What’s Up with My Transaction? – Lost Bitcoin Recovery Flow Chart

Remember:
* Crypto transactions are irreversible by design. Always double, triple check the receiving address before sending
* Be wary of scammers claiming they can recover lost coins. This is often not technically possible as I’ve outlined above, and they will use your information to steal from you. No one doing business through instagram, whatsapp, etc. and spamming comments is legitimate

If you think you’ve got a chance to recover your funds, these tutorials may help:

Article version of the above tutorial

Article version of the above tutorial

Cryptocurrency Network Forks, Explained

Overview

One of the beautiful features of open blockchains is their ability to “fork” in the event of an irreconcilable difference between community members. Many forks have happened in the short history of cryptos – Bitcoin to Bitcoin Cash and Ethereum to Ethereum Classic, to name two major ones. But what actually happens, technically, during at network fork? Does every fork have to be contentious? Lets look at what happens during a fork and some different types of forks.

Split, Split, Split – What Forks Mean

How a “Fork” Works

How does a fork actually occur on a cryptocurrency network? First, we need to explore and understand what a blockchain is and the role blockchains play in cryptocurrencies. A blockchain is a globally distributed ledger of transactions between parties. For a set period of time (dependent on the network), transactions are batched together to form a new block that is added to the chain. In Bitcoin, for example, new blocks are added approximately every ten minutes.

The important thing to note is that these blocks must follow an agreed upon set of rules to be included. Transactions must follow rules, the block reward for miners must be followed, proof of work must be valid, and more. All rules must be followed for the nodes on the network (miners and other full nodes) to recognize the block as valid and pass it around as part of the blockchain. If the block is invalid, then it is rejected.

So what happens when the community wants to change the rules that the software follows? This is when the fork happens! A fork happens when nodes start producing blocks that follow a new set of protocol rules. The blockchain diverges at this block into a new chain, with the same history as the old one up until that point.

Let’s look closer at some types of forks to help us understand this concept closer.

Hard Forks (That Create New Currencies)

The first and most prominent example of forks are hard forks that create new cryptocurrencies. These are sometimes referred to as contentious hard forks. A prime example of this is the creation of Bitcoin Cash from the Bitcoin chain.

In August 2017, a sizeable contingent of the Bitcoin community was unhappy with changes (or lack thereof) from the Bitcoin Core development team. Bitcoin Core is a reference implementation of a Bitcoin node that defines the Bitcoin protocol rules. The Bitcoin Cash community wishes to increase the block size and reintroduce some Bitcoin scripting functionality, among other things. And so, the Bitcoin Cash community introduced new node software implementations such as Bitcoin ABC and Bitcoin unlimited that followed this desired ruleset.

At the time of the split, nodes and miners running Bitcoin Cash implementations such as ABC started creating new blocks that followed their ruleset, while Bitcoin Core clients continued with their ruleset. This created a divergence in the blockchain known as a hard fork.

The Bitcoin Cash Hard Fork

Soft Forks

There are also “soft forks”. Unlike hard forks, these don’t require following a new software version or upgrading to continue using the network as new blocks are added.

A prime example of this is the Bitcoin Segwit ruleset for transactions. Bitcoin Core developer Luke Dashjr figured out how to implement this change to the network without requiring old nodes to upgrade to continue following the Bitcoin chain. Upgraded nodes will recognize and enforce the rules for segwit transactions. Old nodes, however, simply ignore segwit transactions as “anyone can spend” transactions without having to understand the segwit rules.

Soft forks are useful for backward compatibility, which can ultimately make it easier for individuals and companies to continue using cryptocurrencies without constant upgrades. However, it’s much easier to rapidly iterate and add new features using hard forks, with much less complexity than soft forks require.

A soft fork, with no divergence in the blockchain

Chain Splits

It’s also important to note that not all hard forks result in the creation of new cryptocurrencies. In fact, most hard forks do not!

Hard forks can occur on a single cryptocurrencies’ chain in two ways. The first is when two miners are working to create two different blockchains that ultimately re-converge. Miners ultimately follow what is called the longest proof-of-work chain. Sometimes, miners in different parts of the world may create 2-3 blocks that are different than 2-3 blocks added somewhere else. However, these minor forks usually resolve themselves within a few blocks.

This sometimes happens due to software upgrades that don’t change the ruleset, but result in software bugs. In Bitcoin, a change from BerkelyDB to LevelDB cause a sustained chain split. BerkelyDB was unable to handle larger but valid blocks, and so could not follow the chain that LevelDB nodes were running. Ultimately the community was able to quickly respond and fix old nodes or get users to upgrade.

