Topic: How to be careful and avoid scams in the wild west of the alt coin scene -part 1 - page 2. (Read 2239 times)

Regarding proof of stake the 'clock drift' is the most obvious / known  current issue on a 'majority' of alt coins using it presently.

My intention is not to discuss details that can teach people how to attack proof of stake coins that exist now.

To stick with concepts I think this post by one of the developers of Ethereum (which actually presents a case why proof of stake is a viable option) is a good reference. Some present models are torn apart.

https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity/

additional information here

https://docs.google.com/document/d/13_FSQ1Koq8uLvqTaSvZdb6OT2SpUZZq53vFiiDQj4qM/edit?pli=1


And here https://blog.ethereum.org/2015/01/10/light-clients-proof-stake/

His solution however is 'Centralization' --- 

Personally I do not wish to support mandatory centralization. Even if it means the network will be more expensive to maintain.  I believe 'Satoshi' once predicted that eventually the popularity and price of bitcoin could start to impact the cost of resources necessary to produce it.

One can make the point to say 'bitcoin is centralized now' ; well it may be to a certain degree but it still functions as a decentralized network.

As I stated initially I still think proof of stake has future potential but I honestly believe there is no current substitute for proof of work. Maybe one will be developed.

The best test of how strong/secure/good any particular code is to release it open source to the world and allow some time for people to look for ways to improve it or exploit it.  In particular when there is a 'reward' (like coins that can be traded on an exchange)  for people who successfully 'attack' or 'find holes' in published code it may cause developers to improve the code and find solutions. 

This has even happened with bitcoin and if you want to consider proof of stake ppc also has certainly 'improved' from where it was at the time of release to now.

Thank you for the feedback.

Great Information!! A must read for EVERYBODY.

This is an AMAZING post full of great info.

Only part I take issue with is your silliness about PoS being insecure. Please, point me to an example of working PoS exploits. I know of one and its simple to fix.

Thanks to everyone who liked the post.
If you want additional information about the security of combining hash functions this pdf is a bit long (and may be a little technical for a casual reader) but offers a good, valid discussion.

http://ai.stanford.edu/~xb/crypto06b/blackboxhash.pdf

Hear, hear.

Well done, very well put together.

Also, I've never thought about chaining algos could be as secure as the weakest algo in the link but looking into it you're right.

+1 for sticky.

Agree 100%. +1

A very interesting reading!

Thanks you.


bye

A good information, a complete version of this should be added to altcoin announcement.

Theymos should make this is a sticky in the alt-coin section.

Every newbie should read it!

Thanks for posting it!


Cheers!

Let me say first that I am not an enemy of alt coins.
I am involved with several alt coin projects some of which are actually quite successful and have run a few things myself in the past with 'limited' success or challenges which I learned a lot from.

I was a 'guest' to these testosterone filled forums for a long time (how long I honestly don't remember) since I used to just pop by when I heard something big going on.

I really only joined one day before I launched my own first coin project so I could post in the alt coin forum. The all male crowd was always a turn off to me even back to the days when minerd seemed like the most amazing innovation ever.  I always thought bitcoin was a great idea but never thought it would ever have come as far as it has .... If I did I would probably be a member of the inner elite few who mined a lot early..... but that is another story for another time.... I have no regrets.

Even years ago there was a lot of bs around. After all in a public forum when people can say what they want you can expect a certain amount of 'static' or 'junk' among the normal honest discussions, remarks, bad jokes, and some very brilliant posts that I have learned many things from.

Today the level of outright lies and also what I suspect are 'shills' or people running extra accounts to make threads longer and longer seems to have reached a level higher than the number of alt coins released ever.

What did the guy in Apocalypse Now say 'It piles up so fast you need wings to stay above it' ?

I have decided not to name or shame any specific coins or developers.  I will speak in 'general' and you will have little difficulty finding many examples.  I am not out to slam anyone in particular. I do believe there is a lot of great work going on but it can be lost in the shuffle of endless scams.



