Mind the Crypto Air Gap. Best Practices for Air Gapping ...
How To Use Lily Wallet And Set Up Multisig – Bitcoin ...
How to set up a secure offline savings wallet - Bitcoin Wiki
Cryptocurrency Cold Storage? A Beginners Guide (2020)
Bob The Magic Custodian
Summary: Everyone knows that when you give your assets to someone else, they always keep them safe. If this is true for individuals, it is certainly true for businesses. Custodians always tell the truth and manage funds properly. They won't have any interest in taking the assets as an exchange operator would. Auditors tell the truth and can't be misled. That's because organizations that are regulated are incapable of lying and don't make mistakes. First, some background. Here is a summary of how custodians make us more secure: Previously, we might give Alice our crypto assets to hold. There were risks:
Alice might take the assets and disappear.
Alice might spend the assets and pretend that she still has them (fractional model).
Alice might store the assets insecurely and they'll get stolen.
Alice might give the assets to someone else by mistake or by force.
Alice might lose access to the assets.
But "no worries", Alice has a custodian named Bob. Bob is dressed in a nice suit. He knows some politicians. And he drives a Porsche. "So you have nothing to worry about!". And look at all the benefits we get:
Alice can't take the assets and disappear (unless she asks Bob or never gives them to Bob).
Alice can't spend the assets and pretend that she still has them. (Unless she didn't give them to Bob or asks him for them.)
Alice can't store the assets insecurely so they get stolen. (After all - she doesn't have any control over the withdrawal process from any of Bob's systems, right?)
Alice can't give the assets to someone else by mistake or by force. (Bob will stop her, right Bob?)
Alice can't lose access to the funds. (She'll always be present, sane, and remember all secrets, right?)
See - all problems are solved! All we have to worry about now is:
Bob might take the assets and disappear.
Bob might spend the assets and pretend that he still has them (fractional model).
Bob might store the assets insecurely and they'll get stolen.
Bob might give the assets to someone else by mistake or by force.
Bob might lose access to the assets.
It's pretty simple. Before we had to trust Alice. Now we only have to trust Alice, Bob, and all the ways in which they communicate. Just think of how much more secure we are! "On top of that", Bob assures us, "we're using a special wallet structure". Bob shows Alice a diagram. "We've broken the balance up and store it in lots of smaller wallets. That way", he assures her, "a thief can't take it all at once". And he points to a historic case where a large sum was taken "because it was stored in a single wallet... how stupid". "Very early on, we used to have all the crypto in one wallet", he said, "and then one Christmas a hacker came and took it all. We call him the Grinch. Now we individually wrap each crypto and stick it under a binary search tree. The Grinch has never been back since." "As well", Bob continues, "even if someone were to get in, we've got insurance. It covers all thefts and even coercion, collusion, and misplaced keys - only subject to the policy terms and conditions." And with that, he pulls out a phone-book sized contract and slams it on the desk with a thud. "Yep", he continues, "we're paying top dollar for one of the best policies in the country!" "Can I read it?' Alice asks. "Sure," Bob says, "just as soon as our legal team is done with it. They're almost through the first chapter." He pauses, then continues. "And can you believe that sales guy Mike? He has the same year Porsche as me. I mean, what are the odds?" "Do you use multi-sig?", Alice asks. "Absolutely!" Bob replies. "All our engineers are fully trained in multi-sig. Whenever we want to set up a new wallet, we generate 2 separate keys in an air-gapped process and store them in this proprietary system here. Look, it even requires the biometric signature from one of our team members to initiate any withdrawal." He demonstrates by pressing his thumb into the display. "We use a third-party cloud validation API to match the thumbprint and authorize each withdrawal. The keys are also backed up daily to an off-site third-party." "Wow that's really impressive," Alice says, "but what if we need access for a withdrawal outside of office hours?" "Well that's no issue", Bob says, "just send us an email, call, or text message and we always have someone on staff to help out. Just another part of our strong commitment to all our customers!" "What about Proof of Reserve?", Alice asks. "Of course", Bob replies, "though rather than publish any blockchain addresses or signed transaction, for privacy we just do a SHA256 refactoring of the inverse hash modulus for each UTXO nonce and combine the smart contract coefficient consensus in our hyperledger lightning node. But it's really simple to use." He pushes a button and a large green checkmark appears on a screen. "See - the algorithm ran through and reserves are proven." "Wow", Alice says, "you really know your stuff! And that is easy to use! What about fiat balances?" "Yeah, we have an auditor too", Bob replies, "Been using him for a long time so we have quite a strong relationship going! We have special books we give him every year and he's very efficient! Checks the fiat, crypto, and everything all at once!" "We used to have a nice offline multi-sig setup we've been using without issue for the past 5 years, but I think we'll move all our funds over to your facility," Alice says. "Awesome", Bob replies, "Thanks so much! This is perfect timing too - my Porsche got a dent on it this morning. We have the paperwork right over here." "Great!", Alice replies. And with that, Alice gets out her pen and Bob gets the contract. "Don't worry", he says, "you can take your crypto-assets back anytime you like - just subject to our cancellation policy. Our annual management fees are also super low and we don't adjust them often". How many holes have to exist for your funds to get stolen? Just one. Why are we taking a powerful offline multi-sig setup, widely used globally in hundreds of different/lacking regulatory environments with 0 breaches to date, and circumventing it by a demonstrably weak third party layer? And paying a great expense to do so? If you go through the list of breaches in the past 2 years to highly credible organizations, you go through the list of major corporate frauds (only the ones we know about), you go through the list of all the times platforms have lost funds, you go through the list of times and ways that people have lost their crypto from identity theft, hot wallet exploits, extortion, etc... and then you go through this custodian with a fine-tooth comb and truly believe they have value to add far beyond what you could, sticking your funds in a wallet (or set of wallets) they control exclusively is the absolute worst possible way to take advantage of that security. The best way to add security for crypto-assets is to make a stronger multi-sig. With one custodian, what you are doing is giving them your cryptocurrency and hoping they're honest, competent, and flawlessly secure. It's no different than storing it on a really secure exchange. Maybe the insurance will cover you. Didn't work for Bitpay in 2015. Didn't work for Yapizon in 2017. Insurance has never paid a claim in the entire history of cryptocurrency. But maybe you'll get lucky. Maybe your exact scenario will buck the trend and be what they're willing to cover. After the large deductible and hopefully without a long and expensive court battle. And you want to advertise this increase in risk, the lapse of judgement, an accident waiting to happen, as though it's some kind of benefit to customers ("Free institutional-grade storage for your digital assets.")? And then some people are writing to the OSC that custodians should be mandatory for all funds on every exchange platform? That this somehow will make Canadians as a whole more secure or better protected compared with standard air-gapped multi-sig? On what planet? Most of the problems in Canada stemmed from one thing - a lack of transparency. If Canadians had known what a joke Quadriga was - it wouldn't have grown to lose $400m from hard-working Canadians from coast to coast to coast. And Gerald Cotten would be in jail, not wherever he is now (at best, rotting peacefully). EZ-BTC and mister Dave Smilie would have been a tiny little scam to his friends, not a multi-million dollar fraud. Einstein would have got their act together or been shut down BEFORE losing millions and millions more in people's funds generously donated to criminals. MapleChange wouldn't have even been a thing. And maybe we'd know a little more about CoinTradeNewNote - like how much was lost in there. Almost all of the major losses with cryptocurrency exchanges involve deception with unbacked funds. So it's great to see transparency reports from BitBuy and ShakePay where someone independently verified the backing. The only thing we don't have is:
ANY CERTAINTY BALANCES WEREN'T EXCLUDED. Quadriga's largest account was $70m. 80% of funds are in 20% of accounts (Pareto principle). All it takes is excluding a few really large accounts - and nobody's the wiser. A fractional platform can easily pass any audit this way.
ANY VISIBILITY WHATSOEVER INTO THE CUSTODIANS. BitBuy put out their report before moving all the funds to their custodian and ShakePay apparently can't even tell us who the custodian is. That's pretty important considering that basically all of the funds are now stored there.
ANY IDEA ABOUT THE OTHER EXCHANGES. In order for this to be effective, it has to be the norm. It needs to be "unusual" not to know. If obscurity is the norm, then it's super easy for people like Gerald Cotten and Dave Smilie to blend right in.
It's not complicated to validate cryptocurrency assets. They need to exist, they need to be spendable, and they need to cover the total balances. There are plenty of credible people and firms across the country that have the capacity to reasonably perform this validation. Having more frequent checks by different, independent, parties who publish transparent reports is far more valuable than an annual check by a single "more credible/official" party who does the exact same basic checks and may or may not publish anything. Here's an example set of requirements that could be mandated:
First report within 1 month of launching, another within 3 months, and further reports at minimum every 6 months thereafter.
No auditor can be repeated within a 12 month period.
All reports must be public, identifying the auditor and the full methodology used.
All auditors must be independent of the firm being audited with no conflict of interest.
Reports must include the percentage of each asset backed, and how it's backed.
The auditor publishes a hash list, which lists a hash of each customer's information and balances that were included. Hash is one-way encryption so privacy is fully preserved. Every customer can use this to have 100% confidence they were included.
If we want more extensive requirements on audits, these should scale upward based on the total assets at risk on the platform, and whether the platform has loaned their assets out.
There are ways to structure audits such that neither crypto assets nor customer information are ever put at risk, and both can still be properly validated and publicly verifiable. There are also ways to structure audits such that they are completely reasonable for small platforms and don't inhibit innovation in any way. By making the process as reasonable as possible, we can completely eliminate any reason/excuse that an honest platform would have for not being audited. That is arguable far more important than any incremental improvement we might get from mandating "the best of the best" accountants. Right now we have nothing mandated and tons of Canadians using offshore exchanges with no oversight whatsoever. Transparency does not prove crypto assets are safe. CoinTradeNewNote, Flexcoin ($600k), and Canadian Bitcoins ($100k) are examples where crypto-assets were breached from platforms in Canada. All of them were online wallets and used no multi-sig as far as any records show. This is consistent with what we see globally - air-gapped multi-sig wallets have an impeccable record, while other schemes tend to suffer breach after breach. We don't actually know how much CoinTrader lost because there was no visibility. Rather than publishing details of what happened, the co-founder of CoinTrader silently moved on to found another platform - the "most trusted way to buy and sell crypto" - a site that has no information whatsoever (that I could find) on the storage practices and a FAQ advising that “[t]rading cryptocurrency is completely safe” and that having your own wallet is “entirely up to you! You can certainly keep cryptocurrency, or fiat, or both, on the app.” Doesn't sound like much was learned here, which is really sad to see. It's not that complicated or unreasonable to set up a proper hardware wallet. Multi-sig can be learned in a single course. Something the equivalent complexity of a driver's license test could prevent all the cold storage exploits we've seen to date - even globally. Platform operators have a key advantage in detecting and preventing fraud - they know their customers far better than any custodian ever would. The best job that custodians can do is to find high integrity individuals and train them to form even better wallet signatories. Rather than mandating that all platforms expose themselves to arbitrary third party risks, regulations should center around ensuring that all signatories are background-checked, properly trained, and using proper procedures. We also need to make sure that signatories are empowered with rights and responsibilities to reject and report fraud. They need to know that they can safely challenge and delay a transaction - even if it turns out they made a mistake. We need to have an environment where mistakes are brought to the surface and dealt with. Not one where firms and people feel the need to hide what happened. In addition to a knowledge-based test, an auditor can privately interview each signatory to make sure they're not in coercive situations, and we should make sure they can freely and anonymously report any issues without threat of retaliation. A proper multi-sig has each signature held by a separate person and is governed by policies and mutual decisions instead of a hierarchy. It includes at least one redundant signature. For best results, 3of4, 3of5, 3of6, 4of5, 4of6, 4of7, 5of6, or 5of7. History has demonstrated over and over again the risk of hot wallets even to highly credible organizations. Nonetheless, many platforms have hot wallets for convenience. While such losses are generally compensated by platforms without issue (for example Poloniex, Bitstamp, Bitfinex, Gatecoin, Coincheck, Bithumb, Zaif, CoinBene, Binance, Bitrue, Bitpoint, Upbit, VinDAX, and now KuCoin), the public tends to focus more on cases that didn't end well. Regardless of what systems are employed, there is always some level of risk. For that reason, most members of the public would prefer to see third party insurance. Rather than trying to convince third party profit-seekers to provide comprehensive insurance and then relying on an expensive and slow legal system to enforce against whatever legal loopholes they manage to find each and every time something goes wrong, insurance could be run through multiple exchange operators and regulators, with the shared interest of having a reputable industry, keeping costs down, and taking care of Canadians. For example, a 4 of 7 multi-sig insurance fund held between 5 independent exchange operators and 2 regulatory bodies. All Canadian exchanges could pay premiums at a set rate based on their needed coverage, with a higher price paid for hot wallet coverage (anything not an air-gapped multi-sig cold wallet). Such a model would be much cheaper to manage, offer better coverage, and be much more reliable to payout when needed. The kind of coverage you could have under this model is unheard of. You could even create something like the CDIC to protect Canadians who get their trading accounts hacked if they can sufficiently prove the loss is legitimate. In cases of fraud, gross negligence, or insolvency, the fund can be used to pay affected users directly (utilizing the last transparent balance report in the worst case), something which private insurance would never touch. While it's recommended to have official policies for coverage, a model where members vote would fully cover edge cases. (Could be similar to the Supreme Court where justices vote based on case law.) Such a model could fully protect all Canadians across all platforms. You can have a fiat coverage governed by legal agreements, and crypto-asset coverage governed by both multi-sig and legal agreements. It could be practical, affordable, and inclusive. Now, we are at a crossroads. We can happily give up our freedom, our innovation, and our money. We can pay hefty expenses to auditors, lawyers, and regulators year after year (and make no mistake - this cost will grow to many millions or even billions as the industry grows - and it will be borne by all Canadians on every platform because platforms are not going to eat up these costs at a loss). We can make it nearly impossible for any new platform to enter the marketplace, forcing Canadians to use the same stagnant platforms year after year. We can centralize and consolidate the entire industry into 2 or 3 big players and have everyone else fail (possibly to heavy losses of users of those platforms). And when a flawed security model doesn't work and gets breached, we can make it even more complicated with even more people in suits making big money doing the job that blockchain was supposed to do in the first place. We can build a system which is so intertwined and dependent on big government, traditional finance, and central bankers that it's future depends entirely on that of the fiat system, of fractional banking, and of government bail-outs. If we choose this path, as history has shown us over and over again, we can not go back, save for revolution. Our children and grandchildren will still be paying the consequences of what we decided today. Or, we can find solutions that work. We can maintain an open and innovative environment while making the adjustments we need to make to fully protect Canadian investors and cryptocurrency users, giving easy and affordable access to cryptocurrency for all Canadians on the platform of their choice, and creating an environment in which entrepreneurs and problem solvers can bring those solutions forward easily. None of the above precludes innovation in any way, or adds any unreasonable cost - and these three policies would demonstrably eliminate or resolve all 109 historic cases as studied here - that's every single case researched so far going back to 2011. It includes every loss that was studied so far not just in Canada but globally as well. Unfortunately, finding answers is the least challenging part. Far more challenging is to get platform operators and regulators to agree on anything. My last post got no response whatsoever, and while the OSC has told me they're happy for industry feedback, I believe my opinion alone is fairly meaningless. This takes the whole community working together to solve. So please let me know your thoughts. Please take the time to upvote and share this with people. Please - let's get this solved and not leave it up to other people to do. Facts/background/sources (skip if you like):
The inspiration for the paragraph about splitting wallets was an actual quote from a Canadian company providing custodial services in response to the OSC consultation paper: "We believe that it will be in the in best interests of investors to prohibit pooled crypto assets or ‘floats’. Most Platforms pool assets, citing reasons of practicality and expense. The recent hack of the world’s largest Platform – Binance – demonstrates the vulnerability of participants’ assets when such concessions are made. In this instance, the Platform’s entire hot wallet of Bitcoins, worth over $40 million, was stolen, facilitated in part by the pooling of client crypto assets." "the maintenance of participants (and Platform) crypto assets across multiple wallets distributes the related risk and responsibility of security - reducing the amount of insurance coverage required and making insurance coverage more readily obtainable". For the record, their reply also said nothing whatsoever about multi-sig or offline storage.
