC feedback is still underway. More feedback and opinions on the framework and ideas as presented here are extremely valuable. The above is a draft and not finalized.
The process of further developing and bringing a suitable framework to protect Canadians will require the support of exchange operators, legal experts, and many others in the community. The costs of not doing such are tremendous. A large and convoluted framework, one based on flawed ideas or implementation, or one which fails to properly safeguard Canadians is not just extremely expensive and risky for all Canadians, severely limiting to the credibility and reputation of the industry, but an existential risk to many exchanges.
The responsibility falls to all of us to provide our insight and make our opinions heard on this critical matter. Please take the time to give your thoughts.
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

Weekly Update: 5th Parachute League, Constellation + Splunk, Limit Orders on Voyager, SwitchDex update…– 12 Jun – 18 Jun'20

Weekly Update: 5th Parachute League, Constellation + Splunk, Limit Orders on Voyager, SwitchDex update…– 12 Jun – 18 Jun'20
Sup folks! Continuing with our six-part catch up series to get up to date on the May and June news from Parachute and partners, here’s Part V of VI (12 Jun – 18 Jun'20):

Jason's #fridayprompt for this week got Parachuters to "look at a holiday or major event celebrated in your nation" and talk about "the significance, how it evolved and what happens during the event or holiday". Tiproom crew launched a video contest for the best tutorial on how Crypto Leagues works. The 5th Parachute League with a 100k $PAR prize pot was launched this week. Naj hosted a fun trivia in TTR for 10k $PAR in prizes. Peace Love’s “Big Trivia” this week was based on general knowledge. Congratulations to Babywolf for winning this week’s Parena and taking home a boatload of $PAR. Saweet! This week’s Two-for-Tuesday was themed on rock and metal bands. If you’ve been in Parachute for a while, you’ll know that Parachuters across the world love sharing pictures from their daily lives in the chat. Here are some snippets they shared this week:
What a welcome sight amidst all this gloom and doom indeed, LordHades! Location: Black Sea
Some glimpses from Alexis’ and Carlos’ aquariums
Dang! What a view. Pic credits: Chris
In Hydro educational content this week, the team published articles on what an E-Money License was and a guide to prepaid card regulations. Mastercard did a shoutout to the PaaS report which was released 2 weeks back. And congratulations for getting listed in the Top Fintech Startups of 2020 list compiled by Business Insider. Amazing achievement! SelfKey published a guide to crypto lending in the US and an article on the benefits of crypto lending. While Constellation hasn’t made a public announcement yet, it seems like they have entered into a partnership with tech giant Splunk. Pynk’s Head of Investor Relations Miguel Ortiz penned an article on how the current financial system is skewed. Wibson crew attended an online Techqueria event on privacy this week. The team will be presenting at the next event. A chapter on Wibson has been included in a newly released book by Springer Nature titled Blockchain and Distributed Ledger Technology Use Cases. If you missed the Harmony AMA with Binance this week, you can read the transcript here. 1k USD worth of $ONE were given away. Sweet! And what an amazing edit for Justin Bieber fans. Haha! The weekly PoW thread can be read here. Harmony has climbed to the second position in overall score on the Staking Rewards platform. The team sat down for an AMA with Trust this week. Click here to catch up. They appeared for another AMA with Sesameseed as well. The entire session can be re-watched here. Covalent featured the project in its latest podcast. $ONE got listed on Switchain. Sesameseed started a staking campaign to reward $ONE delegators. Folks new to Intellishare can get acquainted with the project from their latest article. As GET Protocol’s Q2 2020 token burn event comes closer, the community got down to guessing the burn amount for a crack at 250 $GET in prizes. GET Protocol’s ticketing platform GUTS Tickets announced that it will be ticketing Woodkid’s Amsterdam event in Jan 2021.
The Mycro Hunter landing page looks fresh in case you haven’t checked it out yet
Click here and here to track the latest AXPR burns. 2gether founder Salvador Casquero was invited to the First Movers show on Capital Radio where he spoke about how the platform is innovating in fintech during the pandemic. CEO Ramon Ferraz appeared for the Territory BTC podcast to talk about the market in general and the growth of 2gether. YouTuber Bitcoin Sin Fronteras posted a video on how easy it was to buy crypto on 2gether. Quinten Francois of the Young and Investing YouTube channel also did a detailed review of the app. In #XIOSocial discussions this week, Citizens pondered over the semantics and economics of the XIO dApp staking fees. BIrdchain crew published an article on how to grow a business with SMS messages. Bounty0x's Jordan Smith spoke at the Run for the Unicorns event hosted by Silica Nexus. Limit orders went live on Voyager this week based on community feedback. So the team opened up another survey to take inputs on new features. The latest version of SwitchDex and McAfeeDex went live this week. Fantom released a general update to cover all the recent news from the dev front. The release schedule of its DeFi suite, Fantom Finance, was published as well. Alpha Sigma Capital covered Uptrennd in its research coverage of in-focus projects. GDA Capital released an extensive report on the project too. Founder Jeff Kirdeikis sat down for an interview with Best Bitcoin Casino. The team is on a hiring spree in case you are looking for a gig. Click here to read the latest weekly update from District0x. Among the new items covered are dev updates to Meme Factory and other districts, ongoing Ethlance remake etc. COTI laid out its wallet strategy and how it aims to build adoption for Viper in a detailed post this week.

And with that, we have to close for this week in the Parachutesphere! See you again with another update. Cheerio!
submitted by abhijoysarkar to ParachuteToken [link] [comments]

Weekly Update: The Parachute culture, $COTI on Gate.io, Pynk crowdfunding campaign live, Voyager + Sterling Trading Tech…– 22 May - 28 May'20

Weekly Update: The Parachute culture, $COTI on Gate.io, Pynk crowdfunding campaign live, Voyager + Sterling Trading Tech…– 22 May - 28 May'20
Heyo! Continuing with our six-part catch up series to get up to date on the May and June news from Parachute and partners, here’s Part II of VI (22 May - 28 May'20):

