Posts

Bots and hot-wallets don't mix + privacy concerns.

avatar of @edicted
25
@edicted
·
·
0 views
·
4 min read

Just now someone on Twitter was complaining that Hive withdrawals on Binance are locked up. This can happen for various reasons, including maintenance, bugs, low RCs, frozen accounts, or whatever else.

Sure enough the last transfer out happened over 9 hours ago. It's quite noteworthy to mention that this is the first time I've noticed that the Binance hot wallet only has 308 Hive Power. And of that 308 HP, 204 of those are delegated.

How crazy is that?

Binance runs an entire @binance-hot wallet will less stake powered up than a minnow... that's pretty insane. Especially considering that transactions are free and they only charge 0.01 Hive to move money through a pseudo-anonymous hot-wallet. Best deal ever.

So who's delegating to @binance-hot?

Deep dive...

lol, there has to be a story there.

Did @binance-hot really run out of RCs so the top brass delegated them some coins? Yikes. Hilarious. Power up more Hive, Binance: you cheapskates!

But then I saw something horrifying:

OH NO!

Someone sent 1212.676 Hive to @token-converter (whatever that is) in order to get DEC coins, but the @token-coverter HiveEngine bot didn't have that much DEC and automatically sent the money back to the sender... which was the @binance-hot wallet. Crap.

As a reminder, the only account that is supposed to send funds to @binance-hot is @deepcrypto8. We send our money to @deepcrypto8 with the correct memo that signifies our Binance account. The money then gets transferred to the hot wallet and credited to our account after the block becomes immutable (20 blocks; 1 minute).

According to Binance corporate policy (and all exchanges really) money that gets sent to the wrong wallet or with the wrong memo is "lost forever". They have to make an exception via support to reverse any of these botched transactions. I'm not sure how often that happens but plenty of people on Coinbase have been burned by sending ERC-20 tokens to their ETH wallet. Always make sure that an exchange actually supports the coin you're sending them.

So yeah I would be very curious to know whether or not this person can get their 1212.676 Hive back or if the Binance arcade is going to eat the quarter.

It should just go without saying: don't let this be you. Don't interact with bots directly with a hot-wallet; that's just asking for trouble. Also, @token-coverter... fix your bot: you should never send funds to @binance-hot or any other exchange wallet for any reason. Just a little taste of how early in the game we are for so many mistakes like this to be made at once. Perfect storm.

This situations actually reminds me of my Love Handles dapp idea where users could buy and sell Hive accounts like NFTs. The only reason to use a hot-wallet like this is for the pseudo-anonymous privacy that hot-wallets provide (either that or just outright laziness).

There is no way to know who sent money where because millions of users have access to the same hot-wallet. The only way to know is to have direct access to Binance servers, and last I checked very few people in this world actually have those permissions.

On top of that Binance has no KYC, so even if someone did have access to the database the only identifying information contained therein is going to be an email address and IP addresses. It all depends on context. That might be plenty of information for the CIA but completely worthless to the IRS. The IRS is woefully underfunded by design, even if Biden is promising them more funding.

This is why using a hot-wallet is likely even more private than using a mixing service. Millions of people use hot-wallets. Very few people use mixing services and those services are constantly being cracked down on by regulators.

Imagine going to a coffee shop, connecting to a vpn, logging into Binance with an email you just created. You move Hive from Binance to Huobi, from Huobi to Ionomy, from Ionomy to a couple of random Hive accounts. If someone was trying to track this money they'd need cooperation from Binance, Huobi, and Ionomy. Hm yeah, probably not going to happen.

If they try to trace the IP address directly they need to get the VPN server to cooperate, only to figure out that you did all your business at a coffee shop. Are they then going to go to the coffee shop and ask for video footage? These are things that FBI, NSA, or CIA agents could do if they were committed enough... but the IRS? C'mon. Get real. White collar victimless crime is the easiest kind of crime to get away with for a reason. Just sayin. Rules are for suckers. Everyone at the top knows that. This is the Wild West.

Privacy matters

But even more importantly, privacy is a pretty big deal even though the vast majority of people would prefer to remain completely legit. The whole "I have nothing to hide" argument has been debunked a thousand times over. Especially in crypto where the laws (some a century old) make zero sense and the development/expansion will explosively outpace regulations. The friction is real. Prepare for explosions.

This is exactly why Hive needs more privacy. When someone changes their owner key there has to be some kind of expectation that the owner of that account could have legitimately changed. This is exactly why the ability to buy and sell accounts like NFTs is so essential to the network. Anyone should be able to change their owner key and have the slate wiped clean, so to speak.

Another thing that could help Hive privacy is multi-sig (which we are actually working on). When multiple parties control the money in question it becomes much harder to track. For example, my our @hextech witness account is controlled by the entire team. When money moves around it's impossible to know which one of us signed the transaction. I think it's pretty crazy and cool that this is even possible on Hive. It sure as hell isn't on most networks.

So how many users have access to @edicted's owner / active / posting / memo keys? Non of ya business; that's a private matter. Respect my privacy. Thanks.

Conclusion

  • Don't use hot-wallets to play around with bot services.
  • Privacy matters.
  • We are still very early in the game.

Posted Using LeoFinance Beta