Leaderboard

Still moving sideways to close out the year. The Down Trend Line is within striking distance. 2021 was a momentous year for crypto (coinbase IPO - El Salvadore making Bitcoin legal tender, etc) and the space is set up nicely for 2022. In 2022 I'm looking forward to the following: 1. An end of the SEC's lawsuit against Ripple, 2. XRP relisting on Coinbase, 3. XRP making a new ATH, 4. Bitcoin breaking $100k, then $200k, then $300k and hopefully $400k, 5. Receiving my Spark tokens, 6. DeFi growing on the XRP Ledger, 7. Tokenized securities on Sologenic, 8. Financial Institutions offering custody of crypto for individuals, 9. More countries making Bitcoin Legal Tender, 10. A "physical" Bitcoin ETF in the USA, Congratulations to those that stuck with crypto for 2021, if you got in, in January 2021 and stuck around, for the most part you made out like a bandit - that 100x+ gains were made, shows how early we still are in this space. I think in 2022 we do even better. Cheers Happy New Year!!

I'm super sorry to hear this happened to you 🙁 We rarely get reports like this but I hate to admit we do get the occasional report every now and then. Please note XUMM is non custodial, key generation and entropy collection happens locally and keys are never sent anywhere, not even in encrypted state. We know close to nothing about our users. XUMM is open source, several developers confirmed this (and anyone can). We are super super careful about security, which is why we had our entire app and procedures audited recently. We will soon publish the report. The fact that there are no flaws resulting in secret exposure, entropy, etc. in our cryptography is important to us, and the audit showed (as per the experienced auditors) that it's clear that we indeed do mind security a lot. All of this of course doesn't help you, which I hate. But I feel it's worth a mention for the sake of users knowing they are safe. With over half a million unique user base, reports like this reach us only a few times a month. We take a look at vectors and security for each and every one of the reports carefully. The low amount compared to our active user base however still suggests there isn't a structural problem. Please also note that during a sign request flow, the secret still doesn't leave the device: XUMM signs locally and then only outputs the signed transaction to the XRPL and app that performed the sign request. We ask all users to think really hard and consider all possible attack vectors: usually if something like this happened there's more compromised, requiring a security sweep of your entire device. Here are some samples from the past months of things that happened to users resulting in a compromised account: 1. Secret originally not generated in XUMM but imported from elsewhere, so compromised before even hitting XUMM 2. Secret written down in (compromised) cloud account 3. Phone to repair shop, compromised there during (by) repair(shop) 4. User tricked into setting a regular key by an attacker 5. Users entering their secret in forms from scam fake airdrops 6. Users who migrated their phone and didn't fully wipe their old phone, resulting in an attacker performing a recovery on the old device 7. Not impossible, but highly unlikely: a fully compromised device checking phone memory during signing, when the secret is shortly in decrypted state. We have never encountered an attack like this, but if you have certain apps on your phone or didn't keep your OS up to date: not impossible. Malware that scans the device memory for keypairs does exist, and if this is active on your device you may at risk with other apps as well. 8. Secret generated by XUMM written down, but a picture taken leaked through a cloud account or backup. 9. We even had a developer who played with their account (secret) to sign locally/on a server, where the secret was compromised (one time even committed to GitHub) This may not be applicable on your situation, but all are worth considering. You may be at greater risk with other apps/data. Again: sorry this happened to you, please be safe, and consider all options and more carefully. Yours, Wietse (Founder of XRPL Labs, creators of XUMM) P.S. Please file a report with XRP Forensics, they work with exchanges trying to track and stop the funds stolen.

Couldn't help myself

@XrpdudeThe cycles never play out identical to the previous ones, there are always variations. Also the cycle may change or extend dramatically, but that remains to be seen. The last few days have spooked the market but as far as I'm concerned nothing haven't changed anything. I know a lot of people are panicked by the red candles the last few days but I am not one of them. I've made a few buys and plan to make more adding to my stack. BTC & LTC. XRP is a bargain right now.