The purpose of me starting this thread is to:

1)  State my opinion on the general dishonesty I see in the alt coin scene in particular the projects that have self moderated threads and even more particular those with self moderated threads AND proof of developer ratings. 


2)  By not moderating this thread allow those who feel differently than I do to voice their own opinions or concerns or offer proof I am wrong.


3)  Encourage people to do their own research and if you are not qualified to do your own research (read code on github, test code ect...)  suggest a few things to look out for.


Here are some facts. If you think I am wrong please do post the evidence in this thread.


a) None of the current proof of developer or similar 'services' that exist do anything more than 'say' they checked someones identification and other information. They do not review any source code nor do they have qualifications to do so. They use unsecure methods like e mail or skype instead of secure measures like a signed pgp key or a signed (bitcoiin or other) transaction. Their work is not published using pgp or any other known secure verifable process.     

b) Self moderated topics have a place in the forum but if you are starting a coin a self moderated topic allows the 'moderator' or person who started the topic to delete posts they don't like or posts that are critical of the project. 

c) If you release anything open source on github either a cryptocurrency , a miner, a video game, anything else......anyone in the world can review your code and compile and test the program to see if it does what it is supossed to do and how well it works and also if it does things it is not supossed to do.

d) It is possible for someone to launch a coin (or other open source project) and 'release' wallets or clients that do not match the code that is 'called' the source code on github in such a way these 'rogue' clients will still work with the network.

e) It is possible for someone to launch a coin (or other open source project) and begin the network running rogue code that is never released on github or to the 'public' while the published source code and builds are different but will still function on the network.

f)  An 'honest' project that is released to the public can only expect to move so fast. If a coin is ninja (quick)  launched and there are 3 pools at launch the pool operators had to have the code before launch or the pool would not be ready.  If the pools are available an hour later (or longer) that would be more expected. This may be ok as long as the pools did not start mining before the official launch.

g)  Maintaining a network (over time) is an expense and also can be a lot of work. If a network has no 'nodes' to connect to it will not function. IRC has banned bitcoin and alt coin clients for years so when a coins wallet has 14 connections they are all ip to ip direct connections only.

h) No matter what is said in a launch thread the purpose most people code and launch alternative coins or pay someone to do it for them is with the hope of making bitcoin or money. As time has gone on the methods employed have become more and more sophisticated but usually the intent is the same.

i) A majority of people who mine coins are also doing so with earning profit in mind.  Most people cannot see any other reason they would ever mine a coin unless it was going to personally benefit them in some way.

j) A small few in number of what I would consider legit and trustworthy developers (people who can write code from scratch and design original or different features vs. someone who can just clone a coin) actually disagree with my opinion and have been rated by one or more services.  In my eyes it gives these non-legit 'services' fake credability. 




Discussion and more facts:


There was a coin release (just one example here of many of what kind of money these schemes bring in ) that was sold at an ipo at a popular exchange months ago and sold out making way over 400 bitcoin. It promised several features/ideas. Proof of developer gave it the highest rating possible and the coin (still now) has a self moderated topic on this forum. It never delivered the features promised and although it is still traded on more than one exchange not long after launch it was heavily dumped. So in my eyes those responsible basically robbed well over 400 bitcoin in an operation that took a few days time and a couple fancy posts and with souce code cloned from other coins that anyone who can clone a coin could have deployed in a few hours or less. 


Some people feel that if a person is not smart enough to protect themself or if someone gets ripped off , screw them, they deserve it or it is ok.  This 'Caveat Emptor' idea is how I used to look at things myself.  I still sympathize with those who feel like this.  One thing that started to change my opinion was when I noticed some people who cannot read code but want to invest in alt coins actually believed this proof of developer concept meant something.  It means nothing.  Zero.

Just because someones identity is known or they are 'endorsed' by another party who is supossed to be qualified to offer such an accolade is no guarantee they are honest or competent.  They could still plan a dishonest project like the one I just described (and believe me there are more like this than I can honestly count - some appear more successful than others)  with the sole intention of never delivering what was promised and walk away with a nice amount of btc/money for doing absolutly nothing. 

