First time? Start here!

Previous

“Governments are good at cutting off the heads of a centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to be holding their own.”

SATOSHI NAKAMOTO

Imagine you are a seasoned army general entrusted with quelling a rebellion that threatens to destabilize the status quo. Your first priority would be to locate the leader of the rebellion and seek to negotiate their cooperation. But if they prove unwilling to cooperate, your next step would be to remove them from the equation - either through persuasion or force. This would likely cause the rebellion to lose momentum and eventually dissipate. However, if the rebels appoint a new leader, the cycle must be repeated until the it is completely quelled.

Concentrating power comes with significant risks. If one person holds all the power, then it only takes one person to unravel the entire system. Any opposition with sufficient strength and determination can shift the balance of power because they can focus their efforts on a concentrated target. Therefore, it is important to maintain a well-distributed balance of power and avoid trying to engineer a stable system if you want it to last for a long time. Stability comes at the cost of all the chaos you don’t understand or perceive.

The world of finance is not immune to power dynamics. As an open-source form of money, bitcoin poses a formidable challenge to every previous form of money. It is free for anyone to build on or destroy. And thus finance generals around the world have been trying to destroy it since its first dose of mainstream awareness in 2013 with no success. This is because bitcoin thrives without a central leader in an elegant web of incentives.

All the participants in the bitcoin universe are driven by self-interest, but it is precisely this selfishness that makes it work. For example, there are armies of developers working tirelessly to make bitcoin easier to use. They stand to reap great rewards if they succeed. There are exchanges around the world that facilitate financial on-ramp, and the more volume they transact, the more successful they become. Further downstream, there are artists who create content on YouTube, Twitter and TikTok who stand to gain influence and wealth if they provide concise, actionable knowledge that goes viral. Businesses are inventing new ways to use bitcoin with their existing models, and authors like myself strive to educate and grow in influence.

You see, bitcoin is not a single thing you can stop or ban, it is a macrocosm of economies working together. We are all contributing to bitcoin's success in our own way. If you destroy one part of it, that is all you have accomplished. You have only destroyed one part! So, when a nation state declares that it will destroy or ban bitcoin, you should ask: which part?

CASE 1: A NATION STATE MINING ATTACK

A country’s leader learns that enormous computing power secures the integrity of the bitcoin network. And that it works with specialized computers called miners. So they print billions of dollars for mining equipment in order to control the majority of the computing power. This way, they are closer to the supply issuance and they can decide what transactions go through or simply decide to validate fraudulent transactions effectively destroying trust in bitcoin.

REKT

Let's assume that a highly motivated state actor decides to pool resources and use brute force to attack the bitcoin network. In this context, "brute force" means using a large amount of computing power in order to control the network and disrupt transactions. A lot of computers work together to protect the network by making sure that users can only spend bitcoin they own. If an attacker has the majority of the computing power, they can determine which transactions are valid and which aren't. In the past, it might have been possible to attack the bitcoin network in this way, but not anymore. The network is now more powerful than the top 500 supercomputers on earth combined, achieving a level of computing power that no single nation state can overcome with brute force alone.

In order to achieve this in theory, a state actor would need to mass produce a huge amount of processor chips under the radar of international adversaries. The circle of individuals involved in this effort would have to be exceedingly small and airtight, because failure to do so would make their intentions obvious. Then, they would need to deploy these chips in a coordinated assault while maintaining even more secrecy. If successful, this would give the nation state actors control over the network for about 10 minutes. After 10 minutes, the rest of the network would discover the attacker and either eject them or move the ledger history to a new chain. The attacker would have spent billions of dollars to achieve a single double spend, and all the special purpose hardware they bought in secret would be rendered useless. It would be an expensive lesson to learn.

However, by the time the attack reaches this point, the nation state would have earned some bitcoin because the incentives system works. It would make more economic sense for them to keep the rewards and continue to participate. They would become bitcoin miners. Game theory wins.

CASE 2: A NATION STATE CURRENCY ATTACK

A government learns that there will only ever be 21 million bitcoins. In order to gain control over a significant percentage of the supply, they print billions of their national currency to buy as much of the supply as possible. By doing this, they hope to influence the price to benefit themselves and erode confidence in bitcoin's store of value properties.

REKT

At the time of this writing, about 19 of the 21 million supply has been mined into existence. It is worth noting that a nontrivial percentage has been lost to poor disaster recovery practices. This means that the actual amount of available bitcoin is less than 19 million.

If a government decided to inflate their money supply to buy bitcoin in the open market, they would be competing with wealthy individuals, enterprises, and other governments. If they went all-out, they would only succeed in bidding the price up. The reason for this is that bitcoins are limited in supply. The more they buy, the higher the price would go, making early adopters richer without any extra effort. If multiple nations attempted such an attack, it would drive the price of bitcoin to skyrocket irrationally and accelerate an inflection point known as hyperbitcoinization1.

The most certain outcome to cap this monumental folly would be that it devalues government money and average people lose purchasing power. This would then create a loop that makes government money less attractive to hold. Citizens would trade their depreciating money for the appreciating bitcoin, since their elected leaders are doing it. As Gresham eloquently put it, "bad money drives out good money." Bitcoin would slowly disappear as people covet it and spend less valuable fiat money. Governments would need to inflate even more if they want to pay for roads, schools, and hospitals.

CASE 3: NATION STATES ATTACK EXCHANGES WORLDWIDE

Governments around the world decide to join forces and shut down every major exchange. An exchange is a place where bitcoin interfaces with government money, allowing people to buy and sell bitcoin with whatever is legal tender in their jurisdiction. By shutting down these exchanges, governments hope to cut off the flow of bitcoin between the digital and the real world, making it more difficult for people to access and use it.

REKT

It's highly unlikely that governments around the world can work together and shut down every major exchange. The logistics of such an operation would be complicated and would require a level of coordination that is beyond the capabilities of most governments. Additionally, it's not clear that all governments would agree on the need to take such drastic action. As it stands, many governments struggled to respond effectively to the Covid-19 pandemic which was a common enemy. It is unlikely that they would be able to mount a coordinated attack against something as sophisticated as the bitcoin network.

If, against astronomical odds, governments managed to shut down every major bitcoin exchange, it would create incentives for people to bypass these restrictions and find ways to access and trade outside government control. This would lead to a game of "chicken" between governments, as whoever reneges first would stand to gain a larger share of the new bitcoin economy. It's difficult to predict which government would cave first, but it's unlikely that any of the major players (China, Russia, the U.S.) would want to be left behind. And as for African countries, with the exception of a few, most would not participate in such elitist foolishness.

Let's further theorize that governments manage to shut down every exchange on the planet and that none of them succumb to the temptation of secretly allowing exchanges to operate. What would happen then?

A new type of exchange would quickly emerge to fill the void, one that has no central deposit or clearing house. This is a decentralized exchange2, which looks and feels like a regular exchange but doesn't control your bitcoin keys – you do! This is because you don't deposit them into the exchange wallet. Instead, you trade from the convenience of your hardware or non-custodial wallet through a mechanism called atomic swap3. Liquidity would move to these decentralized exchanges and they would resume trading outside of government oversight. In fact, decentralized exchanges have been growing in volume and liquidity year after year.

CASE 4 NATION STATES CREATE THEIR OWN CRYPTOCURRENCY

A government decides to create its own version of bitcoin since the code is open-source and free. They hope to use their population as a bootstrap to leapfrog bitcoin adoption.

REKT

By definition, a cryptocurrency is secured by cryptography and operates without a central issuance or regulating authority. This means that no government can truly issue a cryptocurrency, as governments are centralized groups of people who hold power and make decisions for a specific region. Therefore, when a government claims to create a cryptocurrency, they are really just rebranding a version of their already existing digital currency. It's like a car with a Tesla exterior, but under the hood, it still runs on the same old gasoline. So, while government-backed cryptocurrencies may be advertised as a revolutionary new means to prosperity, they are powered by the same fiscal policies that govern traditional fiat money. They will inflate the supply and reduce its value over time, just like traditional fiat currencies. Inflation is a common method used to fund things like roads, hospitals, schools, and wars, it's a tactic governments have relied on for a long time, and one that they cannot abandon easily. They are not the decentralized, autonomous forms of money that governments would have you believe. They are just another tool in the government's toolbox, and one that will be used to maintain their power and control.

A government-issued cryptocurrency, born from the desire for control, would likely be a closed financial system with little room for innovation. Only large banks and corporations would have access to the privilege of building on top of it, their focus primarily on maximizing shareholder profits. This lack of innovation and value to the current financial system, would only serve to increase the level of control that is possible.

Furthermore, government-issued cryptocurrencies would still be subject to capital controls and political maneuvering, similar to how national currencies compete today. This leads to disputes between governments, resulting in regional sanctions and blacklisting, causing even more financial fragmentation than we currently see. In short, a government-issued cryptocurrency would not bring the decentralized and borderless qualities that many people see as the main advantages of Bitcoin.

Imagine a world where your national legal tender is programmed to limit your citizens' spending to just $100 a day, or to force them to spend all their money before the month's end. It sounds like something straight out of a dystopian novel, but with the advent of government-issued cryptocurrencies, this scenario is not only possible, but it is operational today.

Bitcoin fixes all of the above. Its issuance is decentralized and its supply is predictable for the next 140 years. It cannot be controlled by any single country, making it accessible to anyone, regardless of location. It is an exit strategy for citizens of countries whose governments implement such oppressive monetary policies.

COUNTRIES THAT BANNED BITCOIN

CHINA

In 2013, China tried to ban the bitcoin trend,
But after all this while, it is still not dead,
Whenever the CCP tried to make a new rule,
People shook their heads and said, "Oh, that's cool".

They issued new threats, with sterns and frowns,
But everyone went, "Oh, look at them now",
Their analysts panic, then spread fear and dismay,
But the sun still shone like any other day.

In 2021, they banned mining with a terrible plan,
So the miners left for U.S. and Kazakhstan,
The ones that stayed went deep underground,
To fight the recession in goblin town.

UNITED STATES

The United States is cautious in the approach it takes,
Not flat out banning, but slowing for progress sake,
They see bitcoin challenging the dollar’s reign,
From Africa to Europe, Nigeria to Spain.

So they fight back hard with all of their might,
Sometimes in secret, sometimes in plain sight,
They send mole after mole and all kinds of spies,
Cypherpunks, corporate, even State level guys,

But they are easy to spot wherever they are planted,
Bitcoin is harder to fool than the simple gold standard.

INDIA

In 2016, Minister Modi made a surprise move,
To declare cash useless, and have it removed,
Everyone in India, father mother and son,
Put on their sport shoes for the great bank run,

The central bank decided to ban bitcoin too,
Like U.S and China, they went full “me too”,
They had this great plan, to which no one agreed,
To eradicate crime with digital rupees,

But the Supreme Court came running to rescue the people,
Telling the central bank its ban was illegal,
And despite their efforts to control and regulate,
The people chose bitcoin, not money from the state.

RUSSIA

In 2014, the Prosecutor General solemnly declared,
That Bitcoin was no longer welcomed there,
Any use was considered unlawfully malicious,
Justice was dealt in a manner so vicious.

In 2022, they banned it again,
But this time around, they invaded Ukraine,
Then the West got angry, took their yachts and net worth,
Everyone abandoned them, but bitcoin did not!

NIGERIA

In 2017, the Nigerian Central Bank said “enough is enough”,
They sent out a memo to cut all traders off,
Nobody listened, so they did something sneaky,
They went on the air and said bitcoin was risky.

In 2021, they sent a memo again,
To remind everyone that the penalty remained,
And that they had been working on a brand new creation,
That was better than bitcoin and proof of work innovation.

They launched the eNaira with grand celebration,
Hoping it would lead to a big mass adoption,
But nobody used it from the day it was launched since,
Not the fruit seller or the Nigerian Prince.

NIGERIA BANS BITCOIN

9JA NO DEY CARRY LAST

In the 1970s, Nigeria was a place of vibrant energy and promise, a cultural melting pot that drew icons like James Brown and Paul McCarthy to its shores with the promise of both artistic fulfillment and financial gain. But as the decades passed, the nation's fortunes took a turn for the worse. The Nigerian Naira, once a powerful currency, was left weakened by reckless economic policies, and the country failed to live up to its potential as an economic powerhouse.

What went wrong? The root of the problem lies in the nation's reliance on a fiat system based on oil and natural gas, coupled with a culture of corruption that held it back. For two decades, the economy struggled with double-digit inflation, and the Central Bank of Nigeria found itself in direct competition with commercial banks through its practice of lending directly to consumers.

But then, in 2017, something unexpected occurred: bitcoin emerged and became the talk of the nation. Suddenly, everyone from civil servants to students to politicians were discussing the digital currency, adding yet another layer of chaos to the already messy economy.

As the largest economy in Africa and home to one of the youngest populations in the world, it's no surprise that Nigeria became the largest bitcoin market by trading volume in Africa, according to data from exchanges like Paxful and LocalBitcoins. But the government did not take kindly to this development. Under the leadership of Governor Godwin Emefiele, the Central Bank of Nigeria went on the offensive, with rumors of a new "internet money" circulating throughout the halls of the CBN as early as late 2016. As the governor, Emefiele had a team to research new topics like this, and they went to work to try and understand this new force.

Can someone explain what a bitcoin is or where it comes from?

The following weeks were marked by a flurry of activity as the team dove headfirst into research, clicking away at Google results as they frantically sought to understand this new, mysterious force. Andreas Antonopoulos videos filled search histories on government servers as the team consumed all the information they could find on bitcoin. And then, after weeks of research, they held a briefing.

What have we learned?

Sir we understand bitcoin is a new kind of virtual currency that is out of our control. We have no say over the issuance or the regulation. We can't tax it, we can't create it.

Do we know who created it?

Yes sir, we do. A lady by the name Satoshi Nakamoto.

Are you sure it's a lady?

It's hard to say sir. These Chinese names can be gender complex.

Fine! Get her on the phone.

We already tried. She likes to be left alone.

Oh, ok. How is Bitcoin created?

According to our research, it’s a process called mining. Apparently it's the digital equivalent of earth mining but with computing resources and lots of electricity.

Electricity? This lady Nakamoto found our achilles heel. She could have used oil or any other resource but she chose electricity. I like her less already.

Sir, we found out some fun facts about bitcoin in our research: the maximum supply is 21 million and the supply issuance is capped every four years.

What a simpleton. I don't think Satoshi is very bright. Only the Olympics gets planned every four years. We plan our fiscal budget every quarter and adjust according to inflation. What is our current money supply?

Crickets.

"You are all useless. I should hire Satoshi instead. Find her already!"

Sir, we are getting reports that a growing percentage of our citizens are avoiding tax and saving their money in Bitcoin.

Even when it is backed by nothing?

Yes sir, and to compound the issue, Nigerian princes are ditching the Naira and US dollar for Bitcoin. They have all adjusted their emails and we can’t stop or track them.

That's not good. We need to warn the public at once.

And so it was, in the first month of the year 20174, the central bank issued a stern warning to banks and other financial institutions, directing them to stop all bitcoin transactions under their watch or face dire consequences. They did their best to enforce this mandate, but the outcome was far from what they intended: the financial activity surrounding bitcoin simply migrated to the shadows of a burgeoning black market.

The Nigerian Senate, in response to the central bank's circular, summoned Governor Emefiele to shed light on the opportunities and risks that cryptocurrencies represented for the nation's economy and security. In front of the Senate Committee, Emefiele shed light on the key role that cryptocurrencies play in money laundering, terrorist financing, illegal arms purchases, and tax evasion. He said:

Cryptocurrency is not legitimate money because it is not created or backed by any central bank….It has no place in our monetary system at this time and cryptocurrency transactions should not be carried out through the Nigerian banking system.

In the aftermath of the circular, Governor Emefiele seized the opportunity to unveil an innovation that had been incubating in the central bank's research lab. A digital version of the Nigerian Naira, known as the "eNaira,". It was presented as a worthy rival to bitcoin in terms of features, speed, and security. The entire nation held their breath in anticipation of this exciting new development.

On October 25, 2021, Governor Emefiele delivered a speech on national television, introducing the Central Bank Digital Currency (CBDC) known as the eNaira. Built on blockchain technology, he explained that the eNaira was a liability of the central bank and went on to enumerate its technological features with a thick Igbo accent.

Customers who download the speed wallet app will be able to perform the following:

a) onboard and create their wallet,
b) fund their eNaira wallet from their bank account,
c) transfer eNaira from their wallet to another wallet,
and d) make payment for purchases at registered merchant locations.

Much wow!

The President of the Federal Republic of Nigeria, Muhammadu Buhari, immediately followed with his own take on the eNaira.

Indeed some estimates indicate that the adoptions of central bank digital currencies and its underlying technology called *pauses* blockchain can increase Nigeria’s GDP by$29 billion United State dollars over the next 10 years.

After reading his speech, President Buhari officially launched the eNaira with the slogan: "Same Naira, More Possibilities." Within the first 24 hours, more than 2,000 people registered for the eNaira out of a banking population of over 100 million.

REKT

In the spring of 2022, KuCoin exchange reported that 33.4 million5 Nigerians were trading or owning crypto assets, despite the ban imposed by the central bank of Nigeria. And yet, the eNaira, the central bank's own digital currency, struggled to gain any meaningful adoption. The reason was simple: without demand, no currency can survive. It doesn't matter if it's a cryptocurrency, a digital currency, or a "quantum currency."

The Nigerian government failed to recognize that its people wanted a way to preserve value, which is a difficult thing to do when the government's own money keeps losing value due to inflation. The government believed that a rebrand would distract people from the real issues of mismanagement at the central bank and crony capitalism that have plagued the country for decades.

Despite Governor Emefiele's proclamation that there had been "overwhelming interest" and an "encouraging response" to the eNaira from Nigerians and parties around the world, the app had a rating of 4.3 out of 5 on the app store, with only a handful of reviews. Word on the street was that it was a clunky beta experience. Hopefully, improvements will be made so that the experience of losing value could be smoother for the users.

LESSON

In the world of finance, bitcoin represents an outlier on the fringes of technical superiority. Its decentralized and open-source nature make it resistant to attempts at destruction or coercion by nation states. This is because the network is secured and maintained by a diverse set of actors, all driven by self-interest, and no single entity controls a majority.

As with any revolutionary idea or technology, it's natural for the established powers to resist. However, history has shown that these attempts are futile and only serve to delay the inevitable. Nation states that try to destroy or ban bitcoin only end up harming a small part of the ecosystem but more importantly themselves, as they get excluded from all the innovation that goes with it.

Nation state leaders should recognize that bitcoin is here to stay and instead of fighting it, they should focus on understanding and adapting to the new decentralized financial system that it represents. It is a powerful tool that can bring transparency and accessibility to geographic regions that they have struggled with for a long time.

Furthermore, it is important to understand that bitcoin is borderless in every sense of the word. It can be transmitted as a text file, radio signals, morse code, emojis or any creative way of representing your private keys. This gives smaller nation states a tool to fight against global sanctions and retain a degree of financial autonomy. Why ban something that could help when the rest of the world turns on you?

