Jump to content


  • Content count

  • Joined

  • Last visited

  1. CryptoPay's web site gives their address as 145/147 Hatfield Road, St. Albans, England, AL1 4YJ. The Google Street photo of that address shows the accountant firm's name & web address on a board on the wall.
  2. You mention CryptoPay, so I looked up their address on Google Street. Presumably, Brookman Chartered Certified Acountants are CryptoPay's accountants.
  3. You're right to be cautious with private keys/secrets, since the whole point of a hardware wallet is to shield them from the internet. If it helps though, a lot of the steps can be done on a disconnected computer, where you would be watching out for retrospective attacks rather than real-time attacks.
  4. Anyone can mine ETH, so there was never a possibility of it being declared a security. No uncertainty, so no price-depression.
  5. FinCEN didn't say anything about XRP being a security in their 2015-05-05 press release, after they imposed a $700000 civil money penalty on Ripple for violating “several requirements of the Bank Secrecy Act (BSA) by acting as a money services business (MSB) and selling its virtual currency, known as XRP, without registering with FinCEN, and by failing to implement and maintain an adequate anti-money laundering (AML) program designed to protect its products from use by money launderers or terrorist financiers.” As this article puts it, And as this article puts it,
  6. tev

    Does Claire still work for Ripple?

    Will the “XRP-is-a-security” court cases be decided on the basis of objective reality (whether or not XRP actually is a security) or on the basis of ex postfacto trivia such as Ripple employees posting on an XRP internet forum?
  7. It's worth checking their fees against the competition's, since they vary them from time to time. Other things to looks at: Whether they charge a flat fee or a percent (a flat fee could be better for a large cash-out…). How much liquidity there is on each exchange at the time. E.g. if trading volume were higher on the XRPL distributed exchange (DEX) than at Bitstamp, then it might be easiest to sell your XRPs for EUR.GateHub IOUs on the DEX and then redeem your EUR.GateHub IOUs for real Euros at GateHub. Or vice versa. Last time I sold XRPs for fiat was in August, and I used Kraken for part of it plus Bitstamp for the rest. I can't remember exactly why I did it that way, but I have an account with the same bank as Kraken, which may have affected the fees. Since then, I've learned that the XRPL distributed exchange allows you to place limit orders from a cold wallet, which is rather cool (pun unavoidable), so I may look into that if I sell any more XRPs (selling from a cold wallet eliminates the risk of XRP theft, but leaves you with IOUs denominated in EUR/USD/JPY/whatever, which would then have to be redeemed, probably through GateHub or Bitstamp). EDIT: Also, if you use a GateHub “trading wallet” to place trade orders , I think it means you're actually using the DEX. GateHub is unusual in that respect.
  8. Scenario 1 If you want them to hold real USDs or EURs on your behalf in a custodial account (i.e. if you're using them as a fiat on/off ramp), then they're required to know enough about you to tell if you're laundering money, especially when you withdraw USD or EUR. Scenario 2 If you're using the GateHub site purely as a transaction-signing tool for your own personal address on the XRPL, then GateHub don't have access to your funds (see this xrpchat comment and the 2016 post linked therein), so they're not required to collect your personal information (in this scenario, you can access the same funds using other wallet-software that's independent of (& safer than) GateHub, so it wouldn't make a lot of sense for GateHub to be held responsible for AML/KYC stuff). I've not logged into GateHub recently, but if I remember their terminology correctly, they call scenario 1 a hosted wallet, and scenario 2 a trading wallet.
  9. tev

    What do I BUILD on Codius?!

    Using a smart contract to track which private keys you keep in which wallet? That sounds like a Rube Goldberg machine. If someone sends BTC to an address in their BCC wallet, they haven't lost it. And if they think they have lost it, they're going to struggle with smart contracts.
  10. This is a lot like Through the Looking Glass:—
  11. My comment was quite long and rambling, so I apologize if the take-home message was lost. The take-home message is that it's inherently risky to use a transaction-signing protocol that involves an internet-connected web browser (yours) a remote server (e.g. GateHub) whatever lies between (the whole of the internet). This much complexity is risky! I'm aware of three services that do this: Omniwallet, MyMonero and [non-hosted] GateHub. The first two do all of their clever cryptographic signing stuff inside your browser: they never send your private keys to the server, and they use the server mostly just to view the ledger. But their users nonetheless lose money, and it's likely to be down to homograph attacks or keylogging or some other form of covert interception. I don't know if [non-hosted] GateHub works the same way as Omniwallet or MyMonero, but the point is, it's feasible to operate such a service without the server ‘knowing’ the users' private keys, and I'd be surprised if GateHub aren't protecting themselves from a gratuitous liability, by doing something at least vaguely similar. If you feel that GateHub didn't explain these risks clearly enough, then you probably have a valid complaint (I was aware of these risks before I discovered GateHub, so I can't be objective here). However, it's technically incorrect to equate a fancy transaction-signing system to a custodial account, which is what you've done implicitly in the above quote. Provided you know the secret for rwBvhoSmJGjhsbDfv66kKJY5unGip1BPBe, you don't need GateHub to use it (& if you don't know the secret, using it is a gamble), so it would be a stretch to claim that rwBvhoSmJGjhsbDfv66kKJY5unGip1BPBe is a custodial account with GateHub as the custodians.
  12. The author of the medium article deserves sympathy, having been the victim of a theft, but it looks like he's also the victim of his own misunderstandings. There's a quote from an email that the author received from one of GateHub's activist shareholders: …but the author of the medium article is, to say the least, imprecise in his response to the above: What's really needed here is a breakdown of what accounts the stolen funds moved out of and then into. Further up the page, the author tells us that the thief sent 32000 XRP to rHdNRDdqB1hSEHmPvCdnJvLU7W7oQsBGVq. So what does the ledger tell us about that address? It tells us that the 32000 XRP was sent from rPiGtVmyJzHfqZkXVPZUVuHvZDnQjcRr6T, so the obvious question is Does rPiGtVmyJzHfqZkXVPZUVuHvZDnQjcRr6T belong to GateHub or the the author? I'm a little out of my depth here, but that address's history doesn't look like an exchange's aggregate of multiple custodial accounts — it looks like a private individual's. So, it looks like the activist shareholder was correct in his assertion that the funds were not in a GateHub hosted wallet. I suspect that the author has failed to grasp the whole raison-d-être of crypto-assets — that they eliminate the need for custodial accounts. Indeed, he says that before the theft, he had 9.25 ETH in his account, when what he really had was a 9.25 ETH IOU isued by GateHub. If he's unaware of the difference between an asset (e.g. XRP at address for which he knows the secret) and an IOU (e.g. USD in his bank account or ETH.GateHubFifth at an XRPL address), then could it be that he thinks XRPL addresses are like bank account numbers? GateHub provide two services: A custodial account service (analogous to a bank account) and A transaction-signing software service for people who want to sign transactions that affect their own personal XRPL addresses, and who are willing to accept the avoidable risk that come with using a transaction-signing mechanism that has an enormous attack surface. Since (2) is accessed through the same web-browser interface as (1), I'm inclined to believe that the shared interface for two very different functionalities has reinforced the author's misunderstandings about what crypto-assets actually are. The moral: make sure you understand what you're putting your money into. Store crypto-assets at addresses for which you alone know the private key, and use cold signing for significant amounts.
  13. If the buyers of XRP have a reasonable expectation of profit based on Ripple's actions, why are the buyers paying prices that rise and fall in concert with other crypto-assets' prices. Ripple's fortunes are not tied to Bitcoin or Litecoin (though perhaps they should correlate inversely with Stellar…). The price of XRP is much more sensitive to the price of BTC than it is to anything that Ripple say or do.
  14. Why should a court ruling coincide with objective reality? The purpose of the law is to make lawyers richer, not to establish the truth.