Binance - CNET Download

The events of a SIM swap attack (and defense tips)

Posted this on Coinbase and someone recommend it also be posted here. The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove
with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CryptoCurrency [link] [comments]

The events of a SIM swap attack directed at Coinbase (and defense tips)

The information below on an attempted SIM swap attack was pieced together through a combination of login and security logs, recovering emails initiated by the attacker that were deleted and then deleted again from the trash folder, and learning from AT&T’s fraud representatives. The majority if this is factual, and we do our best to note where we are speculating or providing a circumstantial suspicion. TLDRs at the bottom.
The full story:
We were going about our business and received a text from AT&T that says “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” We did not request this, and were suspicious that the text itself could be a phishing scam since we searched the phone number and it wasn’t overtly associated with AT&T. Thus, we tried calling AT&T’s main line at 611 but all we hear is beep beep beep. The phone number is already gone. We use another phone to call AT&T and at the same time start working on our already compromised email.
While we didn’t see everything real time, this is what the recovered emails show. In less than 2 minutes after receiving the text from AT&T, there is already an email indicating that the stolen phone number was used to sign into our email account associated with Coinbase. 2 minutes after that, there is an email from Coinbase saying:
"We have received your request for password reset from an unverified device. As a security precaution, an e-mail with a reset link will be sent to you in 24 hours. Alternatively, if you would like your password reset to be processed immediately, please submit a request using a verified device.
This 24 hour review period is designed to protect your Coinbase account."
This is where Coinbase got it right to have a 24 hour review period (actually a recovery period) before allowing the password to be reset. However, the attackers knew this and planned to steal the second email from Coinbase by setting email rules to forward all emails to a burner address and also have any emails containing “coinbase” re-routed so they don’t appear in the Inbox. 5 minutes later, they request a password reset from Gemini and the password was reset to the attacker’s password within a minute after that. The next minute they target and reset DropBox’s password followed immediately with Binance. Less than 2 minutes later, an email from Binance indicates that the password has been reset and another email arrives a minute later indicating a new device has been authorized.
It’s at this point that we begin locking the attacker out by (1) removing the phone number as 2FA (2) changing the email password, (3) and three forcing a logout of all sessions from the email. There was a bit of back and forth where they still had an active login and re-added the stolen phone number as 2FA.
They added only one more password reset to a gaming account that was not deleted. I can only suspect that was a decoy to make it look like the attack was directed at gaming rather than finances.
The Gemini and Binance accounts were empty and effectively abandoned, with no balances and inactive bank accounts (if any), and no transactions in 1-3 years. DropBox had no meaningful files (they probably look for private keys and authenticator backups) and the phone number they stole from us was suspended, so as far as the attacker is concerned, there is no meat on this bone to attack again… unless they had inside information.
This is where I suspect someone internal at Coinbase receiving wire deposits has been compromised in tipping off ripe accounts – accounts with new and somewhat large balances. We had completed a full withdrawal of funds from Coinbase earlier in the year, and had a balance of less than $20 heading into May. Deposits to Coinbase staggered in to get above six figures through mid-May then stopped. The attack occurred 7 days after the last large wire deposit was made to Coinbase.
From the perspective of an attacker that had no inside information, we were a dead end with abandoned Gemini and Binance accounts with zero balances and stale transactions, no DropBox information, and the suspended phone number access. Our Coinbase deposits were known to no one except us, Coinbase, and our bank. We were also able to stop the hacker’s email forwarding before Coinbase’s 24 hour period to send the password reset, so this one didn’t work out for the attackers and it would make sense for them to move on to the next rather than put efforts into a second attack only for Coinbase - for what would appear to be a zero-balance Coinbase account based on the other stale accounts.
Then…23 hours and 42 minutes after the first attack, another message from AT&T “…Calls & texts will go to your new phone/SIM card. Call 866-563-4705 if you did not request.” Here we go again. We had been confident in AT&T’s assurances that our account had been locked and would not be SIM swapped again, so we unwisely added the phone number back to our email account as a backup (it’s now removed permanently and we use burner emails for account recovery like we should have all along).
