Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: o_e_l_e_o on October 08, 2022, 09:17:07 AM



Title: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: o_e_l_e_o on October 08, 2022, 09:17:07 AM
Time for part 3 in what now seems to be an ongoing series. Who would have thought centralized exchanges could fuck up in so many different ways!

Parts 1 and 2 are here:
Recent events should make everyone withdraw all their coins to their own wallets (https://bitcointalk.org/index.php?topic=5387401.0) - Centralized exchanges censoring users and seizing coins
Recent events should make you withdraw all your coins to your own wallet: Part 2 (https://bitcointalk.org/index.php?topic=5403254.0) - Centralized exchanges going bankrupt, users losing everything

Part 3 is doing to be a two-parter.

The first issue is a follow on from Part 2 above. As part of Celsius' bankruptcy proceedings, not only have all their users lost all their coins, but Celsius have now published a complete list of every user's full name alongside their account balances and a list of every deposit and withdrawal they have made. I'm not going to link to it for obvious reasons. Given what we know from previous data leaks, these people will now be prime targets for phishing, malware, other malicious digital attacks, or even physical threats. And you can guarantee that blockchain analysis companies have already downloaded this list and will be linking deposits and withdrawals against blockchain data to start linking previously anonymous addresses to real names.

The second issue is as raised by gmaxwell in his thread here: PSA: Get your Bitcoin off any exchange supporting "BSV" (due to insolvency risk) (https://bitcointalk.org/index.php?topic=5416061.0). The TL;DR is that (as we have already seen above with Celsius collapsing secondary to the Terra Luna scam) even if you don't trade in shitcoins or scamcoins, by using an exchange which does support these coins all your bitcoin is at risk of being included in their bankruptcy proceedings. The next biggest threat at the moment is any exchange which is supporting the BSV scam, but any sufficiently large enough altcoin could collapse and take an exchange down with it, resulting in their customers losing everything.

Not using centralized exchanges at all is the best thing you can do, but getting your coins off them if you are already using them is a close second.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Pmalek on October 08, 2022, 09:48:16 AM
As part of Celsius' bankruptcy proceedings, not only have all their users lost all their coins, but Celsius have now published a complete list of every user's full name alongside their account balances and a list of every deposit and withdrawal they have made.
The Celsius Network is a US-based company so GDPR regulations don't apply to them, but isn't there a US equivalent law that makes such actions illegal? If not a federal regulation, then at last something on state level. Or does everything change due to Celsius going bankrupt?

How do they justify their actions of making this data public? Did they have to do it for regulatory compliance, are they just scum, or what am I missing? There surely are better ways to share this data with 3rd parties who are required to have it by law without giving the whole world a chance to look at them.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: o_e_l_e_o on October 08, 2022, 10:01:32 AM
The Celsius Network is a US-based company so GDPR regulations don't apply to them, but isn't there a US equivalent law that makes such actions illegal?
On the contrary - it is a mandatory part of Chapter 11 bankruptcies that entities submit a list of creditor names and addresses. It is US law that demands that this happens, as opposed to any US law preventing this from happening. And again, I don't want to link to the court documents which contain the list of names, but the judge did mention specifically that he would not treat EU citizens any differently to US citizens.

So yeah, if you sign up to any centralized exchange and hand over your bitcoin to them, then assume your coins and your data are permanently up for grabs.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Pmalek on October 08, 2022, 10:09:41 AM
On the contrary - it is a mandatory part of Chapter 11 bankruptcies that entities submit a list of creditor names and addresses.
Okay, but to whom? To the general public or to the appropriate agency/party that demands and needs that data? I mean, I have seen links to the names in our local language forum. The irresponsibility here is just uncanny. 


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: bitmover on October 08, 2022, 10:12:06 AM
On the contrary - it is a mandatory part of Chapter 11 bankruptcies that entities submit a list of creditor names and addresses. It is US law that demands that this happens, as opposed to any US law preventing this from happening. And again, I don't want to link to the court documents which contain the list of names, but the judge did mention specifically that he would not treat EU citizens any differently to US citizens.

So yeah, if you sign up to any centralized exchange and hand over your bitcoin to them, then assume your coins and your data are permanently up for grabs.