If you're in crypto, there's often the random pump/moon/wenBinance talk that props up from time to time in groups. Especially, when someone new joins a project and is unfamiliar with the community culture. At Parachute, we have always made it a point to have more meaningful discussions than price. Cap shared some of his thoughts on this as well. For the #culturalweekend prompt this week, Jason got Parachuters to share about “something weird your family does that is a tradition for them but not a traditional tradition”. Peace Love’s Big Trivia in TTR was quite fun as always. The beta testing group for ParJar swaps was set up this week. Also, Chris organised something amazing this week which will possibly remain a secret amongst Parachute admins (and Doc Vic 😊 ). But if word of it ever goes out, you’ll realise why Parachute is the most wholesome project in all of crypto. Chris also gave out some cool $PAR to folks in the Parachute channel to talk about "something that you didn't spend much money on that had a big impact on your quality of life". This week's Two-for-Tuesday featured music from "female artists, including bands with at least one female member". Click here for the playlist. Thanks Sebastian!
Some good cheer from Alexis all the way from Germany
aXpire’s May recap video covers product updates from Bilr, PayBX etc. To track this week’s 20k $AXPR burn, click here. The team also shared success strategies for law firms. 2gether co-founder Salvador Casquero wrote about best security practices in finance. A new update was pushed to Wednesday Coin’s dApp, WednesdayClub. In this week’s XIO discussions, Citizens talked about ideal time allocation strategies for research and execution. Top Citizens on the Leaderboard stand a chance to win some cool merch. Also, watch out for pesky scams. Voyager announced a partnership with Sterling Trading Tech to launch a crypto trading widget. Proactive Investors covered Voyager in its latest piece chronicling their growing user base. As mentioned in a previous update, CEO Stephen Ehrlich’s crypto investment webinar happened this week. Switch crew did a community AMA just before the $GHOST airdrop snapshot. The team expanded with new dev hires. In preparation for the $GHOST airdrop, ProBit completed its $VSF:$ESH swap and Stex announced support for $ESH/$GHOST airdrop. $ESH was listed on HitBTC and Changelly. Folks who guessed these exchanges correctly won some tokens as well. Founder Josh Case sat down with Mr. Backwards for an interview. Among several updates to the Ghost website, a staking calculator was added. Click here to read the latest technical update from Fantom. $FTM was in the running to be added as a collateral for DAI. Congratulations to Uptrennd for becoming the highest ranked blockchain-based social media platform as per Alexa. They started a SmartLink campaign with 2key Network. The first Uptrennd halvening went live this week. The team is reachable on Discord from now as well. District0x’s latest District Weekly and Dev Updates can be read here and here respectively. Hydro team shared their thoughts on how virtual cards for independent contractors (otherwise referred to as 1099 employees) could improve reimbursement practices. Entries for their Decentralization Ambassador program were opened this week.
These look great, XIO team
This is what is planned for the GHOST ecosystem currently
SelfKey compiled a master list of crypto lending platforms. The Loans Marketplace will feature many of these. Full transcript of the May 12th AMA was released. SelfKey advisor Edmund Lowell spoke at the BlockConf DIGITAL conference this week. Mongolian exchange AIS-X joined the Exchange Marketplace. Pynk’s crowdfunding campaign on Seedrs went live this week. Check out their campaign video here. Amazing production! Plus, this cool feature in City A.M. was the perfect way to close off the week. Wibson hosted a meetup (online of course!) for its Spanish speaking community this week. The crew also introduced the app at an Ethereum event in Buenos Aires. Harmony burned all mainnet tokens mined before Open Staking going public. The latest staking stats and validator data can be seen here and here respectively. That’s right, 3B+ $ONE is already staked. Woohoo! With its latest CoinDCX listing, $ONE got its first INR trading pair. Saweet! The major improvement proposals that were discussed with the community this week were making Open Staking more decentralized and creating a more liquid staking market. This led to the first release after Open Staking. The winners of the effective-median-stake contest were announced. Hope you got a chance to take part in the Flash Quiz. Do you know about all the projects that have been built in the Harmony ecosystem? Here’s a rundown. The team hosted an AMA as well. BitMax changed some of its rules for $ONE staking. Check out COTI’s latest network growth stats here. And super congratulations on winning the Gate.io listing vote! $COTI was also added to Binance’s Locked Savings staking program. Broking platform Troy Trade partnered with COTI to improve its scalability. DoYourTip’s $DYT now has 2500+ HODLers. Neat! Mycro was invited to join BitForex’s app platform CAPP Town. GET Protocol’s GUTS Tickets was covered in Cryptogeeks’ latest blogpost on blockchain-based ticketing.

And with that, it’s a wrap for this week in Parachute and partners! See you again with another update. Cheerio!
submitted by abhijoysarkar to ParachuteToken [link] [comments]

Crypto Banking Wars: Will Coinbase or Binance Become The Bank of The Future?

Crypto Banking Wars: Will Coinbase or Binance Become The Bank of The Future?
Can the early success of major crypto exchanges propel them to winning the broader consumer finance market?
https://reddit.com/link/i48t4q/video/v4eo10gom7f51/player
This is the first part of Crypto Banking Wars — a new series that examines what crypto-native company is most likely to become the bank of the future. Who is best positioned to reach mainstream adoption in consumer finance?
While crypto allows the world to get rid of banks, a bank will still very much be necessary for this powerful technology to reach the masses. We believe a crypto-native company, like Genesis Block, will become the bank of the future.
In an earlier series, Crypto-Powered, we laid out arguments for why crypto-native companies have a huge edge in the market. When you consider both the broad spectrum of financial use-cases and the enormous value unlocked through these DeFi protocols, you can see just how big of an unfair advantage blockchain tech becomes for companies who truly understand and leverage it. Traditional banks and fintech unicorns simply won’t be able to keep up.
The power players of consumer finance in the 21st century will be crypto-native companies who build with blockchain technology at their core.
The crypto landscape is still nascent. We’re still very much in the fragmented, unbundled phase of the industry lifecycle. Beyond what Genesis Block is doing, there are signs of other companies slowly starting to bundle financial services into what could be an all-in-one bank replacement.
So the key question that this series hopes to answer:
Which crypto-native company will successfully become the bank of the future?
We obviously think Genesis Block is well-positioned to win. But we certainly aren’t the only game in town. In this series, we’ll be doing an analysis of who is most capable of thwarting our efforts. We’ll look at categories like crypto exchanges, crypto wallets, centralized lending & borrowing services, and crypto debit card companies. Each category will have its own dedicated post.
Today we’re analyzing big crypto exchanges. The two companies we’ll focus on today are Coinbase (biggest American exchange) and Binance (biggest global exchange). They are the top two exchanges in terms of Bitcoin trading volume. They are in pole position to winning this market — they have a huge existing userbase and strong financial resources.
Will Coinbase or Binance become the bank of the future? Can their early success propel them to winning the broader consumer finance market? Is their growth too far ahead for anyone else to catch up? Let’s dive in.
https://preview.redd.it/lau4hevpm7f51.png?width=800&format=png&auto=webp&s=2c5de1ba497199f36aa194e5809bd86e5ab533d8

Binance

The most formidable exchange on the global stage is Binance (Crunchbase). All signs suggest they have significantly more users and a stronger balance sheet than Coinbase. No other exchange is executing as aggressively and relentlessly as Binance is. The cadence at which they are shipping and launching new products is nothing short of impressive. As Tushar Jain from Multicoin argues, Binance is Blitzscaling.
Here are some of the products that they’ve launched in the last 18 months. Only a few are announced but still pre-launch.
Binance is well-positioned to become the crypto-powered, all-in-one, bundled solution for financial services. They already have so many of the pieces. But the key question is:
Can they create a cohesive & united product experience?