Upon seeing that our phone number had been stolen again I knew they were after the Coinbase reset email that was delayed by 24 hours from Coinbase as part of their security. We did 4 things within 2 minutes of that text: (1) removed the phone number again from the email account – this time for good, (2) market sell all Bitcoin on Coinbase, (3) withdraw from Coinbase, (4) have AT&T suspend service on the phone line.
In speaking with AT&T, they were floored that our SIM would be transferred again in light of all the notes about fraud on the account and the PIN being changed to random digits that had never been used by us before. Based on the response of disbelief from AT&T on the second port, I suspect that this attack also involved a compromised AT&T employee that worked with the attacker to provide timely access to the Coinbase password reset email. Apparently, this has been going on for years: https://www.flashpoint-intel.com/blog/sim-swap-fraud-account-takeove with phone carrier employees swapping SIMs for $80s a swap.
Remember that most of this was hidden in real time, and was only known because we were able to recover emails deleted from Trash by the attacker.
Since we require any withdrawals to use Google Authenticator on Coinbase, our funds may have been secure nonetheless. However, under the circumstances with attackers that were apparently working with insiders to take our phone number twice in attempts to steal Bitcoin, and it being unknown if they had additional tools related to our Google Authenticator, we decided it was safer on the sidelines. The coins were held on the exchange for a quick exit depending on whether Bitcoin was going to break up or down from $10,000. A hardware wallet is always safest, but we were looking to time the market and not have transaction delays.
For some some security recommendations:
AT&T: If you are going to send a text saying that calls and texts are moving to a new number, provide a 10 minute window for the phone number to reply with a “NO” or “STOP” to prevent the move. This can escalate the SIM dispute to more trusted employees to determine who actually owns the line. Don’t let entry level employees swap SIMs.
Coinbase: Do not default to phone numbers as 2FA. Also, if someone logs in successfully with the password before the 24 hours are up, the password is known and there is no need to send the password reset email again for attacker to have forwarded to them. At least have an option to stop the password reset email from being sent. We did not tag our account at Coinbase with fraud because of the stories of frozen funds once an account is tagged. I’m not sure what the solution is there, but that is another problem.
Being a trader, it would be nice to think of Coinbase as any other type of security brokerage where your assets are yours (someone can’t steal your phone number and transfer your stocks to their account). We fell into that mindset of security, yet this experience has reminded us of the uniqueness of cryptocurrency and the lack of custodial assurance and insurance from exchanges because of the possession-is-everything properties of cryptocurrency.
As many have said before, 2FA with a phone number quickly becomes 1-factor authentication as soon as that phone number is associated with password recovery on your email or other accounts. Our overall recommendation is to avoid having a phone number associated with any recovery options across all your accounts.
TLDR on the process:
Scammers will steal your phone number (in our case twice in 24 hours) and use your phone number to access your email and accounts. They will use your email to reset passwords at financial accounts and file hosting such as DropBox. They will then use that combination to transfer any assets they can access from your accounts to theirs. They will do their best to hide this from you by
(1) not resetting your email password so as to raise suspicion,
(2) immediately delete any password reset emails you may receive from financial accounts to hide them from you,
(3) attempt to forward all emails sent to your address to a burner email, and
(4) set email rules to forward emails containing “coinbase” to an email folder other than your Inbox so that you don’t see the transactions and password reset emails that arrive to your inbox.
TLDR on defense tips: If your phone stops working or you receive a text of your number being ported do the following as soon as possible:
(1) log into your email account(s) associated with your financial accounts and remove your phone number as 2FA immediately
(2) change your email password,
(3) force a logout of all sessions from your email (at this point you have locked them out), then
(4) check your mail forwarding settings for forwards to burner addresses,
(5) check your mail rules for rerouting of emails from accounts such as Coinbase, and
(6) call your carrier to have them suspend service on your lost phone number and ask them to reinstate your SIM or get a new SIM. This will require a second phone because your personal phone number has been stolen.
We hope this helps some others be safe out there in protecting their coins. The more we know, the more we can protect ourselves. Wishing you all the best!
submitted by etheregg to CoinBase [link] [comments]