@Offthegrid While I'm sad that you lost funds in the process, I'm really happy we had this discussion: I like to think it resulted in you realizing what the attack vector could have been/may have been, and it resulted in me being challenged to share useful information (for now, you & others following this thread and all future people referred to this thread). Thank you for updating your post (title, message). We have just found a little bit of information about the likely attackers. I'll DM it to you. Yours, Wietse

This is definitely an usual move by Ripple ... for any company, let alone a company that isn't publicly traded, and something I've never heard of for a 'startup' ... “Even after doing this repurchase, we have over a billion dollars in cash." Garlinhouse said. According to this report, Ripple secured funding at a $10B valuation in 2019, and has bought back at a $15B valuation. The 50% gain and buyback likely soothed any bad blood from Tetragon's (relatively) recent court actions. Very interesting. On a side note, it's good to know they can keep up the good fight with the SEC.

In recent years it has been fashionable to complain about youtubers and group them all as a waste of time. I think XRP community have some very high quality You tubers that are worth following for their high quality content. This you tube by Crypto Eri is typical of the good quality information being put arround by these You Tubers. I find you tubers are keeping me up to date in a blockchain world that is becoming ever more complex Paul Barron has become an excellent place to find new coins King solomon and Leonidas have both been putting out new research into the XRP ecosystem I do not like Digital Asset Investor's style, but he can be credited with turning the SEC case around and inspiring a host of small time Sleuths investigate ETHgate Coins Kid and Block Chain Backer have been giving insightful commentories on technical analysis John Deaton and Jeremy Hogan have been leading the anaysis the SEC case The quality of You Tube videos about XRP has never been better

After a 4 month pause, Jed McCaleb has started selling his XRP again, with 700m XRP left in his tacostand wallet.

The Year In Review: Crypto Is Here. Get Used To It, Washington. Roslyn Layton Senior Contributor Enterprise Tech https://www.forbes.com/sites/roslynlayton/2021/12/30/the-year-in-review-crypto-is-here-get-used-to-it-washington/?sh=4f99ca502e79

On Twitter John Deaton has created a site for international XRP holders to participate and reach out to the US Congress. This is your chance to have a voice and be heard! I would attach a link, but as embarrassed as I am to admit it, I'm not sure how from my phone. If someone knows, please share and add the link. Collectively, we can have our voices heard. Let's support John Deaton!!!!!!

Browsed around and didn't see this shared. Was supposed to be implemented months ago but the COVID pandemic delayed it's launch. Here's an article that discusses the recent development. https://www.pymnts.com/news/banking/2022/bank-of-tanzania-plans-february-launch-of-instant-payment-system/

Mr Gorfine CFTC - nobody from the SEC corrected these assumptions, because ultimately the corrupt at the SEC had managed to convince everyone else at the time, that this was the SEC's official position, including a lot of the people who worked at the SEC. The Stupid Enforcement Clowns, couldn't even work out what was or was not a security in the crypto space, so just went with, well Billy and JC seem to think ETH is not a security, so sounds OK to us, even though, JC & BH were pulling off the con of the century for themselves and their friends and that's technically what the SEC is supposed to prevent, corrupt stupid morons.

Bought a little of a bitcoin today at $41,200. The most expensive bitcoin I've ever purchased.

Hmm!! A Nasdaq related custody entity rolls the dice??? Something is afoot that we are not privy too because you don't roll these types of dice without a behind the scenes view of the odds!! https://financefeeds.com/nevermind-ripple-lawsuit-digivault-becomes-first-accredited-custodian-support-xrp/

Most often when ppl talk of Ripple burning its allotment of XRP they wrap it around this idea that it will "create a healthier ecosystem", but what they really mean is that they want the price of XRP to go up to "increase the value of their personal investment" in XRP. Ripple's use case/business proposition for its allocation of XRP is not the same as XDC, HBAR, Stellar, or any other crypto asset. You say not to compare the XLM or DOGE burn to an XRP burn, but why not? Especially in regards to XLM. XLM and XRP are essentially two peas from the same pod. Yeah, the protocols may have been tweaked here and there, but there's no closer comparator to better gauge what a XRP burn would look like than XLM. Burning any digital asset doesn't do jack for price or ecosystem, utilization does. The whole point of Ripple escrowing its entire supply of XRP was to do just what you want in creating a healthier XRP ecosystem. They did so that the market wouldn't fear that they would dump unlimited amounts of XRP on exchanges. Ripple has always stated that XRP is strategic to its business and they will continue to build products and services like ODL and LoC that utilizes XRP. The key differentiator here is building the infrastructure/market for these XRP-based solutions and products (i.e. utility). This takes TIME as there are many factors to consider (i.e. regulations, compliance, liquidity, etc.) Ripple has been racking up partnerships/collaborations and educating global regulators for the past 10 years to create a marketplace and a flourishing ecosystem for XRP.

