Hello BuySomeBitcoins!
We are currently preparing our bug bounty program with a responsible disclosure policy. That's one of the reasons we are in Beta only in Canada at the moment, putting our bug bounty program in place among a few other roadmap items. We have an open source block explorer API available (https://voyager.cancoin.co), and a number of parts of our application are open sourced and available via our Github repository (https://github.com/cancoin), if you would like to see how we have built the app.
Just a note, any issue that are found (bugs or the like) can always be submitted to [email protected] or [email protected]. We treat all issues with the utmost urgency and will get back to you personally ASAP. Thanks for taking the time to read about Cancoin!
Shawn
[email protected]
Topic: Introducing Cancoin Marketplace. Now in beta in Canada. (Read 1731 times)
Hi Patatas, yes sorry about our vague introductory post. Security is VERY important to us, and a few of our key security points are listed below.
That's nice, I am sure you will have a different point of view if you put your website on hackerone and pay for bounties.
Hi Patatas, yes sorry about our vague introductory post. Security is VERY important to us, and a few of our key security points are listed below.
Multi-signature, on blockchain order escrow
In the first step of a Cancoin order, the seller deposits the full amount to a unique 2 of 3 multi-sig wallet that gets created by the application when the order is initiated. This escrow wallet is verifiable on the blockchain, and the escrow wallet address is shown throughout the order for third party verifications. The bitcoins are held in escrow until the seller has received payment from the buyer. Once all parties are satisfied, the seller applies their signature with their 12 word mnemonic (which is generated in browser when a user signs up for a Cancoin account during the wallet generation process, and is an encrypted version of their private key), the second signature is applied by Cancoin and the bitcoins are sent to the buyer. A combination of 2 of any three private keys - The buyer's, the seller's or Cancoin's - can unlock and send the escrow bitcoins.
We think this approach is more secure and transparent than what is currently offered. Transparent, third party verifiable escrow deposits and the inability for Cancoin to sign escrow funds with a single private key. All user signatures are done in browser, meaning that our servers only ever see a half signed transaction which doesn’t include your mnemonic or private key.
OpenPGP encrypted order chat
Each order comes with a single-use chat window, and all communications with your trading partner during the order are OpenPGP encrypted. We include a simple process that allows you to generate and encrypt your OpenPGP chat key with your 12-word mnemonic (private key) and store it in your browser in a few simple steps. Because Cancoin doesn't know your mnemonic (private key), we are unable to decrypt your messages and any communications in the done in the order are kept between the buyer and seller.
On a sidenote: we do offer in order support as well, to request it you can decrypt single line messages for Cancoin and alert our support staff using @cancoin in the body of any messages you would like Cancoin support to have access to. All other messages will remain encrypted for us. We will receive your decrypted message and respond in the order chat window to help resolve any issues.
HSM Server signing
Although our Marketplace is in Beta, our HSM (Hardware Security Module) secured servers have been signing transactions for our multi-signature wallets for over two years without fail. We use a federated array of Ledger.io HSM1s in our co-located datacenter to sign our half of user transactions. If the chips are ever pulled out of our servers, they will reset and require re-authentication. After three tries at authentication the HSM is wiped and all private keys are deleted.
I hope that helps a bit. This is just the beginning of the Marketplace, so new features and functions will be added as we go. I’ll also let Ty, our lead developer, know that a few questions are being asked here… he’s really the ‘technical bitcoin guru’ type, so hopefully he will jump in here and expand on what I was saying as well.
Thanks for your inquiry though, if you have any ideas or other questions feel free to ask!
Shawn
[email protected]
More info about the Marketplace, wallet, security etc:
https://cancoin.co
Multi-signature, on blockchain order escrow
In the first step of a Cancoin order, the seller deposits the full amount to a unique 2 of 3 multi-sig wallet that gets created by the application when the order is initiated. This escrow wallet is verifiable on the blockchain, and the escrow wallet address is shown throughout the order for third party verifications. The bitcoins are held in escrow until the seller has received payment from the buyer. Once all parties are satisfied, the seller applies their signature with their 12 word mnemonic (which is generated in browser when a user signs up for a Cancoin account during the wallet generation process, and is an encrypted version of their private key), the second signature is applied by Cancoin and the bitcoins are sent to the buyer. A combination of 2 of any three private keys - The buyer's, the seller's or Cancoin's - can unlock and send the escrow bitcoins.
We think this approach is more secure and transparent than what is currently offered. Transparent, third party verifiable escrow deposits and the inability for Cancoin to sign escrow funds with a single private key. All user signatures are done in browser, meaning that our servers only ever see a half signed transaction which doesn’t include your mnemonic or private key.
OpenPGP encrypted order chat
Each order comes with a single-use chat window, and all communications with your trading partner during the order are OpenPGP encrypted. We include a simple process that allows you to generate and encrypt your OpenPGP chat key with your 12-word mnemonic (private key) and store it in your browser in a few simple steps. Because Cancoin doesn't know your mnemonic (private key), we are unable to decrypt your messages and any communications in the done in the order are kept between the buyer and seller.
On a sidenote: we do offer in order support as well, to request it you can decrypt single line messages for Cancoin and alert our support staff using @cancoin in the body of any messages you would like Cancoin support to have access to. All other messages will remain encrypted for us. We will receive your decrypted message and respond in the order chat window to help resolve any issues.
HSM Server signing
Although our Marketplace is in Beta, our HSM (Hardware Security Module) secured servers have been signing transactions for our multi-signature wallets for over two years without fail. We use a federated array of Ledger.io HSM1s in our co-located datacenter to sign our half of user transactions. If the chips are ever pulled out of our servers, they will reset and require re-authentication. After three tries at authentication the HSM is wiped and all private keys are deleted.