In the long run, it would be best for nation states to regulate bitcoin only after they have sufficiently understood it so that regulation can improve inclusion and reduce crime. It's time for nation states to recognize that bitcoin is a powerful force that can bring about positive change to the financial systems. Those who are able to understand will benefit greatly. Those who don’t will end up like North Korea and the internet.

If you enjoyed or hated this chapter, leave a comment below. Next, we learn why you should keep a low time preference in “CHAPTER 7”. You’ll learn about a Norwegian who bought $25 of bitcoin in the early days and forgot about it for a few years. Tell your friends. Lord Thoth appreciates you.

Leave a comment

First time? Start here!

Previous

Imagine you live in an enchanted castle with a drawbridge that only lowers when you present two things: a secret song and a divine orb. One night at the tavern, you had too much to drink and sang your secret song. Every lord, crook and wench heard the song and committed the melody to memory. They come to your castle and sing the song, hoping to plunder your treasures, but the bridge won't lower because they don't have the orb. Your castle is safe, and you can compose a new secret song once you're inside. Unless you left the orb at the tavern, they wouldn’t have everything they need to lower the bridge. So it’s a good thing you always carry your orb with you. In fact, you used it to summon a horse to ride back to your castle.

Two-factor authentication (also known as two-step verification or 2FA) is a security measure that requires you to have two things, hence the name, that verify your identity before granting you access. These two things, in order, are typically a combination of something you know (like a password or secret song) and something you possess (like a smartphone or divine orb). Hackers know that many people use the same password, so the only real protection for most people is the second level of authentication. In other words, having something that you possess for a second authentication is the best way to keep your accounts secure. That being said, what are some things you could prove you own that could serve as a second authentication?

If you want to prove that you have possession of your eyes, a retinal scan can be used as a 2FA method. Similarly, a fingerprint scan can be used to prove possession of your fingers. Alternatively, if you want to prove possession of a smart device or USB, a numerical code can be used for authentication. Many people already own a smartphone, watch, or tablet, making them the most commonly used 2FA devices. However, the method by which the numerical code is delivered to your device can increase the potential for security threats. To protect your identity, it is important to keep the delivery method as secure and isolated (air-gapped) as possible.

Some of the most common delivery methods include email, text messages, or an authenticator app. However, it is important to AVOID using email or text messages, as they are not secure. Email authentication codes are only as secure as your mail provider, and email hacks are common. Text message authentication codes are only as secure as your mobile service provider, so they are also a weak choice. The best practice is to use an authenticator app, which is stored on your device in a secure enclave or on a specialized USB. These methods do not transmit anything over the internet, making them as strong as the random number generator that creates the code. This level of security even meets military-grade standards. The weakest link in this case would be physical custody of your phone or USB authenticator, so it is important to keep your devices safe at all times.

JOEL ORTIZ

THE BOSTON SIM SWAPPER

On the 17th of August 2017, Jeremiah Nichol watched, with a “gut punch feeling”, as hackers broke into his personal email and exchange wallets. They swept everything in 30 minutes. There wasn’t any time to react. 

He had been casual about security in the past so he decided to tighten access to his digital accounts. As an elementary school music teacher, Jeremiah didn’t know much about these things so he asked an I.T friend for help. Together, they added 2FA to his security protocols, requiring a text message from his mobile service provider before he could sign into his accounts from a new device. This upgrade was a major improvement from his previous security measures, and things remained quiet for over a year.

On November 28, 2018, as Jeremiah was taking a walk, his phone began to overload with alerts. He received notifications of successful password changes for many of his accounts, and the gut-punch feeling returned. The hackers had struck again, and this time it felt as though they had his phone. But they didn't - it was right in his hands. Despite his best efforts, Jeremiah was unable to stop the attack. He called his mobile service provider for help but this is what they said to him:

…we’re sorry, but you just activated your phone somewhere else with your photo ID

No I did not.

Jeremiah didn’t know what to do so he tried emailing himself with an alternate account in an attempt to appeal to the hackers' sympathetic side. He quickly realized that hackers and thieves don't care about their victims, just as an eagle doesn't care about the wellbeing of a rabbit. The internet can be a scary place, and Jeremiah had fallen prey to a vicious predator - the SIM swapper. Frustrated and upset, he messaged the hacker, an angry tear rolling down his cheek:

I can’t win. Why do you do this to me?

Earlier that year in the middle of May 2018, Jeremiah had reached out to other victims through social media. He was hoping to share experiences and perhaps learn from each other but many of them were busy at the time. They were on their way to Consensus 2018 in New York for the annual "Shitcoin"1 conference. 

On May 14th that year, the residents of the Midtown Hilton in New York were surprised to see an unusual amount of traffic and noise on the streets. Obnoxious convoys of revving Lamborghinis, driven by people who looked out of place, filled the streets. It was clear that the nouveau riche had arrived in force.

Some 8500 people had purchased $2000 tickets to attend the conference. They were eager to exchange business cards and boast about the amount of money they raised from retail investors. However, the organizers had sold too many tickets, causing registration lines to stretch across the hotel lobby and up to the escalators on the next floor. The event was crowded and chaotic.

There was a concentration of newly minted millionaires at the conference. They smelled of money and were all connected on social media. One of the guests was Seth Shapiro. He had spent most of his career in media and technology, and was now exploring the world of blockchains. His company had recently raised $50 million, and they were excited about adding videos to a blockchain.

In the midst of the celebration, Seth looked down at his phone and noticed that it didn't have a signal. Everyone else at the conference had service bars, but he didn't. It was strange. Seth tried moving around the hotel to see if he could find a better signal, but it was no use. He was unable to connect to the internet or make any calls. Seth decided to ask the hotel staff if there was a problem with the wireless network. They assured him everything was working fine and that there was no known issue with the network.

Unconvinced, Seth left the conference and hurried to a service provider in Manhattan to try and figure out why his phone wasn't working. When he arrived, the support staff were almost as confused as he was. They told him that his SIM card had been disabled because someone had just registered it on another phone.

Seth immediately purchased a new phone and SIM card, but it was no use. As he was setting up the new phone, he received notifications that his exchange wallets were being cleaned out. He watched in disbelief through his glossy new screen as his money was stolen right in front of his eyes.

Later that day, a colleague at the conference messaged Seth to let him know what had happened. The colleague had also fallen victim to a hacking attack, and they were both shocked by the speed and efficiency of the thieves.

My fucking phone has been hacked

Seth was shaken by the experience and felt fragile for the rest of the day. He called his wife to tell her what had happened. She was able to talk him down and offer words of comfort and encouragement.

Earlier that day, a smiling 19 year old boy was holding up an ID to an AT&T customer representative. Joel Ortiz told the representative that he had lost his old phone and needed to port his SIM card to a new one. He answered all the security questions and gave them his social security number. Then he thanked the representative and walked out of the store with a new SIM card.

Joel and his friends had been carrying out this scheme at multiple stores over the last few months. They would pose as legitimate customers and use stolen or fake IDs to obtain new SIM cards. Once they had the SIM cards, they would use them to gain access to other people's accounts and steal their money or personal information.

Within minutes of acquiring the new SIM card, Joel and his friends began orchestrating a sweep of all the social contacts and emails associated with Seth's phone number. They had done their homework and gathered all the information they needed from Seth's social media feeds.

To change Seth's email password, they needed to receive a six-digit verification code through text. This is where the SIM swap came in handy. Since they had already swapped Seth's SIM card, they were able to receive the verification code and use it to reset his email password.

Once they had access to Seth's email account, it was easy for them to reset his other accounts, including his bitcoin wallets. They quickly withdrew all of the funds from these accounts into their own wallet addresses. For each withdrawal, the exchange required a six-digit verification code sent to the account phone number, which was now in Joel and his friends' possession.

While Joel was nervously waiting for the withdrawal to go through, Seth was in Manhattan trying to recover his SIM. Seth was prompted for a six-digit verification code but since his SIM had been swapped, the code was sent to Joel and his friends instead. When they saw the code, they realized that their scheme had been discovered and that time was running out. That is when Joel started to panic. He told his colleagues:

He’s trying to get number back. I’m getting text messages.

Joel stared at the withdrawal progress, his heart racing for what seemed like an eternity. Meanwhile, Seth was gaining on them. The anxiety was palpable and the ensuing anticipation in lockstep. 

The tension was interrupted by the sound of two phones receiving a text message at roughly the same time. Joel and his friends looked at their phones in excitement. Seth looked at his in disbelief. A dubious exchange had taken place.

That night as Seth mourned his losses, Joel reveled in newfound riches. He spent the next few months living like a rap star from the 1990s, with bottles of Dom Pérignon, overpriced jewelry, and stacks of cash scattered across tables at L.A’s finest clubs. People were paid to hold up signs with his Instagram handle, @0, outside the window, and Joel loved the attention. He was spending money like an election candidate with plummeting ratings, while enjoying the unique disconnect that came with spending other people's money. He even rented a luxurious Airbnb on a hill in Hollywood, complete with a helicopter to fly him back from the club each night.

Joel's life was transformed. He donned new designer clothes and felt like he deserved his new status in society. He craved attention and spent lavishly to ensure that he got it. Ironically it was his extravagant partying that caught the attention of law enforcement and criminals alike. One night, after the usual debauchery, Joel was robbed at gunpoint as he was leaving the club. The incident shook him and reminded him that nothing in life was permanent. He live-streamed his reaction to the ordeal on Instagram, showing his vulnerability to all his followers:

They stole like $40,000 worth of shit…

I had like $8000 cash and a Rolex and bitcoin chain

Joel’s thought process changed dramatically after his encounter with old-school criminals. In an effort to escape any repeat encounters in Los Angeles, he decided to move back to Boston. He announced his plans on Instagram, including an itinerary for a concert abroad.

On July 12, 2018, Joel dressed in his finest Gucci clothing and headed to the airport. As he checked in, federal agents positioned themselves around the airport, waiting for the right moment to make their move. It was at the final metal detector that two agents approached Ortiz, badges in hand, and arrested him.

About six months later, Joel was charged with 41 counts, including grand theft, identity theft, and computer crimes. He was linked to multiple victims in the case. The Santa Clara county in California sentenced him to 10 years in prison.

REKT

The first time Jeremiah Nichol, the elementary school music teacher, was hacked, it was a wake-up call for him to take online security seriously. He wasn't tech-savvy, so he entrusted the security of his accounts to an IT friend with more experience. Unfortunately, his friend wasn't as qualified as Jeremiah had hoped. They setup 2FA with a mobile phone number to receive important security codes. It was the right technique, but with the wrong tools.

Seth was no different from Jeremiah. He also setup 2FA with his telephone number. This was why a group of young hackers were able to bypass their other security safeguards and take all their money. Over the next few years, Seth and his wife would work hard to rebuild what he had lost while Seth continued to explore the world of blockchains. He eventually pivoted his video expertise to the next shiny new thing: non-fungible tokens (NFTs).

2FA from mobile service providers can be a nuisance to hackers, but it is not a complete deterrent. In the cases of Jeremiah and Seth, the hackers found a workaround the mobile number authentication; they tricked gullible service representatives into handing over both their SIM cards. With other victims, they even paid the service reps to be their inside person .

While most hackers go through the trouble of social engineering, the sophisticated ones can intercept messages to mobile numbers without a SIM card. They can hack telecom networks and read messages in real time. This scary attack is called  “man-in-the-middle”. As the name implies, they position themselves between you and your network while they listen for valuable information. Corporate and government espionage used to be the only type of hacking that this attack was used for, but now individuals who flaunt bitcoin on social media can also become targets.

Our perpetrator, Joel Ortiz, was the social engineering type. He didn't start out swapping SIM cards for bitcoin but as a member of a platform called OGUsers, which was popular among people involved in hijacking online accounts and conducting SIM swapping attacks. It was on this platform that he learned to trade vanity social media handles in black markets. He also discovered that the easiest way to steal a social media handle was to deactivate it with the user's phone number and then register it again on a new number.

Joel’s lightbulb moment came when he realized that many bitcoin holders employed the same security hygiene as Instagram users. This opened up a new market for the same old tools and tactics. And so he searched Instagram and Twitter to scout his targets. After successfully stealing his first few bitcoins, he started bragging, as amateurs who engage in such activities tend to do.

Joel didn't work alone. He had a crew of young criminals like himself. They put the big scores together and divided the spoils afterwards. However, they weren't disciplined enough to keep their cover and stay under the public radar. They were always trying to outdo each other on social media. On some nights, they would pour out $1500 bottles on their expensive watches to entertain followers on Instagram. This was how law enforcement caught wind of them; young men living above their financial means with no discernible source of income. It was now up to good old-fashioned police work to follow the money and bring these young criminals to justice.

After hacking another attendee at the 2018 New York conference, Joel became greedy and began harassing family members for bitcoin and loans. He thought he was untouchable, but he was wrong. Law enforcement had noticed that he was using the stolen phone number excessively, and they used it to their advantage.

They obtained a warrant for the number and discovered that the activity was coming from a Samsung phone which the victims did not own. This was the first clue that something was not right. They then sent Google a search warrant for data activity connected to that phone.

To their surprise, they found emails associated with several exchanges. This was how they knew where Joel was converting his stolen coins. Next, they sent warrants to all the exchanges and were able to trace about $1 million across all the accounts.

As they continued their investigation, they found payments to an Airbnb in Hollywood Hills. This was the final piece of the puzzle. They knew where Joel was staying and could’ve arrest him at any time but they waited. They wanted to make sure they had all the evidence they needed to put him away for a long time. It wasn't until Joel announced he was leaving the country that they obtained a warrant for his arrest.

Law enforcement estimated that Joel and his accomplices swindled around 40 victims. The data from the warrants on his stolen phone number revealed the identities of his accomplices. It turned out that they all shared access to the same email addresses in order to coordinate better, but mostly because they didn't trust each other. This ultimately led to their downfall.

LESSON

SIM cards are the most widely used identity modules, so it makes sense for various services to outsource identity verification to SIM providers. The major drawbacks of this approach are that:

1. SIM cards can be easily lost or stolen, making it easy for someone to impersonate the legitimate owner of the card.

2. Text message by nature are not air-gapped connections. The medium between the operator and the recipient is vulnerable to hackers with the right tools.

While SMS-based 2FA is better than relying on a password alone, it is not as secure as using an authenticator app. This is because SMS messages can be intercepted or redirected, allowing an attacker to gain access to the one-time code and use it to impersonate the legitimate user.

Before social media and bitcoin became popular, very few people used SMS-based 2FA. But as more people started to protect their assets and data with SMS-based 2FA, it became lucrative for hackers to exploit. They figured out that it was easier to steal SIM cards because telecom representatives had not been trained to spot social engineering attacks.

The security questions that are meant to prove identity are often easy to bypass. For example, if a hacker wants to know a person's mother's maiden name or the first car they bought, they could check their social media accounts to find the information. Or, if that is too much trouble, they could bribe a customer representative to carry out the SIM swap for them. Once they had a person's SIM card, they could gain access to all of their other accounts that were associated with that SIM.

All of that is changing now that customer service representatives are more aware of the risks of sharing client data and working with criminals. Even with these measures in place, the best way to avoid this type of attack is to not use SMS-based 2FA for any services. There are simply too many attack surfaces when it comes to using a phone number for 2FA. Instead, use an air-gapped authentication app on your device or a specialized hardware. This way, if your SIM is swapped, there would be nothing for the hackers to steal. However, you should always keep your physical device with you and make sure it is never out of sight long enough to be hacked.

Jeremiah and Seth would not be a footnote in the long history of bitcoin hacks if they had used the right 2FA setup. They would have been protected from SIM swap attacks and never known about it. Jeremiah would have gone about his life teaching music, and Seth would have continued putting videos on the blockchain, both oblivious to the dangers of SMS-based 2FA.

SEAN COONCE

ANOTHER SIM SWAP ATTACK

Sean Coonce worked as engineering management at Bitgo, a company specializing in digital assets security. Despite being well-versed in online security, he made two mistakes that non-security experts make: he kept his funds in a custodial exchange, and used SMS-based 2FA to verify his primary email. These simple mistakes cost him over $100,000 in 24 hours. Let us examine the events that led to this tragedy.

MAY 14TH 2019, TUE 10:00PM

Sean was making plans for the following day like he always did. He was going through his calendar when he realized there was no service. He thought it was a minor inconvenience and wished that cellular providers had better coverage.

What he didn’t know was that, 24 hours earlier, his cellular provider had ignorantly ported his number to an impersonator - a SIM swapper. It is common practice to delay password resets and SIM ports as a way to reduce fraud. However, this preventive measure only works if the person being hacked is aware of it. The SIM swapper now had control over Sean's SIM from another phone, which was why he didn't have any cellular coverage.

TUE 10:05PM

After a short while, Sean was logged out of his Google account and received a prompt to sign in again. He couldn't remember the last time this had happened - Google rarely logs users out because they need data like a fish needs water. Sean assumed that this was connected to the earlier cellular service outage, which made sense to him as someone who was familiar with security issues. He tried his password, but it didn't work. It was late, so he decided to deal with the problem in the morning and went to bed with the issue unresolved.

What Sean didn't know was that the SIM swapper had already reset his password, thanks to the two-factor authentication code that his cellular provider had sent to the swapper's phone. It was now easy for the swapper to reset Sean's Google password. The swapper had positioned himself between Sean and his cellular provider, effectively "man-in-the-middling" him like a sandwich.

WED 11:00AM

The following morning, Sean went to his cellular provider to fix the issue with his service. They acknowledged that something was wrong with his SIM card and issued a new one. At this point, Sean was starting to become suspicious. He then remembered that he had recently dropped and cracked his phone, which might have damaged his SIM card. This explanation made sense to him as a security professional.

Now that his SIM was reinstated and he had two-factor authentication again, Sean was able to reset his primary email. He was happy to have his email restored and even happier to have his cellular services back. What a day! He went back to work, back to securing other people's digital assets, and back to being a security guy.

What he didn’t know was that while he was dealing with the issues caused by the SIM swapper, the swapper initiated a password reset on Sean's Coinbase account and monitored his email to delete any incoming security notifications. This was to prevent Sean from learning anything if he somehow managed to regain access to his accounts.

WED 10:00PM

That night, as Sean was in the middle of planning the following day's routine, his cellular service dropped again and he was logged out of his Google accounts. It was like déjà vu - could he have received a faulty SIM card? He was angry at the thought. He decided that he would deal with it in the morning and went to bed with the issue unresolved.

What he didn’t know was that the SIM swapper had struck again. They had ported his SIM once more, and it was clear that they either had superhuman discipline that allowed them to operate at exactly 10:00 every day, or they had studied Sean's habits on social media, including the fact that he didn't like to be bothered at bedtime. Sean was completely unaware of the lurking danger as he drifted off to sleep.

WED 10:01PM

Sean was “sound” asleep. That was quick! He’s a security guy.