Re-Launching The Borderless, Unkillable Crypto-Fiat Gateway, DAIHard. Enter or Exit Crypto via Any Fiat and Any Payment Method, Anywhere in the World, Without KYC. All you need is a little Dai.

Some of you might recall recall our initial facepalm failed launch about 3 months ago (post-mortem here). Well, we're back--this time with an audit and some new features. This version of DAIHard should should die a little harder this time ;)

The Audit

After shopping around a bit in the auditor space, we decided to go with Adam Dossa--the very same Adam Dossa that actually found our launch vulnerability and responsibly disclosed it to us! You can see his report here. By the way, Adam has been a gem: friendly, professional, timely, and flexible. Definitely keep him in mind if you need an audit!

(Re)Introducing DAIHard

Following is an updated version of our original launch post. If you've already read that, you might want to skip to the heading What's New in v0.9.2. Or you can go straight to the app or go to our info site for more info!
Here is a legitimate concern most of us are familiar with:
To enter or exit the crypto economy, we rely on centralized exchanges such as Coinbase, which track their users, impose limits, and are tightly coupled to their jurisdiction and its banking system. And for all we know, any day now regulations could start tightening these controls further (*we've actually seen some of this play out in the two months since our first launch post). In light of this, can we say in any meaningful sense that crypto is anonymous, limtiless, borderless, immune to regulation, and (most importantly) unstoppable?
To really address this concern, we need a completely decentralized gateway between fiat and crypto: something that extends the benefits of crypto to the very act of moving between the old and new economies. But the design of such a platform is far from obvious.
(Localethereum comes close, but as discussed under Unkillable, it doesn't quite cut it. And Bisq is decentralized, but has significant UX hurdles.)
We believe we've found a solution. We are proud to present:

DAIHard v0.9.2 - Almost Definitely Not Broken This Time

If you want to jump right in, we recommend first watching our latest usage demo (7 min), then diving in and giving it a shot with a small amount of Dai. (Try it on Kovan first if mainnet is too scary!)
DAIHard extends many of the promises of crypto (borderless, anonymous, limitless, unstoppable) into the exchange mechanism itself, allowing anyone, anywhere to bypass centralized exchanges and the control they impose.
More concretely, DAIHard is a platform, run on smart contracts, for forming one-off crypto/fiat exchanges with other users, in which:
Again, our latest usage demo (7 min) shows this process in action.

Two drawbacks

You Need either xDai, or both Dai and Ether, to Use The Tool (At Least For Now)

If you want to buy Dai on DAIHard, you must already have Dai--1/3 of the amount you want to purchase--to put up as a burnable deposit. For example, if you only have 10 Dai now, you can only commit to buying 30 Dai, and must complete that trade before using the newly bought Dai to open up a bigger offer (for up to 120 Dai that time).
Most tragically of course, this means that if you don't already have some crypto, you can't use this tool to get crypto--this is why we avoid calling DAIHard an onramp specifically. This comes from the fact that both parties must have "skin in the game" for the game theory to work, and a smart contract can only threaten to burn crypto.
We have some ideas on how to address this drawback in the not-too-distant future, which we'll write about soon. For now it's time to launch this thing and get some users!

Dangerous and Scary To Use

In rare cases, a user may have to burn Dai and face a loss on the entire trade amount. The necessity of this ever-present risk is explained in detail in DAIHard Game Theory.
However, a cautious, rational user can gather information (possibly via our [subreddit](daihard)!) about how people have used the tool, successfully and unsuccessfully. They can then create a buy or sell offer with wisely chosen settings based on what has worked for others. Other cautious, rational users can find this offer and commit to the trade if they dare. We expect the vast majority of committed trades should involve rational, cautious users, and should therefore resolve happily.
Still, inevitably there will be sloppy trades that result in burns. As the tool is used, we'll be keeping a close eye on the frequency of burns and keeping you guys updated (perhaps via a "System Status" utility similar to the one found on MakerDao's explorer). In the end, though, we expect the risk in using DAIHard to be comparable to the risk of using any exchange or DNM: ever-present but low enough for the platform to be useful as whole.
So, while DAIHard will never shut down and can't perform an exit scam, the bad news is it's not risk-free. Users will have to approach DAIhard with the same level of caution they would with any new exchange (albeit for different reasons and with a different approach).
So what's the good news?

The Good News

While these drawbacks are significant, they enable some remarkable features that no other crypto/fiat exchange mechanism can boast.

Unkillable

(Correction: Bisq seems to have a decentralized arbitration system)
We are aware of no other crypto/fiat exchange platform that is truly unkillable. Bisq and localethereum comes close, but both localethereum relies on centralized processes of arbitration. This means their fraud-and-scam-prevention system can be sued, jailed, or otherwise harrassed--and if that part stops working, it doesn't matter how decentralized the rest of the system was.
DAIHard, in contrast, gives the users the power to police and punish each other, via the aforementioned credible threat of burn. This is simple game theory, and the rules of this game are etched permanently into the DAIHard Factory and Trade contract code: impervious to litigation, regulation, and political pressure.
This Factory contract has no owner and no suicide or pause code. It cannot be stopped by us or anyone else.
Like Toastycoin, this thing was immortal the moment it was deployed (even more immortal than RadarRelay, for example, which does rely on an ownership role). Both DAIHard and Toastycoin (and probably whatever we build next) will last for as long as a single Ethereum node continues mining, and it will remain easy to use as long as someone can find the HTML/JS front-end and a web3 wallet.
(The HTML/JS front-end (built in Elm, by the way, with the lovely elm-ethereum!) is currently hosted on Github pages, which is centralized--but even if Github takes down the page and deletes the code, it's a minor step to get the page hosted on IPFS, something that is on our near-term roadmap in any case)