Another one rides the bus -Weird Al https://u.today/moroccos-largest-bank-joins-ripplenet

My 2 cents: If an important, vaccinated actor in this theater of the absurd got break-through Covid, and they need time to convalesce, then I wish them a prompt recovery (i.e. Judges Torres/Netburn, attorneys on either side, witnesses, etc) Any others are worthy candidates to be "accidentally tripped or headbutted" @RipMcGillicuddy ..

[Holy crap this is long. You should probably just ignore it.] I noticed recently that both Vagabond and XRPLCoins added criteria to filter out addresses from their snapshots after the snapshot happened in an attempt to fight off bots and other forms of misusing the airdrop. This was after both of them already required you to fill out forms on their site. I'm not trying to single those two out, and I'm not saying they did anything wrong, they're just the ones I noticed which got me thinking about this. Changing criteria after the snapshot is kind of a dick move, especially when you already make people do something extra beforehand like filling out a form in addition to just setting up a trustline. I get why it's done this way. If you release all the criteria ahead of time, the people you're trying to keep out will just adjust to the stated rules. And sometimes you don't even know what you're looking for until you take the snapshot and get a chance to analyze the data. From a practical standpoint, I understand it, but at least be up front that you're going to be doing additional unspecified filtering after the snapshot. What concerns me is that the ever-changing criteria used to fight off bots seem to be catching more and more honest, organic wallets in their nets. If I understand it correctly, Vagabond was looking at how many wallets a wallet applying for an airdrop activated. In the early days of the XRPL when there was real organic usage, people would have multiple wallets for various purposes. People would also activate wallets for others because XRP was less than a cent and not on a lot of exchanges. I've activated dozens of wallets and none of those activations were for the purpose of gaming airdrops. The criteria XRPLCoins used would seem to have excluded anyone who used a hot and cold wallet system. I've been buying up coins for the past few months, I've bought 10-15 different issued currencies. Heck, I'm one of only 26 people in the whole world who bought enough DKP before the snapshot to earn their special founders NFT. But I bought myself a hardware wallet for Christmas and sent almost all my coins over to that. My XUMM wallet with a bunch of trustlines with zero balance probably looks a lot like an airdrop harvester who just collects the coins and ships them off. The only difference is I'm exactly the type of person they want to drop to - if they give me a taste there's a good chance I'll buy more. I think what I'm trying to get at is you can't infer intent from on-ledger data. Yes, you can easily identify actions that airdrop farmers tend to take, but they're always going to include wallets who do those same things for perfectly legitimate reasons. The American in me wants to say you shouldn't exclude an address without explicit proof that they're doing something wrong. But from a practical perspective, not receiving a free airdrop isn't a punishment, and maybe projects are ok with 10 or 20% false positives if it keeps out the hordes of bots. I think projects need to think about where they want to fall on that spectrum and be open about it ahead of time. Another thing I noticed on Twitter is that whenever a project announced they've removed addresses who did thing X, there's suddenly this swell of commenters all condemning people who did X and calling them fraudsters and other names. Come on people. We're better than this. You can't judge a person for doing X any more than you can condemn a surgeon when the only thing you know about him is that he's sliced a lot of people open. There's a big difference between the surgeon and Jack the Ripper. I get that it's necessary to create a set of addresses that qualify and a set that don't, but we don't need to moralize it. It just is what it is. I think projects should explicitly announce their intended target audience when the airdrop is first announced. Is it supposed to be one airdrop per wallet, or one airdrop per individual, or one airdrop per household, etc? Is the airdrop supposed to be for small-time XRP holders, or whales, or both? You want to only drop to left-handed gingers? Fine by me, just make it clear ahead of time. It won't, in and of itself, stop people from breaking the rules, but when you are explicit about this stuff ahead of time, then you can in fact shame the people purposely tried to claim an airdrop that wasn't for them. I think most projects don't even think about creating strategic targets to distribute to, let alone announce who those targets are ahead of time, which is probably a missed opportunity on their part. Another thing that can be done is to base eligiblity on past actions so that it can't be gamed. If, for example you announce on January first that you're recording a snapshot for everyone who sets a trustline by February first, you might add the additional condition that to qualify a wallet must have met condition X on the previous December 1. That condition might need as simple as the wallet had to be activated or hold so much XRP or have performed so many trades on the DEX. Again, projects can view this not only as a way to weed out bots but to try to explicitly target the type of people who they want to distribute to. The original distribution of a coin is one of the hardest things to do well in crypto. It is famously Ripple's original sin (in their defense, they were so early, there was little previous experience to learn from). I'm big into Terra in addition to the XRPL and almost every project launch there runs into problems and results in a litany of grievances. I think there's a lot of value in studying what other networks do and learning from them. This may be blasphemy, but it may even be worth it to move away from the airdrop model as free stuff tends to attract people who just like free stuff because it's free stuff. Instead maybe think of ways to sell your coins to the people who are most interested in banking your project. One example of a project launch on Terra that actually went well was White Whale. They used a Liquidity Bootstrap Pool (LBP). The initial launch took place over several days and the price started high (not low like most launches) and moved programmatically lower until it hit the point where real demand kicked in to start pushing it above the programmed price. By starting out high, it takes away the biggest advantages that bots have - speed. You're actually worse off by buying in early. It went smoothly and there was no big pump and dump that you usually get at launch. I'm not saying this is the only way to launch; it's just one example. I don't think there is any one best way - it will always depend on the specific situation. I don't think I really even have any definitive answers. I just think it's worth it for projects to put more effort into thinking about how they launch on the XRPL.