What Sean didn't know was that the SIM swapper was in the midst of executing the final stages of their scheme. They had initiated a password reset on Sean's Coinbase account 24 hours earlier, and Coinbase's 24-hour delay policy was no longer in effect. The SIM swapper copied and deleted Coinbase instructions and links to cover their tracks, so Sean didn't catch on when he regained access to his account earlier that day. The SIM swapper now completed the password reset using the link they had saved from Sean's email.

Within minutes, Sean's account was drained of all its coins. They were gone, and there was no way to get them back - not even Coinbase could do anything about it. The coins would be verified on the bitcoin network just like any other transaction where possession is ten-tenths of the law. Sean was completely unaware of what was happening as he slept soundly.

THUR 9:00AM

Sean went back to his mobile carrier to fix his cellular service problem which persisted despite a previous visit. As he approached the service counter, he was greeted by a friendly representative. "Hi sir, how may I help you today?" the rep asked. Sean explained the ongoing issues he was still having with his service, as the rep nodded sympathetically while typing on a computer. After a few moments, the rep looked up.

I'm sorry Sean, but it looks like your account has been locked. I'm not able to unlock it for you. Were you in Nevada yesterday?

No.

Sean listened to the rep continue as he stared at his mobile device. He had just logged into his Coinbase account, only to be greeted by an error message stating that his session was no longer valid. This could only mean one thing: someone had successfully changed his Coinbase password.

He immediately called Coinbase customer service, his heart racing in denial. After explaining the situation to the representative on the other end of the line, he waited anxiously for their response.

"~It appears your account has been compromised," the Coinbase rep said, confirming Sean's worst fears. The funds in his account had been transferred out of Coinbase's custody to an on-chain address on the bitcoin network.

What he didn’t know was that the SIM swapper was long gone. They had moved on and were already spending the fruits of their labour.

After processing the traumatizing events for a week, Sean collected himself and wrote a medium article2 about it.

REKT

Sean had always considered himself to be a savvy individual when it came to technology and online security. After all, he worked for a company that was known for its cutting-edge technology and security solutions.

Despite this, when it came to his investments, he made a number of questionable decisions. For one, he chose to keep his coins on Coinbase, a third-party exchange that was known to be less secure than Bitgo. This was likely because he wanted to take advantage of Coinbase's user-friendly interface to participate in market speculation.

To make matters worse, Sean had also secured his Coinbase and Gmail accounts with SMS-based 2FA, a method that has been repeatedly proven to be insufficient when it comes to protecting against sophisticated cyber attacks.

As it turned out, Sean's lax approach to online security came back to haunt him. One day, he discovered that his Coinbase account had been hacked, and all of his funds had been transferred out of his control.

If he had used an authenticator app or a hardware solution for his 2FA, it would have been nearly impossible for the hacker to break into his accounts without physical access to his phone or hardware. SMS-based 2FA, on the other hand, grants hackers the ability to steal remotely, which is how they prefer to operate.

In the end, Sean was left to regret his decisions and vow to be more careful in the future. No one ever thinks it can happen to them until it does, and Sean was no exception.

LESSON

When it comes to securing your bitcoin, no amount of protection is overkill. You should be wary of any technical solutions that are too convenient, as these often come with security trade-offs that may not be immediately apparent.

For example, you might assume that using your existing telephone number to receive important verification codes is a convenient and safe choice. In reality, however, this is a potentially dangerous decision. Hackers can easily gain access to your phone number and use it to compromise your accounts, rendering your verification codes useless.

To avoid this, you should go through the extra trouble of downloading a secure authenticator app or purchasing a hardware authenticator for the sole purpose of logging into your important accounts. This may be inconvenient, but it is a small price to pay for the added security it provides.

Additionally, you should always assume that whatever measures you take is 100 times harder for external hackers to bypass. So, making it twice as hard for yourself to access will make it 200 times harder for hackers to do the same, and so on.

Of course, a strong password is still essential, but even the strongest password can be compromised. That's why it's important to have a robust 2FA solution in place as a backup. By taking this extra step, you can greatly reduce the chances of hackers stealing your bitcoin.

If you enjoyed this story, leave a comment below. Next, we learn why a Nation State can’t ban bitcoin in “CHAPTER 6”. They never learn. Don’t forget to comment and tell your friends. Lord Thoth appreciates you.

Next: CHAPTER 6

Leave a comment

First time? Start here!

Previous

“For greater privacy, it's best to use bitcoin addresses only once” - Satoshi Nakamoto

In the previous chapter we imagined a billion lockers in a public space where one of them had your savings. Our reasoning was that the more lockers there were, the more secure your savings would be; because the number is too large for a burglar to get lucky. But how would you find your locker each time without relying on luck yourself? The simple answer is a bitcoin address. It solves this problem with a unique pointer to the locker that holds your savings. So out of an infinite possibility of lockers, you will always arrive at the right one against astronomical odds. As a bonus, you can own as many as you like because, in theory, they are inexhaustible.

A bitcoin address has two parts; a private and a public key pair. You need both to open your locker. This is the magic of public key encryption. When you create a new address, it has strong privacy and perfect security. But when you use it over and over again, it leaves a trail of your spending habits with everyone associated. Anyone can look up your address on a block explorer1 and paint a picture of your financial habits. This not only erodes your privacy but the privacy of everyone you deal with. 

Another reason you shouldn’t reuse an address is that it weakens some of the cryptographic algorithms that protect your bitcoin. Some experts fear that future quantum computers might be able to steal your bitcoin if you they are weakened over time by address reuse.

You should always create a new address when you receive bitcoin. You can have as many as you like. You could use a different one to insure every grain of sand on every beach, or every lark of hair on every woman and we’d still be closer to 0% than any other number. In this case, more is better.

If we could only use one address for all our financial activities, bitcoin would be the most dangerous surveillance tool in existence. You MUST vehemently reject any transactions where you recognize the recipient or sending address. While that sounds extreme, here are some scenarios to help put things in perspective:

CASE 1: THE SINGLE WALLET SPENDER

In early 2013, you had too little of a social life so you spent a lot of time on technical talk forums. There you learned about bitcoin and made friends with likeminded misfits. You downloaded a wallet and built your savings over the years. However your traditional training compelled you to want to see all your coins in one place. As a result, you spent and saved to a single address.

REKT

That single address is public on the blockchain and all your spending has created a long history of transactions. Anyone can watch the the flow of bitcoin in and out but most importantly, they can see the balance. But who would want to check ? Well, everyone you transact with. If you paid your landlord in bitcoin, he would notice that all your transactions came from the same address and that they were now worth a lot. Your landlord, armed with this information, decides to increase rent. Your financial privacy is compromised. He tells his wife over pillow talk. Normally she never says “hi” in the elevators but now she smiles at your wife. She wants to sell her home made dumplings. Just kidding, you don’t have a wife. Anyway, your landlord’s wife indulges harmless gossip at the hair salon. Now every woman within a 2 mile radius knows that you are a rich awkward nerd. Your social acceptance starts to go up. This is not bad at first. Women wink at you and one day you come home from a date with one of your new admirers to find your apartment ransacked. The neighborhood burglars now know too.

CASE 2: THE SINGLE WALLET TRADER.

In 2018, you learned about bitcoin because everyone was getting rich except you. You didn’t care about anything else but trading. So you bought bitcoin and loaded up in a single address wallet. You trade with size because you’re a chad.

After doing research, you find one exchange that matches your risk tolerance and liquidity requirements. It is run by a vegan loving young billionaire. You send a few hundred bitcoin to trade for a dog coin. It’s been going up for weeks now, there’s no reason it wont continue. Two weeks after your first trade, you are down to double digit bitcoins in value. Everyone is still getting rich because the media says so. You load another hundred bitcoin because you trade with size. This time, you heard about a new coin that would revolutionize supply chain. By the end of the year, your entire trading portfolio is worth less than your laptop. 

You didn’t get to where you were in life by quitting early. So you load up some more from the same wallet. This time, you hear about “DeFi” and life changing yields from a Korean kid. It makes more sense to you and there is a possibility of recouping all your losses in one trade. A few years later, the young vegan billionaire is on the news. He wants to give away all your wealth and the young Korean is on the run from interpol.

REKT

Every exchange operator has a team of analysts that monitor capital flow, in and out, of their platforms. They also oversee the trading books. Their job is to make sure the house always wins.

When you make your first deposit, they are curious and want to inspect your wallet closer. Imagine their delight when they see that you are a high roller on steroids. Every time you deposit bitcoin, there is speculation from in-house analyst and traders. They want to see if you have any inside information on what you are buying or if you are simply exit liquidity for smarter traders. The operators wait for you to trade and then front-run you. This means they perform the trade ahead of you with their algorithmic bots so you get less than you originally calculated. They repeat the process as many times as it takes while giving you a few occasional wins to keep you motivated. You will chase that carrot until you fall into a financial hole.

CASE 3: THE SINGLE WALLET DONOR

You are anti-establishment guy or gal and decide you can support any cause you like with bitcoin. After all, nobody can stop your transactions. You hear about truck drivers on a nation wide strike in a foreign country, so you send them $100 worth of bitcoin. You hear about a war in Eastern Europe and send another $100 worth of bitcoin. It’s not about the money, it’s about sending a message. You are on the hunt for the next current thing so you can make a statement with your wallet. All this while, you’ve been using the same address. One day, you try to send some coins to an exchange but you discover you can’t. Your address has been blacklisted. Then you get a call from your local police.

REKT

Governments are slowly figuring out the advantages and disadvantages of the bitcoin blockchain. They have analysts of their own and I.T teams that keep them in the know albeit behind latest trends. Savvy governments now love bitcoin especially when people don’t use it correctly. It provides breadcrumbs to the doorsteps of would be dissidents.

When governments realize that a certain address is donating to all the things they don’t like, they communicate that address to exchanges and forbid any transactions in the future. That’s all they can do. But they have reach, which means they can limit your financial activity. Anyone who deals with you becomes tainted by association.  Your financial world has become a little smaller because you supported the controversial current thing from a single wallet.

CASE 4: THE SINGLE WALLET CON ARTIST.

You get a few cons going and then your wins start to snowball. You start to post pictures to instagram like a teenage influencer. Your money needs to be safe and you heard that bitcoin is anonymous money. With zero research, you get one wallet and use it to launder all your money. Then one day, the police knock on your door and catch you with your Gucci pants down.

REKT

If you are posting pictures to instagram then you shouldn’t be stealing other people’s money in the first place. Even though that gets you on law enforcement’s radar, it’s the money trail that does you in. When you send all your stolen coins to the same bitcoin address, it’s like robbing a bank and driving straight home with a trail of dollar bills to your garage.

MR. WOODBERY

THE EMAIL CON ARTIST

In March 2019, a young Nigerian, sporting a red and blue Balenciaga jacket, danced in his new Rolls Royce Dawn as his friends congratulated him. He had just purchased two super cars including a 2019 Lamborghini Urus. He parked them side by side to take a picture as he thought about the perfect instagram post:

“Just Copped ❗2019 URUS X 2019 RR DAWN BLACK BADGE …Sky is the Limit✌🏼”

Olalekan Jacob Ponle had arrived. He went from being a nobody to becoming popular online and in his home country, Nigeria. Even though he was famous, only a few people knew his real name. Everyone knew him by his infamous Instagram handle Mr. Woodbery; a nickname that stuck in high school because he was a comedian. Young Nigerians wanted to be him. After all, how often does a regular Joe buy two luxury cars in one day?

His wealth was suspect but nobody openly dared question its legitimacy lest you got cutoff. Any inquiries were treated as an act of jealous hostility. However, there was discrete speculation, with no evidence, that he was a Yahoo boy2. And if you don’t know what that means, then you are likely to be an easy target for Nigerian scam artists. When asked what he did for a living, Woodbery would sometimes say "international marketer". On other occasions, he was an international real estate developer based out of Dubai. He wore different professional hats depending on who was asking. So where did his money come from? What did he do for a living?

Woodbery had figured a way to trick businesses into sending him money under false pretense. First, he infiltrated their corporate email through social engineering, but on rare occasions he had a hacker friend who could exploit vulnerabilities in infrastructure. Once he was in the corporate system, Woodbery and his crew observed communications for as long as it took. They watched for emails that signaled an intent of money transfer; usually in the form of a corporate invoice. 

His tactics were rudimentary yet genius. There was always one of two likely scenarios; if he infiltrated the receiving company’s account, then he would spoof an email to the payee but change the bank account with an apology for the mix up. But if he infiltrated the payee’s account, then he would spoof an internal email to the CFO with a cloned invoice carrying a new bank account. In each scenario, he borrowed the skin of the receiving company to redirect funds into a bank account he could access. He never used an account tied to his identity. He was always careful to employ lower level operatives, called mules, who worked with him for a cut. This was intended to keep his name clear if things went wrong.

Once the money was in a mule account,  Woodbery laundered it into society as best he could. He had created a bitcoin wallet in 2014 and like most uninitiated, assumed it was perfectly anonymous. He was convinced that once he bought bitcoin the money could never be traced back to him. And so he conned many businesses while converting the proceeds to bitcoin.  

Sometime in early February 2019, Woodbery and his crew hacked into the corporate email of a Chicago based company. They monitored communication for days, occasionally making fun of the internal company dialogues but mostly, they were looking for patterns and money flow. They shared screenshots of promising leads with each other so they wouldn’t miss a thing. This is how they learned that the company they infiltrated was a subsidiary of larger company in Chicago, and that the email belonged to the Chief Accounting Officer. Big titles are often privy to big decisions and soon enough their patience paid off.  The Chief Accounting Officer was expecting a $2.3 million check from his parent company when he sent an invoice to the Vice President and Controller. Woodbery and crew intercepted this email. They knew they had little margin for error and little time, so they rehearsed a plan to make sure they would succeed.

First, Woodbery used his access to send an email to the Vice President requesting payment. He was meticulous about the content.  Everything had to be just right; the same header, same footer, same style, same grammar and same routing numbers. The only thing that changed was the recipient bank account. The money had to make its way to him so he used a newly created bank account with the same name as the receiving company (It is not uncommon for different bank accounts to have the same name in the United States).  When the Vice President saw the invoice, he had no reason to be suspicious. He made payments like that all the time. He approved and forwarded to the finance department who filed and processed the wire transfer. On February 14th, 2109, Woodbery sent a message to his mule account handler.

“Hey can you check if the funds arrived now.”

“It’s in!!!”

They had successfully conned a business out of $2.3 million. All it took was a hacked account, some reformatted emails, a new bank account and non-billable man-hours of monitoring communication.

As soon as the money was deposited, the mule transferred all of it to another account online and then to a Silvergate Bank account belonging to Gemini Trust, a notoriously compliant bitcoin exchange. Gemini is thorough about who they do business with. They collect detailed ID and store it for whenever law enforcement requests. Woodbery knew this. He didn’t plan on registering his name on the exchange nor did he plan on leaving his money there. Once again, he employed the services of  his mule to achieve a degree of separation from Gemini.  While the exchange provided liquidity, his mule kept his anonymity in tact until the bitcoin arrived his personal wallet.

“The money is in the exchange …..We are going to send you 500k at a time until you have it all.”

“Wallet is 16AtGJbaxL2kmzx4mW5ocpT2ysTW

xmacWn”

“I got the first one” 

“I got the second one just waiting for remainder”

Mission accomplished. It was time to go shopping and spend this new money. Woodbery didn’t know how to be rich but he knew how to be loud. In march of the same year, he went to the dealer and paid cash for a Lamborghini Urus and a Rolls Royce Dawn. That is when he put out his first instagram post.

Just Copped❗️ 2019 URUS X 2019 RR DAWN BLACK BADGE ....Sky is the Limit ✌🏼

It was a flawless execution from start to finish but that wasn’t their first job by any means. According to the FBI, in the beginning of 2019, Woodbery and crew defrauded a company in Iowa using a similar M.O. They compromised the corporate email through a phishing attack. After spying for a while, they learned it was a supplier company waiting for payments for a shipment. And in the same way, they emailed the relevant party on the paying end, then opened a matching bank account with the recipients name while they waited for payment. This con was for $188,000. They converted it to bitcoin and sent to the same wallet:  16AtGJbaxL2kmzx4mW5ocpT2ysTWxmacWn.

Woodbery and his crew had momentum after the first few jobs. They scored almost every month like working class hustling for a salary. Sometime in May 2019, they broke into the corporate email of what turned out to be their most audacious attempt. It was the month of Woodbery’s birthday and he was feeling lucky so he fired out an instagram post.

The operation started out like all the others, by infiltrating corporate email, but they learned that this company paid out quarterly dividends to shareholders. A new kind of bounty than they were used to. The board of directors had already approved the amount of  $19,292,690.30 which was to be distributed through a third party. Woodbery spoofed an email, pretending to be that third party while requesting the full sum to be paid into his account. The sheer audacity!

“Please approve the attached Dividend payment (including postage) of $19,292,690.30 set for June 20th. I have reviewed the funding letter from 22 [Redacted Company] for accuracy and validated the share count included in the payment amount.” 

To think that a semi educated crook could employ this level of language is both funny and scary. It almost worked. The company tried to make payment but the receiving account was flagged for fraud. They were saved by an unholy algorithm likely from Palantir. Woodbery was undeterred so he regrouped and tried again with a different bank account. The company was saved a second time by that unholy fraud detection algorithm.

If you are wondering how any of the previous companies could lose millions and do nothing about it, it is because they were too embarrassed to pursue any recourse in public.  While they may have gotten results, the aftermath would have been damaging to their respective reputations. It was bad for business.  How do you explain to investors and shareholders that you accidentally paid millions to the wrong account? For this reason, most of them often took the losses in silence.

By this time, the FBI had taken an interest in the series of email frauds. As the jobs got bigger so did the crew. A bigger crew meant a bigger attack surface with more weak links to exploit. The FBI found one weak link and infiltrated Woodbery’s network. That’s how they turned the tables and started spying on Woodbery in July 2019. The details are not clear, but the FBI picked up one of his account mules. Some people speculate that it was either for an unrelated charge or that the culprit was apprehended while trying to cash out their share. Woodbery was disappointed with the $19 million deal gone wrong and he felt something was not right. He fired another instagram post:

Unknown to Woodbery, the FBI repossessed his mule’s phone and started communicating with him. Woodbery went about business as usual, requesting new bank accounts and trying to fill them up with other people’s money. And in the process helping the FBI build a case against him. 

On Woodbery’s instructions, the undercover agent opened a few new bank accounts. Nothing changed about the methods. It was as close to perfection as anything within his control. Every time, they ran their play it ended with the same lines.

“What is your wallet address?”

“Same one  I being using”

This time around, no money was paid into any of his accounts despite doing everything right. It was as if a guardian angel was looking out for those companies. On June 10, 2020, Dubai police stormed the Palazzo Versace where they apprehended Mr. Woodbery along with a handful of associates.