No KYC, No Limits

It's smart contracts all the way down, so DAIHard never asks any nosy questions--if you have Metamask or some other web3 wallet installed and set up, with some ETH and Dai (or just xDai), you can immediately open or commit to a trade. You don't even need a username!
(In fact, we're so inclusive, even machines are allowed--no CAPTCHA here!)
You're limited only by the collateral you put up, so if you have 10,000 Dai you could open up a buy offer for 30,000 Dai (or a sell offer for 10,000 Dai) right now.
We do reccommend trying the tool out first with a small amount of Dai... But we're not your mom! Do what you want!

Borderless

It simply doesn't matter where you are, because DAIHard doesn't need to interface with any particular jurisdiction or payment system to work. DIAHard works by incentivizing people (or robots?) to navigate the particular real-world hurdles of bank transfers, cash drops, or other fiat transfer methods. These incentives work whether you're in America, Zimbabwe, or the Atlantic; they work whether the fiat is USD, EUR, ZAR, seashells, or Rai Stones; and they work whether your counterparty is a human, an organization, a script, or a particularly intelligent dog with Internet access.

Any Fiat Type, and Highly Customizeable

Here are some examples of the types of trades you might create or find on DAIHard.
As the DAIHard community grows, users will doubtless find much more creative ways to use the system, and we will discover together which types of trades are reliable and which are more risky. Because users can set their own prices and phase timeout settings, we expect the risky trades to charge a premium or have longer time windows, while the reliable ones rapidly multiply at close to a 1:1 price ratio, with quick turnaround times.

Extensible (with profit) by Third Parties

Not satisfied with our interface? Do you have some nifty idea for how to display and organize user reputation? Or maybe some idea for how trades could be chained togeher? Maybe you'd like to design a notification system for DAIHard? Maybe you just want a different color scheme!
Well, you won't need our permission to do any of this. Any tool that watches the same Factory contract will share the pool of trades, regardless of which tool actually creates the trade. This means we don't even have to fight over network effects!
And if you look closely at our fee structure, you might notice that only half of the 1% DAIHard fee is "hardcoded" into the Factory contract. The other half is set and charged by our interface. What does this mean for you? If you go out and make a better interface, you can essentially replace half of our 1% fee with your own fee--it's up to you whether it's smaller or larger than the replaced 0.5%.
The reason for this is to explicitly welcome other developers to extend what we've built. For as long as our team is the only one improving the platform, a threat to us is a threat to future upgrades. But if others begin extending the DAIHard platform too, then DAIHard will not only be unstoppable as it is today, but also grow unstoppably.

(For Real This Time) This Is a Big Fucking Deal

DAIHard is a turning point in crypto and a breakthrough in decentralized markets, and is an irreversible augmentation of the Ethereum platform.
What we've built is a gateway to crypto completely devoid of centralized components--rendering entry and exit to crypto unkillable, flexible, borderless, and private. Centralized exchanges, and the control they impose, can now be bypassed by anyone with Dai and a web3 wallet.

What's New in v0.9.2

There have been many changes made since our first failed launch, but there are two rather important ones: xDai support and reputation tools.

xDai support

DAIHard is now operational on xDai, a sidechain whose native token (xDai) is pegged to the Dai (and therefore $1). Add the xDai network to your Metamask (or just install Nifty Wallet), then switch to the xDai network in your wallet, to try it out. xDai has some pretty incredible benefits, compared to vanilla Ethereum:

Reputation tools

We now have a few reputation tools. First, on any open trade, there is a widget showing the number of releases, aborts, and burns the given address has been involved in as that role (buyer or seller). Clicking on this expands the widget to show more detailed information, and also provides a link to a page that lists each trade this user has been or is involved in.

What's next?

We have tons of ideas on how to improve the product--too many, in fact, to commit to any before we get a good chunk of user feedback. Here are some of our favorite ideas:

Near-Term, Smaller Features

  1. Lots of usability improvements.
  2. A "System Status" utility similar to the one found on MakerDao's explorer).
  3. Marketplace / My Trades rework.
  4. A "QuickTrade" page, offering Trade Templates as an alternative to the current Create Offer page.