In addition to the fact that the $40m hack represented only one "hot wallet" of Binance, and they actually had the vast majority of assets in other wallets (including mostly cold wallets), multiple real cases have clearly demonstrated that risk is still present with multiple wallets. Bitfinex, VinDAX, Bithumb, Altsbit, BitPoint, Cryptopia, and just recently KuCoin all had multiple wallets breached all at the same time, and may represent a significantly larger impact on customers than the Binance breach which was fully covered by Binance. To represent that simply having multiple separate wallets under the same security scheme is a comprehensive way to reduce risk is just not true.
Private insurance has historically never covered a single loss in the cryptocurrency space (at least, not one that I was able to find), and there are notable cases where massive losses were not covered by insurance. Bitpay in 2015 and Yapizon in 2017 both had insurance policies that didn't pay out during the breach, even after a lengthly court process. The same insurance that ShakePay is presently using (and announced to much fanfare) was describe by their CEO himself as covering “physical theft of the media where the private keys are held,” which is something that has never historically happened. As was said with regard to the same policy in 2018 - “I don’t find it surprising that Lloyd’s is in this space,” said Johnson, adding that to his mind the challenge for everybody is figuring out how to structure these policies so that they are actually protective. “You can create an insurance policy that protects no one – you know there are so many caveats to the policy that it’s not super protective.”
The most profitable policy for a private insurance company is one with the most expensive premiums that they never have to pay a claim on. They have no inherent incentive to take care of people who lost funds. It's "cheaper" to take the reputational hit and fight the claim in court. The more money at stake, the more the insurance provider is incentivized to avoid payout. They're not going to insure the assets unless they have reasonable certainty to make a profit by doing so, and they're not going to pay out a massive sum unless it's legally forced. Private insurance is always structured to be maximally profitable to the insurance provider.
The circumvention of multi-sig was a key factor in the massive Bitfinex hack of over $60m of bitcoin, which today still sits being slowly used and is worth over $3b. While Bitfinex used a qualified custodian Bitgo, which was and still is active and one of the industry leaders of custodians, and they set up 2 of 3 multi-sig wallets, the entire system was routed through Bitfinex, such that Bitfinex customers could initiate the withdrawals in a "hot" fashion. This feature was also a hit with the hacker. The multi-sig was fully circumvented.
Bitpay in 2015 was another example of a breach that stole 5,000 bitcoins. This happened not through the exploit of any system in Bitpay, but because the CEO of a company they worked with got their computer hacked and the hackers were able to request multiple bitcoin purchases, which Bitpay honoured because they came from the customer's computer legitimately. Impersonation is a very common tactic used by fraudsters, and methods get more extreme all the time.
A notable case in Canada was the Canadian Bitcoins exploit. Funds were stored on a server in a Rogers Data Center, and the attendee was successfully convinced to reboot the server "in safe mode" with a simple phone call, thus bypassing the extensive security and enabling the theft.
The very nature of custodians circumvents multi-sig. This is because custodians are not just having to secure the assets against some sort of physical breach but against any form of social engineering, modification of orders, fraudulent withdrawal attempts, etc... If the security practices of signatories in a multi-sig arrangement are such that the breach risk of one signatory is 1 in 100, the requirement of 3 independent signatures makes the risk of theft 1 in 1,000,000. Since hackers tend to exploit the weakest link, a comparable custodian has to make the entry and exit points of their platform 10,000 times more secure than one of those signatories to provide equivalent protection. And if the signatories beef up their security by only 10x, the risk is now 1 in 1,000,000,000. The custodian has to be 1,000,000 times more secure. The larger and more complex a system is, the more potential vulnerabilities exist in it, and the fewer people can understand how the system works when performing upgrades. Even if a system is completely secure today, one has to also consider how that system might evolve over time or work with different members.
By contrast, offline multi-signature solutions have an extremely solid record, and in the entire history of cryptocurrency exchange incidents which I've studied (listed here), there has only been one incident (796 exchange in 2015) involving an offline multi-signature wallet. It happened because the customer's bitcoin address was modified by hackers, and the amount that was stolen ($230k) was immediately covered by the exchange operators. Basically, the platform operators were tricked into sending a legitimate withdrawal request to the wrong address because hackers exploited their platform to change that address. Such an issue would not be prevented in any way by the use of a custodian, as that custodian has no oversight whatsoever to the exchange platform. It's practical for all exchange operators to test large withdrawal transactions as a general policy, regardless of what model is used, and general best practice is to diagnose and fix such an exploit as soon as it occurs.
False promises on the backing of funds played a huge role in the downfall of Quadriga, and it's been exposed over and over again (MyCoin, PlusToken, Bitsane, Bitmarket, EZBTC, IDAX). Even today, customers have extremely limited certainty on whether their funds in exchanges are actually being backed or how they're being backed. While this issue is not unique to cryptocurrency exchanges, the complexity of the technology and the lack of any regulation or standards makes problems more widespread, and there is no "central bank" to come to the rescue as in the 2008 financial crisis or during the great depression when "9,000 banks failed".
In addition to fraudulent operations, the industry is full of cases where operators have suffered breaches and not reported them. Most recently, Einstein was the largest case in Canada, where ongoing breaches and fraud were perpetrated against the platform for multiple years and nobody found out until the platform collapsed completely. While fraud and breaches suck to deal with, they suck even more when not dealt with. Lack of visibility played a role in the largest downfalls of Mt. Gox, Cryptsy, and Bitgrail. In some cases, platforms are alleged to have suffered a hack and keep operating without admitting it at all, such as CoinBene.
It surprises some to learn that a cryptographic solution has already existed since 2013, and gained widespread support in 2014 after Mt. Gox. Proof of Reserves is a full cryptographic proof that allows any customer using an exchange to have complete certainty that their crypto-assets are fully backed by the platform in real-time. This is accomplished by proving that assets exist on the blockchain, are spendable, and fully cover customer deposits. It does not prove safety of assets or backing of fiat assets.
If we didn't care about privacy at all, a platform could publish their wallet addresses, sign a partial transaction, and put the full list of customer information and balances out publicly. Customers can each check that they are on the list, that the balances are accurate, that the total adds up, and that it's backed and spendable on the blockchain. Platforms who exclude any customer take a risk because that customer can easily check and see they were excluded. So together with all customers checking, this forms a full proof of backing of all crypto assets.
However, obviously customers care about their private information being published. Therefore, a hash of the information can be provided instead. Hash is one-way encryption. The hash allows the customer to validate inclusion (by hashing their own known information), while anyone looking at the list of hashes cannot determine the private information of any other user. All other parts of the scheme remain fully intact. A model like this is in use on the exchange CoinFloor in the UK.
A Merkle tree can provide even greater privacy. Instead of a list of balances, the balances are arranged into a binary tree. A customer starts from their node, and works their way to the top of the tree. For example, they know they have 5 BTC, they plus 1 other customer hold 7 BTC, they plus 2-3 other customers hold 17 BTC, etc... until they reach the root where all the BTC are represented. Thus, there is no way to find the balances of other individual customers aside from one unidentified customer in this case.
Proposals such as this had the backing of leaders in the community including Nic Carter, Greg Maxwell, and Zak Wilcox. Substantial and significant effort started back in 2013, with massive popularity in 2014. But what became of that effort? Very little. Exchange operators continue to refuse to give visibility. Despite the fact this information can often be obtained through trivial blockchain analysis, no Canadian platform has ever provided any wallet addresses publicly. As described by the CEO of Newton "For us to implement some kind of realtime Proof of Reserves solution, which I'm not opposed to, it would have to ... Preserve our users' privacy, as well as our own. Some kind of zero-knowledge proof". Kraken describes here in more detail why they haven't implemented such a scheme. According to professor Eli Ben-Sasson, when he spoke with exchanges, none were interested in implementing Proof of Reserves.
And yet, Kraken's places their reasoning on a page called "Proof of Reserves". More recently, both BitBuy and ShakePay have released reports titled "Proof of Reserves and Security Audit". Both reports contain disclaimers against being audits. Both reports trust the customer list provided by the platform, leaving the open possibility that multiple large accounts could have been excluded from the process. Proof of Reserves is a blockchain validation where customers see the wallets on the blockchain. The report from Kraken is 5 years old, but they leave it described as though it was just done a few weeks ago. And look at what they expect customers to do for validation. When firms represent something being "Proof of Reserve" when it's not, this is like a farmer growing fruit with pesticides and selling it in a farmers market as organic produce - except that these are people's hard-earned life savings at risk here. Platforms are misrepresenting the level of visibility in place and deceiving the public by their misuse of this term. They haven't proven anything.
Fraud isn't a problem that is unique to cryptocurrency. Fraud happens all the time. Enron, WorldCom, Nortel, Bear Stearns, Wells Fargo, Moser Baer, Wirecard, Bre-X, and Nicola are just some of the cases where frauds became large enough to become a big deal (and there are so many countless others). These all happened on 100% reversible assets despite regulations being in place. In many of these cases, the problems happened due to the over-complexity of the financial instruments. For example, Enron had "complex financial statements [which] were confusing to shareholders and analysts", creating "off-balance-sheet vehicles, complex financing structures, and deals so bewildering that few people could understand them". In cryptocurrency, we are often combining complex financial products with complex technologies and verification processes. We are naïve if we think problems like this won't happen. It is awkward and uncomfortable for many people to admit that they don't know how something works. If we want "money of the people" to work, the solutions have to be simple enough that "the people" can understand them, not so confusing that financial professionals and technology experts struggle to use or understand them.
For those who question the extent to which an organization can fool their way into a security consultancy role, HB Gary should be a great example to look at. Prior to trying to out anonymous, HB Gary was being actively hired by multiple US government agencies and others in the private sector (with glowing testimonials). The published articles and hosted professional security conferences. One should also look at this list of data breaches from the past 2 years. Many of them are large corporations, government entities, and technology companies. These are the ones we know about. Undoubtedly, there are many more that we do not know about. If HB Gary hadn't been "outted" by anonymous, would we have known they were insecure? If the same breach had happened outside of the public spotlight, would it even have been reported? Or would HB Gary have just deleted the Twitter posts, brought their site back up, done a couple patches, and kept on operating as though nothing had happened?
In the case of Quadriga, the facts are clear. Despite past experience with platforms such as MapleChange in Canada and others around the world, no guidance or even the most basic of a framework was put in place by regulators. By not clarifying any sort of legal framework, regulators enabled a situation where a platform could be run by former criminal Mike Dhanini/Omar Patryn, and where funds could be held fully unchecked by one person. At the same time, the lack of regulation deterred legitimate entities from running competing platforms and Quadriga was granted a money services business license for multiple years of operation, which gave the firm the appearance of legitimacy. Regulators did little to protect Canadians despite Quadriga failing to file taxes from 2016 onward. The entire administrative team had resigned and this was public knowledge. Many people had suspicions of what was going on, including Ryan Mueller, who forwarded complaints to the authorities. These were ignored, giving Gerald Cotten the opportunity to escape without justice.
There are multiple issues with the SOC II model including the prohibitive cost (you have to find a third party accounting firm and the prices are not even listed publicly on any sites), the requirement of operating for a year (impossible for new platforms), and lack of any public visibility (SOC II are private reports that aren't shared outside the people in suits).