REKT

Many intangibles led to the inevitable arrest of Woodbery on June 10th of 2020 in the Palazzo Versace, Dubai. He was careful within the limitations of his knowledge, but he didn’t know a lot about cybersecurity or bitcoin. He played with technological fire for the better part of his adult crime life and it burned him in the end.

Special Agent Ali Sadiq of the FBI, who lead the covert operation, was the Head of Cybersecurity in Chicago. When he got on the trail, he knew that, given enough time, Woodbery would provide all the rope needed to hang himself. Woodbery communicated through un-secure applications that were not end to end encrypted. This meant the FBI could get warrants that forced the operators to show them his messages. And so they did. 

The FBI got a warrant for Dingtone; an app Woodbery used to make phone calls over a wifi connection with new phone numbers. The records showed that a South African number paid for the service through the Apple Appstore.  Now that they knew what kind of device he used, the FBI started piecing together Woodbery’s International network. 

The next warrant to drop was for Apple. In the records, they learned that the device was registered to Jacob Olalekan Ponle, a.k.a Woodbery, with the gmail account hustleandbustle@gmail.com. They found pictures of his passport, U.A.E visa and resident ID card in his iCloud account. There was no doubt as to who this individual was anymore but just to be sure, Special Agent Ali cross-referenced it with the U.S visa database. There was a match. They had their man but they didn’t stop there. They got into his WhatsApp and snapchat accounts where they uncovered some of his associates. Everything was in plain text with occasional code words and phrases that were easy to decipher by cross-referencing with Nigerian urban street language .

Now the FBI knew who he was, they followed the money to uncover more detail about the frauds. Their investigation revealed some recurring patterns. The most glaring was an infamous bitcoin address that kept turning up: 16AtGJbaxL2kmzx4mW5ocpT2ysTWxmacWn. It was at the center of everything. All the money flowed in and out through that singular wallet address, like a Central Bank account. Special Agent Ali and his team analyzed the address on the blockchain. While their analysis may look like rocket science to the uninitiated, the tools are available to anyone with a modern web browser. You could simply copy and paste any bitcoin address  into a blockchain explorer and see its history. Even the infamous address.

The analysis told the story of the wallet in its entirety but for the sake of brevity, we confine ourselves to the bare essentials. For example,  the infamous address was generated through Bitpay and the earliest transaction occurred on the 1st of November 2014. This meant that it could not have been created at a later date. It also raised the question of whether or not Woodbery started email fraud before then.

After receiving a warrant, Bitpay opened up customer registration to the FBI. The wallet containing the infamous address was registered to the Gmail account hustleandbustle@gmail. It matched the registration email tied to Woodbery’s iCloud account. Now things were adding up. But what kind of criminal uses one email tied to his real name for the purpose of committing related crimes? One who doesn’t know much about cybersecurity. 

As they followed outgoing transactions, the FBI traced payments to Localbitcoins3 and Huobi4 amongst others. The evidence was clear that Woodbery used these less compliant exchanges to buy cash. He did it in small enough tranches that it wouldn’t draw administrative scrutiny. That’s how he financed the purchase of his super cars and other acquired tastes . There were a  few questionable purchases traced to a Russian run market place for stolen credit cards. All the money in the world couldn’t hide this leopard’s spots. Perhaps being a criminal is exciting even after making all that money.

The FBI had him dead to rights. He was not on U.S jurisdiction, but that never stopped them before. On June 10, 2020, Woodbery was apprehended in the hush of the night. He was charged with multiple fraud counts after a raid by the Dubai crime unit. He was in good company that night. Less intelligent but good company nonetheless.

LESSON

Would you commit a crime knowing that every thing you did was being recorded and displayed in public for everyone with a browser to inspect? In the future, every detective in the world will be looking to make a name for themselves by bringing your actions to light. Bitcoin is a global and permission-less network. Sherlock Holmes or your local sheriff have the same access to it. There are no special privileges. To make matters worse, you decide to facilitate the investigation by using a single address. Perhaps the criminal life is not for you. You are better off living an uninteresting life.

Bitcoin’s unique privacy features were not designed to protect criminals. They were designed to protect a law abiding majority who choose to use it correctly. If everyone uses a new address for every new transaction, then we become like a colony of penguins flocking to the water simultaneously. It becomes expensive for predatory governments or hackers to single out one individual. We swarm the network with a torrent of new addresses and bask in the safety of pseudonymous numbers. If you won’t do it for yourself, do it for the people you transact with.

We hope our fictional examples and the real life story of Mr. Woodbery make it painfully obvious why you should never reuse bitcoin addresses. Next, we explain why you should not use your phone number for 2FA. Get ready to learn about SIM swapping in “CHAPTER 5”. Don’t forget to comment and tell your friends. Lord Thoth appreciates you.

Next: CHAPTER 5

Leave a comment

First time? Start here!

Previous

Trying to crack a private key with a brute force attack is a bit like trying to count to infinity: the sooner you begin, the faster you’ll never get there.

- Kai Sedgwick

Imagine a locker in your city square with no locks, no keyholes, no security; just a handle that anyone can open. Would you consider keeping your savings in this locker if anyone could find it, open it and take your savings? It would not be secure at all. Now replace that locker with ten similar structures. In less than a minute, anyone could riffle through and take your savings. It would still not be secure. Now increase the number of lockers to one billion! A billion with a ‘b’. It takes about 32 years to count  to a billion without any interruptions. Who in their right mind would spend 32 years going through lockers? Your savings would be safe because it is hiding in a very large number by human standards. Unfortunately bitcoin operates in the realm of specialized computing. The lockers are now slots in a public ledger represented by private keys and the human burglars are now computer agents that crawl data structures.

Because computers perform tasks infinitely faster than humans, a billion slots would be a breeze. It would take about 15 seconds to cycle through.  So, what number is large enough to overwhelm the most powerful computers in the world? How big could a number get so that we feel safe knowing it would take forever to hack? How about a Septillion, 10^24! This is the total number of stars in the observable universe. It would take thousands of years for today’s super computers to cycle through a number this big. This should have been enough, but Satoshi Nakamoto went beyond the stars for bitcoin security. He designed bitcoin private keys to be large enough to account for the total number of atoms in the universe; a Vigintillion or 10^77. If someone tries to guess your private key, they probably won't even land in the right solar system, let alone pick the right atom.

“When designing Bitcoin, even aliens need to be accounted for”

-SATOSHI NAKAMOTO

Your private keys are really large numbers in the order of Vigintillions. Every time you generate a new address or private key, you create a number that the world has never seen before. If you copied that number into google, you would get the shortest search result ever. Unless you show them to someone or put them on a blockchain, those numbers will have spent a few seconds on earth never to be seen again. The science of large numbers completely destroys computers and hackers. It is more secure than any bank in the world. If you could generate such a secret, why give an exchange, bank or even worse another individual to guard for you? Why share with anyone?

MT GOX

A JAPANESE EXCHANGE

In late 2006, a software developer by the name of Jed McCaleb built a website for an online fantasy card game with a quasi cult following. His website enabled players trade in-game cards like stock. In Jan 2007, he registered the domain name www.mtgox.com, short for magic the gathering online exchange but after three months, he got bored and shut it down. He kept the domain name. 

By mid July 2010, Jed had learned about bitcoin from the famous slashdot1 article. He recognized it as an opportunity and immediately wanted to learn more. So he got his hands dirty and repurposed the old card trading site into a bitcoin exchange.

Mt Gox wasn’t the earliest or the best bitcoin exchange but its customer base grew to around 3000 in record time. Jed was quickly overwhelmed with bank wires in the tens of thousands. The amount of security and attention required to maintain the exchange had crossed the hobby threshold. It was stressful. Jed got bored again. He needed an exit strategy. He needed to hand over his side project.

Fortuitously, fate brought along a French developer by the name of Mark Karpeles. Right place at the right time. The two met through an IRC2 channel where Jed was looking for someone to help integrate with European banks so the exchange could accept euro deposits. Karpeles was eager to please. He finished the job and the two of them kept in touch. At that time, Karpeles was the most qualified person on Jed’s radar. They discussed the possibility of a sale until they reached an agreement to transfer ownership of Mt. Gox to Karpeles in return for future revenue.  Jed would keep 12% of the exchange but retain full administrative access so he could audit it and keep Karpeles honest.

Mt. Gox rose to prominence in just three months after Karpeles assumed control. It had grown 20 times its customer base. If you wanted to buy bitcoin, it was the one stop shop. You could visit the website and purchase Bitcoin with US dollars, British pounds, Russian rubles and Japanese yen. Early speculators flocked in droves at a chance to buy and sell. Early miners deposited their hard won bitcoin into Mt. Gox’ custody. Under Karpeles’ leadership, Mt. Gox grew beyond anyone’s wildest dream. Under the same leadership, it would also suffer the biggest fall from grace in bitcoin history.

THE FIRST HACK - 22 MAY 2011

As an early Mt. Gox customer, Karpeles had a rough sense of what they wanted but he had never run a financial service. His experience was in web hosting and baking. Just like everyone else, he was new to bitcoin. 

A few months under his management, he hadn’t quite figured out how to store all the incoming bitcoin. He kept some in the company servers hot wallet3, some in a “secure” off-line location and the bulk on his personal computer. During that time, a hacker broke into his computer and took 300, 000 BTC. Just like that, 300, 000 customer BTC was gone. Luckily for him, the hacker grew a conscience and returned it for a 1% finder's fee. He returned 297, 000 BTC. Karpeles dodged a bullet.

THE SECOND HACK - 19 JUNE 2011

The following month, hackers stole a small database that contained accounts and passwords. Jed McCaleb’s username and password were among the files stolen. Recall that he still had administrative access to the exchange. This meant he could oversee exchange operations and now so could the hackers. With these admin privileges, the hackers went to work. They created fake bitcoin sell orders on the internal books that quickly crashed the price from $17 all the way down to a cent. The hackers then proceeded to buy cheap bitcoin with their own accounts and withdrew. Fast attentive customers bought cheap coins too during this brief price chaos. It was over in minutes. One trader said;

I’m Kevin and I’m the guy who bought 259,684 BTC for under $3,000 yesterday…. Here’s my side of what happened: I was watching, like many of you, a gigantic sell order burning through the bids. …..The price started at around $17.50, and within minutes was below $10. At this point, I realized …..This was someone attempting to crash the market by selling a huge percentage of the market’s total bitcoins at once.

I had around $3000 USD in my Mt Gox account, from earlier sales I'd made. I looked at the market stats, and realized that there were tons of orders to buy BTC at $0.01 ….. I figured if I put a buy order in for $0.0101, my order would execute first and I could buy a huge amount of bitcoins…….The only problem was that Mt Gox was running slower than molasses at the time……I had to try several times, but eventually I got a buy order in, offering to buy as many bitcoins as I could for $0.0101.

The site stopped responding completely for a while, probably from so many people hitting refresh to see what was going on. When I got back in, I saw in my account:

06/19/11 17:51  Bought BTC  259684.77 for 0.0101

I had just purchased over 250,000 bitcoins for $2613. At the trading price immediately before this large sell order happened, that number would have been worth nearly $5 million. After I regained my breath, I tried to figure out what to do.

Karpeles and the rest of admin panicked and did the only thing they could; they halted all withdrawals and shut down the platform servers. Unfortunately the hackers and a handful of traders had already withdrawn some bitcoin. Keep in mind that most of the coins being withdrawn belonged to users on the exchange. Lucky for them all, Karpeles had set a daily withdrawal limit of $1000. The hacker was only able to get away with 2000 BTC as result. Anything short of this would have spelled an instant death for the fledging exchange. They got lucky again. They eventually figured out how the hacker got in and crashed the market, then rolled back the system to undo all trades during the time of the crash. Mt. Gox came back online with the price restored to $17 dollars per coin. They managed to pay all the customers who lost money due to the incident in full but little did they know that this was just the beginning of things to come. The first in a series dominoes to fall.

THIRD HACK - SEPT 2011

You can only dodge so many bullets on luck alone. In September, there was another systems breach and once again attackers gained write access to account balances. They could create new accounts and credit them with bitcoin out of thin air. It appeared they had learned from the previous incident because this time, they withdrew little amounts from the exchange over a long period of time to avoid detection. The hackers also deleted all the new accounts they created so that any audits were temporarily useless. Karpeles did not detect this breach until after the bitcoins were already transferred out of Mt. Gox. Forensics estimate that about 80, 000 BTC were siphoned out of Mt. Gox in a hack that spanned years.

FOURTH HACK - SEPT 2011

At this point, Mt. Gox was just target practice for hackers who wanted to make steady income. In the same month they lost 80, 000 BTC, more hackers broke into the company servers and copied the main bitcoin hot wallet file containing private keys, public keys and transaction logs.  This meant that the hackers could withdraw everything on the exchange at once if they chose to but they didn’t. Since they had keys to the main hot wallet, they could see and access all incoming customer deposits. They quietly siphoned incoming bitcoin for about 2 years, well into 2013. Mt. Gox operated business as usual. By the time Karpeles or anybody detected what was going on, the hackers had withdrawn 650, 000 bitcoins from the exchange. This was the single biggest blow they would endure. 

FREE GIVE AWAY - OCTOBER 2011

To the public, Mt. Gox was a technological marvel but they didn’t know Karpeles still wrote most of the code that held it together. You see, when software development is broken up into little sections for different teams, the resulting code is usually easy to read and robust. It is called modular code. But when one person handles a monolithic project in a giant bowl of code, the result is usually unstructured and hard to read. It is called spaghetti code. Karpeles’ spaghetti code started to break. It cost the exchange irreparable damages. The features he built for processing transactions developed a bug which began incorrectly crediting user accounts. Nearly 50 customers received a distributed total of about 45, 000 BTC. None of them had made any deposits. It was a pleasant surprise for the lucky traders. However, the exchange managed to rectify some of the errors, bringing the loss to about 30, 000 BTC.

Instead of hiring professional help, Karpeles deployed a new wallet system himself to fix the bug and mitigate further intrusions. This latest mishap brought the total amount of bitcoin lost to between 700, 000 to 800, 000 BTC. Mt. Gox was still the biggest and most popular exchange.

DESTROYED BITCOIN - 28 OCTOBER 2011

Shortly after giving away free bitcoin to lucky exchange customers, Karpeles did something far worse than murder for which men should be publicly shamed and chastised. He destroyed 2609 BTC by sending them to an un-spendable address. Bitcoin is programmable money with a scripting language that lets you determine how the recipients spend it. For example, you could send bitcoin to your child and set conditions that they can only spend it after they reach 18 years old. The default condition people set is that the recipient has control of the public address and the private keys but there is much more you can do.

Karpeles was experimenting with the bitcoin client. He wanted to see how many inputs per transaction it could handle. While this is perfectly fine, he could have used a fraction of a coin but instead he risked the exchanges’ profits for the week.

that’s a problem, but not the worst problem we ever faced…just spent one week of BTC-only income

Because bitcoin operates on a public ledger, there was no hiding this mistake. Experts weighed in and confirmed that the bitcoin was indeed lost forever. You can see them here in bitcoin limbo. It was only worth $8000 back then, but be cruel to yourself and do the math today.

The outrage among early of bitcoiners was palpable. They started to lose faith in the leadership of Karpeles.

And this is the guy whom 90% of Bitcoin users trust their money to... 

WILLY & MARKUS - 2013-2014

For most of its existence, Mt. Gox operated a fractional reserve with dwindling reserves. Karpeles wanted to keep this information away from the public as it would have harmed their reputation. He reached out to Jed, the former owner, for advice. Amongst other things, they explored the possibility of counter-trading customers. To put this in context, imagine Binance or Coinbase counter trading their clients. Scratch that. This was a desperate attempt to claw back as much bitcoin as possible and shift debt around in their favor. 

In November of 2013, people started noticing strange patterns on the Mt. Gox order books. About every 10 minutes or so, a purchase of between 10 and 20 BTC was made. This suspicious behavior continued round the clock and soon became a pass time for traders who were bored from staring at charts all day. They would guess the next purchase amount every 10 minutes or so. Through out the month of November, the mystery buyer spent $112 million on more than 250, 000 BTC, sending the market to a boiling frenzy as it ignited new waves of speculators. The price shot up fast from $200 to $1300 in a roar that could be heard around the world. Bitcoin had arrived.

In January the following year, the bull market collapsed with a discharge felt by everyone who enjoyed the ride up. It is customary for exchange platforms to go offline during rush cycles as they frequently did. For 90 minutes on January 7, Mt Gox API went offline for everyone in the world. Everyone but the same mystery buyer who had been scooping bitcoin every 10 minutes or so albeit in smaller amounts this time. This called for more serious inspection.

When independent analysts studied the logs, they discovered that the mystery buyer was an algorithmic trading bot owned by Mt Gox which operated several accounts. Let’s call this bot Willy. Willy operated accounts with higher ID numbers than regular trader accounts and it didn’t have any user_country or user_state attached to it.

Things got even more bizarre when analysts found another trading bot with an unusually high ID number as well. This one had a more erratic buying pattern, it didn’t pay any trading fees and it didn’t spend anything to get bitcoin. It simply took them for free. Let’s call this one Markus.

Willy and Markus purchased a combined total of about 650, 000 BTC by inside trading and stealing from Mt Gox customers. “The house always wins” but not if the house is Mt. Gox. Willy still lost about 22, 000 BTC, which was about 10% of its total purchase.

SHUT DOWN & ARREST - FEB 2014

The walls were closing in on Karpeles. He had lost more customer funds than he let on and their dissatisfaction with services grew more vocal. It didn’t help that the exchange halted all withdrawals on February 7, 2014. The reserves had dried up. There wasn’t enough for every one. Karpeles blamed the withdrawal freeze on bitcoin code but nobody was buying that. As soon as withdrawals resumed, there was a thunderous exodus for what little liquidity was left. On February 17, they suspended withdrawals again. Anyone who still had bitcoin on the exchange got the sense it was over.

On February 24, the website went offline without warning. That was the last time anyone would set eyes on the troubled exchange site again. Shortly after, Mt. Gox filed for bankruptcy. The most stubborn optimists finally succumbed. Their money, hopes and bitcoin disappeared that day along with the Mt. Gox website. Meanwhile, Karpeles started receiving daily death threats. He was no longer the public darling of the bitcoin community and the Japanese media were unforgiving. All his indiscretions were made public. They had found their scapegoat.

It was August 1st, 2015, Karpeles couldn’t sleep. He was staring at business cards from the IRS, FBI and Homeland Security on his desk when the phone rang at five in the morning. The Japanese police were doing him a courtesy before the morning papers made the rounds. He had known for a while this day would come. There would be paparazzi and media. This was the last time he would be seen on TV for a while. He couldn’t decide whether to wear a suit and hold his head high or just surrender as he was. The arrest was quiet. Karpeles didn’t resist, they took him away in a blue t-shirt and a baseball cap. He was charged for embezzlement and reckless endangerment of customer funds.

REKT

Karpeles had good intentions. He stumbled upon a disruptive technology before anyone was prepared for its consequences.  He didn’t have any experience running financial services. He just happened to be at the right place too early for his own good. This cost him peace of mind and it set bitcoin back years. It was a painful but necessary lesson that needed to be learned.