One more reason to avoid giving our personal data on exchanges an any other service.

Our data may leak in a databreach, stolen by hackers, sold to third parties,  exposed due to regulations, and so on.
Once we put our data online, it is forever available to be copied and shared around.

When I started in cryptocurrencies I was naive and I made some  kyc in exchanges and ICO...  I was luck those documents are already experied and I never had any problems. Nowadays I avoid kyc as much as possible.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Z-tight on October 08, 2022, 11:11:12 AM
Okay, but to whom? To the general public or to the appropriate agency/party that demands and needs that data? I mean, I have seen links to the names in our local language forum. The irresponsibility here is just uncanny.  
You may be correct that this data should not have been made public, and if needed should have been sent only to the appropriate agency, but i think that is the risk of using centralized services we are actually talking about here, centralized exchanges do not care about privacy, they aren't thinking along the lines that you are now, you (and most bitcoiners too) understand the importance of privacy, they do not, services that censor users and steal their coins may not worry about publishing a list of their users after going bankrupt.

Needless to say that publishing such info is wrong, but in my humble opinion centralized services hardly worry about what's right for their customers and their privacy, they are about business and making money & they'll even go as far as doing many shady things to save themselves from collapse or to comply with regulations, so people who still use them should know this.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: DaveF on October 08, 2022, 12:09:23 PM
.... As part of Celsius' bankruptcy proceedings, not only have all their users lost all their coins, but Celsius have now published a complete list of every user's full name alongside their account balances and a list of every deposit and withdrawal they have made....

As far as I heard they gave all the info of everyone who had an account, not just those who still had funds there. So it really becomes don't use KYC / centralized exchanges, which really does become difficult at times. Not saying you are wrong, with the withdraw part, just that at this time with this example it really would not have made a difference.

On a side note, I will respect your wishes and not give the link, but I disagree with not showing people that not only is all their info out there but that it's only a click away.
Sometimes telling people works, other times you have to hit them over the head with it.

-Dave


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: o_e_l_e_o on October 08, 2022, 12:22:27 PM
Okay, but to whom?
To the courts. And the court documentation is public. This is normal for a Chapter 11 bankruptcy. This is the same as if you had bought shares in Amazon and they filed for bankruptcy, although this is the first time it has been applied to crypto, as far as I am aware (although now a precedent has been set, any data you have shared with any exchange or platform is now similarly at risk of public disclosure). Without a public list of creditors, then it would be impossible to transparently process claims. As noted in the court documents:
Enabling parties in interest and the public to see the identity of creditors and the amount of their claims, and then tracking the disposition and treatment of claims during the bankruptcy case, is important to the fairness and public perception of the bankruptcy process. Only in the rarest of cases should these ordinary expectations be upset.

they'll even go as far as doing many shady things to save themselves from collapse or to comply with regulations, so people who still use them should know this.
I mean, this is absolutely true, and the whole Celsius issue has shown repeatedly that they did a multitude of shady or downright illegal things, but this is not one of them. This is a legal requirement. Any exchange which goes through a similar process will also be forced to submit such a list of names and transactions. Having your data exposed in such a way is a risk you accept when you use a centralized exchange.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Haunebu on October 08, 2022, 12:26:41 PM
Leaving BTC funds in centralised exchanges makes a lot of sense for day-traders since BTC withdrawal fees are usually very high leading to investors trying their best to avoid paying fees in this manner.

However, if you aren't a day-trader, it's best to relocate the funds to reliable wallets in order to avoid any major issues in the short-term and the long-term.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: KaliLinux on October 08, 2022, 12:50:52 PM
Leaving BTC funds in centralised exchanges makes a lot of sense for day-traders since BTC withdrawal fees are usually very high leading to investors trying their best to avoid paying fees in this manner.