Securities frameworks are expensive. Sarbanes-Oxley is estimated to cost $5.1 million USD/yr for the average Fortune 500 company in the United States. Since "Fortune 500" represents the top 500 companies, that means well over $2.55 billion USD (~$3.4 billion CAD) is going to people in suits. Isn't the problem of trust and verification the exact problem that the blockchain is supposed to solve?
To use Quadriga as justification for why custodians or SOC II or other advanced schemes are needed for platforms is rather silly, when any framework or visibility at all, or even the most basic of storage policies, would have prevented the whole thing. It's just an embarrassment.
We are now seeing regulators take strong action. CoinSquare in Canada with multi-million dollar fines. BitMex from the US, criminal charges and arrests. OkEx, with full disregard of withdrawals and no communication. Who's next?
We have a unique window today where we can solve these problems, and not permanently destroy innovation with unreasonable expectations, but we need to act quickly. This is a unique historic time that will never come again.
Dieter Fishbein, Ecosystem Development Lead, Web3 Foundation
Dan: Hey everyone, thanks for joining us for the Polkadot Launch AMA. We have Dieter Fishbein (Head of Ecosystem Development, our business development team), Logan Saether (Technical Education), and Will Pankiewicz (Master of Validators) joining us today. We had some great questions submitted in advance, and we’ll start by answering those and learning a bit about each of our guests. After we go through the pre-submitted questions, then we’ll open up the chat to live Q&A and the hosts will answer as many questions as they can. We’ll start off with Dieter and ask him a set of some business-related questions.
Dieter could you introduce yourself, your background, and your role within the Polkadot ecosystem?
Dieter: I got my start in the space as a cryptography researcher at the University of Waterloo. This is where I first learned about Bitcoin and started following the space. I spent the next four years or so on the investment team for a large asset manager where I primarily focused on emerging markets. In 2017 I decided to take the plunge and join the space full-time. I worked at a small blockchain-focused VC fund and then joined the Polkadot team just over a year ago. My role at Polkadot is mainly focused on ensuring there is a vibrant community of projects building on our technology.
Q: Adoption of Polkadot of the important factors that all projects need to focus on to become more attractive to the industry. So, what is Polkadot's plan to gain more Adoption? [sic]
A (Dieter): Polkadot is fundamentally a developer-focused product so much of our adoption strategy is focused around making Polkadot an attractive product for developers. This has many elements. Right now the path for most developers to build on Polkadot is by creating a blockchain using the Substrate framework which they will later connect to Polkadot when parachains are enabled. This means that much of our adoption strategy comes down to making Substrate an attractive tool and framework. However, it’s not just enough to make building on Substrate attractive, we must also provide an incentive to these developers to actually connect their Substrate-based chain to Polkadot. Part of this incentive is the security that the Polkadot relay chain provides but another key incentive is becoming interoperable with a rich ecosystem of other projects that connect to Polkadot. This means that a key part of our adoption strategy is outreach focused. We go out there and try to convince the best projects in the space that building on our technology will provide them with significant value-add. This is not a purely technical argument. We provide significant support to projects building in our ecosystem through grants, technical support, incubatoaccelerator programs and other structured support programs such as the Substrate Builders Program (https://www.substrate.io/builders-program). I do think we really stand out in the significant, continued support that we provide to builders in our ecosystem. You can also take a look at the over 100 Grants that we’ve given from the Web3 Foundation: https://medium.com/web3foundation/web3-foundation-grants-program-reaches-100-projects-milestone-8fd2a775fd6b
Q: On moving forward through your roadmap, what are your most important next priorities? Does the Polkadot team have enough fundamentals (Funds, Community, etc.) to achieve those milestones?
A (Dieter): I would say the top priority by far is to ensure a smooth roll-out of key Polkadot features such as parachains, XCMP and other key parts of the protocol. Our recent Proof of Authority network launch was only just the beginning, it’s crucial that we carefully and successfully deploy features that allow builders to build meaningful technology. Second to that, we want to promote adoption by making more teams aware of Polkadot and how they can leverage it to build their product. Part of this comes down to the outreach that I discussed before but a major part of it is much more community-driven and many members of the team focus on this. We are also blessed to have an awesome community to make this process easier 🙂
Q: Where can a list of Polkadot's application-specific chains can be found?
A (Dieter): The best list right now is http://www.polkaproject.com/. This is a community-led effort and the team behind it has done a terrific job. We’re also working on providing our own resource for this and we’ll share that with the community when it’s ready.
Q: Could you explain the differences and similarities between Kusama and Polkadot?
A (Dieter): Kusama is fundamentally a less robust, faster-moving version of Polkadot with less economic backing by validators. It is less robust since we will be deploying new technology to Kusama before Polkadot so it may break more frequently. It has less economic backing than Polkadot, so a network takeover is easier on Kusama than on Polkadot, lending itself more to use cases without the need for bank-like security. In exchange for lower security and robustness, we expect the cost of a parachain lease to be lower on Kusama than Polkadot. Polkadot will always be 100% focused on security and robustness and I expect that applications that deal with high-value transactions such as those in the DeFi space will always want a Polkadot deployment, I think there will be a market for applications that are willing to trade cheap, high throughput for lower security and robustness such as those in the gaming, content distribution or social networking sectors. Check out - https://polkadot.network/kusama-polkadot-comparing-the-cousins/ for more detailed info!
Q: and for what reasons would a developer choose one over the other?
A (Dieter): Firstly, I see some earlier stage teams who are still iterating on their technology choosing to deploy to Kusama exclusively because of its lower-stakes, faster moving environment where it will be easier for them to iterate on their technology and build their user base. These will likely encompass the above sectors I identified earlier. To these teams, Polkadot becomes an eventual upgrade path for them if, and when, they are able to perfect their product, build a larger community of users and start to need the increased stability and security that Polkadot will provide. Secondly, I suspect many teams who have their main deployment on Polkadot will also have an additional deployment on Kusama to allow them to test new features, either their tech or changes to the network, before these are deployed to Polkadot mainnet.
Logan Saether, Technical Education, Web3 Foundation
Q: Sweet, let's move over to Logan. Logan - could you introduce yourself, your background, and your role within the Polkadot ecosystem?
A (Logan): My initial involvement in the industry was as a smart contract engineer. During this time I worked on a few projects, including a reboot of the Ethereum Alarm Clock project originally by Piper Merriam. However, I had some frustrations at the time with the limitations of the EVM environment and began to look at other tools which could help me build the projects that I envisioned. This led to me looking at Substrate and completing a bounty for Web3 Foundation, after which I applied and joined the Technical Education team. My responsibilities at the Technical Education team include maintaining the Polkadot Wiki as a source of truth on the Polkadot ecosystem, creating example applications, writing technical documentation, giving talks and workshops, as well as helping initiatives such as the Thousand Validator Programme.
Q: The first technical question submitted for you was: "When will an official Polkadot mobile wallet appear?"
A (Logan): There is already an “official” wallet from Parity Technologies called the Parity Signer. Parity Signer allows you to keep your private keys on an air-gapped mobile device and to interactively sign messages using web interfaces such as Polkadot JS Apps. If you’re looking for something that is more of an interface to the blockchain as well as a wallet, you might be interested in PolkaWallet which is a community team that is building a full mobile interface for Polkadot. For more information on Parity Signer check out the website: https://www.parity.io/signe
Q: Great thanks...our next question is: If someone already developed an application to run on Ethereum, but wants the interoperability that Polkadot will offer, are there any advantages to rebuilding with Substrate to run as a parachain on the Polkadot network instead of just keeping it on Ethereum and using the Ethereum bridge for use with Polkadot?
A (Logan): Yes, the advantage you would get from building on Substrate is more control over how your application will interact with the greater Polkadot ecosystem, as well as a larger design canvas for future iterations of your application. Using an Ethereum bridge will probably have more cross chain latency than using a Polkadot parachain directly. The reason for this is due to the nature of Ethereum’s separate consensus protocol from Polkadot. For parachains, messages can be sent to be included in the next block with guarantees that they will be delivered. On bridged chains, your application will need to go through more routes in order to execute on the desired destination. It must first route from your application on Ethereum to the Ethereum bridge parachain, and afterward dispatch the XCMP message from the Polkadot side of the parachain. In other words, an application on Ethereum would first need to cross the bridge then send a message, while an application as a parachain would only need to send the message without needing to route across an external bridge.
Q: DOT transfers won't go live until Web3 removes the Sudo module and token holders approve the proposal to unlock them. But when will staking rewards start to be distributed? Will it have to after token transfers unlock? Or will accounts be able to accumulate rewards (still locked) once the network transitions to NPoS?
A (Logan): Staking rewards will be distributed starting with the transition to NPoS. Transfers will still be locked during the beginning of this phase, but reward payments are technically different from the normal transfer mechanism. You can read more about the launch process and steps at http://polkadot.network/launch-roadmap
Q: Next question is: I'm interested in how Cumulus/parachain development is going. ETA for when we will see the first parachain registered working on Kusama or some other public testnet like Westend maybe?
A (Logan): Parachains and Cumulus is a current high priority development objective of the Parity team. There have already been PoC parachains running with Cumulus on local testnets for months. The current work now is making the availability and validity subprotocols production ready in the Polkadot client. The best way to stay up to date would be to follow the project boards on GitHub that have delineated all of the tasks that should be done. Ideally, we can start seeing parachains on Westend soon with the first real parachains being deployed on Kusama thereafter. The projects board can be viewed here: https://github.com/paritytech/polkadot/projects Dan: Also...check out Basti's tweet from yesterday on the Cumulus topic: https://twitter.com/bkchstatus/1270479898696695808?s=20
Q: In what ways does Polkadot support smart contracts?
A (Logan): The philosophy behind the Polkadot Relay Chain is to be as minimal as possible, but allow arbitrary logic at the edges in the parachains. For this reason, Polkadot does not support smart contracts natively on the Relay Chain. However, it will support smart contracts on parachains. There are already a couple major initiatives out there. One initiative is to allow EVM contracts to be deployed on parachains, this includes the Substrate EVM module, Parity’s Frontier, and projects such as Moonbeam. Another initiative is to create a completely new smart contract stack that is native to Substrate. This includes the Substrate Contracts pallet, and the ink! DSL for writing smart contracts. Learn more about Substrate's compatibility layer with Ethereum smart contracts here: https://github.com/paritytech/frontier
Will Pankiewicz, Master of Validators, Parity Technologies
Q: (Dan) Thanks for all the answers. Now we’ll start going through some staking questions with Will related to validating and nominating on Polkadot. Will - could you introduce yourself, your background, and your role within the Polkadot ecosystem?
A (Will): Sure thing. Like many others, Bitcoin drew me in back in 2013, but it wasn't until Ethereum came that I took the deep dive into working in the space full time. It was the financial infrastructure aspects of cryptocurrencies I was initially interested in, and first worked on dexes, algorithmic trading, and crypto funds. I really liked the idea of "Generalized Mining" that CoinFund came up with, and started to explore the whacky ways the crypto funds and others can both support ecosystems and be self-sustaining at the same time. This drew me to a lot of interesting experiments in what later became DeFi, as well as running validators on Proof of Stake networks. My role in the Polkadot ecosystem as “Master of Validators” is ensuring the needs of our validator community get met.
Q: Cool thanks. Our first community question was "Is it still more profitable to nominate the validators with lesser stake?"
A (Will): It depends on their commission, but generally yes it is more profitable to nominate validators with lesser stake. When validators have lesser stake, when you nominate them this makes your nomination stake a higher percentage of total stake. This means when rewards get distributed, it will be split more favorably toward you, as rewards are split by total stake percentage. Our entire rewards scheme is that every era (6 hours in Kusama, 24 hours in Polkadot), a certain amount of rewards get distributed, where that amount of rewards is dependent on the total amount of tokens staked for the entire network (50% of all tokens staked is currently optimal). These rewards from the end of an era get distributed roughly equally to all validators active in the validator set. The reward given to each validator is then split between the validators and all their nominators, determined by the total stake that each entity contributes. So if you contribute to a higher percentage of the total stake, you will earn more rewards.
Q: What does priority ranking under nominator addresses mean? For example, what does it mean that nominator A has priority 1 and nominator B has priority 6?
A (Will): Priority ranking is just the index of the nomination that gets stored on chain. It has no effect on how stake gets distributed in Phragmen or how rewards get calculated. This is only the order that the nominator chose their validators. The way that stake from a nominator gets distributed from a nominator to validators is via Phragmen, which is an algorithm that will optimally put stake behind validators so that distribution is roughly equal to those that will get in the validator set. It will try to maximize the total amount at stake in the network and maximize the stake behind minimally staked validators.
Q: On Polkadot.js, what does it mean when there are nodes waiting on Polkadot?
**A (Will):**In Polkadot there is a fixed validator set size that is determined by governance. The way validators get in the active set is by having the highest amount of total stake relative to other validators. So if the validator set size is 100, the top 100 validators by total stake will be in the validator set. Those not active in the validator set will be considered “waiting”.
Q: Another question...Is it necessary to become a waiting validator node right now?
A (Will): It's not necessary, but highly encouraged if you actively want to validate on Polkadot. The longer you are in the waiting tab, the longer you get exposure to nominators that may nominate you.
Q: Will current validators for Kusama also validate for Polkadot? How strongly should I consider their history (with Kusama) when looking to nominate a good validator for DOTs?
A (Will): A lot of Kusama validators will also be validators for Polkadot, as KSM was initially distributed to DOT holders. The early Kusama Validators will also likely be the first Polkadot validators. Being a Kusama validator should be a strong indicator for who to nominate on Polkadot, as the chaos that has ensued with Kusama has allowed validators to battle test their infrastructure. Kusama validators by now are very familiar with tooling, block explorers, terminology, common errors, log formats, upgrades, backups, and other aspects of node operation. This gives them an edge against Polkadot validators that may be new to the ecosystem. You should strongly consider well known Kusama validators when making your choices as a nominator on Polkadot.