I hope that helps a bit. This is just the beginning of the Marketplace, so new features and functions will be added as we go. I’ll also let Ty, our lead developer, know that a few questions are being asked here… he’s really the ‘technical bitcoin guru’ type, so hopefully he will jump in here and expand on what I was saying as well.
Thanks for your inquiry though, if you have any ideas or other questions feel free to ask!
Shawn
[email protected]
More info about the Marketplace, wallet, security etc:
https://cancoin.co
Cancoin is similar to localbitcoins in that it's peer to peer however we believe Cancoins' security is more robust and able to handle trust for larger amounts of btc. Cancoin aims to provide a higher level of functionality and individual security than any other bitcoin exchange in the world.
Frankly speaking,I expected a technical specification on how exactly canacoin is different from all the other exchanges when it comes to security.LocalBitcoins probably tops the list because their escrow services are Great.No vulnerabilities at the client side since most of the processing is done at the escrow only.Escrow holds the trade payment unless the user decides to release.The buyer always can raise disputes if the escrow isn't released after the payments.Most importantly,their support.
Yes, we will be launching in other locations in the near future. Our team is from Canada, and so while in beta we thought it would be better to keep orders within Canadian banks so we could participate in all aspects of our order process.
Some links are below that you might find interesting, thanks for taking interest though, means a lot!
Information about our beta program / development roadmap:
https://cancoin.co/marketplace/beta
Location roadmap:
https://cancoin.co/marketplace/locations
Below are the current payment options available in Canada. A similar number will be offered in other locations as new Marketplaces are added. All exchanges are P2P so if there is demand for a certain payment type in a certain location, we can add it. You can always email [email protected] to request new payment types or send us a message on twitter (@cancoin). Or just post it here in bitcointalk!
Current payment types available in Canada:
Cash by mail
Cash deposit
Gift Card Code
Amazon Gift Card Code
Apple Store Gift Card Code
iTunes Gift Card Code
Steam Gift Card Code
International Wire (SWIFT)
National bank transfer
Neteller
OKPay
Other online payment
Perfect Money
RIA Money Transfer
SolidTrustPay
Transfers with specific bank
Transferwise
WebMoney
Western Union
BTW, my name is Shawn and I'm one of the co-founders of Cancoin. You can email me at [email protected] to ask any questions about any of our services. Nice to meet you all!
Some links are below that you might find interesting, thanks for taking interest though, means a lot!
Information about our beta program / development roadmap:
https://cancoin.co/marketplace/beta
Location roadmap:
https://cancoin.co/marketplace/locations
Below are the current payment options available in Canada. A similar number will be offered in other locations as new Marketplaces are added. All exchanges are P2P so if there is demand for a certain payment type in a certain location, we can add it. You can always email [email protected] to request new payment types or send us a message on twitter (@cancoin). Or just post it here in bitcointalk!
Current payment types available in Canada:
Cash by mail
Cash deposit
Gift Card Code
Amazon Gift Card Code
Apple Store Gift Card Code
iTunes Gift Card Code
Steam Gift Card Code
International Wire (SWIFT)
National bank transfer
Neteller
OKPay
Other online payment
Perfect Money
RIA Money Transfer
SolidTrustPay
Transfers with specific bank
Transferwise
WebMoney
Western Union
BTW, my name is Shawn and I'm one of the co-founders of Cancoin. You can email me at [email protected] to ask any questions about any of our services. Nice to meet you all!
Are you planning on launching this in other countries as well or just sticking to Canada?
Shouldn't be too hard to add support for other currencies such as dollar and euro.
Shouldn't be too hard to add support for other currencies such as dollar and euro.
That's some good starting you have here, design is responsive {too much responsive}.
Best of luck
Best of luck
Thanks,
Here is a simple one that pads the sellers price (sellers pay .75%) and then adds margin:
https://cancoin.co/price_engine?gist=074ba048387cdf1f66726d4be441330c
Here is a simple one that pads the sellers price (sellers pay .75%) and then adds margin:
https://cancoin.co/price_engine?gist=074ba048387cdf1f66726d4be441330c
Your price engine looks cook. Where I can find examples?
Cancoin is similar to localbitcoins in that it's peer to peer however we believe Cancoins' security is more robust and able to handle trust for larger amounts of btc. Cancoin aims to provide a higher level of functionality and individual security than any other bitcoin exchange in the world.
Here's a flow chart of the transaction process:
https://cancoin.co/how_to_buy_and_sell_bitcoins
This is how Cancoin works:
https://cancoin.zendesk.com/hc/en-us/articles/236221767-How-it-works
Cheers
Here's a flow chart of the transaction process:
https://cancoin.co/how_to_buy_and_sell_bitcoins
This is how Cancoin works:
https://cancoin.zendesk.com/hc/en-us/articles/236221767-How-it-works
Cheers
After multiple years of development Cancoin has added a P2P marketplace to it's existing multisig wallet. Included in the marketplace are features such as On-blockchain multisig escrow, OpenPGP chat between clients, Lua price scripting and SMS alerts.
https://cancoin.co/marketplace/CAN
https://cancoin.co/marketplace/CAN
when launch cancoin.co p2p marketplace
this service same localbitcoins.com or same exchanger(bitstamtp,coinbase and more)
and what is support payment curency in there
After multiple years of development Cancoin has added a P2P marketplace to it's existing multisig wallet. Included in the marketplace are features such as On-blockchain multisig escrow, OpenPGP chat between clients, Lua price scripting and SMS alerts.
https://cancoin.co/marketplace/CAN
https://cancoin.co/marketplace/CAN
Jump to: