Up until April 25, Bitcoin (BTC) bulls had been defending the $38,000 level, but bulls were caught off-guard by the recent drop. As Bitcoin plunged from $46,700 to $37,700 between April 5 and 26, most of the bullish bets for the upcoming $1.96 billion monthly options expiry became worthless.

Regulatory concerns continue to pose a threat to Bitcoin and on April 26, the New York State Assembly passed a bill banning new proof-of-work (PoW) cryptocurrency carbon-based mining facilities in the state. Fortunately for Bitcoin, mining equipment is portable so there's no real risk to the Bitcoin network's security but the steady threat of anti-crypto legislation can have an impact on price.

Geopolitical tension in Europe also led investors to avoid riskier assets and many are seeking protection in U.S. dollar-denominated assets. CNBC reported that the impact of Russian state energy firm Gazprom's decision to halt natural gas supplies to Poland and Bulgaria created concerns about a deeper economic slowdown in the Eurozone region.

Investors are also obsessed with the potential U.S. Federal Reserve 250 basis point rate hike planned throughout 2022. The maneuver aims to contain inflationary pressure but it could spin global economies into a recession and this is another reason why investors are avoiding highly-volatile assets like cryptocurrencies.

The open interest for the April 29 options expiry in Bitcoin is $2 billion, but the actual figure will be much lower since bulls were not expecting the BTC price to drop below $40,000.

These traders might have been fooled as Bitcoin held above $45,000 between March 27 and April 6, placing enormous bets for the monthly options expiry above $50,000.

The 1.55 call-to-put ratio shows more sizable bullish bets as the call (buy) open interest stands at $1.19 billion against the $770 million puts (sell) options. Nevertheless, as Bitcoin stands near $39,000, most bullish bets will likely become worthless.

For instance, if Bitcoin's price stays below $40,000 at 8:00 am UTC on April 29, only $60 million worth of these calls (buy) options will be available. This difference happens because there is no use in the right to buy Bitcoin at $40,000 if it trades below that level on expiry.

Below are the three most likely scenarios based on the current price action. The number of options contracts available on April 29 for call (buy) and put (sell) instruments varies, depending on the expiry price. The imbalance favoring each side constitutes the theoretical profit:

This crude estimate considers the put options used in bearish bets and the call options exclusively in neutral-to-bullish trades. Even so, this oversimplification disregards more complex investment strategies.

For example, a trader could have sold a put option, effectively gaining positive exposure to Bitcoin above a specific price but unfortunately, there's no easy way to estimate this effect.

Bitcoin bears need to pressure the price below $39,000 on April 29 to secure a $350 million profit. On the other hand, the bulls' best case scenario requires a 6% price push above $41,000 to cut their losses to $30 million.

Bitcoin bulls had $330 million leverage long positions liquidated in the past seven days, so they might have less margin required to drive Bitcoin price higher. With that in mind, bears will likely try to suppress BTC below $39,000 until the April 29 options expiry.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.

Read this article:
Here's why Bitcoin bears aim to pin BTC under $39K ahead of Friday's $1.9B options expiry - Cointelegraph

Bitcoin, Ethereum, Dogecoin: What to know before investing in crypto

From Dogecoin to Bitcoin to Coinbase, cryptocurrency is the hottest trend in investing right now. Heres what you need to know before buying in.

USA TODAY

Fort Worth, Texas willbecome the first city government in the United States to mine bitcoin, with Mayor Mattie Parker implementing a tech pilot project that could catch on across the nation.

Approved unanimously by city council vote Tuesday morning, the small-scale program will be more experimental before determining whether to dedicate significant funding according to Parker. Bitcoin mining has major potential in the U.S., with a worldwide void after theChinese government banned cryptocurrency mining in June 2021.

Bitcoin operates on a proof-of-work mining model, with miners around the world running high-powered computers to create new bitcoin and validate transactions. Fort Worth will have a small, three-rig minethat will requireprofessional-grade equipment, technical savviness, and electricity.

Miners will be hosted on a private network to address the security risk and each of the initiative's three machines as small as toaster ovens will consume the same amount of energy as a household vacuum cleaner.

Future: Bitcoin in 401(k) becomes reality for more, despite warnings

Related: Russia may be accepting bitcoin as payment for oil and gas

"Today, with the support and partnership of Texas Blockchain Council, were stepping into that world on a small scale while sending a big message,"Parker said. Fort Worth is where the future begins."

Three "Bitmain Antminer S9" mining rigs will run 24 hours a day andseven days a weekin the climate-controlled information technology wing of Fort Worth City Hall where Parker, the citys firstmillennial mayor, oversaw the debut of the mining farm.

"For Fort Worth, a lot of people dont know who we are,"Parker told CNBC. "We want to change that conversation, and we believe that tech innovation including cryptocurrency is the way were going to do that. ...This is something brand new for any city. Theres a lot of policy here that weve had to jump through hoops to understand."

Original post:
Fort Worth, Texas becomes first in the US to mine bitcoin: 'Where the future begins' - USA TODAY

What happened

Today's been a rather rocky one in the world of cryptocurrencies. Despite a significant sell-off yesterday in most top tokens, there's been a solid rebound across all 10 of the largest tokens by market capitalization this afternoon.

As of 4:20 p.m. ET, Bitcoin(BTC 2.48%), Ethereum(ETH 1.39%), and Cardano(ADA -0.10%) erased all of this morning's losses and then some, increasing 2.9%, 1.9%, and 1%, respectively, over the past 24 hours.

There were a number of catalysts responsible for this move.

Image source: Getty Images.

Perhaps the most important catalyst for all three of these top-10 tokens is being provided via a bullish macro environment. Bitcoin and its large-cap peers have surged in this afternoon's session, following their equity counterparts higher as risk-on sentiment builds in today's market. Generally strong earnings from key companies reporting this week have provided the view that the economic outlook may have grown too bearish in April. Being among the riskiest assets on the market, cryptocurrencies are following tech stocks and other risk assets higher today.

Positive derivatives action, an airdrop and DAO announcement from an Ethereum Layer-2 network, and an upgrade to Cardano's block size (by 10%) also helped these tokens surge higher this afternoon.

There's certainly a lot going on with each of these projects at a token-specific level. The ecosystems behind Bitcoin, Ethereum, and Cardano are each massive. And as these ecosystems grow and evolve, investors can find new and exciting reasons to invest in these long-term growth assets.

That said, this macro environment appears to be driving most of the market-related swings in the crypto world. While today's late price action has provided a reprieve for investors, it's unclear if this rally can be maintained. Accordingly, investors are likely to remain on edge for some time, until signs of a true bull market materialize again.

Cryptocurrencies have been a great place to stay invested over the past decade. That said, these assets have been historically much more volatile than any other asset since inception. Accordingly, investors looking to play the long game in this sector may want to take some time away from reading daily charts and following the price action on these tokens too closely. Mental health is important.

Today's price action is indicative of the kinds of dramatic moves to the upside and downside that can happen within the span of a given trading day. While these tokens sank deep into the red this morning, investors did appear ready to buy the dip in the afternoon session, giving hope to investors worried about a lack of buyers in this difficult market.

Moving forward, I'm expecting much more of the same, in terms of volatility.

More here:
Bitcoin, Ethereum, and Cardano Are Turning It Around Today. Here's Why - The Motley Fool

Bitcoin has been controversial since its beginning in 2009, as have the subsequent cryptocurrencies that followed in its wake.

While widely criticised for its volatility, its use in nefarious transactions and for the exorbitant use of electricity to mine it, crypto is being seen by some, particularly in the developing world, as a safe harbour during economic storms.

El Salvador became the first country to make it legal currency in September 2021, followed now by the Central African Republic in April this year.

But as more people turn to cryptos as either an investment or a lifeline, criticisms of crypto have continued to manifest in an array of restrictions on their usage.

The legal status of Bitcoin and other altcoins (alternative coins to Bitcoin) varies substantially from country to country, while in some, the relationship remains to be properly defined or is constantly changing.

Whereas the majority of countries dont make using Bitcoin itself illegal, its status as a means of payment or as a commodity varies with differing regulatory implications.

Some countries have placed limitations on the way Bitcoin can be used, with banks banning its customers from making cryptocurrency transactions. Other countries have banned the use of Bitcoin and cryptocurrencies outright with heavy penalties in place for anyone making crypto transactions.

These are the countries that have a particularly fraught relationship with Bitcoin and other altcoins.

Algeria currently prohibits the use of cryptocurrency following the passing of a financial law in 2018 that made it illegal to buy, sell, use or hold virtual currencies.

There is a complete ban in place on the usage of Bitcoin in Bolivia since 2014. The Bolivian Central Bank issued a resolution banning it and any other currency not regulated by a country or economic zone.

China has cracked down on cryptocurrencies with increasing intensity throughout 2021. Chinese officials have repeatedly issued warnings to its people to stay clear of the digital asset market and have clamped down hard on mining in the country as well as currency exchanges in China and overseas.

On August 27, Yin Youping, the Deputy Director of the Financial Consumer Rights Protection Bureau of the Peoples Bank of China (PBoC), referred to cryptos as speculative assets and warned people to "protect their pockets".

Efforts to undermine Bitcoin - a decentralised currency outside the control of governments and institutions - are largely seen as an attempt by the Chinese authorities to float their own e-currency.

The PBoC is looking to be one of the first major central banks in the world to launch its own digital currency, and in doing so would be able to more closely monitor the transactions of its people.

On September 24, the PBoC went further and outright banned cryptocurrency transactions in the country.

In Colombia, financial institutions are not allowed to facilitate Bitcoin transactions. The Superintendencia Financiera warned financial institutions in 2014 that they may not "protect, invest, broker, or manage virtual money operations".

Egypts Dar al-Ifta, the countrys primary Islamic advisory body, issued a religious decree in 2018, classifying Bitcoin transactions as haram, something prohibited under Islamic law. While not binding, Egypts banking laws were tightened in September 2020 to prevent trading or promoting cryptos without a Central Bank licence.

Bank Indonesia, the country's central bank, issued new regulations banning the use of cryptocurrencies, including Bitcoin, as a means of payment from 1 January 2018.

Bitcoin has a complex relationship with the Iranian regime. In order to evade the worst impact of crippling economic sanctions, Iran has instead turned to the lucrative practice of Bitcoin mining in order to finance imports.

While the Central Bank prohibits the trading of cryptocurrencies mined overseas, it has encouraged Bitcoin mining in the country with incentives.

Around 4.5 per cent of the worlds Bitcoin mining takes place in Iran, which, according to blockchain analytics firm Elliptic, could account for revenues of over $1 billion (843 million).

In order for the crypto industry to flourish, Iran has offered licenced miners cheap energy but requires all mined cryptos to be sold to the Central Bank.

However, unlicensed mining drains more than 2GW from the national grid every day, causing power shortages.

To this end, Iranian authorities issued a four-month ban on Bitcoin mining until September 22.

India is becoming increasingly hostile towards cryptocurrencies. On November 23, the government announced its intention to introduce a new bill to the Indian parliament which would establish a new central bank-backed digital currency as well as ban almost all cryptocurrencies.

Earlier in 2021, it had considered criminalising the possession, issuance, mining, trading, and transference of crypto assets. Prime minister Narendra Modi said he wanted to ensure crypto "does not end up in wrong hands, which can spoil our youth".

Despite sustained efforts by authorities to block their use, cryptocurrencies are becoming increasingly popular in Iraq. The Iraqi Central Bank has been particularly hostile, issuing a statement in 2017 prohibiting their use which is still in force to the present day. In early 2021, the Ministry of Interior of the Kurdistan regional government issued similar guidance to stop money brokerages and exchanges handling cryptos.

While the holding or trading of cryptocurrency assets isn't yet prohibited in Kosovo, the government announced a ban on crypto mining in early January, blaming a growing energy crisis. The country, which unilaterally declared its independence in 2008, is facing historic power shortages with scheduled power cuts now being put into place to conserve energy. In a further bid to curb energy wastage, Economy Minister Atrane Rizvanolli announced a long-term ban on crypto mining in the country. Police have been tasked with enforcing the ban as well as pinpointing mining locations throughout the country.

The Nepal Rastra Bank declared Bitcoin illegal as of August 2017.

North Macedonia is the only European country so far to have an official ban on cryptocurrencies, such as Bitcoin, Ethereum, and others, in place.

Russia has a chequered association with cryptocurrency, made all the more complicated by its ongoing invasion of Ukraine.

While crypto isnt outlawed in Russia, there was until recently a conflict being waged against its use. Now, it is being seen as some as a saviour to help the country evade heavy financial sanctions imposed by the West.

Russia passed its first laws to regulate cryptos in July 2020, which for the first time designated cryptocurrency as property liable to taxation.

The law, which came into force in January this year, also bans Russian civil servants from owning any crypto assets.

Russian President Vladimir Putin has repeatedly linked cryptocurrency with criminal activity, calling for closer attention to cross-border crypto transactions in particular.

In July, the prosecutor general announced new proposed legislation which would allow police to confiscate cryptos deemed to be illegally obtained citing its use in bribery.

However, as the world's third largest mining hub according to data from Cambridge University, it's feared that Russia could now embrace crypto and harness its natural resources to exploit Bitcoin mining rather than disparage it.

Many in Turkey turned to cryptocurrency as the Turkish lira plummeted in value. With some of the highest levels of use anywhere in the world, the arrival of regulations was swift this year as inflation peaked in April.

On 16 April 2021, the Central Bank of the Republic of Turkey issued a regulation banning the use of cryptocurrencies including Bitcoin, directly or indirectly, to pay for goods and services. The following day, Turkish president Recep Tayyip Erdoan went further and issued a decree that crypto exchanges to a list of firms subject to anti-money laundering and terrorism financing rules.

The State Bank of Vietnam has declared that the issuance, supply, and use of Bitcoin and other cryptos are illegal as a means of payment and are subject to punishment of fines ranging from 150 million VND (5,600) to 200 million VND (7,445).

However, the government doesn't ban Bitcoin trading or holding them as assets.

The rest is here:
Bitcoin ban: These are the countries where crypto is restricted or illegal - Euronews

A new version of the original Bitcoin software client launched by Satoshi Nakamoto has been released today.

Bitcoin Core 23.0 was worked on by 132 developers over about seven months to bring tangible improvements to Bitcoin Cores wallet, peer-to-peer communication and network, fee estimation, and much more.

This article explores some of the main changes.

Bitcoin Core now enables the user to choose the new Taproot address type when creating a new wallet. Even though that isnt the default, as many wallets in the ecosystem cant send to a Taproot address yet, the user is given the option to create Taproot receiving addresses in newly-created wallets.

The Taproot address created by the Bitcoin Core wallet for receiving bitcoin is a simple, single signature one. Therefore, users wont automatically save BTC in fees compared to regular Bech32 single-signature addresses, as bigger savings come from porting more complex spending conditions and address setups into the Taproot scheme.

By adding native support for Taproot addresses, Bitcoin Core takes a step in the direction of encouraging a wider adoption of Taproot. As more users opt into the new upgrades features, its benefits are able to best permeate through the userbase.

Bitcoin Core wallets now default to using descriptors when created, a significant change that promises a better backup and recovery process for bitcoin funds.

Since the advent of hierarchical deterministic (HD) wallets, a Bitcoin wallet will typically use the recovery seeds (usually 12 or 24 words) to generate a master private key. The wallet then uses that master private key to generate a master public key, which can be leveraged to generate a nearly infinite number of receiving addresses through derivation paths, that as the name says, guide the wallet to what path it should follow to correctly derive an address.

Recovering funds in a Bitcoin wallet therefore commonly depends on that derivation path, as most applications today default to HD wallets. (The usage of different derivation paths by wallets is the reason why it is common to see a user attempting to recover funds in a second wallet finding a balance of zero.)

However, descriptor wallets make it much easier for the user to recover any funds by explicitly stating the derivation path in the descriptor. The user is thereby relieved from having to care about the derivation path their wallet used a big improvement in user experience (UX).

Bech32 addresses, the format in which the address begins with bc1, have an interesting property that enables the spotting of possible typos. However, it wasnt until Bitcoin Core 23.0 that the user could benefit from that.

Bitcoin Core will now alert the user about up to two errors in a Bech32 address. The tool is currently only available on the command line, through the validateaddress RPC, though there are plans to integrate it into the graphical user interface (GUI) in the future. If more than two errors are made by the user when typing out the address, then the typo-finding tool cannot guarantee success.

The limit of errors the tool commits to finding is important because attempting to find a large number of typos could lead to undesired behavior. If the user typed an address with several mistaken letters, even if the tool could spot all of them it could end up suggesting a totally different address than what the user intended to send to in the first place a much worse outcome.

A Bitcoin Core user has had the option to choose what coins, or unspent transaction outputs (UTXOs), to use in a transaction for years now. But this coin control feature required manual selection of what UTXOs to use every time a cumbersome and tiring process that is highly prone to error.

Now, Bitcoin Core allows the user to indefinitely freeze a UTXO. The freezing process is still a manual one, but the user only needs to do that once and can then rest assured that the coin they froze wont be automatically spent by Bitcoin Core until the user unfreezes that coin.

Carefully selecting which UTXOs to use in funding a transaction is important to prevent undesirably linking addresses that have conflicting purposes. For example, a user might not want to join UTXOs they obtained through know-your-customer (KYC) methods with non-KYC coins. If they did, any observer of the blockchain would be able to infer that that user, whom they could know because of the KYC information provided, also owns the non-KYC address and its coins hurting user privacy.

Broadly speaking, computers need two vital pieces of information to communicate with each other on the internet: an IP address and a port number. While the IP address serves as an identifier for a computer in a network, helping determine its location, the port number helps inform what type of communication is being done on the internet as each communication protocol usually defaults to a specific port number. As a result, ports enable a computer to run multiple types of traffic at the same time while easily differentiating between them. For example, the webs HTTP protocol defaults to port 80, while its more secure counterpart HTTPS usually runs on port 443, and emails SMTP protocol leverages port 25.

With Bitcoin, it is no different. Historically, upon starting Bitcoin Core, computers default to running on port 8333 and looking for peers using that same port.

While ports facilitate the communication between computers on the internet, it also makes it easier for internet service providers (ISPs) to monitor traffic as it is easy to assume what type of communication is being done. In an adversarial setup, an ISP could filter and block certain traffic based on the destination port. Despite not being the most effective censorship mechanism available to ISPs, it is the easiest, and an attacked protocol would need to change its default port of communication to bypass the censoring or throttling.

By removing the port 8333 preference, Bitcoin Core now mitigates the easiest path ISPs have for filtering or blocking Bitcoin traffic. Additionally, nodes not running on port 8333 now will have less friction getting inbound connections from other nodes as the network no longer prioritizes that port.

Bitcoin Core 23.0 also protects users from adversarial ISPs by adding support for CJDNS, a security-enhanced alternative to the standard internet protocol (IP).

CJDNS leverages public-key cryptography to implement an encrypted version of IPv6 the most recent version of IP. By providing end-to-end encryption natively, CJDNS improves upon IPv6 and IPv4 (the previous IP version that is still widely used) with increased security and privacy as it protects nodes that use it from traffic analysis and filtering.

The addition brings new optionality for users interested in protecting their traffic from prying eyes or increasing the security of their Bitcoin setup. While Tor and I2P exist as alternatives to clearnet IP, CJDNS serves as a complementary option that can enhance robustness for the Bitcoin network and its nodes.

Bitcoin Cores built-in fee estimation tool has just gotten a bit more complete.

According to a blog post by John Newbery on the subject, Bitcoin Cores fee estimation simply records and reports meaningful statistics about past events, and uses that data to give the user a reasonable estimate of how much fee they need to attach in order to have their transaction included within N blocks, with N being the number of blocks the user is willing to wait to have their transaction confirmed.

The algorithm calculating such estimates used to take into account all transactions on the mempool, Bitcoins waiting area for transactions that havent yet been included in a block. However, since the introduction of replace-by-fee (RBF) transactions, which enable the user to effectively bump the fee their transaction is pledging to miners in an attempt to get a faster confirmation, Bitcoin Core did not account for the new transaction type when estimating fees out of doubts whether the feature would be widely adopted by users and miners.

Now, with Bitcoin Core 23.0, RBF transactions are taken into account on Bitcoin Cores fee estimations, providing a more accurate estimate for users leveraging the software for sending transactions.

Bitcoin Core now includes experimental tracepoints in its release binaries for Linux with userspace, statically-defined tracing (USDT).

USDT allows users to get detailed information from their node that can be used for review, debugging and monitoring. The feature makes it possible to keep track of custom fine-grained statistics and monitor otherwise hidden internal node events while having little to no performance impact when unused.