Q: Can you go into more details about the process for becoming a DOT validator? Is it similar as the KSM 1000 validators program?
A (Will): The Process for becoming a DOT validators is first to have DOTs. You cannot be a validator without DOTs, as DOTs are used to pay transaction fees, and the minimum amount of DOTs you need is enough to create a validate transaction. After obtaining enough DOTs, you will need to set up your validator infrastructure. Ideally you should have a validator node with specs that match what we call standard hardware, as well as one or more sentry nodes to help isolate the validator node from attacks. After the infrastructure is up and running, you should have your Polkadot accounts set up right with a stash bonded to a controller account, and then submit a validate transaction, which will tell the network your nodes are ready to be a part of the network. You should then try and build a community around your validator to let others know you are trustworthy so that they will nominate you. The 1000 validators programme for Kusama is a programme that gives a certain amount of nominations from the Web3 Foundation and Parity to help bootstrap a community and reputation for validators. There may eventually be a similar type of programme for Polkadot as well. Dan: Thanks a lot for all the answers, Will. That’s the end of the pre-submitted questions and now we’ll open the chat up to live Q&A, and our three team members will get through as many of your questions as possible. We will take questions related to business development, technology, validating, and staking. For those wondering about DOT: DOT tokens do not exist yet. Allocations of Polkadot's native DOT token are technically and legally non-transferable. Hence any publicized sale of DOTs is unsanctioned by Web3 Foundation and possibly fraudulent. Any official public sale of DOTs will be announced on the Web3 Foundation website. Polkadot’s launch process started in May and full network decentralization later this year, holders of DOT allocations will determine issuance and transferability. For those who participated in previous DOT sales, you can learn how to claim your DOTs here (https://wiki.polkadot.network/docs/en/claims).
Telegram Community Follow-up Questions Addressed Below
Q: Polkadot looks good but it confuses me that there are so many other Blockchain projects. What should I pay attention in Polkadot to give it the importance it deserves? What are your planning to achieve with your project?
A (Will): Personally, what I think differentiates it is the governance process. Coordinating forkless upgrades and social coordination helps stand it apart. A (Dieter): The wiki is awesome - https://wiki.polkadot.network/
Q: Over 10,000 ETH paid as a transaction fee , what if this happens on Polkadot? Is it possible we can go through governance to return it to the owner?
Q: What is the minimum ideal amount of DOT and KSM to have if you want to become a validator and how much technical knowledge do you need aside from following the docs?
A (Will): It depends on what the other validators in the ecosystem are staking as well as the validator set size. You just need to be in the top staking amount of the validator set size. So if its 100 validators, you need to be in the top 100 validators by stake.
Q: Will Web3 nominate validators? If yes, which criteria to be elected?
Q: How did you manage to prove that the consensus protocol is safe and unbreakable mathematically?
A (Dieter): We have a research teams of over a dozen scientists with PhDs and post-docs in cryptography and distributed computing who do thorough theoretical analyses on all the protocols used in Polkadot
Q: What are the prospects for NFT?
A: Already being built 🙂
Q: What will be Polkadot next roadmap for 2020 ?
A (Dieter): Building. But seriously - we will continue to add many more features and upgrades to Polkadot as well as continue to strongly focus on adoption from other builders in the ecosystem 🙂 A (Will): https://polkadot.network/launch-roadmap/ This is the launch roadmap. Ideally adding parachains and xcmp towards the end of the year
Q: How Do you stay active in terms of marketing developments during this PANDEMIC? Because I'm sure you're very excited to promote more after this settles down.
A (Dan): The main impact of covid was the impact on in-person events. We have been very active on Crowdcast for webinars since 2019, so it was quite the smooth transition to all-online events. You can see our 40+ past event recordings and follow us on Crowdcast here: https://www.crowdcast.io/polkadot. If you're interested in following our emails for updates (including online events), subscribe here: https://info.polkadot.network/subscribe
Q: Hi, who do you think is your biggest competitor in the space?
A (Dan): Polkadot is a metaprotocol that hasn't been seen in the industry up until this point. We hope to elevate the industry by providing interoperability between all major public networks as well as private blockchains.
Q: Is Polkadot a friend or competitor of Ethereum?
A: Polkadot aims to elevate the whole blockchain space with serious advancements in interoperability, governance and beyond :)
Q: When will there be hardware wallet support?
A (Will): Parity Signer works well for now. Other hardware wallets will be added pretty soon
Q: What are the attractive feature of DOT project that can attract any new users ?
A: We are working on integrations on all the biggest and best wallet providers. ;)
Q: What event/call can we track to catch a switch to nPOS? Is it only force_new_era call? Thanks.
A (Will): If you're on riot, useful channels to follow for updates like this are #polkabot:matrix.org and #polkadot-announcements:matrix.parity.io A (Logan): Yes this is the trigger for initiating the switch to NPoS. You can also poll the ForceEra storage for when it changes to ForceNew.
Q: What strategy will the Polkadot Team use to make new users trust its platform and be part of it?
Q: What problems do you see occurring in the blockchain industry nowadays and how does your project aims to solve these problems?
A (Will): Governance I see as a huge problem. For example upgrading Bitcoin and making decisions for changing things is a very challenging process. We have robust systems of on-chain governance to help solve these coordination problems
Q: How involved are the Polkadot partners? Are they helping with the development?
Q: Can you explain the role of the treasury in Polkadot?
A (Will): The treasury is for projects or people that want to build things, but don't want to go through the formal legal process of raising funds from VCs or grants or what have you. You can get paid by the community to build projects for the community. A: There’s a whole section on the wiki about the treasury and how it functions here https://wiki.polkadot.network/docs/en/mirror-learn-treasury#docsNav
Q: Any plan to introduce Polkadot on Asia, or rising market on Asia?
**A (Will):**We're globally focused
Q: What kind of impact do you expect from the Council? Although it would be elected by token holders, what kind of people you wish to see there?
A (Will): Community focused individuals like u/jam10o that want to see cool things get built and cool communities form If you have further questions, please ask in the official Polkadot Telegram channel.
In a world where technology rules with an iron fist, a group of rebels use phone apps to cast spells and weave enchantments into megaphones, motorcycles, and electric guitars. Magepunk is the future.
Cyber punk by way of the council of elrond. I really don't think this one came out great. It's...okay. I would probably skip it unless you really want to see lord of the rings re-imagined as cyberpunk. Art banged on the door and pulled his hood up against the rain and spysats.”Lomir,” he whispered. The concealment spell spread out around them to infect every digital eye in a block. It would only last a minute; the enemy was stronger than ever, but it should be enough. He spoke to the man next to him. “Okay Fred, everything is going to be okay now. These are the best magi in the world, if anybody can help us it’s them.” The man next to him huddled in his coat. They both had brown hair, but where Art was tall, broad, and lean, with grey eyes, fitting for an ex-Army ranger, Fred was short with brown eyes and shaggy hair. A thin woman with long dark hair opened the door a crack. “Were you followed?” she hissed. Art shook his head. “No, I took precautions El. I’ve got a concealment spell up but I think they know we’re in the area.” His eyes went wide as he felt some of the cameras start to come back online. “Shit. I think the Eye is looking for us. The spell is failing. Let us in!” El jerked the door open and waved them in before slamming it shut. She snapped off a single hair from her head and wrapped the doorknob, and whispered “findele.” The hair dissolved in to a mass of nanites that set about reinforcing the door. El turned back around to face them. She was pretty but could have been any age from a rough 25 to a well preserved 50. “That should hold them for a while. With any luck they’ll just think it was a random outage.” She examined Fred. “So. You’re supposed to save us all.” Fred shuffled his feet. “I guess. I don’t really understand everything, but Art found me. Said I needed to take this to Oculus headquarters to destroy it.” Fred pulled a ring out of his pocket and held it up. El stared. She started to reach out to examine it but caught herself in time and pulled back. “You...you just hold on to that.” She brushed past them to move down the hall. “Come on, you’re the last ones to arrive. We have a war council to attend.” She led them down a dark hallway. “Cala.” The old LED lights along the hallway glowed gently to life, still good after all these years. They came out in a large room, lined with monitors and humming server racks, with a large table in the center. There were 4 other people already sitting around it. “Okay, so this is everyone. That’s Legs,” she pointed to a tall lanky blonde man, who nodded, “Grim,” a shorter man, about Freds height, with a bushy beard, wearing a lot of leather, “Barry,” he was a bit shorter than Art but had the same coloring, “And Gramps,” and old man with a scraggly beard, holding a staff, he was wearing grey robes. “I told you my name is Linus,” he snapped. “And I told you that we aren’t using our real names. This council is warded and air gapped but we can’t take chances. Gramps.” He grumbled and crossed his arms. El gestured to the table. “Go ahead and take a seat. Coffee?” Everyone nodded. “Tulu yullas,” she said in a clear voice. Fred could hear a coffee maker hum to life and saw a small drone zip over to it with a tray. “Coffee should be around shortly, everyone. Now, Gramps,” she smirked as she said it, “I think it would be best if you told us what you found.” Gramps grumbled and stood up. “Very well. It started a month ago when I went to meet with one of my contacts, Sarah. Known her for years. I wanted to discuss recent movements Oculus has been making. Buying up opposition, squashing dissident stories. They haven’t put out a new product in years, ever since Google crushed them in the AR wars, but there was rumbling that something big was going to happen soon. Sarah said she had information on it.” Gramps took a cup of coffee from the drone and took a sip. “She was at least telling the truth about that. I told her that the ring,” he nodded to Fred, “had turned up again like a bad penny and was making its way around the world. She seemed pretty shocked by that, and insisted that we secure it. We quarrelled over it, I wanted it to be destroyed, she said I was being a fool. I said that with this we could destroy oculus forever, but she just wanted the power.” Gramps sighed. “I trusted her, so I didn’t have any firewalls up. She finally told me that she had joined forces with Oculus, and wanted to know if I would join her. I laughed in her face. That’s when she triggered her binding. Burnt out almost everything I had on me all at once, including my phone,” he threw a burnt piece of plastic on the table, “supposed to be military grade but the battery blew out immediately. Blew out my ID, my rings, everything. Then she triggered another app, the walls of a cage shot up around me. I was stuck and she knew it. She told me I would have plenty of time to think about it and left.” Gramps grinned. “But all her fancy apps failed to account for my walking stick here.” He picked it up. “Had a backup ID and com ring deep in a secret compartment, wrapped in a faraday cage. Took me a while to get it wired up to the aether, but once I did, I was able to make contact with a friend of mine, he was able to get me out. Came here soon as I was able.” Fred raised his hand. El smiled at that. “You don’t have to do that here, Fred. You have a question?” Fred nodded. “But what’s so special about this ring, anyway? It’s just a ring.” El shook her head. “Unfortunately, it’s not just a ring. It’s a biometric lock that gives you access to all of their bitcoin deposits. It has the original passcode that all of their accounting was based on. If you were to take that to their headquarters, you would have complete control over their company. You could do whatever you wanted with it, burn it to the ground, control it, sell it, anything. And there’s nothing they could do to stop you. They will do literally anything to get a hold of it.” “But why me?” “That’s an incredible coincidence. According to my scrying, well, you remember your Uncle Bill?” Fred nodded. “He was their CFO since the beginning. Crypto wasn’t as popular then and people were still worried about security, so he went to the main server of the company and had it create a ring. That ring. It contains the password to give you access to all of their crypto accounts, and you can only access it if you have the right biohash. His biohash, as it turns out. And you happen - by some one in a billion chance - to share the right markers with him. Given enough time, any of us in this room could fake it. But you can just use it outright.” El nodded to Gramps. “Thank you, Gramps, please take a seat. Barry, I believe you were next?” Barry stood up and nodded to Art. “Some of you I’ve met before, some I haven’t, but I’m Barry. Me and my brother Frank, we’re heirs to one of the Google fortunes. And we’ve been digging.” “I remember the technomage wars, a lot of us do, and I know that the official history is that the remnants of the Fang alliance - after Facebook was crushed - was able to defeat oculus and kill their chance at recovery, but I’m here to tell you that just isn’t true. It was largely a draw, until Oculus just withdrew. They stopped fighting everywhere, ended all their rituals, and went back in to research and development mode. And look around you. They might have officially ‘lost,’ but Oculus still makes the best haptics around. That’s why they are still the most popular, even years after they stopped producing anything new.” “My brother, Frank, he’s the oldest, so he gets a chance to play with the newest technology. He showed me this new piece that lets you hack in your dreams. You know how fast dream time is, well, the response time on this lets you pass through firewalls like they aren’t even there. So, one night, he took me scrying with him. We decided to go for oculus headquarters. We thought they were dead. We were wrong.” “It was six of us. Frank was having a party and everyone wanted to try out the newest scrying method, so we went under and followed him over the aether into the oculus servers. Like I said, we thought they were dead, but what we saw there...massive databases chugging away, servers running at peak capacity, security like nothing I’ve ever seen. We had to hide from bot patrols every five minutes. I wanted to leave but Frank wanted to keep looking, so we went deeper in to the racks. That was a mistake.” “They shouldn’t have been able to find us, but, well, someone was dropping packets. One of the bots was able to spot his tracks and start running us down. Frank heard the alarm going off before any of us. He told us to run, to get back to the party. We did, but not everyone made it.” Barry slumped forward. “Frank and I, we’re the best. We’ve been hacking since we were old enough to punch a keyboard. We made it out. But the rest of them weren’t so lucky. The bots caught them, and...this is the part I don’t understand, they killed them. Not in the aether, in the real. Every other person in our party had seizures and died right there. We knew right then that we had to do something. Once I heard that the ring was back in play, well, I knew I needed to come here and talk it out with El. Frank stayed behind. He’s fighting them every night in his dreams, trying to slow down whatever they’re doing, but he needs help. We all do.” Barry sat down heavily and stared at his coffee. “You got any whiskey for this?” Grim grunted and pulled a flask out of his vest. “Take it, lad.” He slid it across the table. Barry raised it back to Grim in a toast, then uncapped it and filled up his coffee cup with it. Grim stood up. “Might as well go next. Go by Grim.” He had a scottish accent. “I’m not famous like some of ye, but I’m one of the best damn app programmers in the world. Runs in the family. My father, he wrote the very first micropayment app. We have a reputation. You need something new built? You come to the Grim family. We can build anything.” “So we weren’t all that surprised when a representative from Oculus came by a few weeks ago. Really slimy shite, hands like he’d never woven a script in his life. He said he wanted something new. Something like the world had never seen. He said he couldn’t offer us the details until we signed, but he promised to make it worth our while. And then, he pulled out a ring, like that one,” he nodded to Fred, who shoved the hand inside his pocket, “and told us that it was a biometric lock, keyed to one of the outstanding Oculus crypto fortunes. The exact numbers had been lost, but it was worth a fortune. And they would key it to us, as long as we agreed to work with them.” “Well, my father thanked him for his time and told him we would be in touch, and then showed him the door. He told me ‘Laddie, I don’t care what they wanted us to build, that price was too much.’ We sat up late that night, drinking whiskey, and we couldn’t figure out what they might want so badly. Or for that matter, how in the world oculus had that much money to throw at us. It was wrong. And then we talked about the Fang war, when huge swaths of people could be cut off at a moment's notice as the aether buckled under the traffic. He told me ‘I don’t know what’s going to happen, lad, but it’s bad. I can feel it in me bones.’ He said he knew you, El, from way back, said you would have some insight as to what’s going on. I can tell you, after hearing all these stories, I’m starting to think my da was right.” Grim sat back down. Everyone looked at Legs. He lifted his eyebrows. “Oh, me?” He had an english accent. He smiled at Grim. “I think his father’s correct. And there’s no way I’m going to let my man go into that kind of danger alone.” Grim blushed. “No need to bring up our personal life, Legs. I’m happy to have you along.” Legs leaned over and ruffled his hair. Grim tried to sink into the chair. El smiled. “I can respect that, Legs. I believe that with this new information, I finally understand what is going on there.” She stood. “Barry was correct when he said that Oculus chose to lose the Fang war. I believe, after hearing your stories, I know why. What I know for sure is that on the day the turned inward, their head of engineering died. He was trying out a new haptic protocol. His death sounds very much like what your friends experienced, Barry. They have been snapping up all the best magi in the world, which is obviously why they came for you Gramps, and you, Grim. They are weaving something dark in there. Let me show you something.” She raised her voice. “Tul!” A wheeled cage came rolling in on it’s own. Inside was a man that was all skin and bones. He flinched from the light and cowered in his cage. El sighed. “This...WAS...Gary. He was an associate of mine, but he was doing something very similar to your friends, Barry. He was trying out a new haptic that gave him unprecedented response time, because it operated on a different part of the brain. He was using it just like you, to explore the oculus servers. But maybe because they didn’t perceive him as a threat, they didn’t kill him. They enslaved him. When we took off the haptics, he started attacking everyone. It took eight of us to seal him in this cage. His mind is gone. I’ve communed with him, I’ve dived deep into his mind, but it’s gone. The only desire left is to kill for oculus. Make no mistake, if I were to let him out of this cage he would do his best to kill all of us. Vanya.” The cage rolled back into the shadows. “I believe this is what they are working towards. This is why their security is so tight, why their servers run day and night creating terrible engines, why the corrupted Sarah. Their plan is to deploy this evil thing to every Oculus haptic out there and create an army of slaves. They will take over the world without firing a shot. The only good news is that since they are still recruiting, they have not completed the project. We still have time to bring them down. With that ring, Fred, we can go to the center of their headquarters, and destroy all their power. We can transfer away all of their savings and leave them with nothing, and they will collapse.” She turned her gaze to the rest of the table. “But he cannot go alone. Who will go with him?” Art was the first one to stand. “I’m just a grunt, but,” he pulled out the monomolecular blade on his back, “you have my sword.” Barry stood up. “And my code.” Grim stood up and pounded his fist on the table. “And my apps!” Legs and Gramps also nodded. El smiled. “Good. Then we have a fellowship.”