However, if you aren't a day-trader, it's best to relocate the funds to reliable wallets in order to avoid any major issues in the short-term and the long-term.
Yeah for the small amount that day traders need, that wouldn't sound out of place but we are mostly concerned now about investors' information done thru KYC that has been made public, meaning anyone that knows you know what you hold in crypto assets, that is dangerous and put those people at risk. I too have done some KYC with some CEX but just definitely had a rethink going forward plus it has always been clear that keeping more than an amount of your Bitcoin or other cryptos in an exchange wallet is a no-no.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Lucius on October 08, 2022, 01:37:19 PM
The first issue is a follow on from Part 2 above. As part of Celsius' bankruptcy proceedings, not only have all their users lost all their coins, but Celsius have now published a complete list of every user's full name alongside their account balances and a list of every deposit and withdrawal they have made. I'm not going to link to it for obvious reasons. Given what we know from previous data leaks, these people will now be prime targets for phishing, malware, other malicious digital attacks, or even physical threats. And you can guarantee that blockchain analysis companies have already downloaded this list and will be linking deposits and withdrawals against blockchain data to start linking previously anonymous addresses to real names.

I have not checked nor am I personally interested in downloading that document, but is it only the client's first and last name along with the crypto address and transactions, or are we talking about something like a Ledger data leak? I think that the latter was much more dangerous for ordinary people because there were full addresses with phone numbers, and the publicly published first and last name does not necessarily have to be a critical threat to personal safety if someone's name is John Smith or Chang Wang, because there are probably millions of them all over the world.

Of course, this case also shows how stupid it was to believe in that business model, and even more stupid to sell your data for some miserable profit (for those who made it at all).


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: 348Judah on October 08, 2022, 01:39:40 PM
The first issue is a follow on from Part 2 above. As part of Celsius' bankruptcy proceedings, not only have all their users lost all their coins, but Celsius have now published a complete list of every user's full name alongside their account balances and a list of every deposit and withdrawal they have made

This is uncalled for as we now have centralized exchanges performing worst and going far than banks could attempts, with this ongoing event i believe it is evident enough to those still using a centralized exchange that their bubble could get caught and bursted at any time, the truth is that no one can predict when such is coming, they might have been operating for years but once their weakness is achieved, they have no reason than to dance to the consequences of an attack of which users are the ones most affected.

And you can guarantee that blockchain analysis companies have already downloaded this list and will be linking deposits and withdrawals against blockchain data to start linking previously anonymous addresses to real names.

It would have sound more secure if bitcoin can detached itself been identified along with other cryptocurrencies and centralized exchanges and operate on a different platform hopefully though, this brings me to remember a recent thread on economics by @d5000 on a topic   We should separate the markets for Bitcoin* and centralized altcoins (https://bitcointalk.org/index.php?topic=5415910.0) which actually brings a suggestion on if bitcoin can stay off centralized exchanges for only altcoins to be identified with them, maybe bitcoin should maintain stay with only decentralized exchanges though, as many brings in their various suggestions.

The next biggest threat at the moment is any exchange which is supporting the BSV scam, but any sufficiently large enough altcoin could collapse and take an exchange down with it, resulting in their customers losing everything.

It still annoyed me as how i wish every bitcoiner and those coming in new would just understand this as the fact about loosing their entire asset, this is more risky than the losses incurred in price volatility, at least you can only lost some part of it but here the entire asset is at stake with centralized exchanges.

I'm not going to link to it for obvious reasons

Even without this we all know the extent on how far centralized exchanges could go in surprising users to a damage level, some affected centralized exchanges in the past are good enough recommendations alone.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: o_e_l_e_o on October 08, 2022, 02:11:15 PM
I have not checked nor am I personally interested in downloading that document, but is it only the client's first and last name along with the crypto address and transactions, or are we talking about something like a Ledger data leak?
As I understand, physical addresses, email addresses, and phone numbers were also supplied, but these have been redacted from the publicly published version.