Vid from our old friend Mickey below. Key info at this medium post: https://flarefinance.medium.com/exfi-sgb-snapshot-update-435bd9a6b005 This will be the first time I am planning to use the FF platform. This is what we can use it for: How can I use $EXFI? $EXFI will be used in various ways across the ExFi Platform including: 1. Being used as a fee replacement token on FlareX. 2. Being used to farm for yield in the form of $SFIN on FlareFarm. 3. Being used to create $CAND on FlareLoans, which can optionally be used to farm more $SFIN. Additionally, when the remaining 4 products are released, $EXFI will be used to: 1. Purchase NFT’s and participate in auctions on FlareDrop. 2. Provide to coverage pools and purchase coverage on FlareMutual. 3. Vote on FlareGovernance and enact change across ExFi. According to the vid, you will be able to solo stake ExFi to get SFIN. This will be most attractive to most people because risk is basically nothing and there is nothing to understand about it, but I'm guessing the yield will be low. So I'm interested in looking at the option of going into a liquidity pool with the tokens. So my understanding is that to do that I would need 2 tokens. If I wanted to use ExFi and CAND then I could mint CAND using some ExFi and then put both of them in a LP in order to get SFIN. I think I have that right. At the moment the website is not up so I can't go into FlareX or FlareFarm (I assume they are setting up for the drop). So that's what I'm thinking. Would appreciate any other speculation about what might be a good thing to do with these things. Also happy new year to all.