When was AsicVault established and how is it funded? AsicVault was established 2016. It is funded by founders and corporate investors. Please see Crunchbase. How can it be 1,000 times harder to crack compared to other BIP-39 hardware wallets? BIP-39 hardware wallets are working on very low performance microcontrollers or secure elements. They are doing only 2,048 iterations of PBKDF2 SHA-512 that is even less than old NIST recommendation of 10,000 rounds from year 2016. Performing higher number of PBKDF2 SHA-512 is standard practice for good security. iTunes does it, LastPass does it and Veracrypt as well. Even Ledger agrees that this very low number is the main problem of BIP-39. AsicVault specially designed SHA-512 accelerator inside high performance secure chip is at least 340 times faster than common microcontrollers. The number of PBKDF2 SHA-512 rounds is set to be exactly 1,000 times higher than BIP-39, hence the cost to crack AsicVault is also 1,000 times bigger. Please read in-depth teardown review and validation of AsicVault SHA-512 performance here. You can perform independent analysis according to this PDF and our device performance is shown on this video. Does it support BIP-39 passphrase? Yes, AsicVault supports all standard BIP-39 seed words and additional passphrase (so-called 25th word). You can restore your HD wallet account created by other hardware wallets (Ledger, Trezor, Keepkey) without any additional steps. AsicVault always opens standard security BIP-39 account and high security BIP-39 accounts at the same time. Why two processors? Common design practice, also followed by Ledger, is to separate secure and non-secure code. Our advantage is that these two RISC-V processors are inside a single secure chip. This way the Security CPU has full access to the Application CPU RAM. This makes it possible to do proper secure boot. Why RISC-V? Open instruction set. Possibility to have open source CPU and extensions. We have already implemented several custom instructions. Do I need a computer to initialize the device? No. You can supply power from wall adapter or battery bank. AsicVault supports true air-gapped environment. You can perform full device initialization, seed word generation and seed word backup without connection to the computer. You can also charge the device and check the status the same way. Can I use USB extender cables? Certified USB2.0 extender cables can be used. We don’t recommend extender cables while using USB3.1 features of the device. The device can detect (some) bad cables and show warning messages about them. It is not recommended to use cables/extenders longer than 2.5m. In any case, cables with lower AWG value are better, such as AWG20. How hot does the device get? During normal operation AsicVault device temperature reaches 35-37C. High speed USB3.0 operation adds additional 7C. AsicVault utilizes full Aluminum enclosure as an effective heatsink. Internal chips can tolerate up to +85C, so you never need to worry about them overheating. There are no Lithium batteries inside the device that are known for leaking and not tolerating high temperatures. How long does the active anti-tamper system work? Active anti-tamper protects your device at least 2 weeks, possibly up to 45 days, after you have fully charged the device. It takes just 15 minutes to charge the supercapacitors again. It is advisable to connect the device to a power source at least once per week. Different anti-tamper settings affect the anti-tamper aggressiveness, sensitivity and power consumption. It is also good practice to enter your passphrase weekly so that you will not forget it. How often can I charge it? Do the batteries age? You can charge it as often as you like, several times per day. Supercapacitors can be charged 50,000 – 1,000,000 times during their lifetime compared to common Lithium batteries that only allow 500-1,000 times. Therefore even 10 times per day for 10 years should be fine. At least weekly charging is recommended for best anti-tamper protection. How long are private keys safely stored inside device before the memory gets weak and they are lost? Data retention time of Flash memory inside the main chip is 20 years. Additional encryption keys stored inside FRAM can last for 40 years at temperatures below 70C. These values are higher than the expected lifetime of the device. In any case you must make paper backup(s) of your seed words. Can it store the whole Bitcoin blockchain inside the device? No. The device is not designed to store large amounts of data. Internal 128-megabyte Flash is used to store applications. There are thousands of copies of the blockchain, storing yet another copy is not meaningful or necessary. What is FIPS 140-2 highest Level 4? FIPS 140-2 is Federal Information Processing Standard. Level 4 requires that:
physical security mechanisms provide a complete envelope of protection around the cryptographic module
with the intent of detecting and responding to all unauthorized attempts at physical access
Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected, resulting in the immediate deletion of all plaintext CSPs
Security Level 4 also protects a cryptographic module against a security compromise due to environmental conditions or fluctuations outside of the module's normal operating ranges for voltage and temperature
A cryptographic module is required to include special environmental protection features designed to detect fluctuations and delete CSPs
We have used these guidelines while designing AsicVault. We meet and exceed the requirements in the following way:
AsicVault has full Aluminium/Titanium enclosure that is not designed to be opened. Passive antitamper mesh protects the electronic circuits inside the device. Main secure chip also has chip level metal layer anti-tamper mesh.
Active anti-tamper circuit monitors all intrusion attempts and performs immediate device zeroization upon detecting any such attempts.
AsicVault has temperature, voltage and many other sensors that are continuously monitored by the anti-tamper circuit. Additionally, AsicVault has internal supercapacitor-based power reserve to run Elliptic Curve calculations and other cryptographic functions. Therefore, external voltage fluctuations can’t affect our device while performing these critical operations.
Zeroization not only deletes the private keys, it also destroys internal hardware design making it impossible to perform any further analysis of the hardware.
AsicVault has not participated in formal Cryptographic Module Validation Program since we are not targeting US government users at this point. Can AsicVault device run Linux? It is not our priority to run Linux since it has too big overhead for hardware wallet. However, our RISC-V processors and Mark II hardware can run Linux for your custom projects. Where can I purchase the device? Please contact your local supplier about availability.
The ‘Trilemma’ of Blockchain space - Scalability, Security, and Decentralization - are the three things every blockchain is trying to solve simultaneously. But it’s easier said than done, as proven by the scalability issue faced by Ethereum. Higher scalability transcends to higher market adoption. This is where Cardano and Algorand have come into the picture. They have their similarities and differences that seem to work for them for now. Rather than telling you which one has more potential, it’s better to present the entire case and let you decide how they fare against each other.
Star Player of the Team
Anyone would agree that having a renowned and accomplished team player always gives a boost to the project.
Cardano’s Charles Hoskinson
If the name seems familiar, that’s because he is also the co-founder of Ethereum. A tech entrepreneur and mathematician with an interest in analytic number theory, Charles Hoskinson moved into blockchain space in 2013. He co-developed the Ethereum blockchain with Vitalik Buterin before leaving the project in June 2014. Hoskinson joined crypto and blockchain research firm IOHK to develop Cardano and since then has sponsored various blockchain research labs at the Tokyo Institute of Technology and the University of Edinburgh. He also founded Invictus Innovations. Hoskinson was the founding chairman of the education committee of the Bitcoin Foundation and established the Cryptocurrency Research Group in 2013. His current focus lies in educating people on the use of crypto and decentralization.
Algorand’s Silvio Micali
Unlike the innovators of other blockchain projects, Silvio Micali is already a famous name in cryptography long before he started developing Algorand. Deemed as one of the top cryptographers, he is a recipient of the prestigious Turing Award in 2012 and RSA prize for cryptography, Gödel Prize (theoretical computer science) in 1993, and ACM fellowship in 2017. Micali’s work spans around public-key cryptosystems, pseudorandom functions, digital signatures, oblivious transfer, and secure multi-party computation among others. In 1989, he co-invented Zero-Knowledge Proofs with Shafi Goldwasser and Charles Rackoff. He also developed Peppercoin, a cryptographic system for processing micropayments. A professor at MIT’s electrical engineering and computer science department since 1983, Silvio Micali is also working as a computer scientist at MIT Computer Science and Artificial Intelligence Laboratory. His doctoral students include Shai Halevi, Mihir Bellare, Rafail Ostrovsky, Bonnie Berger, Rafael Pass, Chris Peikert, and Phillip Rogaway - each renowned in their respective fields.
Project Partners and Collaborators
For any business, partnerships and collaborations are the most important aspect since they drive growth and innovation.
Cardano has formed 17 partnerships so far that either enhance its capabilities or grow its business.
Metaps Plus: To integrate the ADA coins into the MeTaps Plus, South Korea’s one of the largest mobile payment platforms.
IBM Research: For a software distribution project commissioned by the European Union.
PriceWaterhouseCoopers (PwC): To develop a new commercial strategy, probably to bring enterprise users to Cardano.
New Balance: All customers can authenticate the footwear purchases on the Cardano blockchain.
SIRIN LABS: To integrate the Cardano blockchain in their blockchain smartphone FINNEY and its SIRIN OS.
Konfidio: To drive the adoption of the blockchain business model platform among corporations and governments.
Algoz: To offer liquidity solutions and trading solutions for its native ADA token.
Priviledge: To study and publish decentralized software updates Priviledge is a consortium of renowned companies and scientific universities with the European Union.
South Korea Government-Approved Trade Associations:Signed two MoUs with Korea Mobile Game Association (KMGA) and Korea Blockchain Contents Association (KBCCA) to implement Cardano for Korean mobile gaming and digital content.
Ethiopian Government: To develop a new digital payment system and combine it with identity cards using its Atala blockchain framework.
Georgian Government: Signed MoU to implement Cardano blockchain-enabled projects across education, business, and government services.
Cardano’s other major partnership includes Z/Yen Group’s Distributed Futures practice, COTI Network, and Ellipal Hardware.
Algorand’s innovativeness and potential to be the blockchain leader has helped it bag a plethora of valuable partnerships across the world. Here are a few partnerships out of the 17 -
International Blockchain Monetary Reserve (IBMR): To launch the Southeast Asia Microfinance Platform and create a stablecoin called Asia Reserve Currency Coin (ARCC) to encourage financial inclusion in Southeast Asia.
SFB Technologies: To build the infrastructure to create a CBDC (central bank digital currency) dubbed ‘SOV’ for the Marshall Islands.