Mt. Gox problems started before Karpeles assumed ownership. Just before the transfer of ownership, under Jed’s management, hackers broke into the servers and stole a hot wallet file containing 80,000 BTC. Those coins have not been moved since the hack and are still sitting there. The hackers may have forgotten about them or destroyed the keys by accident. The easiest way to steal 80, 000 BTC is to gain access to 80, 000 BTC in one place. The exchange customers didn’t want to take responsibility for their bitcoins so they handed them over to Jed. This only made his hot wallet a bigger score for hackers. 

After the second hack, the very next day, customers of other custodial exchanges reported that their accounts had been hacked too and their bitcoin stolen. You see, at the time, only a handful of people owned bitcoin. Most of them cycled through the few bitcoin services available. They had not yet understood what it meant to “be your own bank”. Naturally they used the same passwords across every web service on the internet like normal people do. The second order effect of the Mt. Gox admin hack became dubiously obvious. There was little time to react for users who had been too lazy to think of new passwords. In a coordinated effort, the hackers hit exchange after exchange and made easy money from repeat customers who reused passwords.

In August 2011, Karpeles acquired a Polish exchange called Bitomat. This acquisition was applauded as expansion but Bitomat was no asset. It was a liability. They had just lost a file containing 17, 000 BTC due to an Amazon virtual machine reset. Another genius exchange operator. Having the business IQ that he did, Karpeles thought it was a bargain to absorb the loss in exchange for their customer base. This horrendous acquisition was paid for with Mt. Gox customer funds who were content to trade IOUs on the exchange.

The whole Mt. Gox tragedy can be boiled down to one fault on the users. They committed the cardinal sin of transferring ownership of their bitcoins when they deposited  to Mt. Gox wallets. This gave Karpeles full reign to pilfer, embezzle and lose funds in unimaginable ways. Historically, when you give people control over your money, they always take it from you. Mt. Gox was no different. 

According to forensic analysis by individual investigators, Mt. Gox was insolvent for most of its existence. They ran a fractional reserve exchange with no reserves. In regular finance, this limitation is overcome by printing more money but bitcoin doesn’t allow free printing. You must work for your bitcoin.

LESSON

You have seen what passes for internal behaviour on exchanges subject to the whims of incompetent founders. That is what early adopters had to go through. Today, there are better systems in place that prevent the sort of thing Karpeles did. These systems are still not entirely in our best interest. Let’s say for example that you fill out a KYC form and deposit your coins on an exchange like a law abiding citizen. Then your President tells the American President to eat glass on twitter. Suddenly, you become persona non grata. A new system can be put in place to stop you from withdrawing your money.

If you must trade, which I strongly advise against, do it on a decentralized exchange from the security of your hardware wallet. And if you must use a custodial exchange, make sure you withdraw immediately and pray that you are not cancelled in that period.

To sum things up nicely, DON’T LEAVE YOUR COINS ON AN EXCHANGE any longer than you have to. They are not your friends. They are your new financial babysitters.

In regular monetary law, possession is  nine-tenths of the law. In Bitcoin, it is ten-tenths of the law  -  ANDREAS ANTONOPOLOUS

QUADRIGA

A CANADIAN EXCHANGE

How many people walk around the city with a hundred million dollars of other people’s money on their laptop? This is the story about a young Canadian who ran an exchange out of his laptop for 4 years while everyone believed it was regulated by the government.

In 2013, a cheerful young man and an older acquaintance announced that they were going to build an exchange at “Bitcoin Co-op”, the oldest bitcoin meetup in Canada. Bitcoin Co-op organized presentations and workshops because they wanted to build a community back in 2012. Nobody ever reached out to them until Gerald Cotten and Michael Patryn.

Cotten had blond hair, a large oval head which rested on a small frame. He wore rectangular nerdy glasses that accentuated his smile; it put everyone around him at ease. His accent was Canadian with a hint of Scottish. He was not a bitcoin expert but he knew enough to fool everyone in 2013. People loved him. Patryn was Indian and had a sturdier build. His eyebrows and beard were meticulously trimmed, intensifying his presence. You could tell he was experienced the way he sounded like a Silicon Valley VC  who frequently had drinks with bankers and regulators. Cotten and Patryn slowly networked their way into the heart of Canada’s young bitcoin community. 

If you were Canadian in 2013, there weren’t many places you could buy or sell bitcoin. But if you had to get your hands on some, because your computer was locked by hackers in Iran, your best option was to wire money to Japan and wait several weeks for a paper receipt containing your private keys. During that excruciating wait, you would have watched the price swing both directions of the pendulum. Cotten and Patryn were going to fix that market inefficiency with an exchange where you could buy and sell bitcoin directly from your Canadian bank account. Cotten would be the face, and Patryn the operational brains behind it. 

In September 2013, the young founders posted several jobs on black site forums. There weren’t many LinkedIn profiles with bitcoin experience but Cotten knew exactly what he wanted:

I am looking for a programmer who is familiar with Bitcoin to develop a website that is very similar to Bitstamp. Bitstamp.net has a variety of features, including….4

Cotten and Patryn were quick to market. In November 2013, they incorporated QaudrigaCX, short for Quadriga Coin Exchange. A month later, they became the first bitcoin exchange in Canada to successfully apply for a money services business license from FinTRAC5. FinTRAC, among other things, decides who could be a money transmitter in Canada. The exchange opened its doors to customers for the first time on Boxing Day. By January 2014, they were celebrating the 1000th customer. Quadriga was at every important event in the country. A reporter at a conference asked Cotten:

“What do you believe is the factor that got you guys from where you guys started to how big you guys got?”

His response:

“So one of the differences between quadrigaCX and a lot of our competitors is that I come from a background where I’ve dealt with digital currencies in the past. …. So when we launched QuadrigaCX, we were all already quite aware of the current situation with the banking relations and basically how to integrate bitcoin with the current payment network……We’ve  gone from 0 market share to now 80% market share as most of our competitors have fizzled out.”

Quadriga out-innovated everyone else in speed, simplicity and fees while offering more funding and withdrawal options than any exchange in Canada. They were the first to trade gold for bitcoin and vice versa. The number of registrations started as a trickle but new traders told their friends about it. The slow trickle eventually became a torrent of signups. 

As the exchange grew, so did the popularity of the meetups. Cotten became director at Bitcoin Co-op while still running the business and he always carried his laptop with him. The meetups grew larger than residential spaces could accommodate, so Cotten offered to host them at Quadriga’s headquarters. He sponsored multiple events, buying himself and his new exchange a generous amount of public goodwill. One day, during a meeting, a 78 year old woman walked in. They thought she was lost but she came to learn about bitcoin. It was a good day.

In 2014, the largest exchange in the world was taking its final operational breath in Japan. They had fallen victim to multiple hacks. Quadriga was going to do things different according to Cotten. They were going to use the “most sophisticated security” to store a new digital asset. This was their chance to not only capture the Canadian market, but a global market too.

HOW THEY ONBOARDED CUSTOMERS

Cotten and Patryn operated the exchange like a casino. Financial institutions were clueless about bitcoin in 2014 and so they stayed away from Quadriga as it expanded. This is where Patryn’s previous experience as a money transmitter came in handy. He setup partnerships with payment processors that received money from customers on behalf of Quadriga. Some of these payment processors were companies while some were single individuals; in fact one of them was a girl Cotten had recently met on Tinder6. A few payment processors were Canadian while others were international and collectively, they routed all customer funds. In order to complete a bitcoin purchase, you had to send money to one of their partner processors through bank wire, draft or whatever means they hacked together and once Quadriga received your money, they credited your account with QuadrigaCX Bucks which was an IOU for “real” dollars. Most customers were ignorant of this because they never read the terms of services.

BITCOIN BULL RUN

Quadriga grew 2000% partly due to the gradual increase in price of bitcoin between 2016 - 2017 and the continuous onramp of new traders. There were traders who completed thousands of orders. There were also sophisticated traders who used automated bots that analyzed market activity. And on the lower end of the spectrum, there were retail traders who heard about bitcoin from neighbours and colleagues. The bull market brought in new registrants everyday to the point Cotten had to hire external contractors to keep up with demand. Regardless of who signed up for an  account, they all assumed Quadriga was regulated by the government and therefore safe. After all, it was a Canadian company.

Cotten grew successful to a point where people were throwing money at him. One of Quadriga’s major clients; the president of Canadian Bitcoin ATM company would sometimes meet to discuss alternative investments but at the end of their conversations, he always handed over a suitcase full of cash to Cotten. After the exchange, the president flew back to his office in a private jet. That’s how Cotten conducted business with V.I.P clients.

Cotten’s purchasing power rose with the price of bitcoin and his tastes outgrew his humble beginnings. One time he went yacht shopping but not for just any yacht. He wanted one that could sail straight to the Caribbean without stopping. When the sales person offered him an electric motor life raft, Cotten couldn’t resist the opportunity to show off; he pointed at his Tesla in the parking lot and said

“Sure, I love electric”

Just like that, he purchased a $600, 000 yacht. This was no oligarch cruise line but mere mortals simply don’t buy yachts. Cotten purchased many more luxury toys including a private plane, real estate in enviable area codes and a handful of nice cars. The bull market brought out his inner child. Cotten would often go home from work and tell his girlfriend that bitcoin was going to the moon. She didn’t understand what any of that meant but she always celebrated with him.

Under the illusion of continued growth,  Cotten and Patryn decided to take the company public with a reverse listing through a shell company.  They started the paperwork, then stopped after a while. Nobody knows what happened but Patryn was uncomfortable with the attention that accompanied a public listing so he left in February 2016 with some senior staff. His resignation was not even announced. Cotten was now the sole director at Quadriga.

WITHDRAWAL ISSUES

Cotten managed the day to day operations and presided over a remote team of contractors who maintained the technical aspects of the platform, verified account IDs and responded to customer inquiries. Most importantly, he was the only person responsible for deposits and withdrawals. Him and his mysterious laptop. Who could you trust with other people’s money? By mid December 2017, the price of bitcoin began to plummet and shortly after, there was an increase in withdrawal requests. Under normal circumstances, Qaudriga would have managed the high demand in withdrawals but he didn’t have enough money in the company reserves. Where have we seen this before?

CIBC FREEZES FUNDS

The departure of Patryn unravelled the payment operations at the exchange. At the same time the Canadian Imperial Bank of Commerce (CIBC) froze one of their payment processors accounts. It got harder to process withdrawals and complaints started to pile on social media.

“I requested a withdrawal via EFT on Nov 25. The status was shown as completed a couple of days later. It is now Dec 8 (13 days or 10 business days) and I have not received my withdrawal. I submitted a support ticket on Dec 5 and have not received any reply as of today (more than 72 hrs ago). I have also tried to PM the admin for Quadriga on reddit and has not been resolved. Anyone else having problem with EFT withdrawal?”

Quadriga was quick to respond.

“Your withdrawal pretty much certainly failed, most likely due to an incorrect branch or account number. We should get to this tomorrow.”

Quadriga’s response to all complaints were the same; that banks were the real enemy and that they didn’t want bitcoin to succeed. They blamed banks for maliciously cutting their money supply and inadvertently delaying customer withdrawals. It was a credible alibi for the time being. In extreme cases, Cotten honored withdrawal requests with money from his “personal” account. One time, an old member of the Bitcoin Co-op needed to make a down payment for a house. Cotten made sure the withdrawal went through no matter what.

“He was in touch with me personally, he helped make sure that the transfer went through on time……And when the wire was taking a long time, then he actually went out of his way to go and do a direct deposit at the bank for me so I could get the money” 

COTTEN GOES TO INDIA

He had met a girl on Tinder in 2014 and they grew close over the years. They got married in 2018. On December 8th, Cotten flew his new bride to Jaipur in India on a packed itinerary for their honeymoon. Jaipur is a well preserved city with regal palaces and rugged fortresses, famously dubbed the “Paris of India”. Cotten and his wife booked a deluxe suite at the ostentatious Oberoi Rajvilas hotel. A night cost $923. 

The following day, the couple were going to grace the opening of the “Jennifer Robertson and Gerald Cotten home”,  an orphanage eponymously named after the newly weds. They had donated $190,000 for construction and upkeep. They never got to attend. That night, Cotten felt a discomfort in his stomach. He was taken to a hospital where he entered cardiac arrest and was resuscitated twice. It was 7:26 pm on December 9, 2018.  Cotten passed away. 

His death sent shockwaves when it was announced on Facebook nearly a month later. The Quadriga community had lost their charismatic leader and with him, all their money for he was the only one who could access the exchange funds.

REKT

In the month leading to the tragic announcement, Quadriga continued accepting customer deposits while management kept Cotten’s death a secret. The exchange owed $215 million that they could not pay back when he died. Customers and regulators alike had questions; how did a single person control all customer funds in Canada’s largest exchange? Where did all the money go? What could the victims have done differently? And just who were Cotten and Patryn? Let us examine the series of events that led to this historical footnote.

WHEN PATRYN MET GERALD

Cotten and Patryn met through an underground messaging board in 2003 called Talkgold. It was a digital black marketplace that attracted people who wanted to get rich quickly through high yield investments. The same investors competed for the same investments schemes in a zero sum game. The operators designed them differently each time to keep things fresh and entertain the participants who would lose their money but inevitably come back for more like junkies on mETH. Cotten was 15 when he met a 20 year old Patryn. They were trying to con each other but ended up getting along nicely. This wasn’t normal behaviour. Long term friendships didn’t cultivate in environments like that. Cotten and Patryn were the exception.

MISCHIEF AT TALKGOLD

The new besties were quick studies. They learned how Ponzi schemes operated and began to cooperate on their own. When one of them posted a Ponzi, the other would vouch with kind words, to encourage suckers, under a different alias. As a result, they needed many aliases so they learned how to create anonymous identities, cover digital footprint and hide geolocation through  virtual private networks. These technical skills were useful but not as lethal as the confidence they developed while orchestrating increasingly bigger scams.

Right before a Ponzi imploded, Cotten and Patryn would disappear. And after a cooling down period, they always resurfaced with new identities to start again.

PATRYN’S FORMER LIFE

Patryn was in charge of the operational and payment processor side of the exchange despite his checkered past. He went by different names, changing it each time he got in trouble with the law. As “Omar Dhanani”, he was a member of a notorious syndicate called ShadowCrew dot-com. They were the forerunners of modern cybercrime forums and marketplaces. Amongst other things, they trafficked in stolen identities and credit cards. Patryn provided anonymous money laundering services for a 10%  fee.  After getting caught in the United States, he spent 18 months in prison before he was deported to Canada where he returned to his passion; moving money for criminals.

He registered Midas Gold Exchange under the name “Omar Patryn” and became a money exchanger for Liberty Reserve. Liberty Reserve was a centralized digital currency service that allowed users to transfer money with only a name, e-mail address, and birth date. It allegedly laundered  $6 billion7 worth of transactions in credit card fraud, child pornography, identity theft before it was shut down in May 2013. Patryn was already familiar with digital currencies so when bitcoin showed up on his radar, it fit like a pair of gloves.  

By the time Cotten and Patryn decided to launch Quadriga in 2013, they already had a questionable resumé between them. Bitcoin provided the technology and community to scale their mischief.

QUADRIGA DIDN’T HAVE ANY INTERNAL ACCOUNTING

Despite what Cotten said in public about decentralized custody, Quadriga was a custodial exchange. When a customer transferred bitcoin or U.S dollars to Quadriga, they relinquished control to the exchange. The customer only had a claim against Quadriga for the value of the transferred assets. That claim could then be traded with the claims of other customers like chips in a casino. Nothing was recorded on the blockchain unless a withdrawal was made. As a result, Quadriga’s internal book keeping was a mystery to its customers and the law. 

They ran a fractional reserve with no reserves like Mt. Gox. Every bitcoin was part of a general asset pool. In other words,  if a customer’s account balance reflected 1 BTC, it did not mean that Quadriga held a bitcoin to back that account entry. They mixed all funds because they were betting that only a small percentage of customers would apply for a withdrawal at any given time.

WHY DIDN’T THEY HAVE ENOUGH BITCOIN? 

Cotten frequently moved assets out of Quadriga to other exchanges where he tried to turn a profit.  Since he held the private keys, he could authorize transactions of any size from his laptop. And he did so regularly. A lot of the bitcoin he moved out never found their way back to the exchange. It is estimated that he lost about $28 million in customer assets on other exchange platforms.

Quadriga management always told customers that their bitcoins were held in secure off-line storage following the highest standards in the industry. This was not true. When you transfer bitcoin to an exchange, you are at the mercy of their security policies. Cotten not only exposed customer bitcoins to his poor trading practices, but also to the security policies of the exchange platforms he traded on.

WHY DID COTTEN NEED TO TRADE ON OTHER EXCHANGES? 

He lost money counter-trading his own customers on the Quadigra exchange so he sought to find less skilled traders and new liquidity pools elsewhere. His administrative privileges meant he could create alias accounts and conjure up any amount of fake dollars or bitcoin. It was as easy as setting up a new Amazon account and filling up a wishlist. The problem was that the assets he created were not real and he could not withdraw them out of the exchange without risking an audit. For the sake of argument, let’s say Cotten created $1000 of fake USD.  At the same time a customer, Bob,  funded an account with 1 bitcoin he got from a friend earlier. Bob wants to sell his bitcoin for $1000. Cotten takes the other side of the trade and buys with fake US dollars. Now Bob has $1000 and Cotten has 1 bitcoin. A week later, the price of bitcoin dropped to $900 and Bob wants to cash out. Cotten is short. He can only sell his bitcoin for $900 so he borrows  $100 from Alice.  She just funded her account with $300 since all her neighbors are talking about bitcoin. Cotten now has to keep track of this new debt while figuring out who to rob when Alice is ready to cash out. Cotten did this thousands of times with several alias accounts. One in particular stood out; “Chris Markay”.  

Through this account alone, he completed over 250, 000 trades between 2015 and 2018. This meant that almost everyone on Quadriga likely traded with Chris Markay at some point without knowing it. Cotten even traded with himself through his multiple aliases. While Quadriga dominated trading volumes in Canada, Chris Markay dominated within Quadriga. In 2017 he credited the Chris Markay account with $100 million in a single deposit. The following year, he credited another $50 million. While everyone else had to work or steal for their money, Cotten simply added zeros to his fictional account like a central bank. He could trade as much as he wanted and transfer all the risk to his unsuspecting customers. Cotten accumulated over $115 million in losses, over the business life of the Quadriga.

PERSONAL BANK ACCOUNT

Another reason why the exchange books didn’t add up was because Cotten acquired expensive tastes which he paid for with exchange funds. His salary was a modest $65,000 a year according to his 2015 employment contract but he could afford luxury automobiles, a plane, a yacht and premium real estate. It was as if Cotten operated Quadriga like a personal bank account; one time, he transferred  $24 million to himself and his girlfriend. They took regular trips and always stayed at the nicest hotels. Cotten took care of his immediate family. He even left $100, 000 for his 2 chihuahuas in his will.

