[vmoore]

The operational security measures one has to take these days to secure crypto is insane. You have to build your own mini intelligence agency just to protect your digital crypto assets. You have to do:

- Principle of least privilege.

- Zero Trust.

- Compartmentation.

- Hardened Operating Systems with no malware and strong endpoint defense.

- Firewalls that whitelist only your IP and disavow everything else.

- 2FA/MFA/Biometrics auth for everything.

- Defense in Depth.

- Use crytography tools vetted from the community surrounding it, and use tools which are battle hardened.

Modern computing is very leaky and every node is malicious. You need extreme vigilance to safeguard crypto.

Are people up to the task of doing all this?

I'm asking because I lost crypto before, and now I'm more resilient and have better security posture.

[drdrek]

If only some kind of institution that can hold coins safely existed. Some kind of central place with all the security measures. They can also offer you interest if you let them lend the coins to other people. We can call it a bank.

[wenebego]

Great idea, but its inconvenient when you need liquidity but the bank doesnt have it. We should let the bank lend out more money than they actually have, and if there's a run the public can just bail them out

[cassepipe]

Ok I am triggered.

I am rather ignorant on the matter but indeed I don't like that some things/people are too big too fail in the system.

On the other hand, isn't that established that banks being allowed to issue more money than what is backed by their assets is universally recognized as "good" as in allowing for previously unseen economic development that benefits everyone (but not equally...) ?

[nradov]

In banking terms, the main assets are the outstanding loans. Fractional reserves (deposits as a percentage of loan balances) are no longer very relevant to modern banking. The limit in the USA was cut to zero in 2020.

https://www.federalreserve.gov/monetarypolicy/reservereq.htm

The focus is now more on capital for assessing bank health.

[FabHK]

Just to add, what's called "capital" in banking is basically the bank's equity. And there are proposals to force banks to carry a lot more equity (even if, my god, that reduces the return on equity earned - with a concomitant reduction in risk, though, thus making the equity no less valuable, theoretically speaking).

See for example The Bankers' New Clothes: What's Wrong with Banking and What to Do about It (2014) by Anat Admati and Martin Hellwig.

[thelastparadise]

What you're referring to is leverage. It's a multiplier.

The issue is malinvestment and misallocation of resources.

Leverage up on malinvestment (which is what most of the central banks and governments are doing) and it's the fast path to hell.

A fixed supply neutral third party money adds a sort of safety barrier against this leveraged malinvestment.

[snakeyjake]

The best part about crypto is that it is always your fault.

Set up your own wallet and lose access? YOUR FAULT, DUMMY

Use an exchange and get hacked? YOUR FAULT, DUMMY

Use an exchange and they scam you? YOUR FAULT, DUMMY

Fall for a spearphishing email? YOUR FAULT, DUMMY

A flaw in the implementation that leads to an exploit? YOUR FAULT, DUMMY

Fail to maintain an EAL7-certified computing environment using only FIPS 140-3 level V cryptographic products in an ISO 27001:2022 Annex A.11.1-secured facility and something goes wrong? YOUR FAULT DUMMY-DUM-DUM!

It's never, ever, a flaw with entire concept-- it's always you.

[FabHK]

Dude, do your own research. /s

Agreed, the extent of victim blaming in crypto is mind blowing.

[geek_at]

If you just want to buy crypto currencies and check again in a few years, the procedure is much simpler:

1. Make a paper wallet, laminate it, put it in a safe location or maybe two

2. Use any exchange and send the coins to the wallet. Never leave any coins on the exchange

When you want to get them out again, this is the safest approach:

1. Boot Tails from USB

2. Enter your private key in Electrum (it's preinstalled in Tails)

3. Send to exchange and convert to fiat

If you want to do daytrading it's a whole other story

[danbruc]

This essentially boils down to not using Bitcoin. If Bitcoin ever wants to achieve its goal of becoming a usable currency, hiding pieces of paper in safes is not the way to go. But you can of course speculate that in a few years someone else is willing to pay more than you did to enjoy the fun of storing a piece of paper in a safe.