As well, hard forks occur when the community agrees to upgrade the software for a new ruleset. This does diverge the blockchain as new nodes follow blocks with the new rules, but the old chain simply ends as users no longer follow the old rules. This can be used for rapid development and the introduction of new features with less complexity.

A chain split, resulting in orphaned blocks but no new currency

Forks…Not So Scary After All

With some understanding, we can see that blockchain forks aren’t necessarily a bad thing at all. Splits in the community, while contentious, are a feature of the open-source ecosystem. Sometimes, it’s possible to create soft forks that don’t require users to upgrade to introduce new features. And finally, hard forks can and due occur due to software bugs or the intentional introduction of new rules on one cryptocurrency chain. Forks are a part of the system that happen, and aren’t necessarily indicative of problems or community contention.

Common Bitcoin & Crypto SCAMS (And How to Avoid Them)

Overview

Unfortunately, with all new technology comes those that will take advantage of it in a negative way. The crypto world has brought us some amazing new technology and positive use cases. But it has also brought out those thieves and scammers that will take advantage of others for their own gain. Let’s discuss some of the most common crypto scams and how to avoid falling victim to them.

The Three Most Common Scams

The Crypto “Doubling” Scam

The crypto “doubling” or crypto giveaway scam has become ubiquitous, and recently took center stage with a hack targeting major celebrities on Twitter. The crypto doubling scam is simple but insidious! These fraudulent giveaways will use YouTube or Twitter to pose as a popular figure in the crypto space, and say that due to some event they are doing a generous airdrop of Bitcoin or another currency.

The scam asks you to send BTC to an address, and claims that they will then send double that amount back to you. How generous? Well, no. Crypto transactions are irreversible by design. So once they receive your Bitcoin, they will simply take it and run. There’s nothing you can do to get it back.

A Fake Bitcoin Giveaway Scam

Avoiding this scam is simple. NEVER, EVER, EVER send someone crypto with the promise of receiving more back. No one is going to do this. If someone truly wants to give you crypto for free, all they will need is your public address. You never need to send crypto for someone to “verify” your address or anything of that nature. Run away, and keep your precious Bitcoin.

The Crypto “Recovery” Scam

In a previous tutorial, I went more in depth on this particular type of common scam I see on YouTube. In these, the scammers use hundreds of fake YouTube accounts to comment on videos and claim that some “genius hacker” helped them recovery lost coins or generate more for free.

Crypto recovery scammer

These frauds will often claim the ability to recover or generate coins in situations where it is technically impossible to do so, which is a dead giveaway. What they really want is your credentials and 2 factor auth codes for exchange accounts, or maybe even your seed phrase.

NEVER give out passwords, 2FA codes, or your seed phrase to someone you don’t know. A legitimate friend may need a seed phrase to help you recover lost coins in some cases, but in MOST cases someone asking for this information is trying to steal from you!

Investment Scams

The final type of scam is even older than crypto, but takes advantage of the drastic volatility and price jumps of the crypto space. This is the simple investment/ponzi scheme. I often get contacted on LinkedIn by thieves claiming they can generate massive, guaranteed returns through crypto trading.

An Investment Scammer Message

Remember that investment always carries risk, and anyone claiming guaranteed returns is a scammer. As well, anyone claiming too-good-to-be-true returns is someone to be avoided!! Don’t give anyone money as an investment seed; they will simply take it and run.

Crypto Scams Suck! Don’t Fall for Them

Crypto scammers take advantage of an amazing technology to steal from others. Thankfully with some analysis, these scams can be spotted and avoided. Don’t let these thieves get their reward, and spread the word to help keep the space safe for newcomers!

Crypto, Quantum Computing, and You

Overview

Many have asked a valid question about Bitcoin and other cryptocurrencies – will they be rendered useless by the advent of quantum computing? Bitcoin is ultimately a software protocol, with several cryptographic algorithms securing it from attackers. But what if attackers can easily break those algorithms once thought to be perfectly secure?

Quantum, Cryptography, and Bitcoin

What is Quantum Computing

First, lets dive into an explanation of what quantum computing actually is. The term may be confusing – what exactly makes quantum different than other forms of computation that we are used to?

In computers, all data is ultimately represented by units called bits – simply 0 or 1. Electronically, these can be thought of as a series of on-off switches. Bits can be built up into any form of data you would like to represent – numbers, strings, spreadsheets, videos, and of course, Bitcoin keys! Inside the machinery of a computer, a bit can only be 0 or 1, and a bit must be “flipped” to represent a different kind of data – an operation that takes some amount of (miniscule) time.

In a quantum computer, however, bits referred to as qbits have the ability to represent 0 or 1 at the exact same time. Confused? Yea, me too – but we don’t have to understand how this works to understand the importance of quantum computing. This fact means that computations can be done dramatically faster than with a typical computer. Operations that might take the lifetime of the universe on a supercomputer could be broken in a practical amount of time using a quantum machine.