Honestly I think the original Flare (FLR) drop was (or will be) the best way to go. If you airdrop magic beans to any account with no upfront costs (even with blacklists, etc), it always causes inevitable problems and arguments and suddenly you have endless freerider f*ckery to manage. IMO Flare Networks made the right decision to drop it to those who'd already accrued value, i.e. to stakeholders. And they gave people time to accumulate XRP if they hadn't already. But they also just made some basic, common sense moves, like stripping Ripple, Jed, Britto, et al, of any chance of receiving FLR tokens. This forged good will among the community. This idea that somehow crypto can create equity, or engineer "fairness" is really deluded and even dangerous, IMO. Wealth inequality is a structural phenomenon, not a political or ideological one. It's more like hard physics, not flakey sociology. The problem Flare have is appalling communication. From the start, but just one example: they made the most basic, moronic mistake (in the same way Ripple did), by naming everything related to the network from the very beginning... after the network! Holy Jesus, of all the possible names! So after years of us learning hard lessons about the massess confusing ripples vs Ripple vs XRP (which contains RP, i.e. RIpple Protocol/Pay), Flare went ahead and said, "OK let's do the exact same, but worse! So the network is Flare, ok but... the token is Flare too – FLR! But wait! Actually it's Spark, but we're keeping FLR anyway, because it's Flare, but umm, not Flare the COMPANY! No no no, that's Flare Limited, silly! Not to be confused with Flare Networks, obviously, the original dev ops team which is separate from, you know, Flare Network itself. All clear?! Good, and of course there's Flare Finance, not a great name choice from them but..... .... ?!" Etc etc... F*ck my life. Sometimes coders and developers are simultaneously the smartest and dumbest people alive!

HOW MUCH MORE EVIDENCE DO WE ALL NEED THAN THE HEAD OF THE SEC TELLING THE MARKET THIS IS GUIDANCE, PERSONAL OPINION MY ARSE, UN F'ING REAL. EVERYONE SPREAD THIS CLIP AS FAR AND AS WIDE AS YOU CAN.

Yeah, but are you a system engineer?

TLDR: This is not a bug, it's a feature. https://xrpl.org/consensus.html#calculate-and-share-validations If you have constructive feedback beyond "it should be different" (sure, it would be nice to have a globally synced clock available - just please point to some implementations or papers in byzantine fault tolerant scenarios instead of simply referring to "databases") it would be great to read. Otherwise I hope that the explanation above clears up the misconceptions you apparently had about transaction ordering (it is _not_ based on time stamps at all).

Note: the judge made her judgement within a day of Ripple's response and she gave SEC the very minimum she had to remain fair to both sides; she is not wasting time herself, and she knows her prey are dishonest and slippery. She is nailing SEC to the floor, and also creating a situation where SEC will be brought to the negotiating table sooner rather than later. She is on our side, you can smell it.

Be sure to click through and read all of Deaton's comments.

It’s very possible Hinman and others at the SEC violated THE SHERMAN ACT. This is part of the investigation that Ripple is doing to uncover the violations. I wouldn’t be surprised if the results get turned over to the FBI...

Very interesting thoughts on ODL, Tranglo, Finastra and how mass adoption may already happening in front of us. Both threads are worth reading IMO, although speculative

Remember, Ripple's primary defense is that XRP is not, in fact, a security. This defense doesn't depend on any of the shenanigans at the SEC, but the nature of XRP and how it relates to securities laws. Ripple's secondary defense is the fair notice defense. This is where all that knowledge of what's going on at the SEC is useful. I think this gets the focus because it's an easier win, but it comes with a lot less long-term security. It's basically a ruling that the SEC could make cryptos securities in the future if it gets it's act together and issues clear regulations. Honestly, Ripple winning on their primary defense is the big prize. From the very beginning, Ripple thought everything through and did everything they could to create XRP in such a way that it wouldn't fulfill the requirements to be a security. That doesn't necessarily mean that they succeeded (we'll find out eventually), but almost no one other coin was created in such a way to protect themselves from American securities laws. It would be a huge win for Ripple; they would have basically slipped through the door and closed it tight behind them so others couldn't follow. Personally, I've stopped caring about securities laws. 99% of DeFi is securities according to American law. For the first time ever, the financial tools that were only available to the rich are available to everyone and the US government is blocking Americans from this opportunity, leaving the ones who dare to tread into DeFi unprotected from the actual thieves and malicious actors. It's downright evil.

