Technology

37705 readers

289 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

[email protected]

Scammers exploit bitcoin ATMs. Will new California laws help crack down on fraud? (www.latimes.com)

submitted 1 year ago by [email protected] to c/[email protected]

26 comments fedilink hide all child comments

New California law limits cash to crypto at ATM machines at $1000 per day per person and also the fees that can be imposed by the machines.

The industry says this will hurt the business, hinting that they're profiting from the lack of KYC policies

I don't see any legitimate use from those machines. Who would have a legit need to exchange $15k from cash to crypto at 33% fees????

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

records transactions to specific wallets

First, that's not how crypto blockchains work. A "wallet" holds the private key to a bunch of possible addresses (2^128^ for Bitcoin, or something around that, arguably up to 2^160^, or technically infinity, depending how you look at it), there is no way to know whether two addresses belong to the same "wallet" until they get spent (transactions signed by the same key), and transactions get recorded between specific addresses, not wallets.

In an ideal world, people would never use the same address twice, always creating a new one... but people gonna people, so they started reusing addresses, publishing them along their personal data and photos on the web, shoving all that data into the hands of exchanges, and stuff like that. Bye-bye anonymity, hello traceable pseudonymity.

Still, fungibility means an address can receive coins from multiple others, then send them on without marking where each came from, so the more times coins get fused and split across more addresses and transactions, the harder it is to prove a given amount came from a given address some transactions away.

Monero takes that a few steps farther, and forces every user to use crypto as it was originally intended:

all on-chain addresses are single-use only, they can't be reused neither for receiving nor sending
every time someone sends coins, they get some single-use address/es (where they received some coins) and sign it with their own key, plus 15 "decoy keys" picked from among other ones on the chain, then sends that as a new transaction
the amount being sent is encrypted, so only the sender and receiver can see it
some mathematical magic goes on to avoid spending from already spent addresses, and prove to everyone that the transaction is "more than 0" without revealing by how much more

Meaning:

Only the wallet owner can track which addresses their wallet used
Someone tracking transactions, has to choose between several (16) possible source wallets for every address spent in a transaction, only one of them being the real one, and can't know how much has been transferred to some target addresses, or whose wallet they belong to

You can check that here:

https://localmonero.co/blocks/

Pick any block, any transaction, try figuring out who had control over the coins before the transaction, what is the target's balance, or even how much got sent to where.

If a single address gets de-anonymized:

the incoming transaction says nothing about how much was sent to it, and casts serious doubt about which wallets were the real ones that actually authorized it
if there is an outgoing transaction, an attacker can only know whether the address got spent or not, they can't know whether, or which one of the other transactions on the blockchain used it as the real source, or as one of its 15 decoys

If a whole wallet gets captured and de-anonymized:

an attacker can see all its associated addresses, with all the associated transactions, and how much was sent in each one, but still can't be sure where exactly did the funds come from (the uncertainty increases 16-fold with each transactions)
a separate key is used for outgoing transactions, but it only allows seeing how much was spent vs. sent back to an address controlled by the wallet