Bitcoin Cryptography

So what does this have to do with Bitcoin and other cryptocurrencies? This means that some of the cryptographic algorithms underpinning the Bitcoin system could be broken by quantum computing! But which ones specifically?

Hashing algorithms are used primarily for mining Bitcoin and also in the process of generating addresses. SHA-256 and RIPEMD160 are the primary algorithms used in Bitcoin, with others such as Scrypt (technically a key-derivation function) and SHA-3 (Keccak) used in Litecoin, Ethereum, and others. Thankfully, these cryptographically secure hashes are not vulnerable to quantum computing – we don’t have to worry about them.

Elliptic curve digital signature algorithms (ECDSA) are also critical to making Bitcoin work. These are used to generate addresses (taking a private key to a public key) and used to sign Bitcoin transactions (proving one is the owner of funds spent in the tx). ECDSA is, unfortunately, vulnerable to quantum computing. In the future, a sufficiently powerful quantum computer could be used to reveal a user’s private key from a public key, and operation normally not possible.

So What Can We Do?

Thankfully, this quantum vulnerability won’t be the end of Bitcoin, not at all!

First, we can buy time in the event of a vulnerability by avoiding address reuse. A Bitcoin address is not a raw public key, but rather a hash of a public key. Since SHA-256 isn’t vulnerable to quantum, and address that’s only used for receiving (hasn’t been spent from yet) is shielded from the ECDSA vulnerability. The raw public key is only revealed when the user creates a transaction to spend funds at that address. If a user only uses an address once, they would avoid potentially losing funds.

That’s not a permanent solution, however, and is a usability nightmare. The real long term solution is to hard-fork the Bitcoin network, requiring users to upgrade their software to a new version. This new software would replace ECDSA with a digital signature algorithm that isn’t vulnerable to quantum computing instead.

Quantum Panic? Nah, Bitcoin’s Got This!

Although Bitcoin is vulnerable to future quantum computing breakthroughs, not all hope is lost. We have time, as quantum computing is not there yet. And in the future, there are stop-gap solutions and long term changes to the protocol that will keep the crypto world running smoothly in a post-quantum world.

Building a Basic Ethereum Smart Contract (For Bike Park Fun)

Overview

Ethereum smart contracts offer a wealth of possibilities for building decentralized, blockchain-secured applications. But what is a smart contract? These programs are code executed by the Ethereum Virtual Machine, a decentralized computer on the Ethereum network.

Every node on the network receives the contract code, and validates every function call sent through an Ethereum transaction. After the function executes, the new state of that contract is stored on the blockchain for everyone else to verify.

There’s a lot of potential here, but understanding how smart contract development differs from traditional programming can be a tad daunting. Let’s talk about the basics and build our very own smart contract for something fun!

Understanding Smart Contract Development

Smart Contract Properties

Smart contract code has two very important properties that differ somewhat from traditional development using a language such as C, C++, or Python.

First, smart contract code is deterministic. Since we are writing code for a decentalized, global network of nodes that will all run the same code and expect the same result, our code must have this property of determinism. Every time a smart contract runs on a node, another node running that code will get the exact same result.

Smart contracts are also atomic. This means that the function either fully completes successfully and the state changes are committed to the blockchain. If there’s any sort of error in execution (such as running out of gas, or another error), then the changes are completely rolled back and not committed. There’s never any intermediate state change left by a function execution – it either works in full or it doesn’t.

These properties ensure that our network can properly operate in a decentralized manner. Every node, given the smart contract code and a transaction, will verify the same result to achieve network consensus.

Functions, Deploying, and Calling

In order to write an Ethereum contract, one will almost universally use a higher level language such as Solidity. Solidity code is then compiled into EVM bytecode – this intermediate language is understood by the Ethereum Virtual Machine that runs on network nodes.

The EVM bytecode is sent in a special transaction to the zero address, which deploys the contract on the blockchain and generates a unique contract address which the contract will live at. Any future function calls/transactions regarding this contract will be made to this address.

Now, there are two ways which smart contract functions can actually be called. The first is a local call to a node without making a transaction, using an API such as Web3.js. This call immediately executes and shows a return value, which is very useful for debugging and view-only functions that do not change the contract’s state on the blockchain.

If there’s a need to change some blockchain state with a function call, then a transaction must be use. This is our second method of executing a function and obtaining return data. By creating an Ethereum transaction to the contract (with gas payment for execution), the tx will be included in a block and the appropriate state will be update on chain when the block is mined.

