Context on what I believe they mean by "fraudulent".
Steam back in the day used to accept 0 confirmation bitcoin spends. This means that the transaction has been gossiped on the bitcoin p2p network but had not yet been mined into a block and thus had minimal finality guarantees. Steam could see that they were going to receive a bitcoin payment (when the transaction was mined into a block) and would credit the users account instantly for a better purchase UX.
Turns out anyone with some deeper understanding of bitcoin could construct another transaction spending the same bitcoin back to themselves before their original transaction was ever put in a block. The bitcoin community moved away from accepting '0 conf' transactions pretty much everywhere because of this reason.
In fact the high fee era (2016-2018) saw many wallets incorporating this "double spend" feature into their wallets. This is known as RBF, "replace by fee" and is really useful when you need to bump your transaction up the queue. You replace your old transaction, that is waiting to be mined, with a new one that offers a higher fee to incentivize miners to add it to a new block.
I think its rather unfortunate that 0 conf transactions were written off so quickly. There are many context where a 0conf tx makes sense, mostly IRL. But, if you are running a business online and you don't trust you customers you should wait 3-6 blocks after the transaction has been mined before delivering your goods.
It did, and they did. That's probably exactly why they allowed it like that in the first place - if the transaction is fraudulent then simply remove the user's entitlement, but offer instant access for better experience.
“Fraud” and “simply” don’t belong in the same sentence. This is coming from someone who’s spent years working with many fraud departments in major companies. Wack-a-mole doesn’t work, they just scale their account creation.
Well then please explain what is difficult here. You initiate a purchase with bitcoin, valve instantly grants you access, then few hours later valve checks if the transaction has been confirmed in the blockchain or not. If it hasn't, then the entitlement is removed. What's not simple about it?
They already answered this question in their previous post... The fraudster scales up their account creation. You ban then after 2, they switch to a new account... which you ban after 2, and they switch to another new account, which you ban after 2... and so on, ad infinitum.
But then what? Someone downloads and plays a game for an hour, gets banned, then goes through the whole process of having to do all that again?
Doesn't seem like a good user experience. All to get a free hour of gameplay?
There are easier ways of pirating games. The only possible usecase for this kind of fraud would be if you can buy digital items, transfer and then sell those digital items.
But even then, that might be difficult to do all in 10 minutes.
I don't care how well it would work, and I'm not arguing any of your points... I don't even understand why you people like these video games, so I'm the last person who should opine on what constitutes a good UX.
My comment was intended to point out that it's parent comment didn't bother to read the grandparent comment, which had clearly answered the question it was asking.
But then the parent comment author edited themself, I assume to avoid looking foolish. So I guess it's irrelevant now.
...or so say the guys sitting in the cheap seats. In practice, it may well be more complicated than that, and involve all sorts of other tradeoffs. It usually is.
> In practice, it may well be more complicated than that
No, its not. If an account gets banned after an hour, all that happened is that the user got is 1 free hour of playing a video game. There are easier ways of pirating videos games than that.
So really, thats good enough.
You tried to claim "The fraudster scales up their account creation". And I am telling you, that if a fraudster wants to play a video game for free, there are much easier ways of doing so. By just pirating the game, for example.
So that specific point is wrong.
> or so say the guys sitting in the cheap seats
Actually, it seems like you are the one sitting in cheap seats. Because you have already straight up admitted that you don't really know much about the industry. Whereas, people like me, who do work in the games industry, do know about what a good user experience is for people playing video games, actually know more about this than you do.
So, in other words, you actually should "care how well it would work". Because how well it would work, is integral to the attack vector.
I worked five years in the game industry, mostly on (guess what!) security and infrastructure for a Very Large F2P game. I was nowhere near game design or any part of the game loop itself, but I did a lot of work on our account system.
> > In practice, it may well be more complicated than that
> No, its not...
You keep assuming that the information you already have is ALL of the relevant information about this issue. You're just a Monday Morning Quarterback, and you have no way to know whether the situation is more complicated than this. So you can't possibly make absolute statements about this... Unless you happen to work at Valve, on something that has given you actual experience with the Steam account system.
