We recently launched a cryptocurrency trading platform that connects to top exchanges like Coinbase, Binance, and Kraken. We are building super-cool investing and trading tools that you can't find anywhere else and push out new features on a weekly basis. We are building out brokerage services and plan to launch iOS and Android apps in the near future.
We are a post-seed startup with a 6 person team of engineers. We come from top-tier fintech companies like OptionsCity, IMC Trading, Cboe Global Markets, and JP Morgan Chase. We are looking for a talented, driven, and practical engineer to join our team who has proven experience in Angular. Please apply here: https://www.covemarkets.com/careers/frontend/
Cove Markets is a venture-backed startup that builds crypto trading tools and analytics. We connect to multiple exchanges, including Coinbase, Kraken, and Binance, and allows users to trade Bitcoin, Ethereum, and other cryptocurrencies. We enable traders to execute on the best price in the market through advanced trading algos.
Our ambition at Cove Markets is to lower the total cost and increase transparency for CRYPTO TRADING in a heavily fragmented market. We operate CoveTrader, a free “best execution” trading and analytics platform for cryptocurrencies, including Bitcoin.
https://covemarkets.com
We are a team of 6 experienced engineers and are looking to add a senior backend engineer to the team. We primarily work in Java.
This is great. People need to be careful about inferring certain details from headline numbers. I think hospitals are also incentivized to test and label patient Covid if they can, since they'll be reimbursed more. In any case, it seems like the reason fatality rate is decreasing is that at-risk people (i.e. old, obese, respiratory issues, etc) are taking more precautions and being smart. The young continue to be stupid.
Under 30, driving on the highway is more likely to result in mortality than covid is. Risk adjusted, cocooning strategy is actually safer than quarantine, because quarantine forces multi-generational households. E.g. Opening universities leads to safer outcomes on balance than closing them.
Cove Markets | Senior Backend Engineer | Full-Time | Chicago, IL | REMOTE
Our ambition at Cove Markets is to lower the total cost and increase transparency for CRYPTO TRADING in a heavily fragmented market. We operate CoveTrader, a free “best execution” trading and analytics platform for cryptocurrencies, including Bitcoin.
This is very sad to see. I lived in Hong Kong in 2011-2012 and you could already see the tension whenever "mainlanders" came over, bought suitcases, then filled them up on luxury shopping trips. A lot of the spirit I saw from the people of HK seemed similar to that of Americans: fiercely independent, very entrepreneurial, and believed that things kept getting better.
I've been party to large Bitcoin transactions (100M USD or so). It had a team of people involved, each responsible for independently verifying the transaction before it was signed for correctness. It's hard to make mistakes if you have a group of engineers who are all tasked with ensuring the validity of a transaction with their own tools.
The fun bit is that the signer can backdoor transactions, and that part isn't something that can be verified by anybody who doesn't have the private keys.
>The fun bit is that the signer can backdoor transactions, and that part isn't something that can be verified by anybody who doesn't have the private keys.
Can you explain this? This is contrary to my knowledge of reviewing the details of a pre-signed transaction.
Sure. The basic idea is that signer can choose a ECDSA nonce (k) that they know, and leak the private key. If I choose a known nonce for my signature, I can recover the private key from the published transaction instantly. With some ECDSA magic, you can even produce a nonce that is only recoverable with another key that you hold. So a hardware wallet for example can backdoor transactions to leak the seed through the signature, or a specific key, or put any data there that they wish. The "offline signing" defense is only good for one way, as there's always data leaving the system which you can't easily audit.
This is only detectable if you have multiple signers signing the same transaction using the same private key and the same method for generating the nonce, and you compare them before broadcasting. So perhaps using hardware wallets from 3 manufacturers which all implement bit-identical implementations of the signer (with RFC6070 deterministic signatures), and treating the signed transaction as a private key leak until you've verified they all match.
For ECDSA a single bit bias in the nonce, or a single bit leakage of the nonce through other methods is enough to completely break the cryptography. So we could have hardware wallets that produce otherwise impeccable transactions and signatures, but leak a bit of the nonce in the ordering of the outputs, the lock time, the sequence numbers, and that would still be enough to steal all of the funds.
This stuff is trickier to get right than most people imagine.
That requires some sort of malware (or similar) installed on the device/software creating the transactions which has access to the private key to leak it via some predetermined way and is different from what I thought you were saying that a pre-signed transaction could directly send funds to an unwanted address without you knowing by inspecting the signed transaction itself before broadcasting it.
Regardless, whatever job you have where what you've said is a legitimate threat model sounds like the most interesting job in the space.
Oh no, inspecting the transaction means you know where the money goes, absolutely. There's just no assurance that it's all you need to be safe. Given the amount of absurdity going on in this industry you have to be very sure of things like hardware wallets. It would take zero effort to replace a Bitcoin hardware wallet with one that is backdoored, so it's a very real threat to many companies, if they know it or not.
If you never reuse an address, all of this concern goes away. Spending any funds from an address means spending them all, and then any private key leaked no longer matters.
I've never heard of someone successfully and unintentionally fat fingering a Bitcoin address typo to a valid Bitcoin address nobody owns. Fee box is a different thing, the recent $2.5m ETH headline you saw was not an accident but an attack/blackmail. Bitcoin core itself prevents you from using too high of a fee without an express override in the config.
>In short, the researchers claim that the hackers have gained access to an exchange’s funds. They are able to send money to certain whitelisted accounts that are marked as reliable in the exchange’s database to—but not to their own. So, they are sending the funds with excessively high transaction fees to sap the exchange’s accounts, and they’re demanding a ransom if it’s going to stop.
A 1 in 200 chance doesn't make much sense. In (legacy) addresses there's a 4 byte checksum done with sha256, so it should be something like a 1-in-4-billion (1 in 2^32) chance of a typo being valid. bech32 does something even smarter, but I'm not familiar with the details
Great article. I majored in Electrical and Computer Engineering roughly 20 years ago at a top US university. Even then, my classes were probably 2/3 international students. I fear that the recent rhetoric from the White House (shutting down H-1B visas) and general impact of Covid on globalism is going to make this problem in many countries like the US. Just as the legal and medical fields got saturated in the 80s and 90s and the preferred career track for high pay and job security, I predict that the same will happen with computer science in the near future. I think most future innovation will come from fields like biology.
We recently launched a cryptocurrency trading platform that connects to top exchanges like Coinbase, Binance, and Kraken. We are building super-cool investing and trading tools that you can't find anywhere else and push out new features on a weekly basis. We are building out brokerage services and plan to launch iOS and Android apps in the near future.
We are a post-seed startup with a 6 person team of engineers. We come from top-tier fintech companies like OptionsCity, IMC Trading, Cboe Global Markets, and JP Morgan Chase. We are looking for a talented, driven, and practical engineer to join our team who has proven experience in Angular. Please apply here: https://www.covemarkets.com/careers/frontend/