Return data is a bit more complex using transactions over local calls. Transactions are inherently asynchronous operations. A transaction with a call is created, but it doesn’t complete until it is included in an Ethereum block. Blocks on average take about 15 seconds to process, which is far too long to hold up front end code for. That, and the function could error out too!

So we deal with this by using smart contract Events. If your function needs to return a value to calls via transaction, you create an event. The event is triggered from within your function at the appropriate spot. Your DAPP frontend code then listens for the Event, so when the transaction is complete and included in a block, then frontend can retrieve the return value from the event.

An Actual Example – Bike Park Dice

What does a backyard bike park have to do with Ethereum smart contracts? Well, nothing really. But I like my coding projects to be fun and engaging, so I often tie them into other interests and hobbies that I have. So for this example, I’m creating a pseudo-random number generator contract that will help me pick mountain biking features to practice on in my yard. Why not, learning about blockchain should be fun!

Our smart contract code is short and sweet, and looks like this (with comments):

pragma solidity ^0.6.6;

contract BikeParkDice
{
    // The only function for this contract
    // It uses some seed data and a hash to return a "random" number from 1-6
    function rollDice() public view returns(uint256 final_roll)
    {
        
        // Get the sending address, block difficulty, and block timestamp
        // to give us a good enough "seed" for our pseudo-random number
        bytes32 seed = keccak256(abi.encodePacked(msg.sender));
        bytes32 seed_2 = keccak256(abi.encodePacked(block.difficulty));
        bytes32 seed_3 = keccak256(abi.encodePacked(block.timestamp));
        

Let’s discuss the first half of our code here. This project present a tad unique challenge. Remember that smart contract code must be deterministic, so we certainly cannot generate truly random numbers!

Instead we will be using some “seed” data from the transaction that will be fairly unique, and using a hash function to create the appearance of pseudo-randomness.

In the code above, we first declare our contract and a function that will return an integer number. This function is also a view meaning that it does not change the state of the contract on the blockchain.

We take “seed” data from the msg.sender (function calling address – either a normal externally owned account, or another contract), the block difficulty, and block timestamp. This provides sufficiently “different” data for every call such that we’ll get an appearance of randomness.

The abi.encodePacked simply helps us deal with data types – Solidity is a type language, and packing then hashing our seed means we can easily pass the seed data to our final hash.

        // Hash the seed data. This keccak hash is deterministic (necessary for Ethereum contracts!)
        // and is preimage resistant, which is helpful for our pseudo-random generation
        bytes32 hash = keccak256(abi.encodePacked(seed, seed_2, seed_3));
        
        // Cast the hash bytes to an integer value
        uint256 hash_num = uint256(hash);
        
        // Return a number from 1-6 by using the modulo (remainder) function
        final_roll = (hash_num % 6) + 1;
        return final_roll;
        
    }
}

Next, we take all of our seed data and run it through keccak256 (SHA-3), a cryptographically secure hash function. This helps our pseudo-randomness some more, as these kinds of hash functions are preimage resistant. There’s no way to tell what the output might look like for a given input. They are also, very importantly, deterministic. Every node that validates a transaction with the same msg.sender, timestamp, and difficulty will get the same “random” roll.

Finally, the return of the 256 bit hash is a much larger number than we want. So we are using the modulo function to narrow our random range down to six. Modulo will take the hash value divided by six and give the remainder, from 0-5. We then add 1 to avoid an off-by-one error and get our 1-6 final output.

To test this, I compiled and deployed using the free and open source Remix IDE, an online development environment for solidity. It features a JavaScript VM blockchain for testing code without having to deploy to Ethereum or Ethereum Testnet for real.

In our case since this is a view (read-only) function, I could just do some test calls to the VM to get some sample outputs! I got 1, 2, and 4 in a few rolls.

Ethereum Smart Contracts – Solidity and MTB fun!

The final result here is a simple, but useful smart contract! This code compiles error free and I was able to test using a virtual blockchain environment. In a future iteration, I could add events and test on the real Ethereum blockchain, but this local-call version serves our purposes for learning the basics.

Again, I encourage anyone learning a new coding skill to have fun with it! You don’t just have to follow a tutorial – think about a project you could use for another hobby or interest of yours . For me, I used this to randomly pick some mountain biking features in my yard to practice with. Why not? sending it with Solidity is fun!

One of the features my contract picked for practice – a North shore style roll-off

Digital Personal Security Primer

Overview

Computers in all their forms (PC’s, tablets, mobile phones, and more) are an integral parts of our lives – from work, to hobbies, to activism. It is as critical to protect your digital life as it is your own home. With many attackers and attack vectors, there is NO one size fits all security model for any individual, but there are some basic practices that can help most everyone.