One example where this is useful is to spot and likely prevent attacks. A security researcher could set up multiple nodes and trace the messages received from peers to possibly identify attacks ahead of time.

Thanks to Aaron van Wirdum for information and feedback.

For more details and other changes, see the Bitcoin Core 23.0 release notes. To download Bitcoin Core 23.0, navigate here. Details about Bitcoin Core 23.0 are also explained in audio in the Bitcoin Explained podcast episode 56.

Read the original post:
Bitcoin Core 23.0 Released: Whats New - Bitcoin Magazine

Bitcoin 2022, hosted in Miami, Florida, on April 6-9, featured a panel titled Preventing Attacks on Bitcoin with three Bitcoin Core developers: Luke Dashjr, Bryan Bishop and Jameson Lopp (substituting for Peter Todd). The panel was moderated by Shinobi.

The panelists discuss technical and social attack vectors, primarily in the development process of Bitcoin Core, that could hinder or wholly derail Bitcoins sole mission as immutable money. The purpose for openly brainstorming attack vectors is to formulate appropriate defense measures and, as Sun Tzus The Art of War strategizes:

Do not trust that the enemy isnt coming. Trust your readiness to meet him. Do not trust that the enemy wont attack. Rely only on your ability to pick a place that the enemy cant attack.

The following is a summary of said panel with a quick overview of the Bitcoin Core development process.

The Bitcoin Core developers work through a development process to offer the Bitcoin protocol bug patches, software optimizations and enhanced features; they then publish these updates following community consensus via Bitcoin Improvement Proposals (BIPs). To successfully engineer an attack against the development process, on either a technical or social level, would potentially impede (sometimes critical) protocol updates and instill distrust between developers.

To clarify, Bitcoin Core is a free and open-source software implementation of a Bitcoin full node, referred to as a client. Although misleading in name, Bitcoin Core does not have centralized or core control over the Bitcoin network, but rather serves as just one possible client that people are free to use at their discretion. As well, the Bitcoin protocol consensus rules require that all Bitcoin full nodes and economic participants unfailingly enforce those rules when considering the validity of a block.

Additionally, Bitcoin Core updates are not downloaded automatically but rather manually, as automatic software updates provide an attack vector for a mischievous actor to compromise all the nodes and miners in a single stroke.

The Bitcoin Core team of developers do not pedestal a single leader or spokesperson thus distancing the client and development process from personal character exploitation due to faults all earthly leaders inherently possess. For example, narcissistic leaders can be weakened by creating unrest within their fan base, or short-tempered leaders can behave irrationally when provoked with insults. To overturn an upstart movement, one must cleverly dispose of its leader or fracture their following.

Yet without a single leader, how do independent Bitcoin Core developers come to agreement on complex design choices or emergency bug fixes? The aforementioned BIPs are used in the Bitcoin Core development process to implement features or information to the Bitcoin protocol, but BIPs also work to standardize the communication of new ideas, as diagrammatically depicted below and as described in BIP 1:

How can we throw a wrench into this process? Despite introducing some formality via BIP 1 into an otherwise unstructured network, there presents an opportunity for malicious or simply misguided actors to subvert the development process through both technical and social means. Recognizing this wrench however is often only possible in hindsight making certain attack vectors especially difficult to detect and avoid. If you can dodge a wrench, you can dodge a deviant developer hell-bent on pushing their self-serving agenda at Bitcoins expense.

In practice, actual BIP implementations are not as neat as a workflow diagram and the above explanation has been abridged. However, we can begin to theorize nefarious methods to subvert the decentralized development process.

Note: The term consensus is an ambiguous word used to imply several different things beyond the rules of Bitcoin. Typically used to indicate everyone basically agrees on a decision while, in reality, there are more accurate, distinct words that work to better define the varying levels of agreement on a decision than the catch-all term consensus. For simplicitys sake, this article refers to near-unanimous and general agreement as achieving consensus.

The Bitcoin network deployed in 2009 with several critical bugs and oversights that could have resulted in serious technical attack vectors, but those publicly-known vulnerabilities were remedied long ago. Generally speaking, these bugs and oversights are hard to find as there is nothing in the code that is obtrusively or painfully obvious. A dedicated open-source development community voluntarily contributing to the codebase has worked incessantly to improve the protocols integrity over the past decade and then some. By understanding past vulnerabilities and their solutions, we can remain vigilant in mitigating future flaws and provide a basis for generating worst-case scenarios to search for potential defense mechanisms.

Certainly the most notable social attack on the Bitcoin community and development process occurred in 2015 when two well-respected and veteran Bitcoin developers at that time, Gavin Andresen and Mike Hearn, created and promoted a new, incompatible Bitcoin client labeled Bitcoin XT. Bitcoin XT proposed increasing the possible transactions per block, known as the blocksize, as a means of competing with conventional payment systems such as MasterCard or Visa. By adopting this incompatible version of Bitcoin, users would effectively hardfork, or make valid, previously invalid blocks and transactions which ultimately forces everyone to upgrade their clients similarly else risking network stability and replay attacks.

Bitcoins creator, the anonymous Satoshi Nakamoto, had long since stepped away from Bitcoin when this controversial project was announced and the community was left to decipher Satoshis comments for guidance as though they were sacred writ. Bitcoin XT failed to gain consensus as it naively proposed increasing the maximum blocksize and its proponents sought to subvert user consensus through closed-door, developer-miner-corporation collusion. Without getting into every minute detail of the infamous blocksize war and spawning an entire book, we can plainly observe from the intensive two-year squabble the critical function of full nodes (users) coordinating to enforce new rules without support from miners via user-activated softforks (UASF).

Had Bitcoin fallen into the big block trap, network decentralization and Bitcoins apolitical nature would have suffered accordingly. To understand the ramifications of changing a seemingly simple variable, that being the blocksize limit, requires not only understanding the technical impact on the codebase integrity, but also hidden consequences inviting additional attack vectors against the nascent network ecosystem. One can extend this line of thinking toward todays asinine suggestions of shifting Bitcoin to proof-of-stake in lieu of proof-of-work. Even though the solution to the blocksize war was resolved technically through a UASF, the social drama that ensued required non-technical solutions of simply remaining firm and not budging on a detrimental software implementation, no matter the corporate or celebrity developer backing.

Dashjr contends an attack on the Bitcoin Core development process occurred just last year: the Speedy Trial activation method of the much-anticipated Taproot softfork upgrade (BIP 343). The Speedy Trial logic works to activate a BIP implementation without the risk of an undesirable chain split by means of either quickly succeeding or quickly failing to activate within a three-month timeframe. Once the work to build Taproot was finalized, the developers could not come to general agreement on the activation method and essentially ignored the crucial step of first receiving undoubtable community consensus.

Although Taproot successfully activated and the subsequent features provided were unquestionably beneficial for users, its activation method was perceived as controversial and posed potential vectors of attack while setting poor precedence for future BIP activations. The Speedy Trial activation mechanism was seen as an attack on the Bitcoin Core development process because some developers stepped away from the perceived community consensus while refusing to consider BIP 8 as an activation method, otherwise known as the Lets see what happens proposal, in the deployment of Taproot.

