Reminds me of coinbase using mongodb with silent fail and no ACID transactions a few years back. And of course the mtgox fiasco. The amount of amateurishness in the cryptocurrency ecosystem is disappointing.
Hilariously enough, the only people to reliably not completely biff cryptocurrency service implementation have been illegal market sites. If they didn't plan to run off with the money in the first place, sites like these managed to operate for years at a time before (inevitably) being crushed by the long arm of the law. Talk about do-or-die code correctness and validation!
It’s worse when you want to store the coins yourself, so you withdraw from an exchange only to realise that the wallets available are either broken or have horrible UX.
I just don’t see how an altcoin without a functioning wallet can have billions of dollars of market cap.
Easy: $1 invested does not equal $1 in market cap. Not sure where I read this, but there was a post where a guy wrote he invested $5,000 in a coin and it increased the market cap by $4m.
As a buy pulls the latest price up, all of the other shares are worth more, and the opposite is true: for every sale, the price might slip down a bit; in the event of a large sell-off, you end up reaching zero value a lot earlier than everything can be sold off.
Market cap is a bit of a fantasy metric, but has utility - just less so for crypto where you can't make any comparisons to tangible assets, liabilities or even market potential.
Market cap is a useless number in the crypto world that people quote because it sounds nice. It is simply current price * number of outstanding shares [1]. It has no reflection on the actual money being put into the market, which is what people would like to transform it into in their heads.
> The amount of amateurishness in the cryptocurrency ecosystem is disappointing.
Only in the Cryptocurrency ecosystem? So far, what I've seen in the Startups I worked for is that most of them are staffed with 25 years old developers who work 80 hours a week but barely know what they are doing.
There is a chat group in Telegram, called "BitGrail Trollbox". It doesn't have a direct link, but one can join when searching the group name through client application. The Bomber dude is there, and it seemed like there is a discussion about what car to buy with all that money.
I was removed from it the instant I joined, maybe someone can join and quickly dump the chat log?
It seems relevant to add here that the most famous message from the trollbox was "What if price falls to 2k?", which became a popular meme in the community when talking about price. The guy was referring to satoshis instead of dollars though.
Many people believed BitGrail was a good guy, a tiny minority thought they were evil, and few believed that they were just plain stupid. And we believed that a centralised entity can paradoxically store Nano better than some web wallet, and waited patiently for Ledger support.
It's a shame that this stuff happened to Nano as the community is one of the best in crypto, with quite a lot of developer involvement [1].
If Nano meets it's TX throughput and speed guarantees, all of that while proving that the network is resistant to spamming or can cope with it by chain pruning effectively, this little DAG wunderkind will definitely be here to stay.
A large part of the early holders may be bitter by what happened on that Italian exchange though.
Nano's struggle resembles the Bitcoin Early Days. Being a Protocol Adopter means ultimately embracing the idea of being a lab rat. And rats may inherit the post-human (or post-fiat money) world.
So he personaly didn't lose any nano, only his customers did? And he's now using his personal, non-lost stash to buy a fancy car?
I don't see how this can possibly make the situation any better.
This seems to be based entirely on an anonymous post, at least as far as the linked tweet goes. It wouldn't really surprise me anymore if anything like this happened, but there doesn't seem to be any evidence here. Or did I miss something here and there is more than just the anonymous post here?
The referenced post [0] came to the same conclusion as my first thought: this was very possibly an intentional security hole to allow someone on the team to get away with something.
Don't attribute to malice what can be explained by stupidity ;)
There's been a shockingly high amount of young inexperienced devs involved in building for crypto. I remember making similar mistakes when I was starting out as a dev... except I wasn't solely responsible for systems handling millions of dollars.
Therein lies my skepticism. It's an industry that seems to be full of "oops we lost your money, trust me" problems. Malice becomes a lot more likely when life changing sums of money are involved.
Remember, a lot of these cryptocoins started out as toys, experiments or get-rich-quick schemes that were never seriously designed to handle millions of dollars. MtGox is perhaps the classic example here: the biggest Bitcoin exchange of its time started out life as a Magic the Gathering trading cards exchange, and just kept on hacking on that shitty codebase until it inevitably got pwned.
Don't attribute to stupidity what can be explained by malice.
Why? Especially in the crypto space with its history. I think you got the sentence backwards. It should be "Don't attribute to stupidity what can be explained by malice." In my experience, that's almost always the case.
The saying is true in the context it was initially meant for.
Most people you encounter throughout the day/week that somehow "wronged" you didn't do it out of malice, but stupidity, carelessness or plain disinterest.
I'm not so sure this was intentional, as some people have speculated, nor do I see any evidence that a check was not previously in place. Remember when Dropbox allowed anyone to login to an account without a password? [0] That doesn't mean Dropbox never checked passwords, or intentionally dropped the check. Especially in the crypto space, iteration happens fast and bugs like this can come up. It seems pretty obvious that they not only had a defect, but did not have the appropriate monitoring, or alternating in place to identify the issue either. I try not to leave coin on exchanges due to hacking, bankruptcy, fraud, etc.
I don't buy this claim. Negative numeric values would break the backend in 99% of scenarios.
I also don't really buy the claims he personally was involved in stealing the xrb. Bitgrail has existed for a while, and presumably the owner would have some interest in XRB, probably owning a substantial amount since it was worth nothing. Considering its meteoric rise, he probably became rich himself.
So why try to steal 170 million dollars in a scam where you're bound to be accused of being suspect number 1?
I've been closing this very closely for a few months. I think he thought he could arbitrage and benefit from the increase in BTC's price and get away with it somehow. The market came crashing down, XRB got listed on Binance and Kucoin and a lot of shadiness happened right around the same time.
I was expecting this "hack" to be announced and founder to exit-scam just based on his behaviour and actions he was taking.
I wouldn't be surprised at all if he ended up in jail.
remember, just ship it. doesn't work? ship it and let the users tell us what's wrong. maintenance nightmare? ship it and then ship it's replacement later. not designed for security? just get bob's cousin, who says he's a hacker to try it, then ship it.
I believe we're seeing a generation of developers with passions for things like client-side development and the "disruption" of cryptocurrency, who don't see the server-side as the true gold in the vault that it is.
While I don't necessarily disagree, wouldn't this be more of an example of naive server-side development? One of the first things you learn—as an educated—front-end developer is that you don't trust the client.
I completely agree. I just think that we're seeing a category of developers that consider the front-end to be of higher priority, with everything that goes with that mindset.
Absolutely. Performance on the server costs money. Data breaches cost money. I'm sure someone can quantify whether using a jQuery plugin instead of a React component has a cost associated with it, but I'd venture to say it's on a magnitude of order less than server-side concerns. I don't know that I'd say priority should be 100:1, but at least 10:1.
Very business dependent, but typically speaking the brunt of development effort (for tech businesses) is going to be on the backend in terms of man hours. In some orgs it's like 100:1 backend:frontend (or more?).
You certainly may be right about the ratio, but I think that this factor and the degree of importance are not mutually exclusive. At my last employer, this ratio was certainly present, and resulted in a sinful front-end implementation. The front-end was very important for customer experience (resulting in sales) but by the time management realized this, it was a massively arduous process to iterate on. Since server-side development was highly prioritized for a very long time, the two couldn't grow together, resulting in off the shelf solutions cobbled together with java server rendered static pages.