BULL RUN OVER

Cotten assumed that his good fortune would continue indefinitely but all good things come to an end. If the markets were a symphony, then December 2017 was a long deafening crescendo that erupted in orgasmic exuberance. People started mortgaging their houses and pillaging college funds to buy in at the top of the cycle. This catastrophic timing is a skill in itself. Contrary to great symphonies, the ending wasn’t a standing ovation but a stampede for the exit. When the world ran out of people willing to pay higher for each bitcoin, people started selling. They caught Cotten with his pants down. The thing he feared the most had befallen him; everybody wanted their money at the same time and he didn’t have it.

The price of bitcoin dropped fast. Every time you refreshed your screen, you grew poorer. Cotten’s knee-jerk reaction was to trade his way out using the Chris Markay account. That didn’t work so he returned some of the money he took earlier. Even that wasn’t enough. Just then, the CIBC froze one his payment processors. With very few options and growing vocal dissatisfaction, Cotten committed the cardinal sin of trading; he sold bitcoin at a bottom low. The selling pressure from his desperation punched a hole through the bottom and took prices even lower. But it still wasn’t enough to stave off angry customers. So he paid off the loudest ones8 first because they were likely to be as vocal in celebrating their success as they were in decrying outrage. A redditor said;

With all of the negativity lately, I would like to thank Quadriga for getting my withdrawal to me. Although it was a little late they came through

Cotten got desperate. He started sending cash envelopes across Canada to people whose withdrawals were taking too long. He sent cash in paper bags and shoeboxes to coffee shops, laundromats, and pool halls. The CEO of Canada’s largest exchange had been reduced to a postman. 

Right before he died, he was still sending out money from his personal account on his laptop. Up until he died in India, Cotten was the only person with the passwords to the accounts holding Quadriga’s funds worth approximately a quarter billion U.S. dollars. Except there were no funds. An external contractor, Ernst & Young, brought in to audit the accounts might as well have  been in a science fiction movie. The accountants were confused by all of it. Instead of bank account numbers, they had to trace long alphanumeric addresses on a public blockchain. They finally identified six bitcoin addresses used by Quadriga in the past. Five of those wallets had been empty since April 2018. The accountants got lucky and found some bitcoin but they sloppily transferred it to the wrong address. It was funny. Then it was scary. They had sent bitcoin to a dead man’s wallet. 

The investigating policemen were more out of place than the accountants. They looked like they would’ve been more comfortable with a dead body and a murder weapon. What good was a badge against bitcoin’s security? Cotten had robbed his clients in life and in death.

LESSON

Your private keys are the only thing standing between you and your bitcoin. If you give them away, they are no longer yours. Don’t become a statistic in the next mass exchange hack or gross administrative mismanagement. Keep your coins yourself in a hardware wallet that you have properly backed up and don’t need to access regularly. After all, you don’t check into your Swiss savings everyday.

There are many ways to acquire bitcoin now. You could work for it or buy it from a decentralized exchange that only requires a wallet address. If don’t have access to any of these and you must use an exchange, then make it quick. Don’t get comfortable leaving your coins there. Someone is working hard, consciously or unconsciously, to take your coins from that exchange. It could be a hacker, a regulator or even a terrible employee. NEVER leave your bitcoin on an exchange no matter who it is regulated by.

Now you know the story of Mt. Gox and Quadriga. When you see them on the news, you will be one of the few people who knows what they did wrong. Next, we learn why you should never use the same bitcoin address twice. You will read a story of how some criminals got caught because they reused a bitcoin address many times and lead the police to their door steps in “CHAPTER 4”. Don’t forget to comment and tell your friends. Lord Thoth appreciates you.

Next: CHAPTER 4

Leave a comment

First time? Start here!

Previous

Many backup because they have seen the dark side of failing to do so, blessed are those that backup who have not seen! — T.E. RONNEBERG

According to Chainalysis, a blockchain data platform with governmental ties, about 20% of existing bitcoin may have been irrecoverably lost by 2021.  That percentage mostly goes up as new adopters pile on. Many reasons contribute to this, but key among them is complacence to create backup access to your bitcoin.

However you choose to store your bitcoin, there is always something important to backup. If you use a hardware wallet, then you should backup your seed phrase and PIN code. A seed phrase is a sequence of words that you can use to reconstruct your wallet on another device. This comes handy if you lose your phone or laptop. A seed phrase could be 12 or 24 words and it is almost impossible to guess. If someone has it, then you gave it to them or they took it. A PIN code is a numeric password that prevents unauthorized access to your hardware wallet. Don’t use your date of birth.

If you store your bitcoin on an online wallet, then you should back up your private keys1 , seed phrase, password and 2 factor authentication. Your private key is a 256 bit number that allows you to spend your bitcoin. If you give it away, it belongs to you and the new recipients. 2 factor authentication is process to verify yourself with another device. Google authenticator is the most widely used standard. You should backup the authentication key in case you lose your phone or heavens forbid, have a boating accident. Your backups are the spare keys to your kingdom. Guard them ferociously. Never store online.

I FORGOT MY PIN 

HOW I LOST $30000 IN BITCOIN

In January 2016, Mark Frauenfelder had recently started work as a research director at the Institute for the Future’s Blockchain Futures Lab. He was eager to experience how bitcoin worked first hand. So he jumped down the rabbit hole with skin in the game. He bought 7.4 bitcoin for a whopping $3000. Like most new users, he was fascinated with the experience. He got Starbucks credits and even made some purchases on Amazon with bitcoin. Life was good. Mark was happy.

Nearly 10 months later, bitcoin prices went on a tantrum like it habitually does. It had doubled and it seemed unstoppable. Up until that point, Mark had kept his bitcoin on a web-based hot wallet but the appreciation called for more secure practices. That was the right thing to do. So he did some research and bought a hardware wallet, Trezor2.  The setup was fairly straightforward until he got to a point where he was required to write down a sequence of 24 words. What fresh Nakamoto sorcery was this? The words were randomly generated on the device.  He obliged. Next he was prompted to enter a PIN. He wrote it down on the same orange piece of paper as the 24 word seed phrase.

The wallet website explained that those 24 words were his recovery words and could be used to generate the master private key to his wallets. If he lost his hardware wallet or it stopped working, he could recover his bitcoin by entering those 24 words into a new device or any other hardware or online wallets that use the same standard key-generation algorithm. 

He transferred his bitcoin to a newly configured device. Then tossed both the device and piece of paper into a desk drawer in his home office. He planned to etch those 24 words into a metal stock where it would be protected from natural elements and disaster. Life was good. Mark was happy.

Mar 16, 2017

7.4 BTC = $8,799

THE MISTAKE

It was 6:30 in the morning. Mark and his wife were getting ready to leave for the airport on vacation. As he was going through his desk drawer for a phone charger, he saw the orange piece of paper with the seed phrase and PIN. “What should I do with this?” The coins had almost tripled in value and it wasn’t too much of a stretch to imagine them worth $50,000 someday. “If our plane plowed into the ocean, I’d want my daughters to be able to get the bitcoins.” See Mark had two kids. So he planned for his bitcoins incase something happened to him.  He put the 24 word paper  and pin  under his daughter’s pillow with a note; 

~ if anything happens, show this paper to Cory. He’ll know what to do with it.

Love, Dad. 

Apr 4, 2017

7.4 BTC = $8,384

THE DUMPSTER 

Mark had been back from vacation a while now when he remembered that piece of paper. He went into the room and looked for it. He looked under the pillow. He did not find it. He looked under the bed. He did not find it. Where could it be? Aha! He had the house cleaned while on vacation. Perhaps the good people at the cleaning service knew where it was. So his wife called them to inquire about it but the cleaning lady responded: 

I threw it away. 

Life was still good but Mark was getting worried. He knew the garbage collectors had made their rounds but he went dumpster diving anyway, because who doesn’t love the smell of fresh nitrile gloves and old Amazon boxes. He looked in the corners, he did not find it. He looked in the bottom, he did not find it. The garbage stank. Mark was no longer happy.

His wife asked if losing the paper was a big deal. It was a big deal but Mark didn’t want her to worry, so he came up with the most manly gobbledygook:

Not really … It’s just a hassle, that’s all. I’ll have to send all the bitcoins from the device to an online wallet, reinitialize3 the device, generate a new word list, and put the bitcoins back on the device. It would only be bad if I couldn’t remember my PIN, but I know it. It’s 551445.

He plugged in his device and entered 551445. It did not take. He must have made a mistake entering the PIN so he tried again carefully. FIVE, FIVE, ONE, FOUR, FOUR, FIVE. Surprise! It did not take. Perhaps a slight variation would do the trick. You know how these things are. He entered: 554445. It did not take.

He looked at the tiny monochrome display of the wallet and noticed something new. There was a countdown timer. That wasn’t there before. It was making him wait a few seconds after each failed attempt. He went to the wallet manufacturer’s website to learn about PIN delays. This is when he read a seemingly innocuous but potentially troubling piece of information:  the delay doubled every time a wrong PIN was entered. The site said, “The number of PIN entry failures is stored in the device’s memory.” This meant that powering off the device wouldn’t make the wait time go to zero again. 

In theory, a betting thief would go through a lifetime of PIN numbers against astronomic odds. In the meanwhile, the rightful owner would have enough time to move  funds to a new device. It was a beautiful day but Mark was in panic mode.

He made a few more guesses and with each failed attempt, his sense of unease grew in proportion to the PIN delay. It was now 2,048 seconds which is about 34 minutes. Imagine you had to wait 34 minutes each time you got your password wrong. He launched his desktop calculator and worked out that it would take 30 years before his 31st guess. He would be a granddaddy by then. The law of compounding returns is a cruel mistress when it works against you. One hundred guesses would have taken more than 80 sextillion years. A number so large, every foreseeable generation of his bloodline would have a shot at the device.

His mind became scrambled with permutations of PINs. As he went into the kitchen to prepare dinner he couldn’t think of much else besides the unique challenge he faced. While slicing potatoes, he mentally shuffled numbers around like scrabble tiles on a rack. After some time, a number popped into his head: 55144545. That was it! He walked from the kitchen to the office. The wallet still had a few hundred seconds left on the countdown so he filled that time with routine chores until it was ready for another try. FIVE FIVE ONE FOUR FOUR FIVE FOUR FIVE. It did not take. Mark was in ultra-panic mode.

That night he dreamed a dream of 1s, 4s and 5s. The wallet was trolling him in his sleep. An inanimate oversize USB that kept his secret with a secret of its own. The irony was confounding. The anxiety, undeniable.

Apr 5, 2017

7.4 BTC = $8,325

THE SEARCH

The following morning, he started looking for alternative methods to access his wallet. Methods that did not involve recalling the PIN or recovery words. If he lost his debit card PIN instead, he could have contacted his bank and reclaimed access. Bitcoin was different. There was no front desk to lodge a complaint against. Just a vast network of computers that don’t know each other and a hardware manufacturer that was equally as helpless. The high quality bitcoin services/devices, at least the ones you should be using, are designed so even the service providers can’t help you when you screw up. Mark had stored his private key on such a device and now he was on his own against the most powerful network in the world.

May 25, 2017

7.4 BTC = $12,861

THE HYPNOTIST

When shear force of will failed him repeatedly, Mark now turned to an unusual science to fish out the important memory that was making him miserable. His wife had done an interview with a Hollywood hypnotist a few years earlier. She made a reservation and Mark went to see her. 

Early in the session, the hypnotist had him reenact the experience of writing his PIN on a piece of paper. She was meticulous about every detail down to the color. She put the paper in her desk drawer and asked him to sit down, open the drawer and look at the paper. She explained that they were trying different techniques to trigger the memory of the PIN. After nearly four billable hours on her sofa, he decided the PIN was 5514455.

It took a few days to build the nerve to try again. Every time he thought about the hardware wallet, his blood would pound in his head then he would start to sweat. When he finally tried the number again, it didn’t take. He now had to wait 16,384 seconds, or about 4.5 hours.  

Aug 12, 2017

7.4 BTC = $28,749

THE FINAL GUESS

He tried to stop thinking about bitcoin, but how could he? The price action had been strong over the summer while CNBC made unrealistic predictions with their motley crew and lineup of newly minted celebrity guests. Twitter was abuzz with self proclaimed know-it-alls from every wood work imaginable. Mostly cartoon avatars that recently discovered freedom of speech.

Just a few weeks earlier, the eccentric software entrepreneur John McAfee tweeted that a single bitcoin would be worth more than $500,000 in three years. All this drama did little but fuel Mark’s anxiety. Everybody seemed to be making money. He couldn’t escape the fact that the only thing keeping him from a fortune was a simple number.  A number that he used to recall effortlessly. It was now hidden in his brain, impervious to hypnotism, meditation, and self-scolding. Bitcoin was growing in value, and it was getting further away from him. Mark felt helpless.

One evening, while folding laundry, his daughter came in with excitement.  

“I know what the bitcoin password is!  It’s 55445!”

“Why do you think that?”

“Well, you sometimes use 5054 as your password, but since the Trezor doesn’t have a zero, you would have just skipped it and put nothing there. You wouldn’t have made it 5154, you would have just used 554, and added 45 to it.”

He thought she might be right. Once the wallet was ready, he asked his family to gather around his computer with him. He wanted them for moral support, to make sure he entered the PIN correctly, and to share in the celebration if the PIN was correct. Mark was hopeful.

His heart was racing. He entered the PIN slowly. Each time he entered a digit, he looked up for a nodding approval from one of his family members like a bomb disposal unit where the wrong keystroke meant sudden death. After entering 55445, he hovered the mouse cursor over the “Enter” button. They all held their breath. He clicked it gently. IT DID NOT TAKE.

Wrong PIN entered. Please wait 32,768 seconds to continue…

“Ah, shit,” “Nine hours”. The next morning before breakfast, he went into the office by himself and unceremoniously tried 554455. It did not take.

Wrong PIN entered. Please wait 65,536 seconds to continue…

Great! Eighteen hours.

Aug 16, 2017

7.4 BTC = $32,390

THE EMAIL

What was wrong with his brain? Would he have remembered the PIN if he were in his 20s or 30s? He was feeling sorry for himself when he saw an email from the manufacturer in his inbox. The subject line read, “Firmware Security Update 1.5.2.”. The email stated that there was a bug in an older firmware versions that could be exploited by hackers. This exploit could potentially reveal seed phrase or PIN number. 

In order to exploit this issue, an attacker would have to break into the device, destroying the case in the process. They would also need to flash the device with a specially crafted firmware. If your device is intact, your seed is safe, and you should update your firmware to 1.5.2 as soon as possible. With firmware 1.5.2, this attack vector is eliminated and your device is safe.

Could there have been a vulnerability in the wallet’s security this entire time that could potentially rescue his bitcoins? He went on reddit to see what people were saying about it. The first thing he found was a link to a Medium post by someone who said they knew how to hack the wallet using the exploit mentioned in the email. 

The author included photos of a disassembled device and a screengrab of a file dump that had 24 key words and a PIN. The author also included a link to custom firmware but no instructions on how to use it. The author was a familiar handle. They had crossed paths on reddit five months earlier when he started looking for a solution to his problem! He considered getting in touch but decided to reach out to bitcoin evangelist Andreas M. Antonopoulos instead. They had gotten acquainted over the years and even done interviews together.

Mark emailed Andreas on Aug 20 and told him he couldn’t access $30,000 worth of bitcoin stuck in his hardware wallet. He asked if the vulnerability offered a chance to retrieve his bitcoins. Andreas replied:

The vulnerability described in the article is in fact real and it can be used to recover your seed, since you have not upgraded firmware to 1.5.2 (I assume), which disables this vulnerability.

Mark hadn’t upgraded. He was lucky and furthermore still because Andreas knew a teenage coding whiz who had done work on that particular hardware related software. The kid was a 15 year old UK resident who went by the name Saleem Rashid. Even though Andreas had never met him, they’d both spent time hanging out on Slack. The hardware manufacturing team knew about Saleem and previously gave him a couple of development devices to experiment with. Andreas suggested they set up a private chat with Saleem on Telegram4. A few minutes later, Andreas introduced him to Saleem:

“Mark is the owner of a well-locked Trezor hoping for a miracle.”

The plan was simple: Saleem would initialize a test device with identical firmware as Mark’s. He would practice a recovery hack on it then send the exploit program  to Mark over Telegram. Mark would buy a second device and practice installing and executing Saleem’s hack until he mastered it. Only then would he attempt the exploit on the original device. This was all head banging technology with high stakes. Mark asked for step-by-step video instructions on what to do. He offered 0.05 BTC ($200) up-front and an additional 0.2 BTC ($800) if the hack was successful in getting the bitcoins back. Saleem agreed to the terms. Mark added, “If you end up spending a lot of extra time preparing the instructions, let me know and we can increase the payment accordingly.” He ordered a second device on Amazon. 

Aug 24, 2017

7.4 BTC = $32,387

THE FEE

SALEEM:

Hey Mark The video is done, but I would like to raise the price a bit for a few reasons

1. Making the video was absolute hell (I don't have a proper camera for this so I had to do some elaborate mounting system which took ages to set up)

2. I had to write the code for the exploit firmware (which I think should be factored into the price)

MARK:

Fair enough

SALEEM:

So, would it be possible to get 0.35 BTC for the video and the exploit firmware, then 0.5 BTC if you're successful? For a total of 0.85 BTC.  I know it's a steep increase, but I think it's a fair amount for the work I've done

MARK:

Have you tested your firmware on a device that's running the same firmware that I have?

SALEEM:

In the video I install 1.4.0 on a device, set it up, then get the PIN wrong a few times (so it's in the same state as yours)

MARK:

OK, it's a deal then.

He just agreed to the equivalent of $3,700, almost four times the original fee. But he figured it was worth it. If he could just see his PIN again—the one that wallet recovery services, reddit users, and everyone else told him was irrecoverable—he would happily pay Saleem whatever he asked. It would be a miracle. How could you put a price on that? Mark was optimistic.

Saleem gave Mark a bitcoin address and he sent him 0.35 bitcoin. A minute later, he uploaded two files, one called exploit.bin, the other a 10-minute video. The video was a screen capture of his computer display, showing Linux line commands that he was entering in a terminal window. There was no sound. The lower-right of the video had a picture-in-picture of his device, taped down to a desktop. 

Aug 26, 2017

7.4 BTC = $32,208

THE EXPLOIT

It had been almost 5 months since the hardware wallet locked him out of its contents but on the night of  August 26, Mark slept surprisingly well. The following day was showdown. He had the house to himself. He cleared off a small desk in his office and went to work on the device.

He watched the exploit video and copied down Linux commands that he would paste into a terminal window. By following the instructions, he downgraded the firmware. He then gave the test device a new PIN (2468) and wrote down the 24-word seed it generated. After that, he installed the exploit firmware and entered a few more commands. It worked! The practice device had been successfully cracked. He could see the recovery keywords and PIN on his computer display. He went through the process six more times, which took the entire morning and most of the afternoon. Time flew.  He missed lunch and his usual afternoon espresso but he had no desire for either. Mark was on a mission.