Big Exciting Features

  1. Bootstrapping people with no DAI via other mechanisms and community outreach.
  2. Partial commits to trades. eg. Place a 10,000 DAI trade and allow it to be picked up in blocks larger than 500 DAI at a time.
  3. More chains, get this thing working on Bitcoin via Rootstock, on Ethereum Classic and Binance Chain.

Stay Informed!

A lot of the above features will be prioritized more clearly as we get user feedback, and we will be posting fairly frequent updates and articles on our info site. If you don't want to miss anything, note the subscribe widget and sign up!
submitted by coinop-logan to ethereum [link] [comments]

Substratum leads Round 2 of Monthly Community Voting Round - AMA Transcript Inside!

Hey guys, If you haven’t noticed on Binance’s monthly community voting round – it has been a tight battle but Substratum has been taking the lead.
I wanted to explain why Substratum has seemingly come out of no-where but has garnered some attention. Substratum is creating a solution to a very big obstacle in the world web. The below has been taken from Justin Tabb aka the Founder of Substratum and summarises what the purpose of the network is.
I hope you guys can support their vision by voting for Substratum (SUB) on the https://www.binance.com/vote.html.
The Substratum Network will bring the decentralized web worldwide without the need of special software for the average internet user. We will be able to serve Substratum Requests directly to the default browser (Safari, Firefox, Chrome, Internet Explorer) without any special software installed on the average consuming users computer.
How Substratum Works
Ease of Use: currently nearly everything that has to do with crypto or the blockchain is very difficult to use and requires technical knowledge. Through our 10+ years of experience working with companies like Apple we understand the importance of a good user experience.
• The average internet user requires NO special software to use the Substratum Network. The default browser will service all requests for average users so they do not need to do ANYTHING different. Users who wish to service requests and receive SUB coins in return will have a point and click user interface that any user can setup. No technical knowledge required. SubstratumPay will be seamlessly integrated and geared towards high conversions of low technical expertise users. • Serving Up of Decentralized Content: Substratum provides a method for serving Decentralized Content (including Web Sites, Data, and Applications) through a Mac, Windows, and Linux application/service that is easy to install and run (requires no technical expertise) and serves up decentralized content using the toolkit that we have developed. This is a point and click process and requires zero technical knowledge. All the user has to do is install the application, click through a few settings and they are up and running and making Substratum Coin. Incentivizing Users to Serve the Content: in order to incentivize users to run the Substratum Network client on their machine we will be providing Substratum Coin to them for doing so. The coin is issued to the serving machine through a micro-transaction from the hosting site to the serving computer. By breaking fees down to a micro-transaction level this will greatly reduce the overall cost to companies and entities that want to host sites and applications on the internet solving yet another problem with the web as it stands today.
Privacy / Security / Encryption: by allowing millions of Substratum Network users to serve content the biggest concern becomes privacy and security. Substratum solves these issues through advanced cryptography algorithms rooted in Artificial Intelligence that ensures all data remains secure. Following the lead of BitCoin this is the strength of cryptocurrency and the crypto movement. Storage and Serving of Content: in order to serve millions of sites, databases, and applications the Substratum Network employs custom developed advanced compression algorithms and machine learning to geolocate the right Substratum Network machine to serve up the content to the appropriate user based on geolocation, this will ensure the fastest load time with the lowest amount of latency and strain on the Substratum Network and both the serving and receiving machine. DNS (Domain Name System): DNS or the Domain Name System is the system that currently tells your browser where to go when you type in a domain name. For instance when you go to Chrome and type in apple.com a DNS lookup is performed to check where to send that request, the DNS system comes back with an IP address and your request is routed there. In the first version of SubstratumDNS will be a complex, AI enabled DNS server that will receive DNS requests along with the geolocation of the requestor and find based off of that information the closest available SubstratumNode that is able to fulfill the request. Development Tools for the Decentralized Web: the Substratum Network will provide an API and SDK for developing tools on the Substratum Platform. This will bring in strong developer support and will accelerate the growth of the decentralized web on the Substratum Network. Net Neutrality: with the Substratum Network ALL web-sites and applications will have EQUAL ability to be broadcast in an equal and fair manner.