The Speedy Trial method was antithetical to the blocksize war outcome, where the feud concluded that users coordinating near-unanimous agreement should control the network consensus rules and not the miners. With Speedy Trial and without BIP 8, the decision to activate (or not activate by just not signaling when it's deployed) entirely depended on the miners regardless of user consensus. The arguably reckless Speedy Trial deployment method went against perceived community consensus and, to mitigate this in future, would potentially require coordination of a UASF with enough viable adoption beyond a few concerned people in the corner of a room to counter a BIPs activation.

The panelists at Preventing Attacks On Bitcoin considered how to assess these historical attacks and avoid similar attacks in future. The attackers pushing for Bitcoin XT or Speedy Trial may not have had malicious intent with their proposals, yet clearly their methods conflicted with certain principles which a portion of the community adamantly defends that is, the users have the sole right to approve or veto changes to the consensus rules. In hindsight, the attackers simply did not follow the same principles of Bitcoin that the community did, which resulted in those attacks becoming a subjectively interpretive war of what was best for Bitcoin.

The aforementioned Bitcoin XT and Speedy Trial scenarios convey the methods in which Bitcoin Cores development process could be made controversial, emphasizing the necessity to approach all BIP implementations cautiously and thoughtfully. In the following sections, the panelists theorize additional plausible attack vectors.

Bishops interests in the development process include deterministic builds and build signing which can be leveraged to prevent certain attack vectors on Bitcoin users, namely attacks that seek to fool the user into believing they have downloaded a bona fide Bitcoin Core client.

Anyone who is a user of a Bitcoin client must download it from somewhere on the spam-ridden internet. If the webpage hosting the download file is compromised or intercepted during download, then the file itself may have been maliciously modified. How can that user prove the version they downloaded is indeed the intended Bitcoin client?

The common method to provide non-repudiation of a software build, or proof of the integrity and origin of the data, is with digital signatures. Digital signatures, the tamper-proof wax seals electronic and mathematically-inclined cousin, are a standard element of most cryptographic protocols using asymmetric (public and private) keys to enable authentication between two strangers but wait! This does not guarantee signature authenticity. Ultimately, authentication without confidence in the keys used to verify the signature is pointless as the recipient must be assured the verification key truly belongs to the sender.

There is then another sly attack vector if the verification software itself is compromised. A clever criminal claiming to be someone who they are not, but having to also prove their claim through a digital signature, could plant the compromised key-verifying software for the unsuspecting user to download and consequently be presented with a false result of authentication. The compromised software contains a very subtle bug that, at a quick glance of the code, would manipulate the user into reasoning the verification software yielded an accurate result.

While deterministic builds do not solve authentication of digital signature possession, it does work to reduce the trust required in a single source or claim to the software a user has downloaded. Deterministic builds work to protect the software implementation against a couple rogue developers or a compromised developers keys during the development process. This protection is achieved through cryptographic hashes of the software that developers digitally sign as the software is built during each step of the build process effectively ensuring that the final software binary files are the same as the binary files that the honest developers built and therefore hasnt been compromised in any form or fashion.

Altogether, with deterministic builds and build signing, one can basically trace trust in the software from the binaries to the source code to the git commits made by various developers and identify what changes were introduced by whom. The legitimacy of the software can then be further investigated through techniques like web of trust where users can arbitrate whether or not the keys being verified are authentic and they are operating the intended Bitcoin client. Therefore, without taking advantage of deterministic builds and build signing, the user is susceptible to a myriad of attack vectors.

One such example: if a user downloads a Bitcoin client through HTTP in lieu of HTTPS with a public Wi-Fi connection, perhaps at a foreign coffee shop or hotel, while not verifying the build signing, then attackers could very well intercept the users download connection and replace the download file with a villainous version of Bitcoin that may steal coins, spy on users, or perform other harmful functions.

Bishop finds that a fun part of the software building process is maintaining consistent development environment variables which work to eliminate any sources of non-determinism. Non-deterministic sources could result in undesirable variabilities of the build signing due to the naturally open environment developers are building on. A variability, like differing operating systems between individual developers, generates an entirely different hash at the end of the development process. Ideally, removing all sources of variability in the build environment would improve deterministic builds and subsequently improve trust in their integrity.

Lopp, channeling his inner Sun Tzu, devises a particularly devious method of dividing and manipulating Bitcoin Core la nefarious developer(s) sowing discontent throughout the community and GitHub repositories. If a respected developer were to convey extreme irritation and anger towards any and all protocol improvements, patches or changes, then the growing general consensus will be one of fear towards touching the protocol. This freezing of the development process is known as ossification and would make continued protocol improvements practically impossible.

Perhaps achieving ossification is ultimately beneficial for the protocol since this would imply Bitcoins widespread established dominance, yet Lopp argues just the opposite in that ossification is an exploitable attack vector rather than an effective defense. While ossification works to defend against detrimental changes to the Bitcoin protocol, such as Bitcoin XT, it could also work to prevent beneficial or necessary updates that provide increased peer-to-peer privacy and more robust codebase improvements.

The attack vector Lopp describes would be extremely difficult to assess on the spot whether an active confrontation in the development process is an attack on the protocol or a legitimately constructive disagreement. This speaks to the previous point where, in hindsight, the attack is much more visible after the fact. Without possessing total omniscience of each developers true intent, the development process would be stuck between a rock and a hard place.

Defense against technical attacks, like the above-mentioned early bugs and oversights, are relatively straightforward and logical in their solution. When introducing the erratic, human element, however, we begin playing a dangerous game with far less predictability. Socially-engineered attacks are often packaged with fuzzy solutions and will likely have to be dealt with as they come. A targeted memetic or mainstream narrative attack can be entirely inconspicuous and determining a defense against them is largely a gray area.

Warfare is the philosophy of deception. Arguably, the most logical attack vector for would-be adversaries might be to incite social discontent and meme warfare. Lopp explains that deliberately forcing ossification is the perfect attack because many users would consider it a defense.

The continued prevalence of Craig Wright, an individual claiming to be the anonymous Satoshi Nakamoto, and his cryptographic antics plus judicial intimidation of Bitcoin Core developers represents a direct attack on the Bitcoin Core development process. Despite the mounting evidence that Craig Wright is not Satoshi Nakamoto, he continues to wreak havoc by racking up millions of dollars in legal fees and effectively outbidding the defense because of the astronomical costs financial and personal that Craig Wright imposes on volunteer developers and contributors via Strategic Lawsuits Against Public Participation (SLAPP suits). Recall the clever criminal claiming to be someone who they are not, but having to also prove their claim through a digital signature; this exact scenario played out but, due to the abstruse nature of asymmetric cryptography, has been ineffective in convincing the judicial system.