Let’s learn some important tips for managing your online life – passwords & password storage, 2 factor authentication, and encryption.

Basic Practices for Everyone!

Passwords and Password Storage

A basic security item everyone needs to get right is passwords. Insecure passwords are a first line of failure in a lot of data breaches, and can wreck your digital security from the get go.

  • Create lengthy, secure passphrases rather than passwords. Think of a unique and hard to guess sentence – the more characters, the more exponentially difficult it becomes for an attacker to guess. “ThisIsMyPassphraseForAccount” is much, much better than “bday0105” for example.

    This is because passwords are generally not stored in plain text (the actual password) but rather stored as a hash – you can think of it as a one way form of “encryption” although that’s not exactly what it is technically. Brute force “reversing” becomes much more difficult with a longer passphrase.
  • Do NOT reuse passphrases. Create a unique one for each important account. That way if one is compromised, the rest of your accounts can remain safe.

    Often an attacker will breach your passphrase from a more insecure site and use it to get into more important things like banks, emails, etc. because of password reuse.
  • Store your passphrases in a secure, encrypted password manager. Use an open source tool such as KeePass to store passphrases and even generate secure random ones. These tools take one secure “master” passphrase, so you don’t have to remember each individual account.

    If you want a simpler solution, LibreOffice (Open Source alternative to MS Office) supports secure encryption for documents using AES-256 encryption. You can create a spreadsheet of credentials and encrypt them with a simple wizard.

    Do NOT use MS office for the same purpose; older versions do not use encryption for password protection and are easy to break. I have not yet confirmed that the latest version use encryption, but I know LibreOffice does

2 Factor Authentication

2FA is another critical part of securing accounts with a second layer of verification that you are who you say you are. 2FA codes are “something you have” and your password is “something you know”

  • Turn on Authenticator-based 2FA on any accounts you can. These use an app like Microsoft Authenticator, Duo, etc. This is more secure than text-messaged based 2FA which can be compromised with SIM swap attacks.
  • Never, ever give 2FA codes to someone claiming to be from a company’s support team, etc. There’s no legitimate reason to ever give up this information

Encryption (Documents and Messages)

Secure encryption is critical for protecting your information from unauthorized parties, including the state. Proper encryption cannot be reversed without the passphrase/key, and in most US jurisdictions you cannot be forced to give up encryption keys as far as I am aware (NOT a lawyer). At any rate, encryption also protects you from device thieves and hackers trying to steal your information.

  • Turn on full disk encryption for your devices! For a mobile phone like an Android, you can require an encryption PIN on startup. For PC’s, use VeraCrypt for Windows or the built-in full disk encryption on popular Linux distributions.
  • Don’t communicate any critical information over email or SMS text messages. Use a secure, open source encrypted messaging app such as Signal
  • As stated in the password section above, use a securely encrypted password manager to store your credentials – no unencrypted files and no post-it notes, please!

Security Starts with the Basics

Security is a deep and ever-changing topic. These are simply some basic tips that can help anyone start securing their digital life against attacks from a wide variety of threats – thieves, trolls, and even the state.

Be safe and make your voices heard, everyone!

How Bitcoin “Recovery” Scammers Operate

Overview

Sometimes, people lose Bitcoin. It is an unfortunate problem of a system that is very secure and has irreversible transactions by design. Sometimes, it is possible to recover lost coins. There are legitimate services out there than can help in the event of lost crypto, but many more that are scams that prey on users to steal *even more* coins.

How Recovery Scammers Operate

Spam Advertising

I was inspired to create this tutorial due to the annoying volume of spam comments I get on the chaintuts YouTube channel. They often look something like this:

These scammers likely pay for fake account bots to post these all over relevant videos. I see these most commonly on my more popular videos that discuss legitimate coin recovery steps. I quickly delete them, and many times the YT spam filter catches them before they get to you. But alas, some people will inevitably see these and perhaps contact the scammers.

What Do They Try and Get From You?

So what do these individuals want from you? Well, they certainly want your coins. But how do they actually try and get them?

The first way in which they steal from you is simple: they demand payment up front. Legitimate coin recovery specialists or crypto experts that will try and help you usually only charge a percentage of whatever is recovered. These folks though? They want money up front:

This individual is very insistent that they be paid first. So one possible method of scamming their victims is to simply take their charge in BTC and ghost you. Transactions are irreversible so there’s nothing you can do once you pay them.

But it doesn’t stop their. They want access to your online accounts such as online wallets and exchanges, using a slightly devious tactic…password resets with your help.

In order to get into your account, they won’t ask for your password. They will, however, ask for your email and ask you to “be on standby” to give your two factor authentication codes.