There are easier ways to pirate a game than this, as getting banned after an hour is not a good user experience, and the user would be better off just pirating the game.
For which you had no response.
The only specific reason that you gave, which was "they could just make more accounts" I refuted by describing how it would be easier to just pirate a game.
And then you refused to address the refutation, because you didn't have a response.
If you didn't have any specifics arguments about that point you could have just said so.
Because I was talking about the actual, specific arguments, about why your previous statement of "make infinity accounts" was wrong, and you are now continuing on being incapable of giving a response to that specific statement.
Making new accounts isn't trivial. You can add friction from suspicious attempts like requiring a phone number or making them wait some time. Some determined attackers might slip through but at the end of the day all you are losing is some bandwidth.
Are you suggesting that there may be a human being on earth who has the tenacity to enjoy games while creating new accounts, pulling off successful bitcoin heists every 1-2 hours and risking losing their save games? And doing that forever?
> Are you suggesting that there may be a human being on earth who has the tenacity to enjoy games while creating new accounts, pulling off successful bitcoin heists every 1-2 hours and risking losing their save games?
Most of the “tenacity” parts implied there are automatable, so it's mostly about “can people enjoy the paid-for experience of a game with ephemeral rather than durable accounts”, which, well, really depends on the design of the game.
What whack-a-mole? Just automate it so if it gets double-spent, you revoke the key. If you really feel like it, cancel the account if they keep doing it, but I'm not sure you even need to bother. What have you lost? The bandwidth to download the game?
Then the next question is this: why did those 50% even bother to try? Reselling for less btc (or fiat) keys that would soon be revoked? Has piracy decayed to the point where desperate consumers would really fall for something like that?
There are laws in place that specifically handle writing bad checks. While I'm sure double-spending Bitcoin transactiosn is illegal in some way, it is probably covered under a more nebulous fraud-type statute.
I'd be curious to see the percentage likelihood on both, as well, as I suspect they are very different. Would businesses accept checks if half of them were bad?
The general fraud crimes you would get convicted of have a pretty nasty set of penalties. But good luck convincing a federal prosecutor to care about $20 worth of online goods that can be revoked.
I only have a layman understanding of bitcoin, and I've never used a cheque in my life, but would it not be more like "someone wrote you a cheque and there's no guarantee it won't bounce when you try to cash it in"?
Which, again maybe showing my complete lack of knowledge of cheques, is how I thought they worked in the first place.
Personal check is a quasi-promissory note binded whose legal-teeth for recovery through law enforcement. “0-conf bitcoin” has no legal teeth for recovery … yet so there is no enforcement (except for the merchant to chase after the scofflaw). “Money is forthcoming”.
Bank cheque is a bank-guarantee binded by banker self-verification (almost always good) with no takeback (voiding) mechanism. “block-chain confirmed” is always a good transaction with no clawback mechanism so you must wait until it’s confirmed before receiving your merchandise.
> has no legal teeth for recovery … yet so there is no enforcement
In this case, Steam was selling a digital good that they could be fully revoke if the funds never arrived, so the check ability works very well.
It would have been even better on a smart contract platform where the game license would exist on the chain itself and couldn’t be purchased via a double spend, Chain re-orgs would also sort themselves out in a fully on-chain system.
Here in the UK we had "cheque guarantee cards" - essentially a debit card without a live connection to the bank. When you wrote the cheque the shop took your card details as well and that meant the bank guaranteed to cover the value of the cheque if it bounced (up to a maximum amount). If your cheque bounced your account went into an overdraft for that amount plus a hefty fee. It meant shops didn't need to worry about bounced cheques which customers could pay using them. It worked pretty well.
The US banks I worked with would just overdraw your account (up to an amount), then, overnight, reorder the transactions so the big ones came first and all the little ones came “after” the account went negative and hit you with hundreds of dollars in overdraft fees. I don’t miss the early 2000s.
