Buy, sell or stay away from cryptocurrency?

Questions about cryptocurrencies

altcoins

These days many people wonder if they should still buy cryptocurrencies. Here are some of the questions I hear:

  1. Is is still worth investing?
  2. Will the bubble burst soon?
  3. Why have rates gone up and what is the true value of altcoins?
  4. What are the best cryptocurrencies to invest in?

There are no easy answers and reading news and fake news about the topic does not provide straightforward clarification. Anyway, it is hard to predict the future, but let me try a brief analysis:

Value

The value of anything is driven by demand, supply and benefit either provided or at least felt by someone paying a price. Take art for instance: As long as there are enough rich art lovers who are willing to pay high sums for paintings, transactions will happen. On the other hand, as long as enough people believe in a concept and accept common rules for the sake of security and stability, anything can be of value, even a piece of paper called money. Gold itself has some value because it can be used as a material, but the price is rather driven by buy and sell activities.

Belief

What does this mean for digital currencies? Obviously all of them follow the market rules for demand and supply. All of them can be used for payments more or less, but with hundreds of altcoins (https://www.worldcoinindex.com/trending/overview) and high volatility even on a daily basis even Bitcoin, the oldest and still largest cryptocurrency, does not qualify for mass market cash replacement.  One of the initial ideas, to create an anonymous payment system which is not controlled by central organisations or governments works as proof of concept, but for daily instant payments it does not make sense (yet). Value increase is mainly driven by more people buying than selling in combination with lack of alternative exciting investments. 1000% increase with altcoins in one year, no problem, so far. Can this increase continue? Yes it can, as long as demand remains large enough. This is kind of the gold effect: People believe in value and value increase, so they buy and hold more volume than others sell to make profit at lower rates.

Disruption

But there is more potential than digital money and new asset classes. Comparisons with other bubbles, especially the tulip mania in the 17th century does not prove anything for today. See also:

http://money.cnn.com/2017/12/08/investing/bitcoin-tulip-mania-bubbles-burst/index.html

https://www.theguardian.com/business/2017/dec/02/bitcoin-bubble-the-warnings-from-history

Technology is moving faster than ever and will impact society significantly in everybody’s lifetime. Today’s older adults all remember a life without Amazon, Apple, Facebook and Google. These companies are also called “the four” in a book by Scott Galloway. Today they dominate the (Western) internet world. You can add more companies to that list e. g. Alibaba, Baidu or Yandex. Current champions might be history in a few decades. Not so long ago Nokia mobile phones and Yahoo internet services were each best in class and played a major role in those market segments. I remember Microsoft managers telling me in the early 90ties that the Internet will not affect the software industry in a very relevant way. Well, doubts are fair to bring forward and not everything new will change the world for good.

But cryptocurrencies and its underlying blockchain technology will disrupt financial services and impact many business models big time.  With altcoins comes software that can interact between parties who own an unique account (an address). Smart contracts (software based contracts) offer a wide range of business setups. They help to exchange money, property, shares, or anything of value in a transparent, conflict-free way while avoiding the services of a middleman.

Find more details about Ethereum Smart Contracts: https://www.coindesk.com/information/ethereum-smart-contracts-work

A good example is an Initial Coin Offering (ICO), which works with an Ethereum based token (a software based contract) to allow anyone with internet access to become a shareholder. NO, it is not regulated; NO it is not as secure as buying shares; NO, there are no detailed laws, BUT people believe in the offered ideas and potential profits. YES, it is risky, anyone can become a venture capital investor. There is no need for business angels, lawyers or banks to do so.

Answers?

Nobody can give exact answers to the questions in the beginning of this article, but to me it seems pretty clear that cryptocurrencies and smart contracts have a future and will bring change and value. One can still be lucky speculating short term, many altcoins and ICO startups will go down and vanish and a few bigger ones, e. g. Bitcoin, Ethereum and Ripple, will remain longer. No surprise… 😉

The next big hack

There it is. The second big hack after the DAO disaster (fun fact: the last hardfork was exactly 1 year ago today).

What happened?

Yesterday evening several twitter account tweeted about a security alert. The code of the multisig wallet contract provided by Parity contained a simple but fundamental flaw. An update in March introduced the possibility to easily take over ownership of this of contract and hence be able to transfer all of its funds. Unfortunately the contract had been deployed several times. Obviously without a proper review. Even by companies that are involved in Ethereum Blockchain development. Swarm City for example lost more than 153,000 Ether.