International Digital Barriers: currently countries like China have strict regulations on what their 1.379 billion citizens are able to interact with on the internet. Substratum will break down these barriers through a network of decentralized computers running the Substratum Network Software. Where other solutions that are currently used by residents in these countries require special software to be installed, like TOR, Substratum will take a reverse approach and require no special software for the average user.
High Hosting Costs: currently businesses must pay high hosting fees to get their web-sites on the internet. Amazon Web Services launched a 3.5BIL USD per year business by attempting to solve this problem. They allow you to pay for how many minutes you run a web / database server. Substratum completely solves this problem through the power of cryptocurrency by only charging for each request that is processed. You can check out the website here: • Substratum.net o And the whitepaper is available in multiple languages inclusive of Mandarin.
Furthermore, Substratum and the founders are very active in the slack – which they have recently hosted an AMA (ask me anything); I took the liberty of getting this information and if you are interested about the project to read more into it. Obviously they can’t reveal the inner workings of their product due to product sensitivity and being ahead of their competition but they are always up to date with the community through several videos on Youtube (https://www.youtube.com/channel/UCxUJoTH0XLERKl55zGnFI6g) and announcements through their social media. I recommend you follow them.
Q: Any major talks with exchanges yet? A: We just announced that we are launching on our FIRST official exchange of COSS.IO on 9/30 trading against BTC and ETH. More to follow.
Q: Will I be able to run a supernode? A: From the beginning NO. Supernodes will only be for Substratum; however, they will run the SAME software that are used to run a NODE. In time we will develop a requirement list to run a supernode. If you qualify you can then run a SuperNode and receive a premium payout
Q: Is it possible to show a few examples of SUB payouts you get from running a node, and the tell us the ratios that affect the amount/way to calculate it somehow? (SUB owned, for how long you've been running a node etc..) Or is that still in testing? What's the difference in node rewards from someone who has 0 SUB's as opposed to someone who has X amount of SUB's? A: So the calculations for this are in process; however, you can watch our video "How Substrate Per Request Is Calculated" on our YouTube channel for an idea of what variables go into each calculation
Q: How do we prevent DDoS? A: The first step is not talking about how we prevent DDoS or any other hack. We call that security through obscurity. :slightly_smiling_face: Secondly, one of the primary ways to prevent a DDoS attack is decentralization. Well that's perfect. Lastly, there are other techniques, like black-holing and basically shutting a node down. The great news is that we will be decentralized so we are only talking about a node or specific IP Address that will not disrupt the network. :thumbsup:
Q: Say i got a website i want to publish on Substratum, how does this process go? A: Just a shout out if you ask for a lot of detail regarding technology stack and how exactly something will work we are most likely going to give you general answers. This is not to skirt the question. We want to be 10 steps ahead of anyone with nefarious plans before we get launched. You will be seeing more on this very soon. You should be seeing a video drop on this in the next week or two. The goal is to make this easy to use and powerful, plus empower others to use the tools. We're looking at things to different ways one is towards the average user who just want something sitting on their system and doesn't need any more details and the other is a super user who wants a lot of configuration options.
Q: When more people will use Substratum and more will run nodes, the value of SUB will increase. How will it be calculated how much SUB you get as a reward for running a node as value increases? Will it be calculated by Substratum itself or will it be changed manually every so often? A: We will be calculating against the live value of Substratum
Q: Is substratum detectable, for example if it’s used in a country like china and they are caught on these sites that are blocked by government… Can it be detected? A: The goal is to make it constantly moving. We do not want it to be. fast, easy, powerful, anonymous.
Q: Will there be Master Nodes? A: We will have some services that are available that will help provision nodes into the network. We are still story mapping this flow and architecture.
Q: Could we get more information about what you require to do to be a beta tester? A: To be a beta tester you only need to add yourself to the #beta-tester channel here in Slack. You will be notified when we are ready for you to download and install and the process and requirements to continue to run the software
Q: Will you keep us informed on a at least weekly base to tell/ show us the progress made? A: Yes! We will continue to drop at least 2 professionally made update videos each week (with Jason Burns the guy who does them) and we will be doing more and more candid videos
Q: Who is the winner of 10k subs and what idea did he give? And what about 2nd place and 3rd place. A: To be announced shortly. The Substrate is reserved for the payout
Q: Can we mine Sub without the software? A: I will personally be selling pick-axes on my personal website "pixaxesforsale.biz" for a low cost of $19.99