That’s because a bank got sued for it, and lost. The banks must now always reorder or keep it in the order it was received. I only bank with the latter ones.
This is why it's always been absurd to believe that standard retail purchases would be regularly done with layer 1 base chain transactions. You can't even say that you're ok with waiting for 1 block confirmation, because the time between each block is only an average of 10 minutes, with high variance. It's fairly common to experience over an hour between blocks, or as little as a minute.
The security and confirmation of a transaction is not a function of number of blocks, but time since inclusion in a block and total amount of work (hashes) piled on top of your transaction. Generally, 6 blocks (1 hour on average) is considered sufficient certainty of immutability for normal functioning of the blockchain (i.e. not under active attack). One hour for final, and completely irreversible, settlement is absurdly fast in the context of the traditional financial system, which takes days at least for final settlement, and can be much longer for some international transfers.
Small, individual scale purchases only really make sense to do on higher layer transaction protocols, like lightning network (non-custodial and open) or some custodial networks (like a bitcoin backed Visa credit card).
The only model that makes sense for bitcoin is the layer one base chain is a settlement network, with payment networks build on top that aggregate many transactions into one on chain transaction. Think OSI model for networking.
> The only model that makes sense for bitcoin is the layer one base chain is a settlement network, with payment networks build on top that aggregate many transactions into one on chain transaction. Think OSI model for networking.
Do you think this applies to cyrptocurrencies that has faster confirmations/block generation? Or is only important when there is a lengthy confirmation?
The only thing that really matters is how much work has been built up on top of the transaction. Shorter block times doesn't change that function at all. In a version of bitcoin with 1 minute block times, the security guarantee of 60 blocks is identical to the current security guarantee of 6 blocks, because it would be exactly the same amount of energy going into mining to create immutability.
The amount of work (hashes) represents a real world cost (electricity and mining chips) that can't be undone without massive commitment of these real world resources.
This is the foundation of why bitcoin works.
So basically, people who say their blockchain with shorter block times is "faster" are either fools who don't understand what's going on or conmen trying to pump and dump their bags. Layer one transaction confirmation is about settlement finality, not how fast you can pay for coffee.
I think the faster block times help with conceivably making it possible to use 1 confirmation instead of 0 confirmations for in-person transactions, as opposed to than 60 instead of 6. That tilts the odds of winning in a double-spend fraud attempt in favor of the merchant quite a bit, compared to 0 confirmations, although I don't know how to model by how much.
(You could empirically estimate by how much by looking at abandoned chain history in a real network, though.)
Great answer. This is related in my mind to the framing of crypto "pointlessly wasting" electricity - it's actually a fundamental part of securing the network by making it prohibitively expensive to reverse or modify mined blocks. I'm open to alternatives to PoW but so far it's been the most successful tool to solve this problem.
Proof of work is an alternative to military spending.
Proof of stake doesn't solve this problem, as the top stakers end up needing to control (or get coopted by) the monopolies on violence. The traditional banking system is effectively an obscured proof of stake system.
Proof of work also has the nice feature that every watt of energy used to acquire and secure bitcoin is a watt that can't be used for violence.
You might like the work of Jason Lowry, a US Space Force Major who's currently studying bitcoin conceptualized as a new kind of military technology, https://twitter.com/JasonPLowery
Long lasting anonymity of stakers is impossible. Eventually, everyone will be tracked down. There's too much power at stake to remain hidden from establishment power forever.
And anonymity of stakers who have unassailable control of the network consensus is exactly the problem. If you don't know who the king is or where he lives, then the peasants have zero ability to countervail his control authority when he starts abusing his power. No sovereign nation or person will sign up for a system like that without being violently coerced, like the US does to keep the rest of the world on the petrodollar standard.
Instantaneous payments exist, I use them several times a day, with traditional banking. I never quite understood what problem bitcoin was supposed to solve beyond anonymity.
These are instant payments, not instant settlement.
Your bank abstracts the underlying inter bank settlement complexity and aggregates all the minor transactions and transfers that individuals do to a small number of larger settlement transactions, likely on the SWIFT network.