Binance Weaknesses

Binance is strong, but they do have a few major weaknesses that could slow them down.
  1. Traders & Speculators Binance is currently very geared for speculators, traders, and financial professionals. Their bread-and-butter is trading (spot, margin, options, futures). Their UI is littered with depth charts, order books, candlesticks, and other financial concepts that are beyond the reach of most normal consumers. Their product today is not at all tailored for the broader consumer market. Given Binance’s popularity and strength among the pro audience, it’s unlikely that they will dumb down or simplify their product any time soon. That would jeopardize their core business. Binance will likely need an entirely new product/brand to go beyond the pro user crowd. That will take time (or an acquisition). So the question remains, is Binance even interested in the broader consumer market? Or will they continue to focus on their core product, the one-stop-shop for pro crypto traders?
  2. Controversies & Hot Water Binance has had a number of controversies. No one seems to know where they are based — so what regulatory agencies can hold them accountable? Last year, some sensitive, private user data got leaked. When they announced their debit card program, they had to remove mentions of Visa quickly after. And though the “police raid” story proved to be untrue, there are still a lot of questions about what happened with their Shanghai office shut down (where there is smoke, there is fire). If any company has had a “move fast and break things” attitude, it is Binance. That attitude has served them well so far but as they try to do business in more regulated countries like America, this will make their road much more difficult — especially in the consumer market where trust takes a long time to earn, but can be destroyed in an instant. This is perhaps why the Binance US product is an empty shell when compared to their main global product.
  3. Disjointed Product Experience Because Binance has so many different teams launching so many different services, their core product is increasingly feeling disjointed and disconnected. Many of the new features are sloppily integrated with each other. There’s no cohesive product experience. This is one of the downsides of executing and shipping at their relentless pace. For example, users don’t have a single wallet that shows their balances. Depending on if the user wants to do spot trading, margin, futures, or savings… the user needs to constantly be transferring their assets from one wallet to another. It’s not a unified, frictionless, simple user experience. This is one major downside of the “move fast and break things” approach.
  4. BNB token Binance raised $15M in a 2017 ICO by selling their $BNB token. The current market cap of $BNB is worth more than $2.6B. Financially this token has served them well. However, given how BNB works (for example, their token burn), there are a lot of open questions as to how BNB will be treated with US security laws. Their Binance US product so far is treading very lightly with its use of BNB. Their token could become a liability for Binance as it enters more regulated markets. Whether the crypto community likes it or not, until regulators get caught up and understand the power of decentralized technology, tokens will still be a regulatory burden — especially for anything that touches consumers.
  5. Binance Chain & Smart Contract Platform Binance is launching its own smart contract platform soon. Based on compatibility choices, they have their sights aimed at the Ethereum developer community. It’s unclear how easy it’ll be to convince developers to move to Binance chain. Most of the current developer energy and momentum around smart contracts is with Ethereum. Because Binance now has their own horse in the race, it’s unlikely they will ever decide to leverage Ethereum’s DeFi protocols. This could likely be a major strategic mistake — and hubris that goes a step too far. Binance will be pushing and promoting protocols on their own platform. The major risk of being all-in on their own platform is that they miss having a seat on the Ethereum rocket ship — specifically the growth of DeFi use-cases and the enormous value that can be unlocked. Integrating with Ethereum’s protocols would be either admitting defeat of their own platform or competing directly against themselves.

Binance Wrap Up

I don’t believe Binance is likely to succeed with a homegrown product aimed at the consumer finance market. Their current product — which is focused heavily on professional traders and speculators — is unlikely to become the bank of the future. If they wanted to enter the broader consumer market, I believe it’s much more likely that they will acquire a company that is getting early traction. They are not afraid to make acquisitions (Trust, JEX, WazirX, DappReview, BxB, CoinMarketCap, Swipe).
However, never count CZ out. He is a hustler. Binance is executing so aggressively and relentlessly that they will always be on the shortlist of major contenders.
https://preview.redd.it/mxmlg1zqm7f51.png?width=800&format=png&auto=webp&s=2d900dd5ff7f3b00df5fe5a48305d57ebeffaa9a

Coinbase

The crypto-native company that I believe is more likely to become the bank of the future is Coinbase (crunchbase). Their dominance in America could serve as a springboard to winning the West (Binance has a stronger foothold in Asia). Coinbase has more than 30M users. Their exchange business is a money-printing machine. They have a solid reputation as it relates to compliance and working with regulators. Their CEO is a longtime member of the crypto community. They are rumored to be going public soon.

Coinbase Strengths

Let’s look at what makes them strong and a likely contender for winning the broader consumer finance market.
  1. Different Audience, Different Experience Coinbase has been smart to create a unique product experience for each audience — the pro speculator crowd and the common retail user. Their simple consumer version is at Coinbase.com. That’s the default. Their product for the more sophisticated traders and speculators is at Coinbase Pro (formerly GDAX). Unlike Binance, Coinbase can slowly build out the bank of the future for the broad consumer market while still having a home for their hardcore crypto traders. They aren’t afraid to have different experiences for different audiences.
  2. Brand & Design Coinbase has a strong product design team. Their brand is capable of going beyond the male-dominated crypto audience. Their product is clean and simple — much more consumer-friendly than Binance. It’s clear they spend a lot of time thinking about their user experience. Interacting directly with crypto can sometimes be rough and raw (especially for n00bs). When I was at Mainframe we hosted a panel about Crypto UX challenges at the DevCon4 Dapp Awards. Connie Yang (Head of Design at Coinbase) was on the panel. She was impressive. Some of their design philosophies will bode well as they push to reach the broader consumer finance market.
  3. USDC Stablecoin Coinbase (along with Circle) launched USDC. We’ve shared some stats about its impressive growth when we discussed DeFi use-cases. USDC is quickly becoming integrated with most DeFi protocols. As a result, Coinbase is getting a front-row seat at some of the most exciting things happening in decentralized finance. As Coinbase builds its knowledge and networks around these protocols, it could put them in a favorable position to unlock incredible value for their users.
  4. Early Signs of Bundling Though Coinbase has nowhere near as many products & services as Binance, they are slowly starting to add more financial services that may appeal to the broader market. They are now letting depositors earn interest on USDC (also DAI & Tezos). In the UK they are piloting a debit card. Users can now invest in crypto with dollar-cost-averaging. It’s not much, but it’s a start. You can start to see hints of a more bundled solution around financial services.