I think that the latter was much more dangerous for ordinary people because there were full addresses with phone numbers, and the publicly published first and last name does not necessarily have to be a critical threat to personal safety if someone's name is John Smith or Chang Wang, because there are probably millions of them all over the world.
Maybe, but since this data also includes individual deposits and withdrawals, it will be possible to use it to identify high net worth individuals as well as the specific addresses and wallets they own, which was not possible with the Ledger leak.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: dkbit98 on October 08, 2022, 07:57:47 PM
Not using centralized exchanges at all is the best thing you can do, but getting your coins off them if you are already using them is a close second.
I agree with everything you said, and I don't supporting using any centralized exchanges for storing Bitcoins, but sometimes we are forced to use them.
I would add also add that people should stop using shitcoin bridges and convert all tokens on other blockchain back to real Bitcoin, because we saw what is happening with all that fake defi stuff.
My suggestion is to add additional information what to do after you withdraw coins from exchanges and other centralized platforms.
One step forwards would be using decentralized exchanges like Bisq or other way of P2P trading, and using cold wallets for better security.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Lucius on October 09, 2022, 10:41:53 AM
Maybe, but since this data also includes individual deposits and withdrawals, it will be possible to use it to identify high net worth individuals as well as the specific addresses and wallets they own, which was not possible with the Ledger leak.

Perhaps the real danger is that someone will take advantage of these two databases and start comparing the data to try to identify valuable targets. All these cheap phishing attempts that happen every day target everyone, but I believe that no one will spend time on some complicated methods of online attacks or even less physical attacks if they are not sure that the target is really worth the risk and time invested.

If I were among those leaked in the Ledger leak and now in this data release, I would be rightly concerned about my safety.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: o_e_l_e_o on October 09, 2022, 11:12:10 AM
My suggestion is to add additional information what to do after you withdraw coins from exchanges and other centralized platforms.
A good idea. There is certainly scope for a guide on how to "uncentralize yourself" if you are already involved in centralization exchanges. As you say, using Bisq and cold wallets moving forward is an obvious step, but you also need to break the link between your identity and all the bitcoin you have already bought from centralized exchanges, via mixing, coinjoining, or even just selling it all and buying it back peer-to-peer. You will also want to request that as much of your data as possible is deleted, although centralized exchanges will legally have to retain it for some number of years (depending on your jurisdiction), and who knows how much or how little care they will spend processing deletion requests.

Perhaps the real danger is that someone will take advantage of these two databases and start comparing the data to try to identify valuable targets.
Almost certainly. As I mentioned above, I'm sure blockchain analysis firms are already hard at work using this data to link addresses and wallets to specific individuals, and that data will then be sold to data brokers around the world. With one study showing that 99.98% of completely anonymized data could still be used to identify the specific individual it came from, then these data brokers will have no problem whatsoever working on data with just the address redacted. It won't be long before the majority of individuals in this Celsius data will have their exact bitcoin addresses and holdings linked directly to their real identities, for anyone who is interested to see it.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Upgrade00 on October 09, 2022, 01:02:36 PM
There has been lots of cases like this, and even worse, but somehow the users of CEXes continues to grow consistently. It could either be that;
• People have built lots of trust on those platforms, and do not see such leaks and hacks as a fault of the exchange,
• Or, the public see no other option besides CEX.

The former can be helped by posts like this, showing the failings of such platforms and now they put your funds and privacy at risk.
As to the latter, it would also need a collective effort.
Many a time I come across posts of users touting centralized exchanges as a necessary evil which one must deal with, and this is far from the truth.

Whatever your deal with Bitcoin is, there's always a decentralized and private option which many choose to ignore:
• For storing coins, there are so many non custodian wallets one can use, electrum, Bitcoin core etc.
• For purchases and sales, there are P2P platforms like bisq.
• For trading, there are also decentralized options. But due to the idea that CEXes offer more liquidity and convenience, such platforms get very few traders in comparison, meaning less liquidity
Liquidity follows trades, CEXes have higher liquidity cause majority use them, not the other way around.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: pawanjain on October 09, 2022, 01:17:04 PM
The first lesson that I learnt from this forum was "Not your keys, not your coins" and this holds true even today and forever.
Since the day I realized this concept I made sure not to accumulate my coins on an exchange.
Most of my coins are on non-custodial wallets. I say most because there are some altcoins which I do hold on an exchange.
It is only because of trading purpose though. The recent events have just raised the bar again and made people aware of the risks associated by holding the coins on an exchange.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: o_e_l_e_o on October 09, 2022, 01:47:22 PM
But due to the idea that CEXes offer more liquidity and convenience, such platforms get very few traders in comparison, meaning less liquidity
Convenience is one that I have never understood. Often on this forum people talk about the convenience of centralized exchanges, when it is clear they have never actually ever used a DEX to compare. And I fail to see how jumping through hoops to complete the most invasive KYC imaginable, followed by waiting several days for your documents to be confirmed, and then several more days for your fiat deposit to reach the exchange, only to be at risk of hacks and risk of identity theft is any more convenient than performing a peer to peer trade in a matter of minutes via Bisq or Robosats.