When you make a payment, that transfer of money isn't instantly settled. The instantaneous feeling is a service that the bank provides you, but it's an illusion. There are similar experiences being built now on top of bitcoin, like http://strike.me, although the lightning network that Strike and CashApp are building upon actually is instant finality, unlike Visa/Paypal.
This is why comparing bitcoin to Visa or PayPal is fundamentally flawed, since those are both layer 2/3 networks on top of SWIFT.
The proper comparison is with other settlement networks that create finality, like SWIFT. Where SWIFT may take days to create final settlement of a transfer, bitcoin takes ~1 hour depending on how much confidence you want. Where SWIFT is secured by nation state monopolies on violence and global banking gatekeeping, bitcoin is secured by the most powerful computer network on the planet that no single nation state has the power to disrupt. Bitcoin is open and permissionless and anyone and everyone can join. SWIFT is tightly permissioned because it relies heavily on exclusive networks of humans who trust each other.
At a high level this comment is correct, but SWIFT is not a settlement network. A message on the network does not actually represent the movement of money between accounts.
I'm not convinced bitcoin solves _any_ problems at all. It isn't anonymous at all, exchanges are the gatekeepers of the whole system and they have to comply with local laws. Canada was found to be directing exchanges to not allow cashing out of certain coins and putting the coins through a mixer just automatically blacklists them from being cashed out.
Bitcoin does not provide sufficient privacy which allows exchanges to freeze tainted coins and authorities to track down real identities.
BCH is trying to keep 0-conf alive by eliminating the artificial block space constraint, removing RBF (which is really dangerous when you have an RBF-flagged grandparent tx that maybe your wallet is t looking for), and implementing double spend proofs to warn tx recipients as soon as a double spend tx appears on the network. It’s obviously impossible for an unconfirmed Bitcoin tx to be guaranteed secure, but the risk can be minimized, which is nice for everyday, low value transactions.
With no RBF how will you prevent TX's from getting stuck in a high fee environment? I know BCH thinks block space should be unlimited which means TX fees will never get high but i don't think the economics works out there.
Miners can set their acceptable minimum fee levels and orphan the blocks of miners who accept transactions with fees that they think are too low. This is essentially cartel behavior with an incredibly strong enforcement mechanism. There should never be a “high fee environment” due to an artificially low block size cap.
That’s the point. They can. Are you reading this as me thinking the collusion on minimum fee levels between miners being a bad outcome? I think it’s going to become necessary as the block reward goes to zero, and therefore it’s necessary and good for the system. It’s nice that Bitcoin (including BCH in “Bitcoin”) has a the block orphaning mechanism for enforcing cooperation in this manner. It’s much stronger than enforcement mechanisms available to cartels such as OPEC.
You don't even need to do anything on bitcoin side if you value the 0 confirmation. You offer the goods or services before you receive the payment. It's like a restaurant that serve the food first and receive payment later. The restaurant do that because they trust the customer to pay up.
More likely the reason this isn't done is to allow customers to buy more (drinks/dessert, do so in a single transaction, and tip post-service. Not because the amount is unknown.
Seeing as “remember the password” does about nothing in the desktop app on my own machine near which only I ever come—Steam's attitude toward the users is crystal clear, and I'd say it's weird that they lived almost two years with that arrangement.
Convenience and security are always in tension - and steam account takeovers are very common, as they can have tradable assets worth hundreds or thousand of dollars.
A feature of bitcoin is it’s stubborn system stability and resistance to change :)
One of the odd benefits of this is that old forum posts and discussions have a good chance of being relevant.
Although I will say lots of progress has been made in p2p message propagation (since this isn’t directly a part of consensus) which could definitely prevent orphan blocks, so you may be on to something in this case.
Yeah, the biggest effects on the number of orphaned blocks should be the number of distinct mining pools and the latency between them. I could see some of those numbers changing enough to matter since 2013, but I'm not all that sure.