Coinbase Weaknesses

Let’s now look at some things that could hold them back.
  1. Slow Cadence In the fast-paced world of crypto, and especially when compared to Binance, Coinbase does not ship very many new products very often. This is perhaps their greatest weakness. Smaller, more nimble startups may run circles around them. They were smart to launch Coinbase Ventures where tey invest in early-stage startups. They can now keep an ear to the ground on innovation. Perhaps their cadence is normal for a company of their size — but the Binance pace creates quite the contrast.
  2. Lack of Innovation When you consider the previous point (slow cadence), it’s unclear if Coinbase is capable of building and launching new products that are built internally. Most of their new products have come through acquisitions. Their Earn.com acquisition is what led to their Earn educational product. Their acquisition of Xapo helped bolster their institutional custody offering. They acqui-hired a team to help launch their staking infrastructure. Their acquisition of Cipher Browser became an important part of Coinbase Wallet. And recently, they acquired Tagomi — a crypto prime brokerage. Perhaps most of Coinbase’s team is just focused on improving their golden goose, their exchange business. It’s unclear. But the jury is still out on if they can successfully innovate internally and launch any homegrown products.
  3. Talent Exodus There have been numerous reports of executive turmoil at Coinbase. It raises a lot of questions about company culture and vision. Some of the executives who departed include COO Asiff Hirji, CTO Balaji Srinivasan, VP & GM Adam White, VP Eng Tim Wagner, VP Product Jeremy Henrickson, Sr Dir of Eng Namrata Ganatra, VP of Intl Biz Dan Romero, Dir of Inst Sales Christine Sandler, Head of Trading Hunter Merghart, Dir Data Science Soups Ranjan, Policy Lead Mike Lempres, Sr Compliance Vaishali Mehta. Many of these folks didn’t stay with Coinbase very long. We don’t know exactly why it’s happening —but when you consider a few of my first points (slow cadence, lack of innovation), you have to wonder if it’s all related.
  4. Institutional Focus As a company, we are a Coinbase client. We love their institutional offering. It’s clear they’ve been investing a lot in this area. A recent Coinbase blog post made it clear that this has been a focus: “Over the past 12 months, Coinbase has been laser-focused on building out the types of features and services that our institutional customers need.” Their Tagomi acquisition only re-enforced this focus. Perhaps this is why their consumer product has felt so neglected. They’ve been heavily investing in their institutional services since May 2018. For a company that’s getting very close to an IPO, it makes sense that they’d focus on areas that present strong revenue opportunities — as they do with institutional clients. Even for big companies like Coinbase, it’s hard to have a split focus. If they are “laser-focused” on the institutional audience, it’s unlikely they’ll be launching any major consumer products anytime soon.

Coinbase Wrap Up

At Genesis Block, we‘re proud to be working with Coinbase. They are a fantastic company. However, I don’t believe that they’ll succeed in building their own product for the broader consumer finance market. While they have incredible design, there are no signs that they are focused on or capable of internally building this type of product.
Similar to Binance, I think it’s far more likely that Coinbase acquires a promising young startup with strong growth.

Honorable Mentions

Other US-based exchanges worth mentioning are Kraken, Gemini, and Bittrex. So far we’ve seen very few signs that any of them will aggressively attack broader consumer finance. Most are going in the way of Binance — listing more assets and adding more pro tools like margin and futures trading. And many, like Coinbase, are trying to attract more institutional customers. For example, Gemini with their custody product.

Wrap Up

Coinbase and Binance have huge war chests and massive reach. For that alone, they should always be considered threats to Genesis Block. However, their products are very, very different than the product we’re building. And their approach is very different as well. They are trying to educate and onboard people into crypto. At Genesis Block, we believe the masses shouldn’t need to know or care about it. We did an entire series about this, Spreading Crypto.
Most everyone needs banking — whether it be to borrow, spend, invest, earn interest, etc. Not everyone needs a crypto exchange. For non-crypto consumers (the mass market), the differences between a bank and a crypto exchange are immense. Companies like Binance and Coinbase make a lot of money on their crypto exchange business. It would be really difficult, gutsy, and risky for any of them to completely change their narrative, messaging, and product to focus on the broader consumer market. I don’t believe they would ever risk biting the hand that feeds them.
In summary, as it relates to a digital bank aimed at the mass market, I believe both Coinbase and Binance are much more likely to acquire a startup in this space than they are to build it themselves. And I think they would want to keep the brand/product distinct and separate from their core crypto exchange business.
So back to the original question, is Coinbase and Binance a threat to Genesis Block? Not really. Not today. But they could be, and for that, we want to stay close to them.
------
Other Ways to Consume Today's Episode:
Follow our social channels: https://genesisblock.com/follow/
Download the app. We're a digital bank that's powered by crypto: https://genesisblock.com/download
submitted by mickhagen to genesisblockhq [link] [comments]

Binance scammed me 1516 USDT with unethical verification requests! Then rejected my real verification with stupid reasons! Stay Away from this Scam Exchance! (Latest Review)

Hello guys,
may be you remember the story I posted here recently about HOW BINANCE is SCAMMING me 1516 USDT If not you can review it here: https://www.reddit.com/Bitcoin/comments/g08w53/binance_scammed_me_1516_usdt_with_unethical/
Here is the final update. I'm not here anymore to try to beg binance to refund my money, as it's already clear that they scammed. I want just want awareness about the shit exchange.
In short, binance BinanceExchange and their manager u/symbiotic_bnb SCAMMED me my 1516 USDT.
They wanted me to send my real documents, provide some video I must record for them. I did all they requested and they replied saying "no, it's not you, you got documents on darknet". My godddd, so I went to darknet, I bought docs from people and requested them the videos, how sick are these people? I don't even know where is that darknet ( Smybiotic may be you can teach me).
When I insited, they told me they are expecting from me UK documents because I was connecting using UK IP wowwww
I was using indeed UK private proxy to use my unverified account, and even if not, whats the relation with my IP when using unverified account?
These guys are simply SCAMMER!!!!!!!!!!!
Binance, one more time you WON, CONGRATULATIONS. Keep scamming people like you do everyday.
submitted by churgercold to Bitcoin [link] [comments]

Cryptomarketing in 2020: successful application of strategies from MLM and the beauty industry

Cryptomarketing in 2020: successful application of strategies from MLM and the beauty industry

Cryptomarketing in 2020: successful application of strategies from MLM and the beauty industry
Over the past decade, the crypto-industry has proven to be a unique industry with a specific audience, which requires a no less specific approach. In this regard, in 2020, the advertising activity of crypto companies is significantly different from that to which banks and various financial companies resort. Industry leaders prefer not to rely on traditional online advertising on Facebook, Instagram and YouTube. They follow a different path: they work with bloggers (opinion leaders and influencers), rely on MLM marketing referral programs and actively organize various contests and sweepstakes with generous prize pools. The CoinDesk portal claims that crypto marketing this year is strikingly reminiscent of marketing in the beauty industry, and here it is no less effective.