Consequently, Bitcoin Core developers should adopt anonymous contribution methods or risk being targeted by an expensive and burdensome litigation process. These methods of anonymity ultimately depend on the individuals privacy practices, perhaps such as avoiding Bitcoin 2022 and conferences entirely to maintain anonymity. Yet litigation against a supposedly anonymous individual could still be possible if there is an IRL name or personally-identifying element tied to that developers pseudonym. However, the need for contributing privately is itself a present and future burden on developers and their families.

Eventually, if these judicial attacks on Bitcoin Core contributors persist or Jack Dorseys Bitcoin Legal Defense Fund runs dry, developers will be pushed out of the space and further escalate protocol ossification since burning money in unending litigation is not very attractive; a death by a thousand cuts, as Shinobi eloquently summarized it.

If Bitcoin is expected to survive and thrive not just in this century, but for many centuries and so on, then careful steps must be taken in formulating defense mechanisms against expected and unexpected attacks on Bitcoin Core as well as the Bitcoin ecosystem. You cant have a multi-generational wealth vehicle if it becomes worthless before you die.

While the panelists held differing views on whether attacking Bitcoin users is equivalent to attacking the Bitcoin protocol, there continue to exist vectors of attack on the users, like the aforementioned fraudulent digital signatures and the ongoing Craig Wright legal saga. Other vectors include poor wallet build practices or malicious mainstream narratives brainwashing users that could be significantly detrimental to certain principles of Bitcoin we find paramount.

In spite of advancements in Bitcoin private key management, known as wallets, there remains the possibility of bad actors intentionally building wallets that do not follow the latest nor ideal security practices available to them. For instance, there are still wallet implementations that use a single address to send and receive bitcoin thus exposing any privacy users may have.

As well, although not necessarily intentional but rather a result of its limitations, any kind of light wallet (one that does not also operate as a full node itself) requires a connection to a full node in order to communicate transactions. Light wallets, particularly popular for casual users, pose the duality of a simple, easy-to-use interface, but also present gaps in security ripe for attack vectors. Users of these wallets are susceptible to their transaction communications being intercepted by potentially nefarious actors. A straightforward solution but impractical for some to this vector would be to forego using light wallets in favor of full node wallets.

Shinobi envisions alternative attack vectors stemming from plain disinformation campaigns against Bitcoin and then quickly spiraling into government lobbying for legal action and heavy regulations. One such obvious disinformation campaign is the unfounded notion that proof-of-stake is a viable alternative to proof-of-work. If all jurisdictions, primarily those with readily cheap and abundant energy infrastructure, fell in a domino-effect of power grabbing desperation to curb stomp Bitcoin through outright banishment of bitcoin mining, perhaps enforced via inspecting unique energy grid power modulations that can identify bitcoin mining rigs, then relocating all the existing hash power off-grid would prove quite challenging.

The process of replacing and procuring the necessary scales of energy off-grid particularly in secret is no easy task. As an example, solar panels and wind turbines remain far too restrictive to act as an equivalent substitute and fully shoulder a network-wide transition to off-grid bitcoin mining due to solar and winds inherent variable and intermittent power generation. Dashjr proposed a potential solution by deviating from the current proof-of-work standard only if the situation were dire enough. If the blockchain were halted from some unimaginable political dictation or the hashing algorithm (SHA256) used to secure Bitcoin were broken, then coming together to find a solution may be possible and would be beneficial for all network participants.

This proposal of modifying proof-of-work as we know it is itself a case-in-point for the unexpected attacks that could occur on Bitcoin and the inevitably controversial decisions through the Bitcoin Core development process that would follow given such a dire scenario.

Continuing down the path of hypothetical situations that would require time-sensitive BIP implementations, perhaps the worst-case scenario imaginable would be if the SHA256, RIPEMD-160, or ECDSA mechanisms were undoubtedly compromised but even then, the question remains of what would be viable alternatives? Lopp jokes in saying a quantum-proof algorithm will make everybody happy, but this cheeky response will likely become reality at some point in the far future, necessitating unsavory hard fork discussions around practical defense mechanisms against quantum computing exploiting asymmetric cryptography.

Bitcoin is an apolitical money and peaceful protest against the incumbent and corrupt monetary regime. Because of the nature of the opponent Bitcoin is facing, i.e., the U.S. dollar, an unrelenting barrage of technical and social attacks against Bitcoin is likely to occur, if not already under way. Bishop relates Bitcoins entirely voluntary community, who is steadfastly defending Bitcoin at the ready, to that of a self-developed immune system that could be Bitcoins greatest defensive and offensive mechanism.

In summary, Bitcoin is by no means invincible. Without actively considering all potential attack vectors and seeking respective solutions, the always-waiting adversaries could find weaknesses in the code or in the community itself. Whether the attack be from colluding parties, counterfeit Bitcoin software, deliberate ossification, targeted attacks through the judicial system or some unknown future disaster scenario, Bitcoiners must work together and unite to seal any gaps that could be the beginning of the end for Bitcoin.

The aim of this panel is not to instill in the audience doom nor gloom, but rather to prescribe a proper dose of reality with the very possible attacks Bitcoin development and the network could encounter moving forward. Ignoring this would be incredibly detrimental to the overall security of Bitcoin if we decide to live in blissful ignorance of these attack vectors. Should history have anything to teach us, it would be that all existing and previous monetary regimes outside of Bitcoin have succumbed to the fallibility of human institutions. Lets work to not have Bitcoin experience a similar fate.

Humans are rationally driven by monetary incentives which has enabled the open source, pseudo anonymous, monetary nature of Bitcoin to harness a large, skilled group of hackers with opportunity for a reward of the scarce currency that is bitcoin. The discovery and exploitation of flaws that could compromise Bitcoin would paradoxically diminish the attackers newfound wealth thereby, in theory, monetarily encouraging hackers to continually support the Bitcoin network and responsibly report bugs and exploits.

Despite discussions of ways to attack the Bitcoin Core development process and the wider ecosystem with little readily-available solutions of how to exactly ascertain and prevent these attacks, Bishop ended the panel with a poignant statement that spoke to the greatest incentive of all: money. He remarked, Bitcoin is the greatest bug bounty program of all time good luck.

This is a guest post by Okada. Opinions expressed are entirely their own and do not necessarily reflect those of BTC, Inc. or Bitcoin Magazine.

Visit link:
Adversarial Thinking And Ways To Attack Bitcoin - Bitcoin Magazine

Bitcoin key management is probably one of the scariest aspects of interacting with your money for a new user with any sizable amount of value. Its also one of the most important aspects. One of the core aspects of bitcoin that truly differentiates it from the forms of digital value that preceded it historically is the ability to control and custody your own funds, to not have to depend on some central authority or record keeper to maintain possession of and retain the ability to transfer or spend it. Without the ability to hold your own private keys, it would not be possible to truly use bitcoin in a self-sovereign way without third parties. This opens up a door of massive potential and possibilities, but also a door to massive responsibility and risk. As has commonly been reiterated many times over the years, there is no Bitcoin customer support. There is no help desk to call, no one to hold your hand and undo mistakes you might make, theres just you.