But it is much riskier for the fruadster after 1 transaction. With 0 confirmations it is almost certian that a new transaction with a higher fee will replace the older one. With 1 confirmation you have to either swing a lot of mining power or hope that your block becomes orphaned. The fraud likely doesn't make sense anymore if you lose your money 24/25 times instead of almost never.
Then Steam can accept that lower risk and mitigate further by then revoking game access.
> Steam back in the day used to accept 0 confirmation bitcoin spends. This means that the transaction has been gossiped on the bitcoin p2p network but had not yet been mined into a block and thus had minimal finality guarantees.
Because I am pretty sure it isn't true. I am one of the few people who used bitcoin on steam during this time and I don't remember it ever being instant. I would like to see clarification to the top point because I don't think it is true...
In my opinion when he says "fraudulent" he is probably talking about how people would use it to avoid bans. Steam would track banned users that remake accounts by checking their CC. They would also verify the people by making sure the address on the CC was close or the same to the address on the account.
With Bitcoin you could avoid any tracking from remaking an account which leads to more 'bad actors' using Bitcoin. For reference you needed to spend something like $5 - $10 to enable trading on the platform. From their people would phish, scam, and break the TOS on the account.
I used bitcoin all the time on steam and there was a time when they were using 1 conf but the majority of the time they used 0 conf with bitpay. Couldn't find anything official with a quick goog but here is a reddit comment from 5years ago corroborating 0 confs on steam: https://www.reddit.com/r/Bitcoin/comments/6arpvq/comment/dhg...
It is possible I am incorrect then. I remember it always taking 5 - 10 minutes before any funds hit my account. I never actually counted the confirmations so it is very possible I am just wrong and they were doing 0 conf. At the same time I am surprised BitPay would have been structured this way and not experience a major attack...
Alright, that is a point I did not consider. This makes me feel that it is difficult to use Bitcoin for expedient transactions, due to the fact that you'd need to put high fees on each transaction.
It was my understanding that RBF does not work by double spending, but by making a transaction with a much higher fee that depends on the parent transaction which means you would need to mine both to get the higher fee.
You say wait 3-6 blocks -- which makes sense for large transactions, but are there cases where 1 blocks have been getting reversed? Is this happening now because some parts of the network are on stale or diverging info?
That’s not really a double spend issue, though. Usually the blocks are found within a very short time between them. Unless the double spender is coordinating with a miner, orphaned blocks are a non-issue. It’s 51% attacks that would be the real problem.
This is the answer to what I was asking. Not sure who I offended to get downvoted.
edit: I guess my point is that if you're selling coffee and making 100 $6 transaction, going 1 block deep probably isn't a big deal. If you're selling one car a month, you might not want to risk the small chance of an orphaned block -- but a one hour hold on title is a whole lot better than waiting for a check to clear.
Unfortunately no details were given about what makes 50% of all bitcoin transactions “fraudulent” ?
What does that even mean?
* did someone try to send something other then bitcoin to a ₿ address?
* did a client claim he payed and did the payment seem to fail on his end?
* did a client not realise that you as payee also pay for the network fee?
Nowadays these kind of problems would be easily prevented by using bitcoin lightning payments, because they work in a fraction of a second and specify the exact amount that has to be payed.
Also they are almost free of transaction costs.
Steam marked me as a "fraud" because I used my European Revolut card to try and make a purchase when I lived in Indonesia.
I get that they don't want European people to pay Indonesian prices through a VPN or whatnot, but I was living in Indonesia and living off a local salary; I thought marking me as a "fraud" was rather harsh; with the increased ease of international banking there are loads of cases where this is perfectly legit (Spotify also doesn't allow it, but is far less harsh in how they communicate it – Netflix posed no problems; it's also circumventable by using gift cards, which is how I used Spotify, but I never tried this for Steam).
Anyway, I'd wager a significant chunk of the "fraud" cases is stuff like this: circumvention of regional pricing.