General concept

Michelle Fan, a blogger with a million YouTube subscribers, is using the same techniques to spread skin care life hacks and the idea of financial freedom through bitcoins. Moreover, she assures that the leaders of the crypto industry, like her, use marketing schemes from the beauty industry, even if they themselves do not know about it.
Both areas prefer to use the DTC (Direct to Customer) business scheme, independently creating and then promoting and selling goods / services, working as closely as possible with the community. Sales are built through aggregated retail platforms like Amazon, Etsy and Shopify, or even through accounts in popular social networks.
Industry leaders in developing countries often resort to the latter option, where large sites like Amazon simply don’t work or aren’t popular. For example, Michelle Haber, a bitcoin maximalist from Libya, made it clear in CoinDesk’s comment that social networks and chats are today the most effective way to distribute goods / services in crypto topics. He said that local traders in order to “educate” the audience help buy hardware wallets, selling them through groups on social networks. Buying yourself Trezor or Ledger in another way is often simply impossible.

Work with opinion leaders

Michelle Fan is not the only person from the crypto-community who notices the similarities with the beauty industry. So, Maria Paula Fernandez, who actively uses the services of the DeFi sector and is seriously interested in the topic of skin care, gave the CoinDesk portal a similar comment.
She notes that in both cases, society has become accustomed to relying on the opinion of society itself, rather than trusting the views of the world’s leading media. Therefore, in both sectors, the so-called influencers are very popular — opinion leaders and bloggers who disseminate information among their audience on YouTube, Instagram, TikTok and other social networks, receiving a reward for this.
Crypto-companies very often, like firms from the beauty industry, provide their products to opinion leaders for review and further “instruction” of their subscribers. Maria Paula Fernandez does not see anything shameful in this. Observing the experience of bloggers, subscribers begin to acquire a kind of crypto-education and disseminate the information through the word of mouth. Thus, the crypto-community grows.
The most successful bloggers over time can count on sponsorship from one or another crypto company.
For example, the podcaster Marty Bent, whose show is now funded by Unchained Capital and Square, the developer of Cash App, witnessed this scenario. The latter, by the way, in addition to Bent sponsor also podcast Joe Rogan and rapper Lil B.
Many other large companies, including the Kraken exchange, have resorted to this strategy. They are just as interested in sponsoring reputable content creators who promote products among loyal subscribers. The U.S. exchange sponsors the Reckless VR crypto start-up, founded by Udi Wertheimer for crypto-conferences in virtual reality, and the famous podcast Peter McCormack, who launched his own media brand Defiance last year. Having started his career as a hobby, McCormack turned it into a business of his life, thanks to which he earned about $1 million for 2019.
With all this, working with bloggers is a great opportunity to enter foreign markets. This is understood at Crypto.com, where they use opinion leaders to attract the Russian-speaking and Turkish-speaking community. Does this approach give a result? Judge for yourself: over the past six months, the number of startup users has doubled and currently stands at more than 2 million people.

Referral Bonuses and MLM Marketing

The development of products within the community often turns into MLM marketing strategies, which require the presence of referral bonuses and bonuses “in depth” — favorite schemes of cosmetic brands. They use a multi-level reward system for attracting partners, where you can usually get a bonus not only for personally invited, but also for “friends of friends and their friends”. Thus, opinion leaders who distribute crypto products often receive a portion of the funds that people invited by them will pay for the product / service.
The relevance and effectiveness of the trend is confirmed by the fact that these methods are not shy to use not only crypto start-ups, but also top cryptocurrency companies, widely known throughout the industry. A prime example is SatoshiLabs, a company that manufactures and distributes Trezor wallets. The head of communications, Iva Fizerova, confirmed that she is actively resorting to “affiliate marketing” with bloggers as an alternative to paying them for direct advertising.
No less vivid examples are the largest crypto exchanges Binance and Gemini, which managed to succeed not without the help of referral systems copied from the multi-level marketing campaigns Avon and Mary Kay, which they have been using for decades.
Instagram blogger Chjango Unchained has been earning good bonuses for several months running after posting a referral link to Gemini on her profile. When her subscribers register on the exchange and buy cryptocurrencies worth more than $100, she receives $10 in BTC. According to her, she is doing a good deed. The blogger wants people who are interested in her opinion on digital money to start their crypto path on Gemini, and not, for example, on Coinbase, because the latter charges “crazy commissions”.
Referral system bonuses are a typical phenomenon for many crypto companies, and successful bloggers are happy to use this. A prime example is Michael Gu, known by the pseudonym Boxmining. It has been distributing information about digital money since 2012, having gathered an audience of more than 200,000 subscribers on YouTube and more than 3,500 participants in Telegram chat during this time.
Despite the fact that the manufacturer of hardware wallets Ledger does not sponsor its activities, it places referral links in the video descriptions and collects voluntary donations from subscribers. As you might guess, he feels rather well. At the same time, he emphasized that user activity during the coronavirus pandemic is only growing, especially after YouTube began to put sticks in the wheels of the creators of crypto-content.

Gifts, contests and sweepstakes

Making a small gift is a great way to introduce an audience to a new product. In the cryptocurrency market, this has long been relevant.
Coin creators eagerly carry out airdrops and bounty campaigns, allowing the crypto community to test the new coin. A similar approach is popular in the beauty industry. Samplers of perfumes and branded magazines with smells have led many girls to buy full-fledged versions of the fragrance.
In addition to the cryptocurrency developers themselves, a similar approach is also used by cryptocompanies of a different direction, which cannot conduct airdrops due to their technical features (for example, this is true for manufacturers of hardware wallets). Therefore, they organize more classic contests and sweepstakes. For example, they play a wallet for reposting on social networks or videos published on YouTube.
It is noteworthy that cryptobrands in this area are even more active than cosmetics manufacturers. They work not only with trusted bloggers with many subscribers, but also help to become less “untwisted” users. Therefore, they periodically assist them in organizing draws in order to attract subscribers who could potentially become new customers.
Iva Fizerova from SatoshiLabs confirmed that Trezor manufacturers periodically help users attract new followers through the distribution of gifts. Moreover, this approach brings excellent results. By working with the community this way, they have managed to sell hundreds of thousands of wallets. But most importantly, a reputation of the brand has formed around the product, warmly received by the audience. And this effect is so strong that the company simply does not see the point in spending money on traditional expensive advertising.
Most importantly, despite all the problems of 2020, including the coronavirus pandemic, which seriously hit the global economy and, accordingly, people’s wallets, demand for products did not fall. This approach remains effective, while the percentage of successful conversions in traditional advertising has probably decreased. Fizerova noted that over the past three months they have recorded a steady increase in demand for goods. Moreover, they even had to solve delivery problems, if only the buyers got the desired devices in a timely manner.
A similar approach and results are observed with other manufacturers of hardware wallets. Thus, Rodolfo Novak, co-founder of Coinkite, confirmed the growth in demand for products, despite the pandemic. Working with the community is their main marketing strategy, because it really gives results. Over the past three years, they donated about 50 wallets to YouTube reviewers. Novak is proud that their “users help other users.” According to him, this approach allows you to sell products at a lower price, since the cost of goods does not include high costs for familiar marketing campaigns.