Suppose they are actually honest.  What if the new innovation they want to sell to the masses fails or they fail to code it. What if it breaks or has vulnerabilities.  It is possible but I personally have yet to observe what I consider a 'legit' project as an ipo.   I have never invested in any. I did look at a few and thought ' wow that seems like a cool idea' .... but I never was convinced that anything real took place until I actually saw it work. 

So what do you do ?


Avoid a project with a self moderated thread. What else can I say.
If no critical remarks are on that thread in these times in this forum something is wrong and it can be the most legit project ever and people will still probably say some negative stuff. 

If not self moderated and you are not able to examine the code post to the thread and ask for someone to look it over and answer your questions or to show you where 'specific' things are.  Never be afraid to ask questions. If the developer answers you great but seek opinions from others also when possible.

Do not think that a project that is only has ten or twenty pages long must not be alive and happening since if it was really all so good it would have five hundred pages.  There are alt coins running for years that have quite short threads here in this forum. Those projects are quite legit and doing well.  There are also coins that I watched as recently as last week when the forum came back online in which the thread went from 1 page to over 60 pages inside of a few hours. This is not natural. I suspect shills or people recruited on purpose for the new coin launch. (that particular coins page count is still growing rapidly !!) 

Be cautious of coins that 'change' the distribution of the supply after launch.  I know a a few coins that I consider 100% legit and done by talented teams that have changed things after launch.  Maybe they changed the algorithm or the dificulty retargeting. There may be very good reasons for this. Some coins may have changed the number of coins a block or the block time but if it is a major change ( lets say something that cuts the total supply to 25% of the original or less) or cuts the amout of time of mining the entire supply (lets say from 20 years to 2 years) I would take a pass.

Please run alt coin wallets in a virtual machine or at least not on your regular computer. Always do a check of the client on virus total.  I realize some coins have false positives but if it comes up with a virus total of more than a handful and they are showing up as trojans, keyloggers ect.... run screaming.  It has happened more than once and it will happen in the future.  (I am referencing item 'd' above) where someone releases a coin and the source compiles clean so if someone who always builds their own wallets like me uses it they won't have any problems but if someone downloads the initial client it has an unwanted payload. Some of these had a virus total of zero since the crooks wrote their own custom payload.

Remember that some long term members of this forum have sold their accounts so just because a coin was launched by someone who is 'legendary' does not mean it is as it appears.  Actually you are more likely to see sr. or hero member accounts that were 'purchased' . 

How do you know that the developer did not hide a premine of a million coins (like in section 'e' above) from everyone ?  These hidden premines cannot hide from a full abe block crawler or someone examining the blockchain.  When I want to check something out I build my own full abe block crawler in private to look over a network. (The one provided by a development team can in theory be coded to display what it wants you to see although I am not aware of this ever actaully happening.)  Yes you can examine a network from  the classic 'satoshi' client itself but not as easily as with the abe style interface. 


Don't waste your time on things that seem too good to be true. 
Don't buy or pay for a coin that promises something before it is actually released and proves it can do what it promises it will.  Honest and competent developers will always release the source code to the public and welcome critics. 

Premined coins obviously should be avoided with very rare exception.
I see some coins that are premined and it says 5% of the supply is premined .... but the number of coins in the five percent is large vs. what will be mined out in the next year... obviously that premine of 5% means much more if it represents 25% or 50% of the total supply that is available after 6 months or one year.  I have no personal problem with 'ninja' or quick launches if the other dynamics of the coin is fair. This gives people who happen to be lucky enough at launch to start mining to get a few coins but no so many that they end up owning 20% of all the mined coins !! 

Watch out for the instamine !  If 20% of a coins supply is mined in the first day take a pass. 
Consider any coin that has a short time frame for anything: like a short time frame for proof of work or all coins are mined in a week , ect.... an automatic throw away.  Think of a salesperson saying to you 'hey you have to buy now since they will all be gone tomorrow' .....