White hats to the rescue.

What happened next is typical for the ethereum community. The white hat group entered the stage again. They immediately started using the same exploit, the real hacker was using. They were able to “secure” the remaining Ether from vulnerable contracts in order to give it back to the rightful owner. But everything that was lost to the real hacker is gone.

So will there be another fork?

No not this time. The reason is simple: There is not chance for a clean fork as there was back in the DAO days. The hacker was able to move the funds right away. During the DAO hack there was a window of 27 days to prepare for the hardfork. This time the damage was imminent.

Isn´t that bad for Ethereum?

Yes and no. It shows its weakness. I was expecting a bad crash after I first saw the security alerts and the messages saying that a lof of funds were lost already. But I guess the dimensions have changed since last year. 30.000.000 USD don´t seem to be to big of a deal anymore. Of course people started blaming developers and soliditiy, the programming language. And they are right. It is unspeakable that such a bug is actually commited to such a mission critical functionality of the partiy wallet without proper review. Even worse is the fact that the contract had been deployed so many times without taking a look at the source code. Trustless world? Not so much eh? People are now pointing out the problems of solidity . Those problems will be fixed. There will be tools to avoid such mistakes. It will take time. And we will see more of those incidents. What doesn´t kill us makes us stronger.

Up – Down – Crypto Bubble?

These days most digital coins are (still) going down. Did the bubble burst? I don’t think so, it is rather an adjustment, since most market rates were at all time highs. Regarding cryptocurrency and related business models I believe it is too early to speak of a bubble. That is why:

  • Bitcoin has been around for some years now. The concept was first mentioned in 2008 and published as Open Source code in January 2009 by Satoshi Nakamoto. The currency is still there and people keep trading it. More and more stores accept Bitcoin: https://www.cryptocoinsnews.com/accepts-bitcoin
  • With Ethereum not only another digital coin but a concept of smart money, contracts and applications was introduced. This is a foundation for new promising business models and has a high potential for disruption in many industries: It is a new transaction layer in the internet which allows to build in its shareholders and customers at the same time by using smart contracts.
  • Based on Ethereum new token or coin sales take place. With the initial coin offering (ICO) founders seek for world wide funding for their ideas. Many ideas will fail, a few will be successful. This is just like funding startups, but a lot easier, since investors only have to buy the new coins. Anyone can invest and anyone can lose their investment if the business does not succeed.
  • Cryptocurrencies and smart contracts will become more and more a new way to make business. But of course, this does not mean every coin or new business idea will last.  Before investing make your due diligence, be patient and also be prepared to fail.

So, there is not one big bubble, but great opportunities and also many risks to fail in the space of smart money and contracts. 

Is your cryptocurrency investment safe?

When considering Bitcoin, Ethereum or other cryptocurrencies as an investment one might be worried about the volatility or the substance of digital coins at all. Any early investor can smile: In the last few years despite of strong price changes large profits were possible. The last 12 months also showed significant value increase, but it is not a safe bet after all. You have to take some risks and do not worry too much about ups and downs e. g.:

Bitcoin market rate

https://coinmarketcap.com/currencies/bitcoin/

Ethereum market rate

https://coinmarketcap.com/currencies/ethereum/

Are my digital coins save?

Apart from volatility how secure are platforms and coin accounts? This depends on how you store your coins. With large platforms like bitcoin.dekraken.compoloniex.com or with a wallet or software client generating an account for you. Platforms have their own risks, remember the Mt. Gox hack in 2014. In theory any generated account is unique at any time. Can someone else access my account by accident? This is very unlikely, but not impossible.

Finding existing Ethereum accounts

What is the likelihood that a created Ethereum address is in use already? It is very very small:

2^160 or about 1 in 1461501637330902918203684832716283019655932542976

For more detailed information see:

http://ethereum.stackexchange.com/questions/1115/how-do-ethereum-clients-generate-unique-addresses

http://ethereum.stackexchange.com/questions/4299/account-uniqueness-guaranteed

Finding existing Bitcoin accounts

But it does not seem completely impossible to find the account of someone else. This means access by a third party can happen. The following white hat initiative works on proving this with evidence:

https://cointelegraph.com/news/ultimate-white-hat-hacker-large-bitcoin-collider-passes-1000-trillion-addresses

First existing Bitcoin accounts have been found by the Large Bitcoin Collider (LBC):

https://lbc.cryptoguru.org/trophies

The way I see it: With the so called collision access to an existing Bitcoin account has been possible. Find more discussions about this topic on reddit.com.