Are marketing strategies effective? More than

The cryptocurrency market relies on marketing strategies that have established themselves in the beauty industry, which in the new field are no less effective. Maximum performance is achieved with a killer combination of all three of the above methods. It’s about when the founders of cryptocompanies themselves become opinion leaders. Just look at Changpen Zhao, the head of Binance, or Justin Sun, the project manager of TRON. Both entrepreneurs are bloggers with a huge army of subscribers and are personally engaged in the promotion of their brands, regularly rewarding their audience with pleasant gifts.
It’s easy to guess why industry leaders rely mainly on this type of marketing. Advertising products in the traditional way is expensive, especially for startups, behind which there are still no attractive products with a good reputation. But more importantly, crypto products are quite complex in themselves, so they often need detailed explanations, which are difficult to implement in the framework of traditional advertising. Agree that selling a bottle of Fanta with a new taste is much easier than a hardware cryptocurrency wallet, especially since most people don’t understand what it is.
On top of that, regular advertising is complicated by the fact that media giants regularly block crypto content.
In such a situation, marketing borrowed from the beauty industry seems to be the most acceptable and most effective option. By focusing their marketing budgets on opinion leaders and working with the community, cryptocompanies achieve the desired result, even taking into account the coronavirus pandemic. The crypto community is getting bigger and stronger every day. But the best part is that this growth cannot be stopped.
Subscribe to our Telegram channel
submitted by Smart_Smell to Robopay [link] [comments]

Survey Responses Are IN!

I want to thank everyone who replied to our survey! Your feedback is extremely valuable!


Here are the results and how they're helping shape our direction.


What goals would you like to see us accomplish? What's most important to you in how this Quadriga situation ends?

This was an open-ended question and the answers varied widely (and there was definitely a lot of responses which mentioned multiple goals). Here's a summary:
The justice theme has been entirely overlooked by what we're doing. Discussing the idea on the Quadriga Uncovered Telegram group, it was determined that there was definite interest in a potential letter-writing initiative. One possibility would be sending letters to the RCMP to request the exhumation.


Is there any part of our initiative which confuses you?

Almost universally, there was no mention of any confusion.
The feedback we did receive:
Please feel free to reach out on Telegram and Reddit if there are any further questions!


Is it more important to you that we focus on (a) helping victims of Quadriga recover, (b) educating more people about Quadriga and other exchange fraud, or (c) preventing future exchange fraud events like Quadriga?

Of the first or only choice picked, 70% chose (a) helping victims of Quadriga recover, while 30% chose (c) preventing future exchange fraud events like Quadriga.
(a) was mentioned in 80% of cases, and top choice in 70%.
(b) was a second choice in 30% of cases and mentioned in 35%.
(c) was mentioned in 65% of responses and top choice in 30%.
The educational portion of our initiative was seen as the lowest value. We are floating the idea of replacing the Education goal with a separate Justice goal, which is composed of letter-writing and other advocacy to help speed up any potential criminal investigations.


What bothers you most about Canadian cryptocurrency exchanges?

The responses varied widely. Here's a selection:
There is clearly a lack of satisfaction.


Should preventing events like Quadriga focus more on regulatory reform (working with regulators) or trying to create change through setting the example on one exchange and go from there (similar to how "Tesla" has electrified vehicles)?

Overall summary:
Pressing forward on both fronts appears to make the most sense.


Would you rather have the recovery run inside of a for-profit exchange (sort of a marketing/promotion idea to push people onto a safer exchange) or as an independent group of affected users pushing for our own interests (working with the safer exchange and other businesses potentially similar to a labour union or political advocacy)?

The end result:
We will be working to run this independently, however working closely with our partner exchange as a joint project (and it is definitely a promotional tool for them).


If given the choice, would you prefer (a) $20 cash each year for 10 years (slower recovery with full choice), or (b) your choice of $200 worth of discounts on products/services that are donated by small businesses which you could use this year (faster recovery with less choices)?

60% indicated a preference for (b), and 40% had the preference for (a). There is clear interest in focusing on both, which will push the fastest and most flexible recovery.


Affected users have a liquidation option which allows non-victims to purchase their tokens on the exchange. How do you feel about charging non-victims a small fee (5 cents per token) that is split between funding the project and a pool for affected user payout?

50% expressed outright support for the idea. Below are more detailed responses and comments:
At the moment this has not yet been agreed upon by the partner exchange.


Have you discussed the project with anyone else who lost funds in Quadriga? What kind of feedback are you hearing?

40% said they've discussed it. 40% have not. 20% didn't answer (or it was hard to understand). Some of the responses:


Many affected users have strong privacy concerns and shame regarding what happened to them, such that they are even hesitant to share basic details. What do you feel is the best way to build trust and openness among the affected user community?

Here are some of the replies:

Notes: Percentages rounded to the nearest 5%.


Thank you very much for everyone who took the time to respond! We will continue to study your answers as we move forward!
submitted by azoundria2 to QuadrigaInitiative [link] [comments]

Weekly Update: Parachute Crypto League, new assets on Voyager’s Interest Program, Fantom Lachesis now ABCI compatible, CyberFM + Blockchain Radio... – 1 May - 7 May'20

Weekly Update: Parachute Crypto League, new assets on Voyager’s Interest Program, Fantom Lachesis now ABCI compatible, CyberFM + Blockchain Radio... – 1 May - 7 May'20
Hi everyone, it’s been a difficult few weeks for everyone around the world with a constant barrage of sobering news – from COVID-19 to super cyclonic storms to George Floyd. I hope this update offers some much needed respite. Here’s your week at Parachute + partners (1 May - 7 May'20):