This is the most difficult hurdle to overcome in terms of taking custody of your own bitcoin, and it is both a mental and practical hurdle. The space is awash with different ideas of best practices, how-to guides, opinions on the best device to use, and new users are bombarded from all directions with this information when they arrive here. The simple reality though, is that there is no one-size-fits-all solution to how to store your bitcoin. There are some things that are more widely applicable to people than other things, there are solutions that are better suited for larger or smaller amounts, there are some solutions that make no sense or make perfect sense depending on your living situation. But there is no one best practice for managing your private keys that applies to everyone equally. Anyone who tells you otherwise is probably not someone you should be listening to in regards to advice on the subject.

There are all kinds of ways to manage your keys, but things have come a long way since Bitcoin was first created. The original Bitcoin client generated single stand-alone keys backed up in a password-protected digital file and every time you received new coins you would have to make a new backup or risk losing that money; each new receive address was a newly-generated key totally unrelated to the other ones, and not contained in the last backup you made. Nowadays we have mnemonic seeds and deterministic wallets to allow a user to make a single backup and not have to worry about renewing that every time they receive new funds.

However, there is a lot more to safely managing keys than just the form your backup takes.

One of the first things people will run into in regards to key management advice is the contention of whether or not to use a single-signature wallet or a multisig wallet. Both camps tend to take an extremist view that they are the one-size-fits-all solution for your average user, and tend to bombastically advise only using one or the other, its automatically more security! But as I said above, there is no such thing as a one-size-fits-all solution when it comes to key management. Every individual person is in their own personal situation, and that needs to be considered above all else before deciding how to go about things.

Lets look at some of the benefits of a singlesig wallet before we go into multisig. First, the entire wallet requires only retaining a copy of your mnemonic seed in order to be recoverable. Every single Bitcoin address that you send money to can be deterministically generated again on another device. The seed is literally the only thing that you need to recover all of your coins. Another benefit is the cost of spending. When sending coins using a single signature on the blockchain, they take up less blockspace and thus cost less in fees because only a single signature is required in the witness data of the transaction. In terms of inheritance situations, single-signature also has the benefit of being a simple thing (the mnemonic seed) that can be left for your friends and family. As long as they have a simple-to-use and secure device to import it into, its pretty easy to handle with some basic guidance. What is the obvious major downside? A single point of failure. If your mnemonic or keys are compromised, thats all she wrote. That is all that is required for a malicious actor to steal your coins, and there is no undoing that once it is done. No support line to call, no chargebacks. Theyre gone for good.

What are the upsides of a multisig wallet? There is no single point of failure; you are unable to spend coins in a multisig wallet without access to multiple sets of private keys. This allows the geographic distribution of mnemonic seeds to increase the cost of gaining access to enough key sets in order to steal someones bitcoin. It also opens the door to letting other people take possession of one set of keys in the multisig aside from the actual owner, or distributing the keys amongst a group of people so that no one individual owns'' them from the point of view of having enough keys to spend them on their own. This is how companies like Casa or Unchained Capital are able to offer services that to some degree do hold users hands, offering them a safety net in the form of a recovery key held by the service to safeguard the user against losing some (although not all) of the keys they possess in the multisig. What are some of the downsides of multisig? The necessity to safeguard all of the master public keys involved in the wallet. When you use a singlesig, all you need is the mnemonic seed to recover it. But because a multisig wallet uses all of the public keys from every mnemonic seed involved, you have to back them up as well. The problem here is that if you lose a mnemonic seed involved in the multisig, and dont have a separate backup of the matching public key, you have no way to recover it, and without that public key you cannot regenerate the multisig address to find your funds on chain, and therefore have lost access to those funds. Multisig (at least until MuSig schemes using Schnorr/Taproot are adopted) are also more expensive to spend on chain than a singlesig, so sending your money anywhere is more expensive than with a singlesig address.

So lets look at an imaginary Bitcoiner: they live alone in an apartment, they do not get along well with their family, their friends are not the most responsible people, and they are sitting around contemplating how to set up their key management solution. Some person attempting to be helpful on Twitter advises they set up a multisig wallet with Specter or Blue Wallet. How does multisig help this person? They have no place to store keys aside from their apartment, so they are going to be keeping all the keys in one place. This prevents any benefits of spreading multisig keys around to be redundant against loss or theft, and comes with the cost of more expensive transactions on chain. As well, even though not the most likely scenario because all the seeds are stored together, they risk losing funds if they misplace or damage one seed and do not maintain public key backups. It adds no meaningful security, increases the cost of spending their bitcoin, and adds additional ways for them to lose access to their money. What might make sense for such a person is utilizing a multisig service where the provider holds a key for them to assist in recovery. If using a 2-of-3, they can keep two seeds at their apartment, the provider has one, and leave a single seed with untrusted family or irresponsible friends knowing that the single seed is not enough for them to spend the funds. They can even leave that one seed with multiple people in case someone loses or destroys their copy, so they can still recover funds if they were to lose access to both of their seeds kept at home.

Lets look at another imaginary Bitcoiner: someone with their own house, as well as a cabin somewhere in the wilderness they own as a vacation home. Maybe theyre a senior software engineer, or a lawyer, someone who has their own locked office in their workplace. They have many different places under a reasonable amount of their own control. In this case it makes sense for this person to utilize a multisig setup with noone involved but themselves. They can generate a 2-of-3 wallet, leave one seed at home, one seed at their cabin, and one seed at their office (obviously leaving a copy of all three public keys with each seed backup). This provides them with geographic redundancy protecting them against both loss of funds and theft because they actually have access to multiple safe locations where they can store key material, unlike the first hypothetical Bitcoiner above.

Both of these scenarios should clearly demonstrate the strengths and drawbacks of both methods depending on a person's individual circumstances. Using multisig because "it's more secure!" is not always a sensible choice for everyone. Even if it does make sense, it doesn't necessarily make sense to use it in the same way as someone else would. Before making a decision between a single key and multisig key set up, you should think long and hard about your own living circumstances and what makes sense for you.

Passphrases are also something billed as a catch-all solution to security. The reality is a lot more complicated and nuanced than that. Assume for the purposes of this discussion that you have had your mnemonic seed compromised (a passphrase is just like any internet password in that scenario from a simplistic point of view). It only adds as much security as there is entropy in the passphrase. If you used a secure passphrase, obviously this can be a good amount of added security, but this comes with the trade-off that the more secure your passphrase is the harder it will be to memorize. The core purpose of a passphrase is to have something you remember, and not physically stored anywhere, so the use of a passphrase becomes a balancing act of adding security but not creating too great a risk of forgetting it. If you don't remember your passphrase, you lose access to your funds.

