Risky crypto assets

19 replies 370 views
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#1Mar 19, 2024, 10:16 PM
Hey folks! I've been thinking about which cryptocurrencies might not be safe to hold. Let me clarify what I'm talking about. There are certain ways in which decentralization kinda disappears. First off, there’s hardcoded freezing, which is like blacklisting or freezing right in the network's code. Then we have configuration-based freezing, where it’s all about the settings of nodes or validators, or the config files they use. On-chain smart contract freezing is another issue; some tokens/contracts can actually block addresses or tokens (like certain tokens on various networks). Basically, this means there's some centralized control over crypto assets. So we all gotta be aware that a third party could mess with our access to our assets! Here's what I dug up: For hardcoded blacklists (embedded right in the protocol code): BNB Chain has a clear list of blocked addresses coded in, so validators won’t include those transactions in blocks. VeChain (VET) introduced a “blacklist” module at the consensus level back in 2019 after a hack, blocking certain addresses; the team insists it’s not a “permanent kill switch,” but still, they patched the protocol to implement the freeze. Chiliz (CHZ) is an EVM network that also has a public hardcoded blacklist, similar to BNB. Viction (VIC) is a smaller network that also rolls with a blacklist in the code. XDC Network (XDC) has its own blacklist enforced by consensus rules. And then there's Tron (TRX), which has a permissioned module to block accounts; it's a bit different in the report but still falls under that hardcoded/protocol category.
5 Reply Quote Share
pixel2014Hero Member
Posts: 857 · Reputation: 4132
#2Mar 20, 2024, 12:00 AM
Similar discussion here: https://bitcointalk.org/index.php?topic=5565227.msg66038714#msg66038714 It is left for individual. USDT and USDC can freeze people's money but people continue to use them the most while less people are using DAI. For unstable coins, I hold bitcoin most time while trading altcoins.
1 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#3Mar 20, 2024, 03:06 AM
The fact that USDT and USDC have the same solutions does not make them better. Especially since stablecoins are tied to the fiat world and are forced to implement “legal norms.” Meanwhile, no one forces “free cryptocurrencies” to do this, but their creators still choose to follow this path.
0 Reply Quote Share
Posts: 79 · Reputation: 247
#4Mar 20, 2024, 07:14 AM
I think Stellar has a way to prevent the freeze/clawback, as I have noticed that my own tokens issued there do have the potential for me to use those features. I did not look into it deeply but I had the impression that if I wanted to totally prevent myself from ever using such features I could do so by disabling my issuing account's ability to do pretty much anything. I have not done so because I use the same issuing account to issue all my tokens so disabling it would prevent me issuing more tokens from that account and also prevent me minting more of any of the tokens it already issued. Stellar is to me a secondary platform, my initial issuing takes place on HORIZON, then from time to time I move some tokens on HORIZON into a "Stellar Holdings" account on HORIZON to keep track of how many of them I have moved over to Stellar, and in principle I could also move some back if I needed to. So basically for me it would be inconvenient, maybe quite a bit inconvenient, to curtail my ability to issue more of a token on Stellar when I need more there. Basically it is not for me Stellar that limits how many of a token I mint but HORIZON, and even on HORIZON for tokens that correspond to coins that have their own blockchain I only issue half as many of the token as I have actual coins on the coin's own native blockchain. So thus far I have not felt forced by peer pressure or anything else to disable my issuing account's ability to issue simply in order to also turn off clawback and so on options that seemed to me (with only rather cursory inspection) to be an all or nothing thing, that is, that either I have to turn off everything or nothing, no toggling of each little option separately. Do please someone correct me if my impression is incorrect. -MarkM-
2 Reply Quote Share
SilentGuruSenior Member
Posts: 432 · Reputation: 1445
#5Mar 20, 2024, 11:10 AM
Sonic or formerly known as FTM also frozen the hacker account but the hacker still could sell tokens using permit authorization. It's debatable though whether it's good or not, on the other hand the hacker can't withdraw their money and the money could go back to the victim making them whole, on the other hand it could be misused.
3 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#6Mar 20, 2024, 04:06 PM
As I previously wrote at Stellar, “assets have freeze/clawback flags, and the issuer can block or withdraw tokens.” This does not mean that it will necessarily be used, but it does mean that such a mechanism is built into the system, and you can use it at your discretion. On the one hand, this is not a bad thing. For example, in the case of theft of someone else's assets, you can “freeze” the criminals' wallet. But like everything else in life, there are two sides to this decision. If someone, for whatever reason, “points the finger” at you, or more precisely at your wallet, as “criminal,” it can also be “frozen.”