Regulators and Incumbents usually work hand in hand. Regulation usually favors the incumbents and makes it harder for newer folks to come in. Andreesson & Horowitz + JP Morgan essentially built a vast empire by backroom dealing, and projecting the "banker's coin" narrative on XRPL instead, trying to stifle innovation outside of their personal area of influence. To be clear, companies do this all the time. Apple does it. Google, Amazon, Microsoft, so on. It's a form of corporate espionage. This is a multi-trillion dollar market. Ripple got schooled by the big boys and if they're good, they'll adapt quickly. The issue however, as you point out, is that regular people were directly damaged in this case. Usually retailers are collateral damage, in sort of an indirect way. Reduced competition => higher prices, stagnation in quality, etc. Like with the internet in the U.S., or Healthcare, or Banking etc. But in this case, people have directly lost money. The project lost the ability to foster development on a level playing field under the threat of regulation by enforcement. And some of us have to hear from people who haven't built businesses in their lives or managed companies trying to school us about how great the rest of the crypto-verse is compared to XRPL and Ripple. Don't lose hope. If you are able to, consider building on crypto. If not, continue being part of a constructive discourse as many of us are. Be grounded in reality and not up in clouds. If secondary sales of XRP are deemed non-securities in the U.S., that will change the tide of things very very quickly. We'll see a lot more development because there's no need to be afraid of the hanging knife of regulation any more. DeFi is still in trouble without a strong KYC program because money laundering and manipulation happens all the time, but we'll figure out a way.

This message is to inform all holders of Songbird (SGB) , XRP, and users of the Flare Network of a possible phishing attack against users of the Flare Network and the aftermath of this attack is still in effect. It was confirmed unofficially that the url: EXFI.XYZ was a Phishing website set up by scammers in lieu of the anticipated EXFI airdrop. The website appeared roughly mid-December 2021 bearing the name, EXPERIMENTAL FINANCE. A close examination of the Songbird blockchain shows an issuance of EXFI token under an id bearing exfi.xyz. It is likely that several Flare Network users were attracted to this site and logged in to test its features. But as people tried to log in, their credentials were likely compromised. The phishing website looked very similar to Flare’s current websites like Flare X, Flare Farms, and Flare Loans. However, the site did not function as the other three. The site attempted to get visitors to connect their wallets in order to interact with its services. The site gave three options to connect which was either via Secret Key, Metamask, and Ledger. The site as of now has been taken down by the Flare Team. But if anyone made attempts to log in to the site are likely compromised. It is likely but not confirmed that the individuals responsible for the attack are a hacking group out of Northern Africa. So far it is believed that users of Bifrost, DCENT, MetaMask, and LEDGER wallets may be compromised along with some others. As of now, corrective actions need to be taken in order to protect upcoming airdrops. If you are reading this message and has made attempts to login to that phishing site, you are likely compromised. At this time, you are urged to move your SGB, XRP, ETH and related tokens to a new wallet quickly as possible. If you have any tokens in Flare farms, Flare X, and Flare Loans, move them to the new wallet as quickly as possible. Unfortunately, the 0x…. addresses set to receive the EXFI and Flare airdrops cannot be changed at this time. So those wallets that are affected must be emptied shortly after the airdrops are distributed to them. As a temporary measure, please ensure that are no SGB are in the wallet as this will block any songbird tokens from being stolen For those who did not interacted with the phishing site, your coins and wallets are safe.

We do, we did, we keep on doing that, you and everybody else can count on that. Based on what you are writing I seem to read that you imported a secret generated elsewhere into XUMM? That would result in three possible attack vectors: Entropy (where the imported keypair was generated) Tool/environment it was generated (overlaps with #1) Keylogger, like you mention. To prevent keyloggers (or even screen coordinate loggers) with secrets generated with XUMM we use the Secret Numbers with numbers starting at a random position, requiring users to tap a +/- button. This way, a keylogger is useless. To prevent custom keyboards containing keyloggers, we force XUMM to use the OS native keyboard when entering a secret. Regarding 1 & 2: it would be useful to know where (how) you generated the keypair. Was it in a browser, and if so: which OS and browser? We have reason to believe the RNG is bad on some platforms/browsers, which is why we overrule the RNG to the secure OS native one on Android and iOS. We recently had that audited as well. Browser based paper wallets / keypairs are known not to be generated on full randomness. Which is a risk. If generated in a browser, I would advise to rekey all browser generated accounts, as bad RNG generated keypairs are not safe even if kept fully offline.