This might seem a little better to an unsuspecting, desperate crypto newcomer. You’re not giving away your password, right? However, one should NEVER EVER give away 2FA codes. They are for you and you only. The scammer will initiate a password reset on your account, verify they are “you” by taking your 2FA code, and then accessing your account.

This is a type of social engineering attack. They’re not “hacking” anything technologically speaking, but are tricking you into willingly giving them sensitive account information.

With your pre-paid (stolen) BTC and access to your online wallets, thieves can potentially steal thousands of dollars worth of crypto from you.

Avoiding Social Engineering Attacks

First, I would never prepay for recovery service. Most crypto folks will be willing to help you out some for a percentage of the recovered funds. Secondly, never give out sensitive account information such as passwords or 2 factor authentication codes. These can be used to steal your accounts and lock you out from them permanently.

Lastly, we should talk about seed phrases. As a general rule, you should NEVER, EVER, EVER give out your seed phrase. Your seed phrase (12-24 words given to you by your wallet) gives access to ALL of the coins in that wallet. So someone can use it to steal all of your money.

The only case in which you may consider doing so is if you are working with someone you trust, and if you remove your other coins and no longer use that phrase, ever. Individuals sometimes reach out to me for help with coin recovery, and if it’s possible in that case a seed phrase is required to try and find the right private key for coin recovery. However, I try to walk users through the steps themselves without getting the seed phrase at all, and only accept seed phrases for recovery if the user wants me to do it for them. In that case, I always recommend “burning” that phrase after recovery.

It’s up to you to keep your coins safe, so don’t give away your personal information!

Don’t Use These Fake Services

It goes without saying, but still, don’t use these fake services! If someone is spamming YouTube comments about their amazing hAcKeR rEcoVerY SeRviCes, then chances are pretty good you can’t trust them. Instead, reach out to a trusted crypto-savvy friend if you make a mistake. Stay safe!

CoinJoin Privacy Technologies Explained

Overview

The Bitcoin blockchain is an incredible technology, in my opinion. It allows for totally decentralized, peer-to-peer transactions without trust thanks to a combination of interesting applied cryptography algorithms. However, Bitcoin lacks one very important property of money – fungibility. Individual coins are very traceable, and not indistinguishable in the way quarters or dollar bills are. Privacy matters for money, and there are technologies out there that help to solve this problem. One such technology is the broad concept known as CoinJoin.

Inputs, Outputs, and “Joining Coins”

A Traditional Transaction

In a normal Bitcoin transaction, the user’s wallet creates one singular (and very traceable) transaction for their own business they are conducting. This transaction consists of inputs from the user’s wallet, and creates new outputs for the receiver and for “change”. If you’re not quite familiar with UTXOs, consider reading this previous tutorial that explains the concept in depth.

For example, let’s say Bob wants to send Alice 0.5 BTC. Bob’s wallet has a 1 BTC UTXO it must use up for this tx. So, the transaction creates one new output of 0.5 for Alice’s address, and 0.5 back to Bob’s wallet as “change”. In this example, we’re omitting miner fees for simplicity.

CoinJoin Transactions – Obfuscating Outputs

It’s fairly obvious that with traditional transactions, blockchain analysis can show the flow of coins between addresses clearly over time and be used to identify parties participating in those transfers. However, CoinJoin transactions can be used to help obscure the flow of coins by pooling multiple user’s transactions together and making coin flow much harder to track!

CoinJoins work by pooling user’s transactions together and producing many outputs of equal value. For example, a CoinJoin finds many users that wish to make a transaction for 0.5 BTC, and combine them together in a single transaction. With many 0.5 BTC outputs and many inputs, it becomes infeasible to trace what “coins” where which, therefore enhancing the privacy of the users. This can be used to send transactions to a receiver, or “shuffle” the users own coins back to new addresses they own.

CoinJoin Concerns

There are a couple of important things to note about CoinJoins, and many more pieces that won’t be covered in this article. It’s not a perfect privacy tool, but can be extremely effective when used correctly.

First, it’s best to avoid “change” in CoinJoin transactions – change UTXOs later spent can show that a user was involved in the initial CoinJoin transaction. It’s best to consume an entire UTXO as a CoinJoin input. Second, the more users in a transaction, the better! This creates an “anonymity set” that’s large enough that tracking users becomes impossible provided they use the technology correctly. 10 users in a CoinJoin is more secure than 3.

Finally, the broad idea of CoinJoin does not solve the problem of finding other users to join with in a way that is trustless. Other algorithms must be combined with CoinJoin technology to make it work well.

Implementations

As I mentioned, CoinJoin itself doesn’t solve the problem of finding other users on the network to do joins with. So there are a variety of implementations that solve this problems in different ways, ideally in ways that are decentralized and trustless.