Now came the time to try the exploit on the target device that held his 7.4 BTC. You’d think that seven trial runs would’ve prepared him for the real deal but Mark was nervous.  One instruction at a time. He downgraded his device firmware just like he’d practiced. Then he installed the exploit firmware. There was no turning back. Either this was going to work, or the device would be wiped clean. His bitcoin would be gone forever, even if he happened to recall his PIN sometime in the future. Now he needed to enter a few more commands to read his 24 word seed. He stroke the keyboard deliberately till the final command. Then he leaned over and hit enter. IT WORKED! 

The 24 seed words he’d written on a piece of paper in December and lost in March had risen from the graveyard of lost bitcoins. They were now glowing on the screen of his computer. He could’ve stopped there. Those 24 words were the only thing he needed to recover his 7.4 BTC. He could’ve reinitialized the device, entered the words back into it and he would’ve been done. But there was one more thing he needed to do, and it was even more important than the money. He was going to force the device  to cough up his PIN.

From the exploit instructions, he copied a string of text and added it to a Linux command Saleem had supplied. The PIN appeared instantly. He stood up, raised his arms, and began laughing or crying. He had conquered the device and one-upped the part of his brain that thought it could keep a secret from him. Fuck both of them, he thought. He had won against cryptographic odds.

REKT

Why hadn’t he backed up his PIN outside the orange note? And why did he leave the only copy of his back up under a pillow? No reason. We often overestimate our memory, which is a good place to lose things longterm. You forget more things than you remember, phone numbers, dates, names and passwords. It didn’t occur to Mark that the tooth fairy would visit and take his seed phrase. And he expected to remember his PIN number with no effort. He just might have, if he’d tried sooner but we’ll never know.

In the months he spent trying to crack his device, he learned more about bitcoin and passwords than most will learn in a lifetime. He even got hands-on experience with firmware of a hardened cryptographic safe. But it is likely he would’ve preferred not to learn the hard way. In the future, he won’t leave his backups in an un-secure location again.

LESSON

Mark backed up his seed phrase and PIN the right way in the beginning but he didn’t plan sufficiently for his trip. You don’t keep the keys to your Swiss Bank deposit box under a pillow. The cleaning service personnel could have found it. What if they knew what it was and wiped his wallet clean before he got back from his trip. Lucky for him, they only threw it away. The right action was to treat the physical safety of his wallet with the respect it deserved. He could’ve kept it in a secure drawer and left a message for his next of kin. That way, if anything happened on his trip, his bitcoin would have found its way to the right hands. When you make a physical backup, you move security into the physical realm. You should account for physical threat vectors. While Mark wasn’t attacked from the outside, his human weakness got the better of him. Never overestimate your ability to remember. 

How should you back up? There are several ways to do that safely depending on your level of technical expertise. If you have the chops of a grandma, copy your seed phrase into a notebook and label it “grandmas recipe”. If you are a computer savvy dad  with a blackberry, print your seed phrase and private keys on a home computer. DO NOT print on your office computer. If you do, there will be copies of your seed and private keys on the office network. If you are an advanced digital native, you could encrypt your seed phrase and store them in two USB drives. Label them carefully and never lend out or connect to a computer after you test your backup. Always test your backup or you risk locking yourself out of your own treasure.

I THREW AWAY MY HARD DRIVE 

7500 BTC IN A LANDFILL

I wish I could  go back in time and not throw that  drive away. - James Howells

James Howells was an IT engineer living in Newport whales. By the end of 2008, just before  Christmas, he stumbled upon an intriguing find. A technical paper like nothing he’d ever seen. It was concise and conveyed big ideas with eloquent precision. James was one of the few people on earth lucky enough to have the intellectual curiosity and technical literacy to discover the bitcoin White Paper. He downloaded it, gave it a quick scan but didn’t act for weeks. 

At that time, there was no information about bitcoin. No websites, no YouTube videos, nothing. There were only 2 pieces of information you could download. The bitcoin White Paper and the bitcoin client (software). When he finally got around to reading the White Paper again, it was January 2009. He read it a few times and started to think differently. He suspected it was a monetary system where issuance and supply were decided by a network of computers online. So he started mining as a participant.

In  order to mine bitcoin back then, you needed 3 things: the bitcoin client (software), a history of all bitcoin transactions and a connection  to other computers mining bitcoin (nodes). James already had the bitcoin client. He downloaded the history of all transactions, there weren’t many. Finally, he connected to all the other computers mining bitcoin. There were only 6 of them. When James started mining, he was connected to Satoshi Nakamoto’s personal computer on the network. 

I mined more than 7500 coins over one week’s time in 2009. There were just six of us doing it at the time and it was like the early days  of the  gold rush.

James would leave his computer on all night to mine virtually free bitcoin. The process ran his machine hot and drove his fan to overwork. After a while, the noise became unbearable so his girlfriend made him stop. He had accumulated about 7500 btc. He forgot about bitcoin. Four years passed and life went on.

During that time, James tinkered with keyboards, computer mice and hard drives in his home office. He was a bit of geek. One day, after spilling  a drink  on his laptop, he took out the hard drive and put in his drawer. Over time, his tinkering hobby built significant clutter. In 2013, it so happened  that right  before a scheduled holiday, he decided to clear up all the clutter. During the clean up, he came across 2 unlabeled hard drives in his drawer. He threw one in the garbage. It was somebody else’s problem now. The  garbage eventually ended up in the Docksway  landfill site near Newport, Whales. There was less clutter in James’ life.

Not long after, bitcoin started making the news. It always does. The  increase in price, the silk road shut down, stories of newly minted millionaires and the list went on. James remembered his  stash of 7500 btc. It was more money than he had made in all his professional life.  He had struck oil by simply leaving his computer on to run a noisy software for weeks.  All he had to do was access the hard drive and he would be rich. That’s when  he realized he had thrown out the wrong hard drive.

All the files I believed I needed were already  on my new computer. The drive was in a drawer on its own after an incident with a  previous  laptop. And I thought I had taken off everything  I needed.

He rushed to the landfill requesting permission to dig up his hard drive. Permission was denied! The city council cited environmental concerns as grounds for rejection. He requested a few more times but was denied each request. With every passing day through 2013, his hard drive grew in value until market cycles reversed by the end of the year. Devastated, he went to several IRC chatrooms looking for help in retrieving his hard drive. This is how a reporter picked up on the story and it became national news.

In 2014, the price of bitcoin declined steadily making it less appealing for any excavation requests. It became an economic versus environmental argument for a while. In 2016, bitcoin price started creeping up. The economic side of the argument started to look good again. James found investors willing to shoulder the risk if anything went wrong but the city council did not reverse their decision. The entire time, the land fill had been, well, filling. Bitcoin’s volatility was taking them all for ride. James was not having fun staying poor.

In 2017, when bitcoin skyrocketed again,  he went back to the  council and told them the hard drive was worth $100 million. They still said no. But it was different this time. He could  sense  they were interested. 

In 2022, he went back with fresh ideas for another excavation mission. This time it included not only environmental and data recovery experts but robot dogs for security so no one else would try to steal the hard drive. James offered to sweeten the deal by turning the landfill into a power generation plant that would mine bitcoin for the people of Newport if he was successful.  

The jury is still out but at what price point would the landfill council  cave? $100k, $500k or $1 million per bitcoin? Guess we’ll all find out together. 

REKT

In the UK,  general waste bins are given serial numbers. When a bin is full, it is taken to a landfill where the operators assign a grid reference to it. This grid reference ties a location to the content of a general waste bin. In theory, a garbage collection date and serial number should be enough to estimate the location and depth of the hard drive, with longitudinal precision, in a sea of garbage.  As interesting as this information is, none of it matters if the landfill council do not approve. And approve, they did not. The council had safety concerns that included harmful chemical leaks as well as potentials fires that could burn for years. There was also the possibility that the hard drive may have deteriorated beyond recovery due to corrosion.

Nobody outside of landfill operators needs to know any of this. But James did. And now so do you. Instead of prioritizing life and a profession, James became a landfill expert among other things.

I would like to know which  hard drive experts they consulted, because  I am pretty sure the council have nobody  who is qualified in  data recovery on  their team.

It is difficult to fault him. He backed up his bitcoin wallet even  when they were worthless. There were no hardware wallets at the time. BIP39, the innovation that gave us the seed phrase, had not yet been invented so he couldn’t take advantage of it. Perhaps he could have labeled his hard drives properly? His story is a true tragedy but it underscores the importance of backing up your wallets. In the undesirable event that you lose access to your bitcoins, nobody can help you without a backup.  

I’m absolutely  devastated as you can imagine. 

We never would have known who James was or at best he would have simply been one of the early bitcoin nouveau riche. Now he is immortal to bitcoin’s history because of the fortune he lost and the lesson we draw from it. Perhaps it was for the best. Finding his hard drive would mean finding an extra clue that could potentially uncover bitcoin’s mysterious founder. Nobody wants that. Or do we? 

LESSON

Your backup is plan b if something goes wrong unexpectedly. If you make a physical backup, then treat physical security with seriousness. This means that you wouldn’t let it fall into the wrong hands, fall victim to the elements or suffer from human shortcomings or incompetence. You would keep it in a safe that is protected with physical assurances. You would create a failsafe so that your memory doesn’t let you down.

Short and sweet as promised. Now you know why you should always back up your private keys, seed phrase and PIN. Lord Thoth can’t help you if you don’t. If you think that’s bad, wait till you hear the horrors about how exchanges are run and the people who kept their bitcoin on them in “CHAPTER 3”. Don’t forget to comment and tell your friends. Lord Thoth appreciates you.

Next: CHAPTER 3

Leave a comment

First time? Start here!

Previous

"Premature wealth is but the forerunner of humiliation and disaster because we cannot permanently retain anything which we do not merit or which we have not earned" - CHARLES HAANEL

It is tempting to assume that early adopters got lucky and are now swimming in wealth. This assumption fails to take into account that today’s certainty was yesterday’s risk. Nobody was sure of anything despite how they acted. It was also easy to lose coins because there weren’t any sophisticated tools to secure them as we have now. Further more, bitcoins were worth very little so it didn’t make sense investing a lot of time in securing them. The early investors were people with a lot of free time: unemployed developers, smart students who were bored with school just to name a few. They didn’t have extra money to keep buying coins  and they still had living expenses and overhead. Venture capitalists were not pouring money into bitcoin as they do now 

In reality, only a small fraction of early adopters knew what to do with it. Whether gold, silver or bitcoin, the same rules of investing apply: delay gratification for as long as possible while living off alternative income. Most early adopters had a lot of free time and not a lot of responsibilities. This important advantage gave them the freedom to inspect the novelty that was bitcoin. But it also led to their inevitable downfall because they couldn’t hold on as long as they would have liked to. Little income meant that they spent bitcoin every time it got volatile. If you did not already have an investor’s mindset before discovering bitcoin, then being early did you little financial good and probably a good deal of psychological harm. 

GUIDO THE UNFORTUNATE

“BITCOIN RUINED MY LIFE”

In 2010, an Italian named Guido learned about bitcoin. His last name has been redacted for privacy. Not much else is known about him. He was secretive but computer savvy beyond most. He installed a bitcoin client and mined some with no expectation of future returns. During that time, the mining rewards were sent to  a wallet.DAT1 file on his personal computer. After a while, he switched off his miner and never gave it much thought. A few years went by, Guido bought a new PC.

In 2013, bitcoin hit the fringe edges of mainstream consciousness for the first time. It wasn’t the technology that caught media attention, but the speculative run up in price. Guido was shocked. He’d never imagined that the virtual currency he got for running software on his computer would have amounted to anything of financial value. And that’s exactly what the problem was. It was too early to imagine anything. He searched for his wallet on his computer. He did not find it. His anxiety turned into horror as the price of bitcoin erupted to $1300 in 2013.

Guido was gutted. The weight of his mistake bore heavy with every minute he thought about it. And that’s all he thought about: how a measly energy investment in 2010 could’ve changed his living conditions by mind-blowing margins. He got quite good at math as he frequently calculated his unrealized gains while thinking of all the things he could’ve done. He could’ve paid for his father’s medical expenses without breaking a sweat. It was all too painful.  In time, he lost his will to live and became suicidal. Ironically, the only that kept him from taking his life was an unhealthy obsession with the numbers.

I'm addicted to those numbers in the wallet

He continued to live under a delusion that the lost bitcoins were still his. If he couldn’t get them back from his wallet, he would get the value back by investing in one of the many newly minted altcoins. They mostly came and fizzled out quickly. Guido lost everything on his new investments. That’s when he decided, he had missed the boat. It was still 2013. 

REKT

Guido’s biggest crimes were being too early and not adopting an investor’s mindset. We give him a pass for not storing his bitcoins properly. Modern tools were not yet in place for that and it wasn’t worth the effort. You couldn’t buy a cup of coffee with 10,000 btc in 2010. 

His life was mediocre when he discovered bitcoin. He had no knowledge of investing or financial planning. Very little about him suggested that he could handle large amounts of money with grace. So it wouldn’t have mattered if he lucked into pre-iPod apple stocks or bitcoin. It is likely that he would have sold too early and ended up with similar regret. Or that he held round circle from top to bottom of a cycle for another bout of regret. The gods gave him fire and then gave him wind. 

LESSON

Would you rather be Guido in 2010 or be yourself today and just finding out about bitcoin? Would you rather be financially literate enough to grow a portfolio over time or get lucky to lose it just as quickly? Deep down most people prefer to get lucky believing they can hold on to that wealth. In reality very few do. There are no shortcuts. Any early bitcoiners who held on to their wealth did so because they were already financially literate and knew how to delay gratification like monks.

The situation Guido found himself in, was no different from millions of investors around the world at some point in their respective journeys. If bitcoin had not appreciated in value, his life would have continued along a mediocre path. And if news of its appreciation had somehow missed him, he would’ve been still poor but relatively happier. The problem wasn’t losing his bitcoin prematurely, he would have lost them eventually. The problem was him. 

The right approach to treating something like bitcoin is to adopt the mindset of planting a tree. You know it will take time to bear fruit. You also know you need to eat in the meantime so you find other sources of nourishment. If anything happens to your tree, plant a new one. If you don’t, you will starve. It is only this way that any investments can provide you with meaningful rewards that lessen future burdens. “Wen moon?” is for amateurs. It’s 2022 and we are ridiculously early.

“MY ALL MY MONEY”

THE UNFORTUNATE RETIREE

In 2013, an anonymous Redditor, 64 years of age was nearing retirement. He had saved all the money he thought he needed to live in comfort by his standards. Then he discovered bitcoin. It was at the height of a bull cycle when exuberant media drowned out any rational thinking. He jumped in reddit threads and started doing research. He didn’t read much about adoption or how the technology worked. He was drawn to articles that fueled price fantasies.

He read about how bitcoin was going to the moon. What a curious thing to read. Everybody was getting rich overnight in a decree by first time investors, whose only useful skills were telling the colors green and red apart. The euphoria was infectious. The few savvy investors around didn’t help dampen the mass speculative psychosis that was ravaging a small but fiercely growing community. The original  island boys2, Winklevoss twins, made predictions for a single bitcoin to reach a price of $40, 000. That was 40 times its current price. Their timing was only off by about 7 years but our Redditor was already convinced beyond rational doubt. He wasn’t good with computers so he had his son buy them for him through an exchange. He put in his life savings at a price of $1000 for a total of 85 bitcoins. He had spent the last 30 years earning that money but he didn’t hesitate to go all in on a shiny unproven technology. 

I asked many people if i still should get in at 1000 and got the same answer from everyone: 1000 is cheap. We will be at 10k soon.

There is often wisdom in a crowd’s collective reasoning but that is not what our Redditor picked up on. The price bounced around $1000 for a while but mostly under the influence of gravity. He didn’t sell because the Reddit threads were still euphoric. Everyone kept saying:

This is just a small correction 

So he held on even though he had lost a small percentage which turned out to be a sizable amount in dollars. That small percentage started to snowball until it became non significant. He was still confident the price would go up but alas it did not. $900, $700, $500, $350. Confidence evaporated as he watched the mood in the Reddit threads change from optimism to blue funk. The mass hypnosis had subsided and a calming reality took its place. He was now a bag holder.

His misfortunes didn’t stop there. House payments were due, without which he would lose his property. He couldn’t let that happen. Being homeless wasn’t an option for a retiree. And so he became a forced seller at capitulation prices. Bitcoin was supposed to change his life and it did.

REKT

Our Redditor found bitcoin early which was good on him, but he never should  have invested everything with so little understanding of how it worked. He didn’t know about bitcoin’s inflationary schedule. He didn’t know about all the earlier adopters who were looking to cash out some profits. It is also possible that his security hygiene was not sufficient for the amount he invested. If the prices hadn’t done him in, something else would have.

Investing “MY ALL MY MONEY” as he worded it on Reddit meant that he became hyper-focused and sensitive to price fluctuations. Every downtick or uptick had to mean something. It didn’t help that he got his answers from unsophisticated investors on reddit. It just meant that he was in a sinking bubble with other investors who couldn’t swim.  Misery loves company but we all suffer individually. His’, culminated in the loss of a lifetime’s retirement.

He spent the rest of the year calling bitcoin a Ponzi and blaming Redditors for perpetrating it. Reddit retaliated in vile.

It is common that old people get scammed online

LESSON

When you encounter something new, your first impulse should be to curb all other strong impulses. Take a breath, slow down and wait for the initial excitement to go away. A clearer head would have informed our Redditor that he could’ve bought  a bit, say 5% every few weeks. The subsequent drops in price would’ve stung less and perhaps fueled an impulse to buy at lower prices. This time tested investor strategy is called “dollar cost averaging”. Our Redditor went all in. Never go all in.

THE ORIGINAL ISLAND BOYS

THE WINKLEVII

Vengeful intent stabbed through the air of a cold boardroom in a law firm in 2008. One half of the Winklevoss mirror twins, Cameron, fixed his gaze on a young Mark Zuckerberg, knowing the only thing between the two of them was a literal army of lawyers. The other half, Tyler, paced outside in giant strides. Mark had requested that only one of the twins be present at the preceding.  He feared that the two combined were enough to slice through the lawyers like Spartans and end him. He was not wrong. The twins were built like Spartans, 6 ft 5, athletic wingspan and perfectly chiseled bodies. That didn’t stop Mark from stealing their idea, turning it into a global business and leaving them on the sidelines. The twins did not take kindly to this. They had been fighting legal battles since 2004 and after all this while, it came to a showdown in a cold boardroom surrounded by the same legal referees. 