Congratulations to Foo for winning the inaugural Parachute Crypto League (which started last week). New leagues (including ones with $PAR prizes) were added this week. New Parachute league was added as well. How does it work? Click here to find out. Hope you got a chance to partake in the Tiproom giveaway event. Bose hosted a Football-themed trivia in TTR for some sweet $PAR rewards. Noice! Gamerboy’s random quiz for 1k $PAR per question got everyone scratching their heads. Unique and Victor’s trivias were pretty as well. Charlotte changed up the format of standard tiproom quizzes with a new one this week. Cap shared a sneak peek of what’s to come in the next few weeks. New $PAR use-case as well. Plus, latest digestives coming up. The 2FT ongoing theme continued with "videos featuring bands or artists whose name starts with the letters U, V, W, X or Y" this week. Check out all the cool music that got posted from Sebastian’s playlist. Epic gif Peace Love. Haha! Want to get some $PAR for staying in shape during the lockdown? Don’t forget to check out the TTR Pushups Contest. And if you were a fan of Jason’s Financial Fridays in 2gether, stay tuned for next week since it is coming back to Parachute. ParJar is currently at 32k+ users and 1.4M+ tips. Epic!
Jason shared a sneak peek into his computing setup. Pretty cool!
aXpire COO Matthew Markham wrote about the effect of legal billing software on law practice management. The monthly 200k $AXPR burn can be tracked here. 2gether CEO Ramon Ferraz routinely sends out emailers with project updates to all Founders (registered 2gether members). Click here to check out the latest. The crew also compiled a list of 7 books to read in order to learn about cryptocurrencies. Voyager introduced $XRP (Ripple), $EOS, $XLM (Stellar), $OMG (OmiseGO) and $ZRX (0x) to its Interest Program. Read more about it here. They celebrated it with a massive 5k $XRP giveaway along with an interest boost program. CEO Stephen Ehrlich sat down for an interview on Scott Melker’s (The Wolf of All Streets) podcast this week. Stephen was also interviewed by Jason Hartman (host of Creating Wealth Show). Switch released the first set of a 10 part series blog posts this week chronicling the story of the project starting with the beginning, move from Ethershift to Switch, launch of SwitchDex and the various Switch tokens. More to come next week. Fantom submitted a proposal to the MakerDAO community for adding $FTM as a collateral for $DAI. The latest technical update was published as well. The update covers news such as Fantom’s consensus protocol now being compatible to Application BlockChain Interface (ABCI). ABCI allows blockchain "transactions to be processed in any programming language". Saweet! Read more about ABCI compatibility here. The first Uptrennd Halvening ($1UP gets doubly difficult to earn) is expected to happen around the time of bitcoin halvening. Altcoin Buzz talked about it in their latest video. Huge congratulations on crossing 100k members! Uptrennd also announced a Citizenship program aimed at improving the overall quality of posts and comments by offering more giving power to higher ranked members. Jeff also sat down for interviews with Scott Cunningham for BeInCrypto and with Cash Alternative TV this week.
Amazing achievement, Uptrennd!
Following the launch of Pangaea Phase 3 last week, Harmony started an incentivised testnet staking program this week for delegators in partnership with Binance. The April #pow thread (i.e. project updates from April) can be found here. It was also summarised into an article. If you missed last week’s AMA, you can catch up from the transcript. Pangaea Phase 3 testing now has 1k+ validators and delegators. Noice! Part 2 from last week’s smart contract webinar was released. Harmony's Edgar Aroutiounian gave a presentation at Ready Layer One's online conference on BLS Aggregate Signatures. The project joined Indian state Telangana’s Blockchain District Accelerator program T-Block Accelerator as an official platform partner. Cointelegraph covered this news as well. The team also shared the latest updates through a community hangout. IntelliShare founder Raymond Xiong will appear for an AMA with CoinKeeper next week. Elections for the 6th Autonomous Committee started this week. GET Protocol shared their thoughts on how to reopen Dutch museums safely. COTI’s April rewards were distributed. Crypto analysis collective Trade Dog’s in-dept project review was released. Congratulations on getting the highest rating. If you have missed the events of April, the latest newsletter’s got your back. DoYourTip announced a partnership with InFocus Games to have their mascot Tipply as a playable character in the Pathfinders game in the form of an ERC1155 asset. The demo is live already. Have fun gaming! A DYT trading league on Crypto Leagues was started as well.
Harmony’s Pangaea P3 testing turned out to be a success with high participation throughout
Read all about Opacity’s April updates here. District0x’s latest weekly update report can be read here. The latest Hydro blogpost cleared some FAQs about prepaid cards. Community requests for the latest Sentivate update was closed this week. The update includes browser upgrade, devMode toggles etc. The code commits can be tracked on GitHub. Check out how stream and play works here. If you are worried about censorship resistance of the Universal Web, have a read of this tweet thread. Plus, a $BTC giveaway contest was launched by the crew as well. Chief Engagement Officer at OST, Simona Pop, spoke at the first ever Ethereal Virtual Summit this week in addition to speaking at Ready Layer One’s community event (as mentioned in the last update). The SelfKey team explored if there was a causal relationship between developer activity and market cap of a project. The data breach compilation article was updated. The crew will be hosting an AMA next week. The progress report for April was published. Now that Constellation’s Hypergraph Mainnet is live, read all about the current status and what next here. The team sat down for an AMA with KuCoin. The community-built balance-checker lets you look at mainnet wallet balances. The Yazom Mobile app got approved by Google Play. You can register for early access on the website. Blockchain Radio was integrated with CyberFM this week. This means all 17 featured shows and 23 radio hosts of Blockchain Radio will now be available on the CyberFM app.

And with that, we close for another week in the Parachuteverse. See you again with another update. Ciao.
submitted by abhijoysarkar to ParachuteToken [link] [comments]