Proof of work is best. Proof of stake??  Sorry I cannot support it because of security issues.  At one time I was a true believer in proof of stake and even personally launched an alt coin that was proof of stake.  I can tell you it took a while for me to realize that without centralized checkpointing and control (like ppc has) proof of stake has some security issues in particular since many alt coins use an older codebase of bitcoin to start from.  I don't want to go technical in this post but I personally know several ways that can really produce 'unusual' or 'undesired' results with a proof of stake coin.  Some of these you need to be able to change code around and compile your own attack client or node and some of these flaws are exploitable by someone with some coins in a regular wallet just by changing the clock on a windows computer.   Even with the centralized checkpointing system that ppc was using proof of stake fails to solve /resolve what is called the byzantine generals problem.  (you can google that with or without bitcoin if you want to learn about it and why it is important).  Finally I will say I think proof of stake has potential for the future but there is no substitute for proof of work. 

Regarding the 'centralized' concept of checkpointing I realize some proof of work coins use this to a lesser or greater extent to secure the block chain from attack.  I don't think anything centralized is good. If an individual like me or you can compile the code, run a node and it will work with everything that is my personal test.


Other important things to remember with alt coins or any coin. 

Unless you are mining solo, hopefully the pool you are a member of is being run honest and with updated software by experienced people.  Recently there was a 'bug' (some called it a 'backdoor') or vulnerability discussed in these forums for strantum mining that allowed upper and lower case letters in hex. numbers to not be properly checked.  While most bitcoin pools I know of have updated something like this allows someone who exploits it to steal (not from a coin network) from the other miners in a pool by submitting false shares they did not mine. Most pools regularly get 'attacked' in various forms.  In fact I would extend that to say that pretty much any type of large or even partially successful project tends to get attacked to some degree over time. Stick with pool operators who are known and reliable that have the experience to handle things if you expect to be paid. 


There are no guarantees in cryptocurrency.  It is a gamble.  I sometimes have mined a few coins that are not even traded on an exchange or ones that are but are 'unpopular' or 'unprofitable' .... 
I like to check out different technology and learn things.  I am not suggesting you be like me but I am suggesting that the technology is often overlooked or misunderstood by many who frequent this forum.

An example of this is that many believe that alt coins with multiple algorithms like x13, x23 , x77 , ect.... are more secure than a single algorithm.  Sorry that is not true in fact the opposite is true.  There has been a lot of scientific research done on this and experts in cryptography agree and have published verified studies that adding more algorithms not make encryption more secure than using a single algorithm. That does not mean these multiple algorithm coins have no security only they are as secure as the weakest of the algorithms used.   

Any coin network or blockchain is only as safe as the difficulty.  The lower the difficulty the easier it is to attack.  The higher the difficulty the more difficult it is to attack.   If a coin is launched and the development team does not have resources to secure the blockchain or if not enough people are mining to secure the blockchain you should be careful.  Some projects grow over time and become more secure as more people mine.  Just don't think that a blockchain that is using scrypt 1024 is secure at a difficulty of 2. 

In closing I do want to say we should all be greatful to 'Satoshi' and many other brilliant developers who have improved the codebase over the years on which almost all alt coins are built.  There are also some fantastic teams of alt coins out there who are very talented and are running very honest coins.  Some alt coins actually have some features that are in some ways 'ahead' of bitcoin in technology or security in concept although certainly not in difficulty (which is the main measure of how much trust you can place in a blockchain). 

The purpose of this was just to encourage the 'real' people out there to seek out the right things and stay away from the wrong things when making choices so you won't get burned. All great successful things generally take time to develop and grow.  Look how many years bitcoin has been running ?


Don't expect a coin running two days on a self moderated thread with a rating of five stars from some 'free service' where the person who gave that rating and the person who is called the 'developer' cannot even write or compile hello world to be the bitcoin killer.  It won't be.