This write-up on Coldbits website gives a good breakdown of the entropy of different styles of passphrases, from using BIP-39 mnemonic words, to other word lists, to alphanumeric passwords. The article defines different classes of attackers based on the resources at their disposal: a single laptop, a few GPUs, a specialized ASIC for passphrase cracking, and a large supercluster of passphrase ASICs. For each class of attacker they rate on average the time it would take to brute force a passphrase based on its length and what resources an attacker has. This is something that everyone using a passphrase should consider when selecting one. Unless you approach the same entropy as a mnemonic seed itself, a passphrase is just a temporary shield to allow you to move your funds to a new seed before the attacker can bruteforce your passphrase, and if you approach the same entropy as a mnemonic seed you are heavily raising the risk of forgetting the passphrase and losing access to your funds.

The last point on seed phrases is memorizing versus writing down and storing somewhere. If memorizing a seed it might be prudent to temporarily write it down until you are confident you have it memorized, and then destroy the written copy. If you do wind up making a permanent physical copy of it, then in my opinion the best thing to do is treat it like a multisig setup. Your mnemonic and passphrase each constitute two "keys" in a "multisig" at that point, and storing both of them in the same place is a bad security risk. The major benefit of a passphrase is adding "something you know" to "something you have" (your mnemonic). If you deviate from this use of a passphrase by writing it down, keep that in mind and plan accordingly to keep them separate and not easy to find together.

This is a key point to consider in any wallet set up; hardware wallets generally provide physical security to make extracting your keys from the device very expensive, and any software wallet that is safe to use will be storing your keys encrypted when the wallet is not open and in use. However, all of these protections are moot if you just leave a mnemonic seed sitting around on a desk. Physical security of a mnemonic seed is of the utmost importance, whether that comes from a safe, or hiding it in some place that is not somewhere a thief or attacker will look is something for you to consider based on your situation. But it should not be somewhere easily accessible by anyone but you. A safe that is difficult to remove or break into would be a good place, or somewhere that is not immediately obvious, like writing it inside a book across many pages or under a loose floorboard (don't take these examples literally per se, but the idea is that somewhere a thief is not going to think to look for something valuable).

If you wind up storing a mnemonic somewhere other than your own home, I cannot stress this enough, do not do so without a decently strong passphrase and preferably with some kind of tamperproof bag or setup so that you can periodically verify the seed is still there and has not been tampered with by anyone else since your last check. Personally I think that strong physical security or obfuscation (hiding) is the way to go in your own residence, but if you do have a need to store elsewhere due to security or disaster risks, I would advise storing it with someone you trust regardless of any tamperproof measures or passphrases you have in place (security deposit boxes are a horrible idea for singlesig addresses).

One last thing to consider if this happens to be a situation you might find yourself in, is how do you destroy a metal seed backup? Imagine you are leaving the country and never coming back, yet you have a word seed stamped with letter presses or etched in. You can't bring that through customs. You also don't want to leave it sitting around where it can be found when you leave if you plan on continuing to use it. If this is a scenario you see in your future potentially, it might make sense to use tile-based seed backups if you want to keep steel ones for durability purposes, otherwise you are going to have to migrate all of your funds to a new seed before or after leaving. This could be a time-consuming and complex thing if you have funds segregated among different passphrases, or have managed your UTXOs to keep them isolated, because you will have to move funds bit by bit without connecting them to maintain that privacy and isolation.

Managing your own keys is the core of what makes Bitcoin special, but it is also a big responsibility. It's like going for a hike out in the wilderness. There are many different paths you can take; some are arduous and grueling, uphill the whole way, while some are nice easy paths, and some have obstacles in the way. You can even walk completely off the trails if you so choose, but that comes with the risk of getting lost. When you go out in the elements, there is no one you can depend on but yourself. The level of preparation and understanding needed is not going to be the same for everyone, and you shouldn't let yourself fall into the trap of thinking that is the case.

This is a guest post by Shinobi. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

The rest is here:
Weighing The Options Of Bitcoin Private Key Management - Bitcoin Magazine

Welcome to Nonfungible Tidbits, a weekly roundup of news in crypto, NFTs and their related realms.

Our lead story this week is Twitter signing on as the first company to use Stripe's new cryptocurrency payments feature. The social network plans to give creators -- people who monetize their video, art and music directly through their relationships with the audience -- the option of getting paid in a stablecoin.

We'll also cover Coinbase launching a beta version of its NFT marketplace, New York lawmakers considering a moratorium on fossil-fuel powered cryptocurrency mining in the state, and a strange cyberattack on a DeFi protocol in which the hacker left the stolen cryptocurrency behind.

Online payment processor Stripe said on Friday that it'll allow businesses to pay their customers in cryptocurrencies. The first business that's signed on for this feature is social media giant Twitter, which currently uses Stripe to pay creators. Right now the cryptocurrency that'll be used for the payout is a stablecoin called USDCoin, or USDC. The value of the USDC stablecoin is pegged to the US dollar, which makes the value less volatile than that of other cryptocurrencies, like bitcoin.

Twitter will draw on Stripe's cryptocurrency payments feature by offering it as an option to creators who sell premium content to their followers, such as those who receive earnings from Twitter's paid Ticketed Spaces and Super Follows features. Creators can opt to have their payout sent to a digital wallet.

Read CNET's full story on Stripe's cryptocurrency payment roll out here.

Cryptocurrency exchange Coinbase on Wednesday released the beta version of a feature that'll allow users to buy and sell NFTs on its platform. Coinbase calls the new feature "a Web3 social marketplace for NFTs," which sounds like the exchange may include social media elements in the feature. Right now the beta version only lets people view Ethereum-based NFTs on Coinbase.

Read CNET's full story on the launch of Coinbase's NFT marketplace here.

A cryptocurrency mining rig.

A battle over how and if cryptocurrency mining should be allowed to operate is heating up in New York, according to a Wall Street Journal report. New York lawmakers are considering measures that would place a two-year moratorium on reactivating old fossil-fuel power plants in the state for the purpose of cryptocurrency mining.

Cryptocurrency mining operations areincredibly energy-intensive, so electricity is a big part of miners' overhead. Buying enough electricity to mine cryptocurrency is expensive, and crypto miners need uninterruptedaccess to poweraround the clock. So miners are usingold power plantsas a cheap source of electricity for their operations.

The Cambridge Bitcoin Electricity Consumption Index estimates that the bitcoin network's energy usage is a little less than the energy used by the entire country of Egypt. Greenpeace and other organizations are currently engaged in a campaign to change the way the bitcoin network works to reduce the networks' carbon footprint.

In an odd turn of events, a hacker stole $1 million in crypto from a decentralized finance protocol called Zeed, then failed to get it out. Generally speaking, DeFi protocols are code sets that run on blockchains and facilitate various financial transactions and transfers using cryptocurrencies. Business Insider India called the hack similar to robbing a bank and then forgetting the bags of money. The publication also noted that almost 97% of all cryptocurrency stolen this year has come from hacks and exploitations of DeFi protocols.

Thanks for reading. We'll be back with plenty more next week. In the meantime, check out this story from CNET's Daniel Van Boom about how an Apple iCloud exploit caused a cryptocurrency trader to lose more than $650K.

View original post here:
Twitter to Begin Cryptocurrency Payouts for Creators. This Week's Top Bitcoin and Crypto News - CNET