Q: Unless they disclose intelligent life in space, people are still going to be mad at the end of this. A lot more will be happy though A: Haven't found intelligent life in space. Some would question finding it on earth.
Q: From a legal stand point How are we protected if someone is running illegal content on our Node? A: Take a look at our video of "How Substratum Secures Your Site Content". You will never hold the entire piece of data except perhaps in memory if you are the one serving the request so you could never be culpable. Amazon isn't held responsible if I host illegal content now
Q: What about content control? child porno .. and so on ... ? Is there anything to control the content or? A: Excellent question. This was a big concern for us. We do not want Substratum to become the dark web. The goal is to allow the community to self-govern, vote up and down, call out illegal activity. The utilities will allow those with bad intentions to be called out. The more we grow the better we will be about wiping out things like child porn, and just as bad human trafficking.
Q: When will the raised money going to be donated? A: We have already donated $10K out and we have a pending wire for $40K going out Monday. We are working to find the BEST places with the IMMEDIATE needs.
Q: When will the livestream of the burn be? A: Burn #1 will be a livestream of my computer screen later tonight. I will announce on twitter at least an hour ahead of time and we will record it so people can see it later
Q: What will the final circulating supply be after all three token burns? A: We are still getting a FINAL number on this, we are still doing some FINAL Bonus sends but we will have the number VERY VERY soon and we will be posting it. We will be burning 60MIL tokens tonight so that should give you some kind of an idea.
Q: can you stop slack from freezing my firefox? A: Use the downloadable app, or get better internet, or get a new computer. Sounds like a dumpster fire.
Q: Everyone brings up the obvious choice of child porno that needs to be dealt with via content control. What about grayzones such as weed-selling sites? Its illegal in some countries, some not. How will Substratum deal with these grey-zones? A: Give me liberty or give me death.
Q: Could i have an invite to beta test channel on slack? A: Yes, just let a moderator know.
Q: could i get more information on what beta testers are required to do? I will happily be one if it helps the process and I actually manage to do it. A: Join the #beta-testers channel here
Q: when will we see a new homepage? A: This is being worked on now!
Q: is there a minimum amount of SUB needed to run a node? A: NO! 0 Substrate, don't worry, you will have some soon once you turn it on
Q: What about running an "micronode" on any phone (there is a big % using phones all the time), I mean an app installed on phone to run a node and to host only small content like a photos... Did you think about of this? A: https://youtu.be/h6tZ_ZFuFmY
Q: What if my website ethically and morally right and people downvote it out of jealousy will my website be removed if there are more number of downvotes and my content is clean? A: The process is NOT that simple, we will release more details later but this is being taken into consideration. I answered in a bit more detail above as well
Q: Does the Sub team ever sleep ? A: Only when driving
Q: Can I run a node on a VPS? A: I certainly won't be telling people how or where to run the node software. Do the best you can. I actually answered the VPS question above too. We will have a command line version if that is the question. That you can run on something like Ubuntu Server if you want
Q: Can the voting system for all illegal stuff on the internet also be used in a 'bad' way on the regular websites to for example gain commercial/business advantages? A: It should not, no one will have 'master control' All control, so the market decides always.
Q: Who will profit from cryptopay? How will this bring value to SUB tokens? A: Everyone will as we gain dominance. But also, Substratum the company will take a small percentage. This will enable us to continue building awesome apps. CryptoPay will be the cornerstone of many good things to come. Think retail, goods and services.
Q: I work at a games company with 200+ high powered pcs. If I install sub nodes on every single one of them at night, will IT be able to catch and fire me A: See your HR manual, or HR supervisor for those questions.
Q: How do websites and hosters remain protected from hacking, if sites are created with innate vulnerabilities does that expose other sites hosted by the same node? A: This is a great question. Hosting Nodes will have to vet out their security. Again, being decentralized goes a long way in providing security. So does encryption. We will help hosts be the best hosts possible.
Q: Please explain the earning in SUB by running a node? A: So the SUB comes FROM the HOST (who purchases the SUB) to the NODE for the cost of the transaction. https://youtu.be/LWZ1DIGGOoQ
Q: When will the tokens be sent for the 100 Sub giveaway A: Shortly
Q: How will Substratum market themselves towards countries that needs SUB the most but are hard to reach, such as North Korea, Africa, China? A: Think spider web. The more that join, and use, the less it can be controlled.
Q: How long will this bear market last for? A: Let me put the fortune teller hat on. Crypto is a young demographic currently. It will be bear'ish until we make the technology easier and they get older.
submitted by smf3928 to binance [link] [comments]

Binance Bot Step-By-Step Install Open Source Crypto Trading Software - Python Binance 2018 Binance Activating SMS Authenticator Binance Exchange: How to Buy Cryptocurrency for Beginners ... Is 3Commas The Best Cryptocurrency Trading Software Binance 2019 Exodus 1, Crypto Smart Phone, Exodus 1 Binance Edition, Buy Exodus 1 HTC NOW, Earn BNB Token Binance Margin Trading Full guide for beginner to pro in HINDI - CRYPTOVEL 10 Million Dollar Bitcoin End Game - YouTube Bitcoin Kurs - Was ist mit Bakkt?  Binance vor Einbruch?  Libra Game Over?  GRAM Kaufen Lend your Bitcoin and Earn 3% to 10%+ Interest

Welcome to Binance BotThe first bot in markets that combine technical analyst , fundametal analisis and machine learning all in one into a IA.Our bot ensure a Find Binance software downloads at CNET Download.com, the most comprehensive source for safe, trusted, and spyware-free downloads on the Web Windows Phone 8 Bitcoin Apps The so-called third ecosystem isn’t without bitcoin apps either. Predictably, the options are thinner on the ground here, and not all apps work that well. Download Blockchain Wallet: Buy and Sell Bitcoin & Crypto for PC - free download Blockchain Wallet: Buy and Sell Bitcoin & Crypto for PC/Mac/Windows 7,8,10, Nokia, Blackberry, Xiaomi, Huawei, Oppo… - free download Blockchain Wallet: Buy and Sell Bitcoin & Crypto Android app, install Android apk app for PC, download free android apk files at choilieng.com Electrum - Bitcoin Wallet 4.0.4 Englisch: Mit dem kostelosen Tool Electrum erhalten Sie eine Bitcoin Wallet für den PC. Individuals, businesses, developers: learn from our simple Bitcoin guides. How Bitcoin works, what is Bitcoin, what is blockchain, how to buy Bitcoin, what is Bitcoin mining and more. The first thing you need to do is access another phone or device that supports the Bitcoin.com Wallet, which is available for Android, iOS, Windows, Mac OS, and Linux. Every one of these programs ... Trade over 40 cryptocurrencies and enjoy the lowest trading fees in America. Microsoft Adds Bitcoin Payments for Windows, Windows Phone and Xbox Dec 11 2014 · 05:13 UTC Updated Mar 10 2020 · 11:00 by Andy Watson · 3 min read Microsoft customers can use bitcoin to load ... Bitcoin games. Games might award miniscule amounts of bitcoin as a prize. They’re typically also filled with advertisements. It works similar to bitcoin faucets. The bitcoin rewards keep people playing and viewing ads, so on paper the game looks like a great way for advertisers to reach people. If you don’t mind viewing ads, actually enjoy the game you’re playing and have a lot of time ...

[index] [18418] [15101] [6114] [21517] [20287] [14028] [3268] [278] [14437] [11293]

Binance Bot Step-By-Step Install Open Source Crypto Trading Software - Python Binance 2018

This is a guide on how to buy cryptocurrency for beginners using Binance safely and securely, step-by-step. Binance Signup Link: https://www.binance.com/?ref... 👕Merch: https://teespring.com/stores/tokenvision 🐦Follow me on Twitter/Instagram for Latest: https://twitter.com/TokenVision99 📸https://www.instagram.com/tok... Exodus 1, Crypto Smart Phone, Exodus 1 Binance Edition, Buy Exodus 1 HTC NOW, Earn BNB Token To start, regiter on Binance http://bit.ly/2lTyZTo Buy Exodus 1 ... 🔵Phemex $112 Free Bonus : http://bit.ly/JackPhemex 🔷Deposit 0.2BTC Get $112 FREE BONUS 🔹Use My Link Above To Qualify For Bonus 🟩BITCOIN BLUEPRINT 2.0 ... In this video I show how to lend bitcoin on poloniex to earn interest. You can read tutorials or watch other videos to understand poloniex itself, I just want to make you aware this is an option ... In this video I, step-by-step, install, run and optimize an open-source Python Bitcoin / crypto trading bot which trades on the Binance Exchange. This Video was created as a response to those who ... Bitcoin Kurs - Was ist mit Bakkt? BNB Coin vor Einbruch? Libra Game Over? GRAM Kaufen 0:48 - Kurs & Markt Update 2:55 - Bitcoin Kurs - Wo geht die Reise hin? 7:26 - Binance Coin BNB vor ... HP 15q dy0008AU 2019 (Ryzen 5 /4GB/1TB/Windows 10 Home/AMD Radeon Vega Graphics) ... How to SHORT or LONG Bitcoin with Leverage BINANCE FUTURES TUTORIAL - Duration: 13:32. sunny decree 94,757 ... How To Deposit, Buy, and Sell Crypto Currency Using Binance! - Duration: 10:05. BitCoiN BraN 38,415 views. 10:05 . John Conway: Surreal Numbers - How playing games led to more numbers than anybody ...

#