The first (not good) type of CoinJoin implementation is a centralized service. These are known as “mixers”. These SHOULD NOT BE USED! Some mixers are scams that will steal your coins outright, and others are tracked so that coins that come out of them are “blacklisted” by exchanges and other services. This implementation relies on trust, which defeats the purpose of using cryptocurrencies in the first place!

Now, for good trustless technologies! It largely depends on the chain you wish to use. Bitcoin BTC has the well-regarded Wasabi wallet, which uses the ZeroLink protocol for trustless CoinJoins. Bitcoin Cash BCH uses it’s own completely decentralized algorithm called CashShuffle, which is integrated into some wallets. Litecoin LTC has a community working on a protocol called MimbleWimble, which also implements a type of CoinJoin.

Privacy Protection – Join Those Coins!

Privacy protection is an important part of life and money. While Bitcoin, Bitcoin Cash, and Litecoin may be pseudonymous, they are not anonymous or privacy preserving in their raw form. By adding technologies like CoinJoin, these currencies can be used in a way that protects user privacy. This technology uses the UTXO blockchain design to combine user inputs and outputs into a singular transaction with many equal outputs, therefore obscuring the flow of coins between addresses. When used correctly, CoinJoins help users protect their privacy and make these coins fungible, an important property for a cash system to have.

Digital Dollar Bills: Understanding UTXOs and Change

Overview

Have you ever looked at a transaction on a Bitcoin block explorer, and were confused by all the different amounts shown? Wondered what these “inputs” and “outputs” listed in the transaction mean? Bitcoin and other cryptocurrency transactions may seem similar in some ways to other digital payment mechanisms like debit cards or PayPal, but their underlying structure is actually much more similar to the way we use cash. Let’s discuss the basics of UTXOs and change in transactions.

UTXOS, Inputs, Outputs, and Change

What is a UTXO?

When you look at your cryptocurrency wallet balance, what are you actually seeing? Many of the most popular blockchains use a UTXO model for tracking address balances, much different than the “account” model we are used to when dealing with our bank accounts. Instead of dealing in “deposits” and “withdrawals”, these blockchains track Unspent Transaction Outputs, abbreviated as UTXOs.

A UTXO is like a digital dollar bill, owned by a receiving address. When someone sends you Bitcoin, Litecoin, Bitcoin Cash, or DigiByte, the transaction creates a new UTXO in that amount that is owned by your receiving address. The UTXO is “locked” by the private key associated with your address, and therefore can only be spent in a future transaction by you!

Inputs and Outputs

So how are UTXOs used in transactions? When you go to spend some amount of cryptocurrency, your wallet creates a transaction using UTXOs that your wallet addresses owned as inputs to that transaction. Your wallet signs the transaction using your private keys, which tells other users of that currency that you are the rightful owner of those funds.

These inputs are said to be “consumed” by the transaction, and new outputs are created that are associated with the receiver’s address. As new transactions are created, there’s a perpetual cycle on the blockchain of consuming UTXO inputs and creating UTXO outputs!

Understanding Change

An important to understand property of UTXOs is that they cannot be “split”, much like US dollar bills cannot be “split” in a cash transaction. If you buy an item that costs $15 dollars, you may hand the cashier a $20 bill. You can’t rip off 1/4 of the 20 though, it doesn’t work that way! Rather, the cashier will hand you back $5 in “change” to complete the transaction.

UTXO blockchains behave the same exact way! If you have a 1 bitcoin UTXO in your wallet and want to make a 0.5 bitcoin purchase, your wallet will “consume” that 1 BTC UTXO in the transaction, and create two new outputs. One UTXO for 0.5 BTC goes to the receiver, and is owned by their address. The other 0.5 BTC goes back into your wallet into a change address, which is simply another address your private keys/seed phrase control.

Let’s look at a concrete example of this. DigiByte is another example of a UTXO blockchain. This transaction with hash f1745f8a1d52b781f0ff910a32eb6bf5682d2b04ed26c23466c425f479405c42 consumes a UTXO worth 3703.49823286┬áDigiByte, but the receiver is only getting .0001. The wallet owner receives 3703.49821286┬áback as change, and a small fee goes to the miner. It’s important to know that miner fees are not denoted as an additional UTXO, but rather as the difference between the sum of all outputs and the sum of all inputs.

UTXOs – Like Digital Dollar Bills

UTXO blockchains behave in a way that is remarkably similar to cash transactions. When you receive cryptocurrency, you receive it as a UTXO “bill” for some amount. When you go to spend that later, you must use that whole “bill” for the transaction, and receive any difference back as “change” in the form of a new UTXO. Many of the most popular blockchains such as Bitcoin, Bitcoin Cash, Litecoin, and DigiByte use this model. The most notable outlier is Ethereum, which uses an account model that tracks balance state with deposits and withdrawals.