The negotiations were tedious but finally ended in a settlement. Mark grudgingly agreed to pay $65 million for Tyler and Cameron’s competing startup, Uconnect. The twins knew they deserved more, however it was a done deal. They accepted the offer but not all in cash, they weren’t stupid. They took $20 million in the bank and the rest, $45 million, in Facebook stock options. Despite how things turned out, they were poise and logical in their decision making. They knew Facebook had potential and that it would be profitable to leave skin in the game. Plus there was some amusement at the irony that Mark now worked for them.

In 2010 the twins woke up to an invitation for a movie screening. It was about them and their arch nemesis. It did well on release. Life was great and $20 million in cash made time fly but they didn’t retire just yet.  In 2012, they started something new. Since they liked the idea of meeting founders,  the twins setup a family office eponymously named Winklevoss Capital. It was really just a venture fund with their name on it. Cameron and Tyler had met with lots of founders when they realized that almost every startup wanted to integrate with, or eventually sell to Facebook. Fuck that! They needed a break.

In August 2012, they flew out to the Mediterranean island of Ibiza to get drunk and party. The summer was great and they were having a fantastic time when a strange man approached them. He was from Brooklyn.

You are the guys from that Facebook movie right?   

Cameron and Tyler didn’t know whether to give him a wedgie or just leave. The gentle giants smiled and indulged him. As they chatted over tequilas, the strange man asked them a question that would alter the rest of their lives to this day.

Have you heard about virtual currency or bitcoin?

No. Tell me more.

That day, Cameron and Tyler drank a lot of tequila as they listened to the weirdest pitch from a non startup. This guy could talk and he was clearly passionate about something he did not create. They exchanged twitter contacts and when they went back to the States, the strange man sent them links with lots of reading material. If there’s one thing Harvard grads can do well, it is research. The twins lost themselves in a rabbit hole of bitcoin literature. At one point, Cameron turned to Tyler and said:

This is either complete bullshit or the next big thing. 

They suspected the later but research did not stop there. They wanted to understand everything about bitcoin and since they were well connected, they could get in the room with core protocol developers. They asked questions about how bitcoin worked, how it was issued, how it could be stored safely and how it could be destroyed. The responses were mind bending. These developers were a lot smarter than Mark or anyone else at Facebook. Perhaps in another life….never mind. The twins learned that bitcoin was a new kind of money outside of government issuance and control. And that it couldn’t be destroyed without bringing down the internet so governments would have no choice but to work with it. The orange pill they took from a stranger in Ibiza was taking effect.

Cameron and Tyler ate, slept and dreamed bitcoin. They felt vibes from the early social network days but this was more meaningful. Instead of sharing pictures or connecting with people which was great, now they could participate in a money network. The infatuation that came with early discovery soon wore off and it came time to buy some bitcoin. The price was still in the high single digits with little liquidity here and there. The twins had $11 million to invest but they didn’t want to move the price. So they bought in batches over 6 months period. A little bit from brokers online, some from an early exchange called Bitstamp,  and the majority from Mt Gox. The experience was terrible, sometimes they would watch the sites go down for 12 hours while they waited to purchase. As they bought bitcoins, they immediately took them off the exchanges. Their developer mentors had taught them well. 

Now the twins had purchased about 1% of all bitcoin supply, it was time to advertise their newest investment to the world. The residual fame from their old lives came in handy. A lot of similar minded investors took notice but these new investors were not subtle about buying. They threw money at it with no regards for market size. This was partly responsible for the 2013 mania. For a brief moment, the twins became billionaires on paper. They didn’t sell because they thought it was going t $40,000 per coin soon. It didn’t. They watched the price go down with some dissatisfaction and still didn’t sell. They weren’t paper hands3.

Then Cyprus financial crisis happened. The Cypriot government took money from every account with over $100, 000 to bail itself in. It was all over the news. Cameron and Tyler saw this as the holy grail of advertising. Bitcoin was money that governments couldn’t seize and it was going to happen again in some other country. The more it did, the more high net worth individuals would investigate alternatives. So they started a business in 2014 to accommodate anyone who wanted to buy bitcoin. That business became Gemini Trust. An exchange for onboarding fiat users.

Their business has continued to grow till this day. It even acquired the notoriously difficult BitLicense4 in order to serve New Yorkers. And in 2018, they were awarded a patent for a tech behind ETF implementation. While no ETF has been permitted yet, they would be green lit when the time comes.

LESSON

The Winklevoss twins grew up in a conducive environment which gave them an advantage over many early bitcoin adopters. Their father was an entrepreneur and as kids, they would visit the office and talk to the engineers asking questions about God knows what.

They were also investors through and through. As evidenced from their settlement with Facebook, they kept skin in the game to capitalize on future profits. Mere mortals would have cashed all out with spiteful feelings towards Mark. They kept their stocks as seed investments for the next big thing which was right around the corner.

When the twins learned about bitcoin, they didn’t dive head first, they researched like scholars. They learned what to do and what not to do from the best in the field. This saved them from the catastrophe that was Mt. Gox a year later. Even as  they bought bitcoin for the first time, they did it like professionals. They only used a fraction of their money at a time so as not to move the market or draw attention to themselves. It was only after purchasing their fill that they started touring the world to talk about it. 

For every problem the world saw, the Winklevoss twins saw a new business opportunity to protect their investment. They weren’t too keen on ideologies, they simply made sound investment thesis and followed through. They weren’t interested in competing, they were thinking of growing the pie. A trait that started from their early school days in Connecticut when everyone was joining the soccer, basketball and tennis teams, they started rowing. They commuted to a lake about an hour from the city during which they did homework. After a year, they went to the headmaster and formally applied to start a rowing team. Today almost all schools in the area have rowing teams. This is testament to the Winklevoss twins talent for starting and building things that last. 

From the beginning, the twins treated bitcoin like an investment to be studied and then followed with action. Be like them. Read the rest of this book.

So we have seen two types of early bitcoiners but there are more. Keep reading to find out about some more early adopters who didn’t backup their bitcoin wallets and are now out of a major fortune in “CHAPTER 2”. Lord Thoth could whisper it in their ears but gods are not allowed to intervene. We can only watch and tell it as it is. Find a typo and earn Lord Thoth’s gratitude. Also subscribe and tell your friends.

Next: CHAPTER 2

Leave a comment

First time? Start here!

Previous

Knowledge acquired through the lapse of time is always superior to newly acquired knowledge.

However brief the history of bitcoin, it is replete with individuals who made monumental blunders in hindsight. They acted on the best information available to them. But knowing what we know today, we find their choices unbelievably ludicrous. No rational humans would have acted in the way they did right? Wrong! They were merely the first in a long line of historical footnotes that will continue in perpetuity. Some of these people have died, some locked up, some too embarrassed or scared to share, and the rest reported as drab columns by editorials eager to fill quota.

I’ve had the fortune of interacting with many of these fascinating people on social media. Perhaps not directly, but I followed a lot of them in loose circles of trust. To the people I will butcher, misrepresent or make look bad, mea culpa, mea culpa, mea “maximalist” culpa. It was either going to be me or a less empathetic maximalist.  

While Scrolling through twitter, reddit and 4Chan in 2013, I realized the hacks, the cons, the comedy, the camaraderie were all too intense for a tiny community very few had ever heard of. This was history unfolding everyday in realtime. So I created multiple anonymous accounts for the dual purposes of trolling and investigation. I wanted to get a better sense of what was happening behind mainstream editorials, because a lot of teachable moments were being wasted behind tasteless commentary. Back then our collective strategy was to create memes and hope posterity would learn from them. Turns out it requires a lot of education to understand memes and many people simply don’t have a basic foundation. If history is not studied, it is bound to be repeated for better or worse. 

But is it really worth studying the circumstances of early bitcoiners? 

The simple answer is yes. To illustrate, imagine a farm boy who visits a big city for the first time. He wouldn’t know how to use PayPal, Venmo, Alipay, Apple Pay or any payment alternatives we take for granted today. As a result, he would be at an unfair disadvantage against city dwellers who grew up with digital payments. Our farm protagonist wouldn’t know how to receive remuneration for his services.  He would likely get swindled when he uses his first credit or debit card. He would make many mistakes before getting up to speed with everyone else. His journey to prosperity would begin at a terrible disadvantage.

Now fast forward to 2030 or any future you are comfortable with; people who don’t understand how bitcoin works will be at a similar disadvantage to our farm boy. They will not know how to setup a secure wallet or how to purchase or earn bitcoin privately. They would obligingly give away their bitcoin because Elon Musk1 promised to give back double on twitter. Or they would sell their bitcoin because China banned it for the umpteenth time. These are comical but real lessons many people experienced the hard way. 

If you were lucky enough to embrace bitcoin early, it is likely that  you have already made some of these mistakes. But as bitcoin reaches wider acceptance, and appreciates in value, these mistakes will only become more expensive. Losing a hundred bitcoins in 2011 is not the same as losing a hundred bitcoins in 2022, and it won’t even come close by 2033. You could learn from your own experience or from the experiences of others. History has proven it is more cost effective to learn from the latter.

This book is a curation of other people’s mistakes and triumphs, for your education and entertainment. While reading, you might be tempted to think you could’ve done better. Perish the thought. You would just as likely have ended up a footnote. The knowledge here will save you time and prevent you from becoming that disadvantaged farm boy. You would be standing on the shoulders of proverbial giants, in a world where a virtual currency is poise to overtake government issued money in adoption, trust and mass appeal. It is simply paramount that you understand how bitcoin works in modern society. 

If you are just learning about bitcoin and would like to understand the do’s and don’ts of this financial revolution, then this book is for you. If you are an old timer who has seen a few exchange hacks and  darknet cons, then this will make for an interesting read while reinforcing what you already know. It will also make a great gift for your friends who have many, yet simple questions about bitcoin. All the popular anecdotes from the early days up until 2022 in one place. Since Bitcoin is never done, there will always be new lessons to draw from. As new lessons arise, I will document them on an open source version with help from friendly contributors. 

This is not a genesis book. Many brilliant authors have covered that in early publications. This is not a technology book for developers or nerds either. It is a high level exploration into how bitcoin works, along with a set of rules you must follow in order to take advantage of it. It marries technology to social contracts that will keep you and your bitcoin safe. If you follow the rules, you will reduce the odds of losing your bitcoin to criminals, hackers or even worse, the State. 

Every chapter comprises a technical or philosophical introduction followed by a concise story to help it stick and finally a word of advice from an expert.  All the stories are fact checked and have been verified from direct sources or the closest alternatives. While some laws may seem overwhelming on first inspection, you must remember that securing bitcoin means becoming your own bank. You are the customer and custodian. There is no amount of paranoia enough to ensure that generational wealth is preserved and passed on accordingly.

Will there be tales about other cryptocurrencies?

No! Compared to what every other altcoin is doing, bitcoin’s singular vision of replacing the world’s money is preternatural. That is not to say that there isn’t some good outside of bitcoin but it is simply cleaner to focus on the big picture. Bitcoin leads, everything else follows. Eventually, someone will write a version of this book for altcoins which will reinforce my point, but by then you will have already mastered important principles in using public key cryptography in the real world. 

By the end of this book you will understand the properties of bitcoin that make it amenable to the underlying laws. You will be able to mansplain or “womansplain” at cocktail parties like a pro. I trust that I can remind you of things you already know, bring to your attention things you may have missed and urge you to take certain actions so you can control of your financial sovereignty. While bitcoin is inherently secure, the human element will always remain the weakest link. Obedience of these laws closes the weakest link. Transgression of these laws opens up unnecessary attack vectors to both your finances and physical well-being. Now let’s jump down the rabbit hole.

Did you enjoy the introduction? Then you will really love "CHAPTER 1" about unfortunate early investors from 2010 and 2013 who didn't know what to do with their treasure. But before that, leave a comment to let Lord Thoth know that you haven't forgotten him. If you spot a typo, you will become an honorary contributor here and on Github for the world to see. And finally, subscriptions make Lord Thoth stronger.

Next: CHAPTER 1

Leave a comment

First time? Start here!

Once a new technology rolls over you, if you're not part of the steamroller, you're part of the road. — Stewart Brand

In a few decades, bitcoin will become so intrinsic to global culture that no one will remember a time when it did not exist. By then  people will use it, without any special awareness, just like the internet. But if you asked most people what bitcoin is today, you would likely get different responses. Each correct and wrong in their own way. Why? Because it is an evolving technology that cannot be explained without context.

This subjective version of bitcoin that exists in people’s minds, is a result of their background. So you will perceive it differently  depending on where you fall on the social, economic or educational spectrum. If we accept the above premise to be true, then it would be foolish to constrain bitcoin to a single technical definition. After-all, nobody holds the internet to a precise perception despite how ubiquitous and transformative it has been over the decades. This is one of many similarities we count on bitcoin imitating over the years. Now let’s explore how different people perceive the internet.   

If you asked an elderly man in his fifties what he thought the internet was, he would probably say; “email”, AOL or one of the legacy portals he endured over the dial-up connection days. 

If you asked most millennials in their thirties, they might reply with whatever services they use for work or entertainment.

If you asked a citizen in a politically oppressed regime, they might say it is an expensive luxury that only government is permitted to use freely. The few that have it, might describe it as a portal to a parallel world where cats are deity.

If you asked a drug dealer, she might say it is a means for researching the best strains of Indica or a tool for drop shipping  so she never has to meet her customers in person.

If you asked immigrant workers, they might say it is how they keep in touch with family around the diaspora. 

If you asked a sex worker, he might say that it is a tool for getting paid out of his living room through a webcam. That way he would never be in danger of altercation with a violent female. Reverse genders if you find it more tasteful.  

If you asked a computer scientist or an IT professional, then things start to get interesting. They might say things like “it is a set of rules for transferring bits of information through a network of computers that requires a common language. This common language makes it possible to create a universe of applications that benefit society”. 

As you see, it is simply impossible to define something with such a multitude of consequences without applying relevant context. Now let us attempt to define bitcoin as perceived by people in society today.

THE  ELDERLY GENT

A man in his fifties who grew up with AOL and YAHOO as the “internet superhighway” might describe bitcoin as magic internet money.  In time, it could become the most convenient way to send his grandkids an allowance.  

THE MILLENNIAL WOMAN

Like the elderly gent, a young woman would still describe bitcoin as magic internet money with a hint of taboo because her government says it is bad. She believes her government like most of her peers. But when she finally succumbs to curiosity, she discovers the best savings technology ever.  

THE OPPRESSED CITIZEN

To a citizen from a politically oppressed regime, bitcoin would be a financial technology that saves them from irresponsible fiscal policies that precede hyperinflation. It is insurance against bad government decisions. 

THE DRUG DEALER

To a drug dealer, bitcoin would be a means of pseudo anonymous payment and elimination of violence from a dangerous trade. You would be able to save your hard earned drug money when regular banking institutions won’t touch you. 

THE IMMIGRANT WORKER

If you sought economic prosperity in a foreign land, bitcoin would be a one stop shop for all your remittance needs.  You won’t need to take any days off to queue at a money transmitter or remember your mother’s maiden name. It would be that technology that replaced all the predatory middlemen who took a piece of your money every time you sent some back home. 

THE COMPUTER SCIENTIST

If you were a computer scientist, it would be a protocol for value transfer. A protocol made possible by solving a problem that baffled the best computer scientists for decades; The Byzantine Generals problem. And by the way, if you don’t know what that is, then it is unlikely that you could have discovered bitcoin before 2011.  You then realize that it is a set of rules on which applications can be built, just like the internet. The only difference is that all the applications will have economic and financial consequences right out of the box.

Let us further explore how high level professionals might see bitcoin though the lens of their responsibilities. 

THE MODERN ECONOMIST

If you were a computer literate economist, bitcoin would be cryptographically verifiable digital scarcity. The first time we can prove that a digital asset is indeed scarce with fixed supply. Before bitcoin, you could replicate anything digital to the point it became worthless, making it uninteresting to economists. Bitcoin breaks the mold. It is digital and you can’t create more as you please.

THE ACCOUNTANT

If you were an accountant, it would be a new paradigm in accounting called triple entry bookkeeping.  You discover a secure global ledger system where credit and debit entries are not audited by Deloitte or Price Waterhouse, but by a built-in cryptographic entry.  This ledger is self balanced and self audited. It almost feels like the reason you would soon be out of a job.

THE HEDGE FUND MANAGER

If you were an investment fund manager that traded in liquid assets with risk management, then bitcoin would be a new asset class with asymmetric upside. It would be a tiny but  essential allocation to your portfolio that is not correlated to anything you have ever traded. It would be a hedge if all your other thesis go south.

THE CENTRAL  BANKER

If you were a central banker, it would be your life’s work codified to mathematical precision. A monetary system with no central issuing authority and no central regulation.  It would be an incorruptible version of everything you’ve been trying to accomplish.

THE REGULATOR

If you were charged with monitoring compliance of contractual obligations to the government and citizens, then  bitcoin  would be a shiny new thing  you should leave alone until you understand better. You cannot regulate something you don’t understand. You risk stifling innovation and you will not be able to enforce any rules you dictate in ignorance. Imagine regulating the internet with post office rules.

THE FINANCE MINISTER

If you were an executive or cabinet position holder in charge of government finances, bitcoin would be a new asset class you need  to learn about quickly. Because it is neither issued nor regulated by a competing sovereign state, it could be your hedge against unfair International sanctions.

WHY SHOULD YOU CARE ABOUT BITCOIN?

By now you should be convinced that there is no one size fits all definition for bitcoin. “If you don’t get it or don’t believe me, I don’t have time to explain it to you.” With that out of the way, why should you care about Bitcoin? Because the first application of bitcoin is money. Do you remember the first application of the internet? It was email. Now think about this: email versus money.

The early internet was a simple protocol for information transfer. It included something called SMTP (Simple Mail Transfer Protocol ) from which we built email. Email was  slow and it delivered text within minutes. We optimized SMTP for speed and built messaging services. We further optimized to include video. This unleashed a torrent of streaming services which introduced the era of YouTube. Next, we added reputation systems and built services like Amazon. We then added geolocation and the Internet gave us Uber and Airbnb. This oversimplifies but it conveys the idea that we arrived at the modern web through step by step iteration.

In a similar way, bitcoin is a protocol for value transfer. We are in the SMTP days. The really early days where we transfer value by signing a private key (completely encapsulated from users). Can you imagine what we will build on top of that? Can you imagine the services that will exist when we get to the “Uber” era of bitcoin? Can you imagine the applications that will be created when bitcoin becomes native internet money? Certainly no one can, but we often make educated guesses based on current trajectory of development and the fact that we are hard-wired to go after low hanging fruit. Creativity is hard work.

With unlimited upside and a non-trivial downside, the most important investment you can make today is to educate yourself about this new technology. Will it survive indefinitely? Nobody knows for certain, but you should never bet against innovation. How seriously should you take Bitcoin? Probably more seriously than you should’ve taken the internet in the early eighties.

Now, you understand why We wrote this book and why bitcoin is important. Next, you should find out why We study early bitcoiners in the “INTRODUCTION”. Lord Thoth sees your growth and rejoices. Now send him your prayers and subscriptions so He can serve you better.

Next: INTRODUCTION

Leave a comment