Warning! beldextrade.com is a scam - another fake giveaway

I wasn't too privy to this specific scam before today, and I searched for the website in question but found nothing. The red flags were everywhere the entire time I was going through this, but it initially seemed legitimate enough for people to be easily deceived. Hopefully any potential victims can find this post and save themselves from being scammed.
It all started when I got a message on Discord (https://imgur.com/1fMZ3qS) from a guy (ironically) named "Crooked" telling me I won $69 of bitcoin in a random giveaway. This was the first red flag but I clicked through just to take a look. I went to the site, created an account, and tried to withdraw my 0.008 BTC... https://imgur.com/s1J4D5u I have to gamble some of it away to withdraw it? Second major red flag.
At this point I had nothing to lose so I went ahead and bet the minimum of $15 on the roulette. When the timer hit 0, I was greeted with this: https://imgur.com/xtXt80t. I won $2k in bitcoin!? Yeah, obviously this is too good to be true, but in the moment I just blinked at the screen. There's a "live" chat with the gamblers chatting away, so I asked if I really just won. Some of them quickly answered me with the affirmative. It all looked pretty convincing, but I wouldn't be surprised if these are paid actors or even AI chatbots.
Then I tried to withdraw again, but I got a message telling me I need to talk to support to activate a "bot app". So I do, and support linked me to a chrome extension: https://chrome.google.com/webstore/detail/a%D1%80%D1%80-cr%D1%83%D1%80t%D0%BE/bhihlepfeofebhiafmidfeipambijdgl. I need to install it and log into coinbase / binance / etc to "verify I'm not a bot or money launderer." I read the reviews on the extension and it's glaringly obvious. The extension steals the login info of the wallet and the scammers empty it out. At this point I was certain this is a scam, but I spun up a VM to install it so I can get to the bottom of this.
Sure enough, another attempt to withdraw was met with failure, and further talk with the support rep informed me that I need to have at least $500 of bitcoin in my online wallet in order to be verified. After all these red flags, I'd have to be an idiot to go through with that, so I finally called them out on it. Alas, the rep promptly disconnected from the live chat and banned me from the gambling chat for good measure.
I know enough about scams to not fall for stuff like this, but I can totally see how people can. There's some techniques used in order quell the doubts that pop up while going through the hoops. There's the low initial giveaway (>$100 seems believable), the rush of gambling (ESPECIALLY for people who are prone to these addictive behaviors) and "winning" $2k in realtime. This all reminds me of the old "sign up for x to unlock free y" scams that were all over the internet a decade ago, but a lot more nuanced and sophisticated. There's probably dozens, if not hundreds of these sites out there, but I feel the more info is out there the less people will end up falling for it.
TL;DR: If you get a message on Discord saying you won a small amount of bitcoin, ignore it. It's a scam.
submitted by KamiKazeKenji to Bitcoin [link] [comments]

Monthly Nano News: December 2019 + Year Recap Special

This is what NANO has been up to lately. I don't think I lie if I say it has been quite an amazing year!
See you soon and happy new year! Something nice is coming soon that I have been working on for a while, stay tuned..

December 2019

November 2019

October 2019

September 2019

August 2019

July 2019

June 2019

May 2019

Apr 2019

Mar 2019

Feb 2019

Jan 2019


More news here: https://nanolinks.info/news

https://preview.redd.it/9sw5nkoxlt741.png?width=749&format=png&auto=webp&s=3426d4eafb9430c0304a6d161596102536df4318
submitted by Joohansson to nanocurrency [link] [comments]

Margin en Binance para Bitcoin y otras Criptomonedas  Review y Tutorial Binance FULL Review & Tutorial - How To Buy/Trade Bitcoin ... Helium (HNT) got listed on Binance - my review - YouTube Bitcoin Trading Philippines for Beginners Tutorial 2020 ... Binance Has Been Hacked Binance: How to buy cryptocurreny with USD! Binance hacked! 7000 BTC Stolen How to use a Stop Limit - Stop Loss on Binance - YouTube Binance Hack! Valuable Opportunity? CZ Binance interview – What to expect from crypto in 2020

17 reviews. Scam site. Scam site.. These people took away all my money. It was a painful experience with them. But I just got back my refund with the help of Mrs (sallycontrell)At g mail. Feel free to email her Useful. Share. Reply. You've already flagged this Jasper K 19 reviews. No matter what they tell you. No matter what they tell you, they are not the bro.ker agency to tr.ade with. If ... Binance Review: What is Binance? Binance is an exchange that hosts crypto-to-crypto trades.This means that they do not accept real-world money, such as U.S Dollars (USD) or Euros (EUR).The exchange was first created in 2017 and was originally located in China. However, as cryptocurrency laws are very strict in China, the exchange has since moved to Japan, a country that loves digital currency! Binance Trading Platform Binance Futures and Derivatives. Binance Futures, which was launched in 2019, enables traders to speculate on the price of (rather than to purchase and sell) Bitcoin and various popular altcoins, including Bitcoin Cash, Ethereum, Litecoin, Ripple and more.. The platform allows leveraged trading of up to 125x, which means that traders can multiply their profits (but ... Binance: The World’s Leading Cryptocurrency Exchange? In our review, we will attempt to outline everything that you need know about Binance, including how it works, the crypto pairs that you can exchange, trading fees/limits, security aspects, and customer support.. Visit Binance The English user reviews on Binance, while few, are fairly positive. Again, we must reiterate this is still a very new company, at the time of writing of this review. Trading conditions . Trading instruments (cryptocurrencies) Binance offers a substantial number of coins, which are traded mostly against Bitcoin and Ethereum. On the other side the two major coins are also paird with USDT (US ... I would say that binance.com are… I would say that binance.com are double-dealers, they just use you first and never contact you again! These are rackets! Never try to invest with them. I had an awesome experience with (BTCarbitrage . live) and they are worthy of trust and bitcoin investments. These people deal with you very well. I will ...

[index] [15401] [1528] [15847] [18248] [6646] [17903] [19169] [12686] [23368] [1083]

Margin en Binance para Bitcoin y otras Criptomonedas Review y Tutorial

Binance CEO Changpeng Zhao (CZ) gives us his thoughts on where cryptocurrency markets, Bitcoin and Binance are headed in 2020. Plus he openly addresses Binance's role in the recent Steem voting ... Binance Lists Helium (HNT) this was the best-performing asset in the past 24h in this bear market! this is a real project! 00:00 intro 00:25 market today 2:4... Learn the basics of Bitcoin Trading in Philippines for beginners. In this video I will show how to Buy and Sell or Trade btc to other altcoins. I will also s... Binance Hacked How much was stolen & what can we learn from this? - Duration: 10:29. ... Crypto Meme 👏 Review 👏 #00001 - Duration: 7:41. Crypto Daily 24,311 views. 7:41. SOLO Player ... Binance Has Been Hacked Jumping on live to discuss what is going on with the Binance Bitcoin Hack! #Binance #Bitcoin #Hack. Firstly, thanks for watching I appreciate your support! What is a Stop-Limit Order? Learn about Stop Limit orders and how to use them on Binance the Cryptocurrency Exchange. Subscribe to keep up to date with more ... I showcase how to buy bitcoin/etherium/litecoin/bitcoin cash and bring it to the binance exchange. binance margin trading tutorial 2019💪estrategia para criptomonedas con altas caidas de precio 💰 - duration: 12:43. Semillero de Ingresos 4,339 views 12:43 🎥: How To Buy Bitcoin/Crypto w/ Binance! - Binance Tutorial & Review! - Buy, Sell, Trade, Earn etc... 🔔: Like, Subscribe & Turn on Notifications 🚩: Binance E... Just announced, Binance was hacked today, 7000 BTC stolen, which is around $40 mil. Earlier today CZ tweeted: "Have to perform some unscheduled server mainte...

#