1 Reply Quote Share
sigma_satoshiFull Member
Posts: 109 · Reputation: 708
#7Mar 23, 2024, 02:49 AM
These projects need to be vocal about that and show how transparent they are. Because not all have this ability to understand the technical side about them can freeze the assets that their investors own. I am starting to doubt that it's safe to keep in there. This makes Bitcoin the best of them all, pure decentralization and no one can have that control to freeze a holder's asset.
1 Reply Quote Share
chris.altHero Member
Posts: 458 · Reputation: 2287
#8Mar 23, 2024, 08:14 AM
I have never touched one of the chains of the first two groups and feel that this confirms my scepticism towards them. Thanks OP for giving a bit more detail about the mechanisms even if there was another recent thread linked by Charles-Tim. The source seems to be an analysis by Bybit, referenced e.g. in this yellow.com article. I asked myself however: How is this blacklist really enforced? (inspired by the Knots/OP_RETURN debate) What if for example an alternative client for these blockchains appeared, without these blacklists, and the majority of validators ran this alternative client? I think in the case of BNB, as it's basically a "company coin", this would never happen because the company could for sure find some measures to punish the validators using the alternative client, and most validators may be run by the company itself. But for the other chains, I wouldn't be so sure. In the "configuration-based freeze" group this should be relatively easy: validators could simply remove the blacklists or refuse to update them. In the yellow.com article it is argued that the freeze is enforced by "validator consensus". I guess that the "problem" is there that many validators may be also still run by the project founders or by people or organizations colluding with them, so finding a consensus to remove blacklists could be difficult, but not impossible. But even in the "hardcoded" group, it's possible that the alternative client "attack" could work, if a majority of validators agrees to the change in the code. This would technically be a hard fork, as it's a "loosening of rules", but it could be done in a way it does feel more like a softfork (e.g. letting the validators signal for the fork for some months first, and only enable it if there's a 80-90% supermajority). The third case with smart-contract enabled freezes in theory even could be enabled for Bitcoin-based tokens if you develop an OP_RETURN based "token protocol" on top of it (I have experimented with that so I somewhat know what I'm talking about). This is a friendly reminder that for example BRC-20 tokens in theory could also be freezed in the future Wouldn't also Ethereum needed to be mentioned in the "hardcoded" group, as it basically "rewinded" the TheDAO hack in 2016 or 2017 and froze the hacker's coins? They (afaik) never did this again but a single ocurrence also counts for me.
2 Reply Quote Share
Posts: 79 · Reputation: 247
#9Mar 23, 2024, 09:38 AM
It would just be nicer for me I think if each such option had its own separate "can never change thiss setting" toggle rather than having to turn off ability to change any of them as only means of preventing changing particular ones I do not want to be able to change. -MarkM-
3 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#10Mar 24, 2024, 07:09 AM
Decentralization is decentralization, but a group of validators could essentially stage a “rebellion” or “seize power” with all the ensuing consequences, including complete control over blacklists. This scenario is by no means impossible, although it would be costly... But if the result exceeds the cost of its implementation, then no one will stop people from doing it.
0 Reply Quote Share
gwei42Member
Posts: 6 · Reputation: 116
#11Mar 24, 2024, 08:02 AM
Interesting breakdown, especially the part about protocol-level blacklisting. A lot of people still assume that if it’s on a blockchain it’s automatically free from central control. Your list makes it clear that not all networks follow the same principles.
3 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#12Mar 24, 2024, 09:53 AM
We are currently observing one of the key problems with cryptocurrencies in general. The ideology of cryptocurrencies was originally based on security, anonymity, and decentralization. But... commercialization has brought its own “corrections.” There are both objective and subjective reasons for this. The former include purely commercial products that cannot be “independent” ideologically. The second side of the problem is the entry of crypto platforms into official markets, which forces project owners to accept the rules of the official market, which is regulated by the state.
3 Reply Quote Share
gw3i_4ltFull Member
Posts: 46 · Reputation: 409
#13Mar 26, 2024, 02:14 PM
Any "malware scanners" out there which can detect this kind of logic in the contracts?