Meld: To tokenize gold and track it over the supply chain using stablecoin for the Australian gold industry.
Caratan: To build financial tools and products to promote Fintech adoption at an institutional level.
Italian Society of Authors and Publishers (SIAE): To develop copyright management tools and services.
DUST Identity: To authenticate physical objects and validate transactions over the blockchain.
AssetBlock: A real estate startup launched its tokenized property investment platform on Algorand
PlanetWatch: Focused on environmental monitoring, the first "CERN Spin-off " labeled organization is building the world's first immutable air quality ledger on the Algorand blockchain using IoT technologies.
Other major partnerships include World Chess - the commercial arm of the World Chess Federation, Big Data company Syncsort, and Tether.
Both Cardano and Algorand use PoS or Proof of Stake consensus mechanism at their heart, but that’s where the similarity ends. Each of them has its own spin to it. In the PoS mechanism, a person can validate a block depending on how many stakes or coins he holds. The stake quantity determines the amount of mining power one has. So how does each of them differ?
Cardano’s version is called Ouroboros PoS.
Cardano allows stakeholders to pool their resources together in a single ‘stake pool’, thus delegating their stakes to the pool. This is because every elected stakeholder may not have the expertise to create blocks.
The physical timeline is divided into small blocks called ‘epochs’ that are made up of fixed slots. These epochs are cyclic.
Each such epoch consists of a set of pooled stakeholders.
While the endorsers are elected depending on the weight of the number of stakes held by them, a slot leader (for every epoch) is randomly chosen by a digital coin toss among stakeholders. When the endorsers approve the blocks produced by slot leaders, it gets added to the blockchain.
The slot leader also selects the slot leader for the next epoch through the ‘coin toss’.
Note that having a higher stake increases the probability of getting elected.
Currently, the list of validators is fixed and the succession is known beforehand.
With the launch of the Shelley mainnet, Cardano plans to remove the above issue. But this will be a hard fork. Here, the community will decide on block validators through staking.
The version Algorand uses is called PPoS (Pure Proof of Stake) consensus mechanism.
PPoS randomly selects a token holder as a block producer.
The proposed block gets approved by a committee of 1000 randomly selected token owners and then added to the blockchain.
The algorithm runs a cryptographically verifiable lucky draw over all the accounts to randomly select committee members as well as the block proposer.
This means the identities of the participants are unknown until the blocks are added to the chain.
This selection does not depend on the stake size of the nodes at all.
PPoS runs this lottery process in complete isolation with other nodes in the network.
The completely randomized election and secret identities of the committee members drastically reduce the chances of any foul playing within the network. As the number of users grows, the network gets stronger and more secure. Algorand’s PPoS has embraced a more egalitarian ecosystem to negate the wealth gap present in traditional PoS.
Currently, Cardano offers 50-250 TPS. But with incorporating sharding technology in its Ouroboros Hydra version, the scalability can increase to one million TPS theoretically. The processing speed will increase as more users or nodes join the network.
In Algorand, every lottery takes just a microsecond to run. Since such lotteries run independently of each other, multiple lotteries can run simultaneously. This inherently makes PPoS highly scalable. The mainnet itself has the capability to handle 1000 TPS.
Both Cardano and Algorand have sound tech and teams that believe in extensive research and meticulously designed products. Having an early start, there’s no denying that Cardano has established itself in a superior position thanks to the technological achievement, consistency, and transparency it has showcased. But with Algorand’s ecosystem growing fast, the competition has intensified. Algorand’s aim to bring full transparency, technological innovation, and successful partnerships just within a year have made it a prime challenger to Cardano. While referring to Algorand, Cardano chief Hoskinson voiced similar opinion - “... they are another one of the science coins and we all kind of support each other. Even though we get academically competitive, we're able to reference each other's work and learn from each other and grow from each other.”
Tezos is a decentralized blockchain that simplifies formal verification, a method that mathematically proves the accuracy of the code controlling transactions. The Tezos blockchain has its own cryptocurrency called Tezos (XTZ), a cryptocurrency with two main functions – a self-administration system and the ability to form launch contracts using its own programming language – Michelson. If you decide to convert your fiat savings into Tezos or exchange other cryptocurrencies for XTZ, you may have to make a choice among reliable wallets for this. In this article we will look into the best Tezos Wallets so that can help you understand them better.
Nano S is a hard wallet from the product line of Ledger, a French manufacturer company. As all other Ledger products, Nano S traditionally looks like a USB flash drive. But this time, you will need to use the USB cable that comes with the wallet to connect to a computer. Ledger Nano S has a chip that is similar with chips on bank cards or biometric passports. Your private key is stored in an isolated environment and is effectively protected. Ledger Nano S also has a screen on it where you can see each transaction made. In case you lose your Nano S wallet, the account can be easily restored on any other Ledger device. Ledger Nano S supports over 20 cryptocurrencies including Tezos (XTZ).
Trezor Model T
Trezor T is the flagship model from the well-known Czech manufacturer SatoshiLabs. Model T has a color Touch-Screen display, an SD port and a quantity of supported coins – XTZ is among those coins. When Trezor T is not connected to the computer, it turns off and disconnects from the Internet. Thus, user funds are stored on the device beyond the reach of attackers. Trezor hardware case is ultrasonically soldered, making it difficult to be restored after being damaged.
Web wallets can be a simple way to get started investing in cryptocurrency. All web wallets can be used right from a browser without the need of downloading software. Beyond that, many of web wallets offer free mobile apps.
Guarda Wallet is available as a Web, Mobile and Desktop Wallet and a Chrome extension. It supports more than 40 coins and 10,000 tokens as well as XTZ. The web wallet enables to access cryptocurrency from any modern browser, the website itself looks presentable and made convenient to use. Using the mobile wallet, you can create a new wallet or import an existing one. Besides the common functions such as storage, deposit/withdrawal of cryptocurrency, users can instantly buy the exact amount of cryptocurrency using a bank card or exchange coins and tokens.
While Magnum is a multi-asset wallet, one of the best known assets it supports is Tezos (XTZ). Being a light wallet, you do not need to download the full blockchain of any of the cryptocurrencies it works with. The wallet does not keep users’ personal information. As Magnum is a web wallet, it has the extra benefit of being available for nearly any platform, easy of access from any kind of device with an internet browser. Magnum wallet also supports Ledger devices so those can be easily linked to the app.
Mobile wallets are used on your smartphone via an app. Similar to Apple or Google Pay, you can use mobile wallets when shopping in physical shops as cryptocurrencies become more popular and acceptable. Mobile wallets may be safer compared to online wallets and also be easy to use on the go.
AirGap is a wallet, that allows you to keep your cryptocurrency securely on your mobile. AirGap is a system with two device access: you can use your old mobile device as a hardware wallet using the AirGap Vault app to keep the private key there; while your working smartphone will have the wallet itself. The connection occurs with QR codes, this ensures a genuine one-way communication between AirGap Wallet and AirGap Vault. This implies that no private information ever leaves the air-gapped old phone. Besides Tezos, AirGap supports diverse amount of cryptocurrencies.
In spite of being a lightweight wallet, Tezos.Blue does not scant on security or its features. It is an original app and that is why it gets strong protection straight from the operating system. Using the Tezos.Blue you will have actual updates from the network for a truly live operational comfort. Tezos.Blue is also available in a desktop version. Tezos.Blue is also available in a desktop version.
Desktop wallet can be downloaded and installed on a computer. Desktop wallets may be safer if your computer is not, or more preferably, has never used the Internet connection. Desktop Wallets are perfect for storing large amounts of crypto that you don’t want to use on an everyday basis.
HD wallets (hierarchical deterministic wallet) are the wallets that use a single 12 or 18-word mnemonic phrase that is used to identify following addresses and private keys in a wallet software. Atomix is HD wallet that supports Tezos, it merges benefits of decentralized and centralized exchanges. With Atomix, all private keys are kept encoded on the computer. No identity verification or registration is required to use the wallet.
Simplestaking is Tezos focused wallet being a web app and desktop app with support for hardware wallet Trezor Model T. The wallet is developed using NgRx state management and Angular framework.
Galleon Tezos Wallet (Tezori)
Galleon is a smart open source wallet for XTZ that supports both hardware and software wallets on Windows, Linux and Mac. It was developed by Cryptonomic and funded by the Tezos Foundation.
Tezos CLI Wallet
The Tezos CLI wallet can be used by those users who have some coding understanding while it requires the use of command lines. Tezos has mentioned the wallet on its website and has been audited by an independent external security inspector. As the Tezos CLI needs some level of command line knowledge, it can be quite difficult to use.
How to keep your wallet safe
A cryptocurrency wallet can be regarded as a regular wallet with money, but it has advanced features, which increases the level of risk. Simple rules will help prevent the loss of your own savings:
Do not store large amounts for long periods on wallets that do not provide full control. It is better to store large amounts for a long time only in wallets that provide full control over the private key and, accordingly, over digital assets. This will help protect your coins against fraud and cyber attacks.
Encrypt information and back up private keys. In case of reinstalling the PC or the occurrence of force majeure situations, this will help to restore access to the wallet quickly.
Store secret keys on an offline device. It is preferable to use a platform that is not accessible for hacking via the Internet.
Use reliable antivirus software and update it regularly. This will prevent the leakage of personal data that hackers can use to crack passwords.
Register several types of wallets. It will allow you to distribute your funds and use the most suitable wallet depending on the situation.
If you use your Tezos wallet wisely and do not neglect the precautions, the risk of funds loss will be minimized.
Can ParamountDax Challenge Binance, Poloniex, and Bitfinex?
https://preview.redd.it/cmgzvivop8y31.png?width=540&format=png&auto=webp&s=efae868fb8d23b08d126359e06ee28be02350325 Dear Community, ParamountDax’s dream of becoming a cryptocurrency giant seems to become more achievable day by day, however, cryptocurrencies have noticeable challenges both at the technical and the social level, so let’s dive in. The majority of well-known large exchanges have encountered unforeseen problems, for example, Binance, Bittrex, Poloniex. ParamountDax is a promising platform for cryptocurrency exchange, which took into account all the flaws of its competitors and created a unique and comfortable platform for its users. A few important steps before joining an exchange: Reputation — reputation is always the major point, which defines the brand in general. Security — is the second and very important way to identify the right platform, as it’s important to know your money is safe. Fees — some bitcoin exchanges are taking a fee on every transaction like withdrawal, deposit, or trading, some of them are not. Choose the platform according to the kind of trader you are. Payment Methods — every platform has different methods, make your own analysis and find out what fits you more. Verification Requirements and Geographical Restrictions — are also important. Pay attention to this part before completing the registration. Support — The best services offer 24/7 support.
About: Binance is a China-based cryptocurrency exchange that gives users access to a robust set of trading tools, charts, and security features. Following a successful initial coin offering (ICO), Binance began live trading in July 2017. By offering both Basic and Advanced exchange interfaces, Binance makes it easy for beginners to use. Claims that: Low fees on transactions and withdrawals, Capable of processing 1.4 million transactions per second. Binance has a Basic and Advanced exchange view. Security: 2-FA and Google Authenticator to verify withdrawals. However, only Chinese phone numbers are supported for SMS 2-FA. View MVP: f the few crypto exchanges licensed before its launch date, ParamountDax serves the real needs of the crypto community. In this respect, we created a highly proficient, stable and secure centralized hub for crypto assets. ParamountDax is a Fully — Developed from the scratch, ready-to-use product implemented as a modern-age crypto trading exchange. ParamountDax gives users access to a robust set of trading tools, Trading from the charts, Advanced Market Detector, Daily profit up to 46%, Unique Trading Interface, The simplicity and depth chart are certain to satisfy the needs of any trader at any experience level and security features. About: As one of the few crypto exchanges licensed before its launch date, ParamountDax serves the real needs of the crypto community. In this respect, we created a highly proficient, stable and secure centralized hub for crypto assets. ParamountDax is a Fully — Developed from the scratch, ready-to-use product implemented as a modern-age crypto trading exchange. ParamountDax gives users access to a robust set of trading tools, Trading from the charts, Advanced Market Detector, Daily profit up to 46%, Unique Trading Interface,The simplicity and depth chart are certain to satisfy the needs of any trader at any experience level and security features. Claims that: all features are on a single page without having to scroll down to the access order book, trade history, depth chart or other important information. Increase TPS from 100.000 to 1 million transactions per second, Low fees. Multi-language capabilities (it is does not matter what nationality a consumer is). Security: Risk-Free, Unique security measurements for all users including insurances against hack and employee mistakes, cold wallet storage POLONIEX About: Poloniex launched in 2014 and is based out of Wilmington, Delaware, in the United States. Poloniex is a widely used exchange based in the US. It is the largest cryptocurrency exchange in terms of volume. Users can trade almost every crypto coin. It also presents unrestricted access to previous charts of cryptocurrencies. Claims that: there are many features that experienced traders will appreciate. You can find a range of efficient data-analysis tools, along with very detailed charts that let you make educated decisions regarding trades. The high-volume nature of Poloniex also appeals to traders, particularly the ability to do lending and margin trading. Security: Poloniex takes care of security in multiple ways. To keep hackers out, it stores the majority of customers’ deposits in air-gapped cold storage offline.