[tainted_blood]

Use a hardware-wallet like the Bitbox2 for your big stash. Use a lightning wallet like phoenix on your phone for smaller amounts which you could loose, like in a physical wallet.

[UweSchmidt]

Hard technical limitations prevent Bitcoin from becoming a usable currency.

[npoc]

At this stage bitcoin's main use case is storing large amounts of value for long periods of time.

Think of it as an alternative to investing in a house to let out to tenants, but without the inconvenience, risk and cost of buying/selling and owning it.

[danbruc]

That sounds potentially problematic in the long run. If Bitcoin is primarily used for long term storage, then you need some [at least] constant flux of people moving money in and out of long term storage, otherwise your stored Bitcoins will depreciate in value. Therefore this is a kind of bet that Bitcoin will remain popular as a long term store or that some other use case emerges and maintains the price.

Another factor is that with decreasing mining reward transaction fees are becoming more and more important for financing the entire system. But by its very nature using Bitcoin as a long term storage will lead to a small number of transaction and the relatively few transactions moving money into or out of long term storage will have to pay for the network resulting in high transaction fees or alternatively the hash rate will have to go down which could itself be problematic for the system.

One would have to run the numbers - how many people are storing how much money for how long - to see how problematic or unproblematic it would be to use Bitcoin primarily for long term storage. My gut feeling however is that without other usages like speculation or actually buying and selling stuff, it would be a rather expensive way to store money long term.

EDIT: Back-of-the-envelope estimate. Bitcoin market capitalization is currently 1000B $, electricity consumption is an estimated 138 TWh/y, 13.8B $/y at 0.10 $/kWh. So if it was all long term storage financed by transaction fees and with a stable price and hash rate, it would cost about 1.5 %/y to store your money in Bitcoin, assuming hardware, infrastructure, labor and so on adds another 10 % to the costs.

[npoc]

> you need some [at least] constant flux of people moving money in and out of long term storage

This isn't necessary to maintain value (think of a rare painting), but it is important to provide liquidity when you come to sell, so that you don't have to wait weeks for someone to buy your bitcoin. Bitcoin has plenty of liquidity - no shortage of buyer and sellers. Coinbase alone trades ~$1 billion of bitcoin per day.

You're correct that the hash-rate is related to block subsidy + fees, but it's only one of the variables. Cost of energy for miners is an equally import factor (continuously decreasing as miners tap into wasted energy around the earth, and without geographical constraints), along with efficiency of the mining HW.

Bitcoin averages around 2700 transactions per block which currently provides miners with total reward of 6.25 + 0.3 (tx fees) BTC = ~$334,050. If we suddenly went to fees-only today, that would be ~$123 per transaction. Considering that this fee is independent of transaction amount, it is actually very cheap for large values of money (e.g. >$1M) considering it covers the cost of moving the bearer asset around the world within ~30 minutes, and also covers the cost of protecting your value against debasement and theft for however long you had it stored for (often years).

I'm not sure how you came up with a % cost per year - the cost of storage is a one-off tx fee at purchase and sale (just like physical gold, but bitcoin transactions are generally cheaper and independent of the transaction size)

[danbruc]

So currently there are a quarter or half a million transactions per day for 100 $ each. If Bitcoin was primarily used for long term storage, that would probably no longer be true. The current market capitalization of 1T $ is a million people holding a million dollar, everyone would have to do one transaction every two, three days to maintain that transaction rate, something I would not call long term storage.

In the end the details don't really matter, currently running Bitcoin seems to cost about 1B $ per month and the users have to pay for that one way or another. Whether there are 1M users with 1M $ each paying 1k $ per month or 1B users with 1k $ and paying 1 $ in fees per month or no one paying any fees and the newly mined coins just diluting the value, that are all details.