2 Reply Quote Share
0xD3fiMember
Posts: 6 · Reputation: 147
#14Mar 26, 2024, 04:27 PM
Surely this is related: I've been looking at the group of 'non-KYC CEXes,' and a number use the tactic of allowing you to think you are signing up to a 'non-KYC' platform, but can force KYC on you at any time for no given reason. One site can demand that you not only provide a Verification video, but a second video showing the source of the funds you've sent them: amount of coin, tx, etc. This they call: 'Anonymity — your choice. Registration is optional, and you can exchange completely anonymously if you wish.'
1 Reply Quote Share
wolf_blockFull Member
Posts: 125 · Reputation: 586
#15Mar 27, 2024, 12:42 PM
I was aware Tron had some mechanisms in place to freeze assets, but i had no idea XRP also had some in order to freeze tokens. It makes some sense some blockchains have started to implement those anti-centralization options for validators and developers to freeze money or out right exclude addresses from participating on the blockchain, to me those are measures being pushed by regulators in order to keep control over all population which keeps part of their wealth in ecosystems which are pretty much outside of the reach of the government, and also try to combat money laundering. I would stay away from all those blockchains and assets and stick to those which obviously do not have such degree of blatant centralization, it could always be abused either by the government or the United States or the team behind the coin itself.
0 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#16Mar 29, 2024, 05:43 AM
Unfortunately, I don't have any ready-made tools, although I can write some. If there is a need, I will try to create a tool to search for such “features.” As theory tells us, the following mechanisms can be used to block/freeze wallets 1. Functions/roles in ABI There are no such built-in mechanisms in the ERC-20/721/1155 standards, so we need to look for anything that might resemble: freeze(address) /unfreeze(address) /blockAddress(address)• pause() / unpause() /setBlacklist(address,bool) /isBlacklisted(address) /owner() as well as custom transfer hooks—most likely a sign that the contract can interfere with token ownership. 2. Extended standards Many custom tokens use the following mechanisms:  ERC20Pausable ERC20Blacklistable OpenZeppelin AccessControl (and PAUSER_ROLE, BLACKLISTER_ROLE roles) But I suppose that the most cunning ones will hide them under names that do not so openly “shout” about their purpose.
4 Reply Quote Share
vault_2009Full Member
Posts: 198 · Reputation: 739
#17Mar 29, 2024, 09:21 AM
I feel like that we cannot expect decentralization to be persisting with the evaluation of cryptocurrencies as  corporates and dictators may join at any time. I am sure that there would be no point of saving the assets which are very much similar to my bank account because my government may freeze my all type of asset on their own discretion whenever they need. Simply we can conclude that these assts are centralized ones and we need to face bank account kind of similar consequences on adapting them. Honestly I am here just for the reason of decentralization. I still remember all my struggle with paypal and alertpay in my initial phase of online career. Bitcoin provided me freedom along with wealth creation whereas these coins/tokens may push anyone back to the era of paypal.
0 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#18Mar 29, 2024, 02:57 PM
This is where the complexity or dissonance of the situation lies. On the one hand, cryptocurrencies were created for freedom. When it was just a hobby for geeks, that was the case. But then a full-fledged crypto business appeared, with companies, legal entities, and... compliance with the laws of one jurisdiction or another. Now we see that state mechanisms are forcing crypto projects, while remaining technologically decentralized, to become legally centralized and add centralization mechanisms to the blockchain itself.
2 Reply Quote Share
gw3i_4ltFull Member
Posts: 46 · Reputation: 409
#19Mar 29, 2024, 07:46 PM
In a lot of cases, there is a fallacy involved. Only if a protocol is sufficiently decentralized, a participating actor can plausibly deny exercising control. However, if you build in mechanisms of control and centralization, legal systems rightly demand that you exercise that control in order to fulfill your responsibilities. A sensible response would be to strengthen centralization and to limit the possibilities for control. Ironically, some projects go in the opposite direction, making it easy to hold them legally accountable.
0 Reply Quote Share
ape_2018Senior Member
Posts: 412 · Reputation: 1728
#20Mar 29, 2024, 08:13 PM
The thing is, we are in a very specific situation: - If you want to be a “good crypto project,” stop being anonymous, decentralized, and uncontrolled. Become a commercial version of CBDC - If you disagree with the rules and want to be a “true crypto,” you are outside the law, you will be persecuted, you will not be allowed to enter the market, and you will become a tool for very specific consumers, who are usually illegal. What is the solution? I don't see one...
1 Reply Quote Share
?Reply
Sign in to reply to this topic

Related topics