About: since 2014, Bitfinex has emerged as one of the world’s leading bitcoin exchanges. Based in Hong Kong, the company first entered the market in 2012 and has enjoyed steady expansion ever since. In addition to bitcoin, it provides access to the world’s leading altcoins as well as full-spec wallet services. Claims that: in addition to being widely recognized as the world’s largest bitcoin exchange, Bitfinex offers a customizable interface that allows you to personalize your workstation. The platform is fully equipped with margin trading and ten different order types that give you the opportunity to trade the market without limitation. Security: because Bitfinex gets a lot of its liquidity from Tether, many people are concerned that the exchange might not be as financially secure as it claims to be. But it was not any precedents yet. In Conclusion, ParamountDax offers new tools that satisfy the needs of any trader, which will set its standards for ideal trading. ParamountDax clients are able to count on the answer at their requests 24 hours 7 days a week. Other exchanges could keep silence a few months and the user will stay without helpful information. The aim of the ParamountDax team is to meet worldwide demand. Good luck! And see you soon! Website : https://paramountdax.io/ View MVP : https://staging.paramountdax.com And here’s how to get involved with the ParamountDax community: Telegram : https://t.me/joinchat/LNehJxUX9sVoZabNrnaEZA Twitter : https://twitter.com/ParamountDax Facebook : https://www.facebook.com/Paramountdax-2024636494500768 Bitcointalk: https://bitcointalk.org/index.php?topic=5137789.0 Reddit: https://www.reddit.com/ParamountDax/
Hey all, I've been researching coins since 2017 and have gone through 100s of them in the last 3 years. I got introduced to blockchain via Bitcoin of course, analysed Ethereum thereafter and from that moment I have a keen interest in smart contact platforms. I’m passionate about Ethereum but I find Zilliqa to have a better risk reward ratio. Especially because Zilliqa has found an elegant balance between being secure, decentralised and scalable in my opinion.
Below I post my analysis why from all the coins I went through I’m most bullish on Zilliqa (yes I went through Tezos, EOS, NEO, VeChain, Harmony, Algorand, Cardano etc.). Note that this is not investment advice and although it's a thorough analysis there is obviously some bias involved. Looking forward to what you all think!
Fun fact: the name Zilliqa is a play on ‘silica’ silicon dioxide which means “Silicon for the high-throughput consensus computer.”
This post is divided into (i) Technology, (ii) Business & Partnerships, and (iii) Marketing & Community. I’ve tried to make the technology part readable for a broad audience. If you’ve ever tried understanding the inner workings of Bitcoin and Ethereum you should be able to grasp most parts. Otherwise just skim through and once you are zoning out head to the next part.
Technology and some more:
Introduction The technology is one of the main reasons why I’m so bullish on Zilliqa. First thing you see on their website is: “Zilliqa is a high-performance, high-security blockchain platform for enterprises and next-generation applications.” These are some bold statements.
Before we deep dive into the technology let’s take a step back in time first as they have quite the history. The initial research paper from which Zilliqa originated dates back to August 2016: Elastico: A Secure Sharding Protocol For Open Blockchains where Loi Luu (Kyber Network) is one of the co-authors. Other ideas that led to the development of what Zilliqa has become today are: Bitcoin-NG, collective signing CoSi, ByzCoin and Omniledger.
The technical white paper was made public in August 2017 and since then they have achieved everything stated in the white paper and also created their own open source intermediate level smart contract language called Scilla (functional programming language similar to OCaml) too.
Mainnet is live since end of January 2019 with daily transaction rate growing continuously. About a week ago mainnet reached 5 million transactions, 500.000+ addresses in total along with 2400 nodes keeping the network decentralised and secure. Circulating supply is nearing 11 billion and currently only mining rewards are left. Maximum supply is 21 billion with annual inflation being 7.13% currently and will only decrease with time.
Zilliqa realised early on that the usage of public cryptocurrencies and smart contracts were increasing but decentralised, secure and scalable alternatives were lacking in the crypto space. They proposed to apply sharding onto a public smart contract blockchain where the transaction rate increases almost linear with the increase in amount of nodes. More nodes = higher transaction throughput and increased decentralisation. Sharding comes in many forms and Zilliqa uses network-, transaction- and computational sharding. Network sharding opens up the possibility of using transaction- and computational sharding on top. Zilliqa does not use state sharding for now. We’ll come back to this later.
Before we continue disecting how Zilliqa achieves such from a technological standpoint it’s good to keep in mind that a blockchain being decentralised and secure and scalable is still one of the main hurdles in allowing widespread usage of decentralised networks. In my opinion this needs to be solved first before blockchains can get to the point where they can create and add large scale value. So I invite you to read the next section to grasp the underlying fundamentals. Because after all these premises need to be true otherwise there isn’t a fundamental case to be bullish on Zilliqa, right?
Down the rabbit hole
How have they achieved this? Let’s define the basics first: key players on Zilliqa are the users and the miners. A user is anybody who uses the blockchain to transfer funds or run smart contracts. Miners are the (shard) nodes in the network who run the consensus protocol and get rewarded for their service in Zillings (ZIL). The mining network is divided into several smaller networks called shards, which is also referred to as ‘network sharding’. Miners subsequently are randomly assigned to a shard by another set of miners called DS (Directory Service) nodes. The regular shards process transactions and the outputs of these shards are eventually combined by the DS shard as they reach consensus on the final state. More on how these DS shards reach consensus (via pBFT) will be explained later on.
The Zilliqa network produces two types of blocks: DS blocks and Tx blocks. One DS Block consists of 100 Tx Blocks. And as previously mentioned there are two types of nodes concerned with reaching consensus: shard nodes and DS nodes. Becoming a shard node or DS node is being defined by the result of a PoW cycle (Ethash) at the beginning of the DS Block. All candidate mining nodes compete with each other and run the PoW (Proof-of-Work) cycle for 60 seconds and the submissions achieving the highest difficulty will be allowed on the network. And to put it in perspective: the average difficulty for one DS node is ~ 2 Th/s equaling 2.000.000 Mh/s or 55 thousand+ GeForce GTX 1070 / 8 GB GPUs at 35.4 Mh/s. Each DS Block 10 new DS nodes are allowed. And a shard node needs to provide around 8.53 GH/s currently (around 240 GTX 1070s). Dual mining ETH/ETC and ZIL is possible and can be done via mining software such as Phoenix and Claymore. There are pools and if you have large amounts of hashing power (Ethash) available you could mine solo.
The PoW cycle of 60 seconds is a peak performance and acts as an entry ticket to the network. The entry ticket is called a sybil resistance mechanism and makes it incredibly hard for adversaries to spawn lots of identities and manipulate the network with these identities. And after every 100 Tx Blocks which corresponds to roughly 1,5 hour this PoW process repeats. In between these 1,5 hour no PoW needs to be done meaning Zilliqa’s energy consumption to keep the network secure is low. For more detailed information on how mining works click here. Okay, hats off to you. You have made it this far. Before we go any deeper down the rabbit hole we first must understand why Zilliqa goes through all of the above technicalities and understand a bit more what a blockchain on a more fundamental level is. Because the core of Zilliqa’s consensus protocol relies on the usage of pBFT (practical Byzantine Fault Tolerance) we need to know more about state machines and their function. Navigate to Viewblock, a Zilliqa block explorer, and just come back to this article. We will use this site to navigate through a few concepts.
We have established that Zilliqa is a public and distributed blockchain. Meaning that everyone with an internet connection can send ZILs, trigger smart contracts etc. and there is no central authority who fully controls the network. Zilliqa and other public and distributed blockchains (like Bitcoin and Ethereum) can also be defined as state machines.
Taking the liberty of paraphrasing examples and definitions given by Samuel Brooks’ medium article, he describes the definition of a blockchain (like Zilliqa) as:
“A peer-to-peer, append-only datastore that uses consensus to synchronise cryptographically-secure data”.
Next he states that: >“blockchains are fundamentally systems for managing valid state transitions”.* For some more context, I recommend reading the whole medium article to get a better grasp of the definitions and understanding of state machines. Nevertheless, let’s try to simplify and compile it into a single paragraph. Take traffic lights as an example: all its states (red, amber and green) are predefined, all possible outcomes are known and it doesn’t matter if you encounter the traffic light today or tomorrow. It will still behave the same. Managing the states of a traffic light can be done by triggering a sensor on the road or pushing a button resulting in one traffic lights’ state going from green to red (via amber) and another light from red to green.
With public blockchains like Zilliqa this isn’t so straightforward and simple. It started with block #1 almost 1,5 years ago and every 45 seconds or so a new block linked to the previous block is being added. Resulting in a chain of blocks with transactions in it that everyone can verify from block #1 to the current #647.000+ block. The state is ever changing and the states it can find itself in are infinite. And while the traffic light might work together in tandem with various other traffic lights, it’s rather insignificant comparing it to a public blockchain. Because Zilliqa consists of 2400 nodes who need to work together to achieve consensus on what the latest valid state is while some of these nodes may have latency or broadcast issues, drop offline or are deliberately trying to attack the network etc.
Now go back to the Viewblock page take a look at the amount of transaction, addresses, block and DS height and then hit refresh. Obviously as expected you see new incremented values on one or all parameters. And how did the Zilliqa blockchain manage to transition from a previous valid state to the latest valid state? By using pBFT to reach consensus on the latest valid state.
After having obtained the entry ticket, miners execute pBFT to reach consensus on the ever changing state of the blockchain. pBFT requires a series of network communication between nodes, and as such there is no GPU involved (but CPU). Resulting in the total energy consumed to keep the blockchain secure, decentralised and scalable being low.
pBFT stands for practical Byzantine Fault Tolerance and is an optimisation on the Byzantine Fault Tolerant algorithm. To quote Blockonomi: “In the context of distributed systems, Byzantine Fault Tolerance is the ability of a distributed computer network to function as desired and correctly reach a sufficient consensus despite malicious components (nodes) of the system failing or propagating incorrect information to other peers.” Zilliqa is such a distributed computer network and depends on the honesty of the nodes (shard and DS) to reach consensus and to continuously update the state with the latest block. If pBFT is a new term for you I can highly recommend the Blockonomi article.
The idea of pBFT was introduced in 1999 - one of the authors even won a Turing award for it - and it is well researched and applied in various blockchains and distributed systems nowadays. If you want more advanced information than the Blockonomi link provides click here. And if you’re in between Blockonomi and University of Singapore read the Zilliqa Design Story Part 2 dating from October 2017. Quoting from the Zilliqa tech whitepaper: “pBFT relies upon a correct leader (which is randomly selected) to begin each phase and proceed when the sufficient majority exists. In case the leader is byzantine it can stall the entire consensus protocol. To address this challenge, pBFT offers a view change protocol to replace the byzantine leader with another one.”
pBFT can tolerate ⅓ of the nodes being dishonest (offline counts as Byzantine = dishonest) and the consensus protocol will function without stalling or hiccups. Once there are more than ⅓ of dishonest nodes but no more than ⅔ the network will be stalled and a view change will be triggered to elect a new DS leader. Only when more than ⅔ of the nodes are dishonest (>66%) double spend attacks become possible.
If the network stalls no transactions can be processed and one has to wait until a new honest leader has been elected. When the mainnet was just launched and in its early phases, view changes happened regularly. As of today the last stalling of the network - and view change being triggered - was at the end of October 2019.
Another benefit of using pBFT for consensus besides low energy is the immediate finality it provides. Once your transaction is included in a block and the block is added to the chain it’s done. Lastly, take a look at this article where three types of finality are being defined: probabilistic, absolute and economic finality. Zilliqa falls under the absolute finality (just like Tendermint for example). Although lengthy already we skipped through some of the inner workings from Zilliqa’s consensus: read the Zilliqa Design Story Part 3 and you will be close to having a complete picture on it. Enough about PoW, sybil resistance mechanism, pBFT etc. Another thing we haven’t looked at yet is the amount of decentralisation.
Currently there are four shards, each one of them consisting of 600 nodes. 1 shard with 600 so called DS nodes (Directory Service - they need to achieve a higher difficulty than shard nodes) and 1800 shard nodes of which 250 are shard guards (centralised nodes controlled by the team). The amount of shard guards has been steadily declining from 1200 in January 2019 to 250 as of May 2020. On the Viewblock statistics you can see that many of the nodes are being located in the US but those are only the (CPU parts of the) shard nodes who perform pBFT. There is no data from where the PoW sources are coming. And when the Zilliqa blockchain starts reaching their transaction capacity limit, a network upgrade needs to be executed to lift the current cap of maximum 2400 nodes to allow more nodes and formation of more shards which will allow to network to keep on scaling according to demand. Besides shard nodes there are also seed nodes. The main role of seed nodes is to serve as direct access points (for end users and clients) to the core Zilliqa network that validates transactions. Seed nodes consolidate transaction requests and forward these to the lookup nodes (another type of nodes) for distribution to the shards in the network. Seed nodes also maintain the entire transaction history and the global state of the blockchain which is needed to provide services such as block explorers. Seed nodes in the Zilliqa network are comparable to Infura on Ethereum.
The seed nodes were first only operated by Zilliqa themselves, exchanges and Viewblock. Operators of seed nodes like exchanges had no incentive to open them for the greater public.They were centralised at first. Decentralisation at the seed nodes level has been steadily rolled out since March 2020 ( Zilliqa Improvement Proposal 3 ). Currently the amount of seed nodes is being increased, they are public facing and at the same time PoS is applied to incentivize seed node operators and make it possible for ZIL holders to stake and earn passive yields. Important distinction: seed nodes are not involved with consensus! That is still PoW as entry ticket and pBFT for the actual consensus.
5% of the block rewards are being assigned to seed nodes (from the beginning in 2019) and those are being used to pay out ZIL stakers.The 5% block rewards with an annual yield of 10.03% translates to roughly 610 MM ZILs in total that can be staked. Exchanges use the custodial variant of staking and wallets like Moonlet will use the non custodial version (starting in Q3 2020). Staking is being done by sending ZILs to a smart contract created by Zilliqa and audited by Quantstamp.
With a high amount of DS & shard nodes and seed nodes becoming more decentralised too, Zilliqa qualifies for the label of decentralised in my opinion.
Generalised: programming languages can be divided into being ‘object oriented’ or ‘functional’. Here is an ELI5 given by software development academy: > “all programmes have two basic components, data – what the programme knows – and behaviour – what the programme can do with that data. So object-oriented programming states that combining data and related behaviours in one place, is called “object”, which makes it easier to understand how a particular program works. On the other hand, functional programming argues that data and behaviour are different things and should be separated to ensure their clarity.”