I also think a large part of it is advertising. The likes of Coinbase and Binance obviously have huge advertising budgets, and market themselves aggressively to newbies via Google ads, Facebook ads, and so forth, whereas DEXs such as Bisq, by their very nature, do not have an advertising budget.

We obviously can't force anyone to stop using centralized exchanges, but we can continue to point out the countless risks they take and countless examples of scams, hacks, thefts, breaches, and data leaks, all of which they expose themselves to constantly.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: Die_empty on October 09, 2022, 04:31:21 PM
Convenience is one that I have never understood. Often on this forum people talk about the convenience of centralized exchanges, when it is clear they have never actually ever used a DEX to compare. And I fail to see how jumping through hoops to complete the most invasive KYC imaginable, followed by waiting several days for your documents to be confirmed, and then several more days for your fiat deposit to reach the exchange, only to be at risk of hacks and risk of identity theft is any more convenient than performing a peer to peer trade in a matter of minutes via Bisq or Robosats.
All that you stated sir is true but sometimes we have no other option than to use these unreliable centralized exchanges. Some of the services of some centralized platforms like Bisq are not available in our locations. Their policies sometimes don't suit our country and when it is available our currencies are hardly offered for transactions. In this case, decentralized wallets only suit bitcoin investments and not for daily or usual transactions. It would be nice if these firms that offer decentralized services expand their operations to more countries, especially those that have large bitcoin communities.

Quote
I also think a large part of it is advertising. The likes of Coinbase and Binance obviously have huge advertising budgets, and market themselves aggressively to newbies via Google ads, Facebook ads, and so forth, whereas DEXs such as Bisq, by their very nature, do not have an advertising budget.
In my location, I have never seen a single advert by any decentralized platform. They usually attract fewer investors and cannot compete financially with centralized platforms that have a large customer base. But recently according to  coindesk  (https://www.coindesk.com/business/2022/10/03/citi-says-decentralized-crypto-exchanges-are-winning-market-share-from-centralized-peers/)decentralized cryptocurrency exchanges (DEXs) have grown faster than centralized exchanges (CEXs) over the past two years because customers want to avoid their annoying know-your-customer procedures.

Quote
We obviously can't force anyone to stop using centralized exchanges, but we can continue to point out the countless risks they take and countless examples of scams, hacks, thefts, breaches, and data leaks, all of which they expose themselves to constantly.
It is very glaring that the disadvantages of using centralized exchanges are greater than their benefits. But sometimes we face so many challenges that force some of us to use these platforms. I think it is the collective responsibility of all bitcoiners in my country to raise awareness about the consequences of using these centralized platforms. We hope that in the nearest future our bitcoin society would be able to attract more decentralized platforms that would help us avoid these unreliable exchange firms.


Title: Re: Recent events should make you withdraw all your coins to your own wallet: Part 3
Post by: o_e_l_e_o on October 09, 2022, 05:05:06 PM
It would be nice if these firms that offer decentralized services expand their operations to more countries, especially those that have large bitcoin communities.
Decentralized exchanges like Bisq, LocalCryptos, or RoboSats already work anywhere, and in any currency you want. It's up to the people in these communities to simply start using them. If your currency isn't being offered for trades it is because no one is choosing to offer it, not because they can't. And they are probably not choosing to offer it because no one else is choosing to use it either.

It's all got to start somewhere. Post some buy or sell offers and encourage your friends to do the same. Advertise the fact you have done so on this forum, on Reddit, on Twitter, or other online areas your local community/state/country uses. This is how peer-to-peer trading works.

In my location, I have never seen a single advert by any decentralized platform.
Yes. Peer to peer trading is also spread and grown in a peer to peer manner, through word of mouth and encouragement of friends and other users, not via centralized advertising.