Conclusion

Never say never… With quantum computers to come even very unlikely events today might be a lot more probable in the future. I am not an expert just a user who would not trust today’s technology without some precaution. I guess this is always a good idea.

Ethereum application recipe

Ingredients for one application

1 Ethereum node

1 private Ethereum node

1 node-js server application

1 public web server

1 private web server

1 public Mapper contract

1 private Messaging contract

Preparation

Set up one server machine to run the two Ethereum nodes with two different users, one for the live blockchain and one for the private blockchain.

The blockchains allow remote procedure call (RPC) connections from localhost only. The node-js application and the private web server run on the same machine.

The node-js application uses RPC calls to interacts with the public and private Ethereum instances. Get the two smart contracts ready:

Prepare a public web server on another maschine to interconnect with the private web server. The latter is only a proxy to forward requests to the node-js application.

Cooking for a simple demo application, no scaling

Once payment is received by the Mapper contract on the live blockchain the paying Ethereum address can register with the public web server in order to get a messaging account on the private blockchain.

Methods are mapped from the public web server to the private web server, which can only be accessed by the public web server using either IP address restriction or a virtual private network (VPN).

For starters we offer the following services

/register
Parameters
address that paid to Mapper contract
Returns
address that is from now available on the private messaging Ethereum network

/send_message
Parameters
address that receives the message
text message to send
Returns
boolean

/get_inbox
Parameters
address of inbox
Returns
number of messages
text of latest message

/get_message
Parameters
address of inbox
number of message to get
Returns
text of message
address of sender

Find below the logical application architecture

ethereum

Pay to get in

Now let’s make some coin!

Below you find a mapper contract to collect more than 0.49 ether in order to register the sender for a service. You can adjust the amount in function mapper(), of course. Once the minimum amount has been sent to the contract, the sender is registered for the service:

  • Contract accepts Ether using function() payable
  • The sender is registered by create_Member(address new_address)
  • You can send more than 0.5 ether (less is rejected and send back), but only one payment is accepted for each sender address.
  • The contract is owned
  • Only owner can get the money out with send_Ether_To_Owner()

This is very simple and Ethereum tokens offer more possibilities.

Our contract is here: 0x4f51b5bc96dc85226bd1e9510394f83a2d74bbb0

The registration will be a gateway to enter the messaging service on a private chain. You can either wait for the next blog post or send some coin already 😉

unknown

Mapper (Solidity contract)


pragma solidity ^0.4.4;
contract owned {
function owned() { owner = msg.sender; }
address owner;
modifier onlyOwner {
if (msg.sender != owner)
throw;
_;
}
function kill() {
if (msg.sender == owner) suicide(owner);
}
}


contract mapper is owned {
uint32 counter;
uint256 private value;
uint256 private price;
mapping (address => address) members;
event CreateMember(address new_address);
function mapper() {
counter = 0;
value= 0;
price= 490000000000000000;
}
function() payable {
if ( msg.value > price && check_Address(msg.sender) == false ) {
create_Member(msg.sender);
value+= msg.value;
} else throw;
}
function create_Member(address new_address) private returns (bool) {
members[msg.sender]= new_address;
counter++;
CreateMember(new_address);
return true;
}
function send_Ether_To_Owner() onlyOwner returns (bool) {
value= 0;
return owner.send(this.balance);
}
function get_Counter() constant returns (uint32) {
return counter;
}
function get_Value() constant returns (uint256) {
return value;
}
function check_Address (address a) constant returns (bool) {
if (members[a] == a) return true; else return false;
}
}

Message in an Ethereum nutshell

Simplicity and security

Find below a simple contract in order to implement a messaging service. There is no security implemented since this shall run with a private blockchain and optionally on a Virtual Private Network (VPN).  This way the contract remains simple, this is a proof of concept only anyway, and in times of Distributed Denial of Service (DDoS) with Internet of Things (IOT) devices  we would rather secure the transport layer.