So next time you create a transaction with one of these cryptos, try viewing the transaction in a block explorer and seeing its construction. Note the inputs and outputs, and see if you can decipher which are for the receiver, which are change, and how the miner fees are calculated. It’s great to understand how this technology works under the surface!

Why Brainwallets are a Bad Idea

Overview

Private keys are the most critical aspect of Bitcoin ownership – without them, you don’t truly own your Bitcoin! But in their raw form, private keys are a bit unwieldy. A bunch of random bits (256 to be exact) are not easy to remember or write down without error. Due to this problem, users have been looking for ways to more easily write down and remember their keys since Bitcoin’s inception. And one of those (misguided) methods is the brainwallet. Let’s discuss what a brainwallet is, and why using one is a terrible idea.

Bits and Brains

What is a Wallet, and What is a Brainwallet?

First, let’s discuss what a Bitcoin wallet actually is. A cryptocurrency wallet is simply a collection of private keys used to unlock coins for spending, and the associated addresses that are derived from those keys. A private key is actually a 256 bit, randomly generated number. As I’ve discussed in previous tutorials, the amount of numbers that can be stored in 256 bit integers is astronomically huge. 0-2^256 (2^256-1, technically speaking). That 2^256 is a number thought to be about as large as the number of atoms in the observable universe. We’ll get to why that is important in just a bit.

Now this private key is used to generate a public key and address using a one way process. Private key -> Public Key -> Address. Using elliptic curve cryptography, one can prove they are the rightful owner of Bitcoins sent to their address by providing the public key and a digital signature, all while keeping the private key secret! That’s why private keys are so important – they are used to prove you own Bitcoins, allowing you to spend them.

Now what exactly is a brainwallet? A brainwallet uses some of the cryptography used in Bitcoin to derive a public key from a passphrase. For example, one might use the passphrase “abc123”. By running this phrase through the SHA-256 hash algorithm, you get a 256 bit number that can serve as a Bitcoin private key! This is useful because a passphrase is much easier write down correctly or remember than a 256 bit integer. Running the phrase through SHA-256 always gives the same output, so one can simply remember the passphrase without having to remember the key!

The Problem…

Seems like a great idea, right? Well, this idea turns out to actually be a huge problem in practice. The problem is that human beings are really, really bad at randomness. We think we can be random, but we’re really not in the cryptographic sense. Remember how I mentioned how big the 256 bit keyspace is? 2^256-1? It turns out that given proper randomness (entropy), it’s pretty much impossible to brute force guess a key. However, keys that are not generated with a proper level of entropy are significantly easier to crack – and brainwallets do not have sufficient entropy to be safe!

I was turned on to the nature of this problem by security researcher Ryan Castelluci’s 2014 Defcon talk entitled “Cracking Cryptocurrency Brainwallets”. Ryan’s excellent talk discusses just how easy it is to break these wallets, including examples from his own research tool called Brainflayer. Ryan found that a significant number of these brainwallets are easily cracked using common wordlists, and that hackers have sophisticated tools to compete and steal brainwallet funds. For example, the empty string’s address has received (and lost) 59 Bitcoin! Even seemingly random, strong passphrases like “Interior Crocodile Alligator” have lost coins to these attackers.

The Solution!

Thankfully, not all hope is lost for easy-to-store private keys. In terms of brainwallets, the solution is simple. DO NOT USE THEM! EVER! You will have funds stolen in a matter of time. The Bitcoin blockchain is like a permanent password database, with a juicy monetary reward for cracking!

Instead, much safer solutions have been developed and put into practice in the cryptocurrency space. You may be family with mnemonic seed phrases. Most wallets will now give you a 12-24 English word backup phrase you can easily write down or even memorize. This is not a brainwallet. Rather, a seed is generated using a cryptographically secure random number generator, and then encoded in an easy-to-use format. The seed is truly random and safe against brute-force attacks, given a properly implemented wallet.

Brainwallets – Bad Move!

Brainwallets are fundamentally insecure. Low entropy private keys are always a recipe for disaster when it comes to cryptography, and especially so when the disaster is you losing precious coins. Instead, use modern cryptographically secure methods like BIP39 mnemonics to easily backup your funds.

If you’re curious about this topic and want to experiment, check out my code project PwnedWallet. This project is a simple React web application that allows you to enter a brainwallet passphrase and see if the funds in that wallet have been stolen. The tool takes the phrase and generates the private key, public key, and address for you to see. It will then fetch balance data from a public API and show you if that wallet has ever had coins in it and if it has been emptied.

Stay safe with those keys!