Scilla is on the functional side and shares similarities with OCaml: > OCaml is a general purpose programming language with an emphasis on expressiveness and safety. It has an advanced type system that helps catch your mistakes without getting in your way. It's used in environments where a single mistake can cost millions and speed matters, is supported by an active community, and has a rich set of libraries and development tools. For all its power, OCaml is also pretty simple, which is one reason it's often used as a teaching language.
Scilla is blockchain agnostic, can be implemented onto other blockchains as well, is recognised by academics and won a so called Distinguished Artifact Award award at the end of last year.
One of the reasons why the Zilliqa team decided to create their own programming language focused on preventing smart contract vulnerabilities safety is that adding logic on a blockchain, programming, means that you cannot afford to make mistakes. Otherwise it could cost you. It’s all great and fun blockchains being immutable but updating your code because you found a bug isn’t the same as with a regular web application for example. And with smart contracts it inherently involves cryptocurrencies in some form thus value.
Another difference with programming languages on a blockchain is gas. Every transaction you do on a smart contract platform like Zilliqa for Ethereum costs gas. With gas you basically pay for computational costs. Sending a ZIL from address A to address B costs 0.001 ZIL currently. Smart contracts are more complex, often involve various functions and require more gas (if gas is a new concept click here ).
So with Scilla, similar to Solidity, you need to make sure that “every function in your smart contract will run as expected without hitting gas limits. An improper resource analysis may lead to situations where funds may get stuck simply because a part of the smart contract code cannot be executed due to gas limits. Such constraints are not present in traditional software systems”.Scilla design story part 1
Some examples of smart contract issues you’d want to avoid are: leaking funds, ‘unexpected changes to critical state variables’ (example: someone other than you setting his or her address as the owner of the smart contract after creation) or simply killing a contract.
Scilla also allows for formal verification. Wikipedia to the rescue:
In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of intended algorithms underlying a system with respect to a certain formal specification or property, using formal methods of mathematics.
Formal verification can be helpful in proving the correctness of systems such as: cryptographic protocols, combinational circuits, digital circuits with internal memory, and software expressed as source code.
“Scilla is being developed hand-in-hand with formalization of its semantics and its embedding into the Coq proof assistant — a state-of-the art tool for mechanized proofs about properties of programs.”
Simply put, with Scilla and accompanying tooling developers can be mathematically sure and proof that the smart contract they’ve written does what he or she intends it to do.
Smart contract on a sharded environment and state sharding
There is one more topic I’d like to touch on: smart contract execution in a sharded environment (and what is the effect of state sharding). This is a complex topic. I’m not able to explain it any easier than what is posted here. But I will try to compress the post into something easy to digest.
Earlier on we have established that Zilliqa can process transactions in parallel due to network sharding. This is where the linear scalability comes from. We can define simple transactions: a transaction from address A to B (Category 1), a transaction where a user interacts with one smart contract (Category 2) and the most complex ones where triggering a transaction results in multiple smart contracts being involved (Category 3). The shards are able to process transactions on their own without interference of the other shards. With Category 1 transactions that is doable, with Category 2 transactions sometimes if that address is in the same shard as the smart contract but with Category 3 you definitely need communication between the shards. Solving that requires to make a set of communication rules the protocol needs to follow in order to process all transactions in a generalised fashion.
There is no strict defined roadmap but here are topics being worked on. And via the Zilliqa website there is also more information on the projects they are working on.
Business & Partnerships It’s not only technology in which Zilliqa seems to be excelling as their ecosystem has been expanding and starting to grow rapidly. The project is on a mission to provide OpenFinance (OpFi) to the world and Singapore is the right place to be due to its progressive regulations and futuristic thinking. Singapore has taken a proactive approach towards cryptocurrencies by introducing the Payment Services Act 2019 (PS Act). Among other things, the PS Act will regulate intermediaries dealing with certain cryptocurrencies, with a particular focus on consumer protection and anti-money laundering. It will also provide a stable regulatory licensing and operating framework for cryptocurrency entities, effectively covering all crypto businesses and exchanges based in Singapore. According to PWC 82% of the surveyed executives in Singapore reported blockchain initiatives underway and 13% of them have already brought the initiatives live to the market. There is also an increasing list of organisations that are starting to provide digital payment services. Moreover, Singaporean blockchain developers Building Cities Beyond has recently created an innovation $15 million grant to encourage development on its ecosystem. This all suggest that Singapore tries to position itself as (one of) the leading blockchain hubs in the world.
Zilliqa seems to already taking advantage of this and recently helped launch Hg Exchange on their platform, together with financial institutions PhillipCapital, PrimePartners and Fundnel. Hg Exchange, which is now approved by the Monetary Authority of Singapore (MAS), uses smart contracts to represent digital assets. Through Hg Exchange financial institutions worldwide can use Zilliqa's safe-by-design smart contracts to enable the trading of private equities. For example, think of companies such as Grab, AirBnB, SpaceX that are not available for public trading right now. Hg Exchange will allow investors to buy shares of private companies & unicorns and capture their value before an IPO. Anquan, the main company behind Zilliqa, has also recently announced that they became a partner and shareholder in TEN31 Bank, which is a fully regulated bank allowing for tokenization of assets and is aiming to bridge the gap between conventional banking and the blockchain world. If STOs, the tokenization of assets, and equity trading will continue to increase, then Zilliqa’s public blockchain would be the ideal candidate due to its strategic positioning, partnerships, regulatory compliance and the technology that is being built on top of it.
What is also very encouraging is their focus on banking the un(der)banked. They are launching a stablecoin basket starting with XSGD. As many of you know, stablecoins are currently mostly used for trading. However, Zilliqa is actively trying to broaden the use case of stablecoins. I recommend everybody to read this text that Amrit Kumar wrote (one of the co-founders). These stablecoins will be integrated in the traditional markets and bridge the gap between the crypto world and the traditional world. This could potentially revolutionize and legitimise the crypto space if retailers and companies will for example start to use stablecoins for payments or remittances, instead of it solely being used for trading.
Zilliqa also released their DeFi strategic roadmap (dating November 2019) which seems to be aligning well with their OpFi strategy. A non-custodial DEX is coming to Zilliqa made by Switcheo which allows cross-chain trading (atomic swaps) between ETH, EOS and ZIL based tokens. They also signed a Memorandum of Understanding for a (soon to be announced) USD stablecoin. And as Zilliqa is all about regulations and being compliant, I’m speculating on it to be a regulated USD stablecoin. Furthermore, XSGD is already created and visible on block explorer and XIDR (Indonesian Stablecoin) is also coming soon via StraitsX. Here also an overview of the Tech Stack for Financial Applications from September 2019. Further quoting Amrit Kumar on this:
There are two basic building blocks in DeFi/OpFi though: 1) stablecoins as you need a non-volatile currency to get access to this market and 2) a dex to be able to trade all these financial assets. The rest are build on top of these blocks.
So far, together with our partners and community, we have worked on developing these building blocks with XSGD as a stablecoin. We are working on bringing a USD-backed stablecoin as well. We will soon have a decentralised exchange developed by Switcheo. And with HGX going live, we are also venturing into the tokenization space. More to come in the future.”*
Additionally, they also have this ZILHive initiative that injects capital into projects. There have been already 6 waves of various teams working on infrastructure, innovation and research, and they are not from ASEAN or Singapore only but global: see Grantees breakdown by country. Over 60 project teams from over 20 countries have contributed to Zilliqa's ecosystem. This includes individuals and teams developing wallets, explorers, developer toolkits, smart contract testing frameworks, dapps, etc. As some of you may know, Unstoppable Domains (UD) blew up when they launched on Zilliqa. UD aims to replace cryptocurrency addresses with a human readable name and allows for uncensorable websites. Zilliqa will probably be the only one able to handle all these transactions onchain due to ability to scale and its resulting low fees which is why the UD team launched this on Zilliqa in the first place. Furthermore, Zilliqa also has a strong emphasis on security, compliance, and privacy, which is why they partnered with companies like Elliptic, ChainSecurity (part of PwC Switzerland), and Incognito. Their sister company Aqilliz (Zilliqa spelled backwards) focuses on revolutionizing the digital advertising space and is doing interesting things like using Zilliqa to track outdoor digital ads with companies like Foodpanda.
Zilliqa is listed on nearly all major exchanges, having several different fiat-gateways and recently have been added to Binance’s margin trading and futures trading with really good volume. They also have a very impressive team with good credentials and experience. They dont just have “tech people”. They have a mix of tech people, business people, marketeers, scientists, and more. Naturally, it's good to have a mix of people with different skill sets if you work in the crypto space.
Marketing & Community
Zilliqa has a very strong community. If you just follow their Twitter their engagement is much higher for a coin that has approximately 80k followers. They also have been ‘coin of the day’ by LunarCrush many times. LunarCrush tracks real-time cryptocurrency value and social data. According to their data it seems Zilliqa has a more fundamental and deeper understanding of marketing and community engagement than almost all other coins. While almost all coins have been a bit frozen in the last months, Zilliqa seems to be on its own bull run. It was somewhere in the 100s a few months ago and is currently ranked #46 on CoinGecko. Their official Telegram also has over 20k people and is very active, and their community channel which is over 7k now is more active and larger than many other official channels. Their local communities) also seem to be growing.
Moreover, their community started ‘Zillacracy’ together with the Zilliqa core team ( see www.zillacracy.com ). It’s a community run initiative where people from all over the world are now helping with marketing and development on Zilliqa. Since its launch in February 2020 they have been doing a lot and will also run their own non custodial seed node for staking. This seed node will also allow them to start generating revenue for them to become a self sustaining entity that could potentially scale up to become a decentralized company working in parallel with the Zilliqa core team. Comparing it to all the other smart contract platforms (e.g. Cardano, EOS, Tezos etc.) they don't seem to have started a similar initiatives (correct me if I’m wrong though). This suggest in my opinion that these other smart contract platforms do not fully understand how to utilize the ‘power of the community’. This is something you cannot ‘buy with money’ and gives many projects in the space a disadvantage.
Zilliqa also released two social products called SocialPay and Zeeves. SocialPay allows users to earn ZILs while tweeting with a specific hashtag. They have recently used it in partnership with the Singapore Red Cross for a marketing campaign after their initial pilot program. It seems like a very valuable social product with a good use case. I can see a lot of traditional companies entering the space through this product, which they seem to suggest will happen. Tokenizing hashtags with smart contracts to get network effect is a very smart and innovative idea.
Regarding Zeeves, this is a tipping bot for Telegram. They already have 1000s of signups and they plan to keep upgrading it for more and more people to use it (e.g. they recently have added a quiz features). They also use it during AMAs to reward people in real time. It’s a very smart approach to grow their communities and get familiar with ZIL. I can see this becoming very big on Telegram. This tool suggests, again, that the Zilliqa team has a deeper understanding what the crypto space and community needs and is good at finding the right innovative tools to grow and scale.
To be honest, I haven’t covered everything (i’m also reaching the character limited haha). So many updates happening lately that it's hard to keep up, such as the International Monetary Fund mentioning Zilliqa in their report, custodial and non-custodial Staking, Binance Margin, Futures & Widget, entering the Indian market, and more. The Head of Marketing Colin Miles has also released this as an overview of what is coming next. And last but not least, Vitalik Buterin has been mentioning Zilliqa lately acknowledging Zilliqa and mentioning that both projects have a lot of room to grow. There is much more info of course and a good part of it has been served to you on a silver platter. I invite you to continue researching by yourself :-) And if you have any comments or questions please post here!
User account menu. 8. Not using the ColdCard air gapped. Close. 8. Posted by. 1 month ago. Not using the ColdCard air gapped. Hey there, I recently got myself a ColdCard that I want to use with my already set up Bitcoin full node and Electrum Personal Server and I have read here and in many other places that the most secure way to use the ColdCard is air gapped by using PSTBs. I looked into ... Learn to use Specter wallet. Specter works as a watch only wallet that can create and broadcast single signature and multi-signature bitcoin transactions. Cryptoexchangescript.com-Cryptocurrency/bitcoin exchange script software.A complete solution to start your own bitcoin trading or exchange platform instantly.The website provides demo with 100% source code, go to market options and easy setup. Shopping Cart Integration in eCommerce-Systems Sending transactions from a cold wallet on an air-gapped machine is a multi-minute, multi-step process. Thus this type of cold wallet is really only suited for long term storage where withdrawals will only be made infrequently. Deposits, on the other hand, are easy. *Sometimes you’ll see a software cold wallet referred to as a “paper wallet.” This is a reference to the piece of paper ... Step 2: Select “New Account” Step 3: Name your wallet. Step 4: Plug in your wallet and click “Scan Device” (Coldcard, Ledger, Trezor) *For Coldcard, you can set up in an air-gapped fashion through Coldcard Navigate *Import the xPub file with the “Import From File” button. Step 5: Set the number of signers needed to unlock funds
Bitcoin Watch Only Wallet with airgapped Cobo Vault & Electrum & Blue Wallet.
This video is unavailable. Watch Queue Queue. Watch Queue Queue In this guide you will learn how to setup a Bitcoin Air-Gap 2-of-3 Multisig Wallet and import into Electrum. The next video #11 (https://youtu.be/De6FDsf-UvA... This is the Ellipal Titan Hardware Air gapped Wallet review by BBT Carter. As a current Ellipal 2.0 Hardware Wallet user for the past year, this new iteratio... Watch this tutorial video, if you have an airgapped Cobo Vault Hardware Wallet and wish to create a Bitcoin Watch only wallet (=not for spending) connected t... Zach Herbert #AMA of FOUNDATION Devices Air Gapped Bitcoin Wallet Made in the USA Complete ... How to Set Up the START9 Embassy Personal Server With the Fully Noded App. - Duration: 8:46 . Bitcoin ...