So, with more and more devices connected to the internet a decentralization of networks makes sense.  We plan to use the public Ethereum blockchain only for registration and payment purposes. Once a token for usage has beed issued messaging users move on to a private backbone.

Messenger (Solidity contract)

you-have-a-message-2

You can run the contract as is. On creation a “Hello World” message is delivered to the contract owner. For every message sent an event is triggered.

contract messenger {
struct Message {
address sender;
string text;
}
struct Messages {
uint32 counter;
mapping (uint32 => Message) My_Messages;
}
mapping (address => Messages) All_Messages;
event Message_sent(address _receiver);
function messenger () {
All_Messages[msg.sender].counter= 1;
All_Messages[msg.sender].My_Messages[1].sender= msg.sender;
// send first message to creator
All_Messages[msg.sender].My_Messages[1].text= 'Hello World';
}
function get_latest_message(address _receiver) constant returns (string) {
uint32 counter= All_Messages[_receiver].counter;
return All_Messages[_receiver].My_Messages[counter].text;
}
function get_message(address _receiver, uint32 index) constant returns (string) {
return All_Messages[_receiver].My_Messages[index].text;
}
function get_sender(address _receiver, uint32 index) constant returns (address) {
return All_Messages[_receiver].My_Messages[index].sender;
}
function get_counter(address _receiver) constant returns (uint32) {
return All_Messages[_receiver].counter;
}
function send_message(address _receiver, string _text) returns (bool) {
if (All_Messages[_receiver].counter > 0)
All_Messages[_receiver].counter++;
else
All_Messages[_receiver].counter= 1;
uint32 counter= All_Messages[_receiver].counter;
All_Messages[_receiver].My_Messages[counter].text= _text;
All_Messages[_receiver].My_Messages[counter].sender= msg.sender;
Message_sent(_receiver);
return true;
}
}

Examples with geth console:


messenger.send_message.sendTransaction('0x53d6a48bb5374e611a497eebee146bd596c4c529','Hello! What is up?',{from: eth.accounts[2]});
...
messenger.get_counter('0x53d6a48bb5374e611a497eebee146bd596c4c529');
8
messenger.get_latest_message('0x53d6a48bb5374e611a497eebee146bd596c4c529');
"Hello! What is up?"

I am sure this can be improved (feel free to do so), but we want to keep it simple…

To be continued.

Keep it simple and stupid: Digital life

One finding not only from the “theDAO” project is that complexity increases the risk of insecurity. Many lines of any code, no matter whether it is C++,  Javascript or a formal contract framework, tend to have bugs even after professional testing and auditing.

In other words: Writing code without errors or potential flaws is very hard to do. The more lines of code the harder. This is obvious you might say, but I wonder if we really take this serious enough in a world where software is part of everybody’s life and will be even more in the future. We might as well rely on big players in the market, so they will deliver e.g. secure self-driving cars and smart homes in the future as most people do today with smart phones and social media platforms.

But with more and more internet connected things to come a different approach is worth considering: Run rather decentralized digital ecosystems instead of depending on large platforms only.

While big players have plenty of resources and cash to minimize security risks, small businesses and individuals require a stable and easy to use framework where errors hardly occur and if so damage should be limited. Code and coded contracts have to be easy to unterstand and simple to use. Is this possible?

simple

In theory:

1. Protocols and frameworks have to be robust and simple at the same time
2. A user does not need to know or understand the technology that is used but should understand the use case and the risks regarding privat assets, i. e. data and money
3. Single purpose devices and services increase security and protection of personal interest

More concrete:

1. Blockchains are solid backbones and easy uses cases like Bitcoins are proof of concept.
2. Have and easy interface: A simple Wallet App and passphrase can be handled by anyone.
3. Ideally for each purpose there are small and easy to use services operating independently. Couple them loosely and only when needed. Run private and decentralized networks.

Here is a simple use case:

– Ethereum messaging service with simple web based user interface
– Use public Blockchain for registration including setup fee
– Work with private APIs and networks for service operations

Services to add / attach:

– Location based messaging
– User management including nicknames and groups for semantic and local context
– Premium service concept

The initial idea has been published as part of a “theDAO” proposal:
https://forum.daohub.org/t/proposal-decentralized-location-based-messaging/4729

Implementation is work in progress, update will follow…

Convert your DAO tokens back into ether

Here is a good explanation how to refund DAO tokens using geth, so you do not have to worry about latest mist version or post your key somewhere.