[andruby]

Let's say two years pass and I want to sell my crypto. Is Tails still safe? Is it still maintained? Has it been "acquired" by a malicious party.

Crypto unfortunately requires people to be a lot more careful and knowledgeable than traditional fiat currency. And I don't think that will meaningfully improve anytime soon.

[tlb]

You need some software to make a paper wallet. It’s pretty hard to write it yourself from scratch, so you ultimately still have to trust a software distribution. Scammy paper wallet generators could make semi-predictable private keys that the author could recover when they see the public key appear on the blockchain.

[y42]

1. Boot Tails from USB

and that's an attack vector/point of doubt that you bring in into the equation. You need a trustful source for Tails, the USB drive and the surrounding OS.

One can turn it as one wants: "cryptos" are not safe.

And I am saying this as someone who's holding a handful of values on different crypto currencies. And I know it is insane.

[tainted_blood]

forget tails and ledger and use the Bitbox2. Its not that hard.

[brendoelfrendo]

Ok, but why should I trust Bitbox2?

[tainted_blood]

You shouldn't and you don't need to, it's completely open source, even the hardware.

[FabHK]

Just download it from a trusted source verified by trusted (permissioned) PKI infrastructure.

[cmcaleer]

If you're daytrading you essentially need to be pricing that risk. If your strategy earns effectively 8% APY and you have to trust Sketchy Exchange Inc. it's probably not worth your time. If it's earning 600% APY then maybe it's worth keeping some amount with them.

[AlienRobot]

People aren't even up to 2FA. Every day lots of people lose access to things because they used 2FA.

[brazzy]

> Are people up to the task of doing all this?

No. Anyone who thinks they are is deluding themselves. There is no such thing as a setup that is 100% secure against human error (and nobody is infallible) or a sufficiently motivated and skilled attacker (and there are supreme amounts of motivation here).

The core problem is the lack of legal recourse. Anonymous, irreversible, distributed transactions for money are a really fucking stupid idea.

[andruby]

> The core problem is the lack of legal recourse

That is indeed the crux and the big advantage that traditional fiat currency has. And I believe that this is why crypto as a day-to-day currency won't surpase fiat.

The centralised trust and the government authority and enforcement of fiat is what enables millions of people to pay and transact so easily with strangers.

[pcdoodle]

I think it's a fantastic idea. And the network also produces a lot of salt.

[velox_neb]

Still, most people who have a crypto wallet on their desktop computer don't get hacked. I always found this interesting because it puts an upper bound to how many machines out there are compromised (at least by an agency that's motivated only by money).

[himinlomax]

That's precisely why I never bothered with crypto. I figured even back in the days of early Bitcoin I would at the very least need a dedicated device like a mostly air-gapped laptop running my own wallet software to do transactions. Storing coins on an exchange had always struck me as fundamentally idiotic, even before MtGox occured.

The problem has gotten much, much worse, not better, over the past decade.

[cassepipe]

Well maybe if you have 500000 dollars worth of bitcoin you can invest some of it in good security practices and products ?

[sjducb]

How do you find products to trust?

[npoc]

You don't really need to trust. For significant amounts of value, a multi-sig setup using a number of different devices means that _all_ the devices could be compromised, but providing they are not compromised by the same attacker your bitcoin is still safe.

[sjducb]

What if the multi sig software is compromised?

[npoc]

When I said "different devices" I meant different types of devices (i.e. all running different SW) - sorry for not being clearer.

For example you might create and sign the transaction with Sparrow on your PC and then pass it to/from BlueWallet on a mobile to co-sign it via QR code.

[lucw]

use a hardware wallet, engrave your bip39 recovery seed on a titanium plate, practice recovery, you're done.

[FabHK]

Yes, and this will finally bring banking to poor peasants in the third world!!111!! /s

Seriously, the idea that crypto (with its concomitant key management problems) is a solution for the challenges facing the poor in badly governed countries is rather absurd.