Make sure that you are running geth version 1.4.10 or later. And run your geth commands with the --support-dao-fork option so that you are on the hard-forked blockchain. By now the latest versions support hard-fork anyway. For example:
geth --support-dao-fork console

The --support-dao-fork setting is persisted between separate executions of geth, so you only have to specify this parameter once.

Confirm your geth version using
$ geth version
Geth
Version: 1.4.10-stable
Protocol Versions: [63 62]
Network Id: 1
Go Version: go1.5.1
OS: linux
...
geth --support-dao-fork --unlock {your account} console
...
Unlocking account {your account}
Passhrase: {enter your passphrase}

// Allow your blockchain to sync
> var account = "{your account}";
undefined
> var theDAOAddress = "0xBB9bc244D798123fDe783fCc1C72d3Bb8C189413";
undefined
> var theDAOWithdrawalAddress = "0xbf4ed7b27f1d666546e30d74d50d173d20bca754";
undefined
> var theDAOABIFragment = [{"constant":false,"inputs":[{"name":"_spender","type":"address"},{"name":"_amount","type":"uint256"}],"name":"approve","outputs":[{"name":"success","type":"bool"}],"type":"function"}, {"constant":true,"inputs":[{"name":"_owner","type":"address"}],"name":"balanceOf","outputs":[{"name":"balance","type":"uint256"}],"type":"function"}];
undefined
> var theDAO = web3.eth.contract(theDAOABIFragment).at(theDAOAddress);
undefined
> var approve = theDAO.approve(theDAOWithdrawalAddress, theDAO.balanceOf(account), {from: account});
undefined
> eth.getTransaction(approve);

// Repeat the command above until you see that blockNumber is not null
// Wait a few blocks (~ 15 seconds each) for your approve transaction to get mined
> var theDAOWithdrawalABIFragment = [{"constant":false,"inputs":[],"name":"withdraw","outputs":[],"type":"function"}];
undefined
> var theDAOWithdrawal = web3.eth.contract(theDAOWithdrawalABIFragment).at(theDAOWithdrawalAddress);
undefined
> var withdrawal = theDAOWithdrawal.withdraw({from: account});
undefined

Source: http://ethereum.stackexchange.com/questions/7204/how-do-i-convert-my-the-dao-tokens-into-ethers-using-the-withdrawal-contract-aft

Run a private Ethereum testnet / blockchain

Create a Genesis file, i. e. your first block of the private chain, in your home directory e. g.
/home/ether_testuser/.ethereum/CustomGenesis.json
{
"nonce": "0x0000000000000042",
"timestamp": "0x0",
"parentHash": "0x0000000000000000000000000000000000000000000000000000000000000000",
"extraData": "0x0",
"gasLimit": "0x8000000",
"difficulty": "0x400",
"mixhash": "0x0000000000000000000000000000000000000000000000000000000000000000",
"coinbase": "0x3333333333333333333333333333333333333333",
"alloc": {
}
}

Point geth to the  Genesis file and start your private net
geth init /home/ether_testuser/.ethereum/CustomGenesis.json
geth --identity MyPrivateNet --port 50303 --nodiscover --maxpeers 1 --networkid 925345

Now you can connect with geth attach on a different console, create a new account and start mining to get some ether
> personal.newAccount()
Passphrase:
> miner.start()

More details regarding the geth parameters

nodiscover Use this to make sure that your node is not discoverable by people who do not manually add you. Otherwise, there is a chance that your node may be inadvertently added to a stranger’s node if they have the same genesis file and network id.
maxpeers Use maxpeers 0 if you do not want anyone else connecting to your test chain. Alternatively, you can adjust this number if you know exactly how many peers you want connecting to your private chain.
identity

networkid

A custom name and number to identify your test network.
port Use a different port than the geth standard port in order to run a test and production net in parallel.

Connect to the testnet with the following command (insert key, ip address and port of the testnet):

geth --bootnodes enode://pubkey1@ip1:port1

See geth --help for all options.

Read More