I used to work for a company that does this sort of fraud detection. Using a credit card from a rich country in a developing country for an online transaction screams stolen credit card number. Fraudsters often use services like Steam where you can buy something fairly cheap to test the card number, then they go to the effort of trying a bigger transaction.
I'm on vacation in Croatia and my Spotify Premium expired. I tried to renew it with my Dutch card and was rejected, so I had to use a VPN set to Amsterdam...
I’m visiting Macedonia. I changed the email address on my Capital One account (migrating off Gmail) and they froze all 4 of my cards. To unfreeze them, I had to provide my drivers license, social security card, and proof of residence in the USA & then wait two weeks. There was no process for accelerating the timetable.
Did you notify Capital One you were in Macedonia at the time? Every time I’ve been abroad, I had to notify any card issuers first, just to make sure the charges weren’t flagged.
Otherwise, this level of fraud detection and response should be considered normal (and good).
I did not notify them, but they can clearly see I’ve been using the cards for the last two months. And I’ve called my card companies in the past to notify them of upcoming travel, and they all told me it was unnecessary with the new chips. If I had changed my email using my laptop & VPN connection to the USA, maybe I wouldn’t have had a problem, but I used the mobile app.
I didn’t mind the cards getting frozen. It could have been fraud for all they knew. What I did not appreciate was the fact that it took two weeks & multiple calls to my credit union to resolve proof of address. I was lucky that I had my social security and with me, and that I had a backup credit card from a different bank, otherwise it’s don’t k is what I would have done.
Capital One froze the cards. I don't think gmail has the ability to freeze someone's cards. Has nothing to do with gmail at all, just the change of email address in Capital One.
There's loads of services that are very anal about it. I also couldn't order a charger for my ThinkPad when I lived in New Zealand because the Lenovo website didn't accept my euro card, even though the shipping address was to New Zealand. I contacted support: nothing they could do. Had to use a friend's Kiwi account.
Stuff like this is why I just started keeping the accounts around as I move about instead of closing them.
The issue is that each country has its own Spotify pricing (eg. Croatia was half the price) and they don't let you select your country, they select it for you based on IP geolocation.
My Spotify's country was set to the Netherlands but after 2 weeks abroad it forced me to change my country to Croatia (maybe due to music copyright laws? No idea).
I think you figured it out. In general "fraud" gets used as an abstraction-primacy obfuscation term just like the more extreme "identity theft". The claim is obviously not akin to credit card fraud, and Valve doesn't describe the mechanics of what they're calling "fraud". So it's likely the one of the least offensive possibilities - like routing around their regional price discrimination. Which would make perfect sense as there's no identifying metadata tying a payment source to a location in the way that say a credit card does. Of course from the customer's perspective this is simply making the market more efficient, and I'll make sure to play my tiniest violin.
If Valve didn't want to see any forex risk on the sale, they end up incurring it on refund. If people are using it as an easy way to store money in USD and then convert back to BTC when the rate goes up, that can get expensive in a hurry.
It could also be that they used Coinbase or some other provider to act as a processor, and Coinbase charged the merchant if there were chargebacks on Coinbase's accounts.
As an American living outside of America, getting non-US investment accounts is impossible, and most US banks don’t want non-residents investing, and lying about your address can get you in hot water with the IRS (are you, or are you not living in the US?).
Crypto companies follows much the same pattern and in some cases you can buy crypto but can’t cash out. If you could buy a game with bitcoin and get cash-money in a refund, this is quite viable.
We haven’t even started talking about money laundering…
Iirc, Steam refunded money in your local fiat, and used a third party processor. There was a small forex risk on the sale (when the btc transfer started vs when it was sold), but that should even put in the long term and they're selling now bits so they have the ability to absorb the cost.
Likely using stolen credit card credentials to buy bitcoin and then use them to buy things on Steam. They already have a massive problem with that without introducing bitcoin into the equation
that doesn't make any sense. The 'fraud' in your scenario and where the point of contention lies is between the the credit card company and the exchange where it was onramped. There's no way the exchange is then going to go through the effort to track the btc to steam and say 'Hey, that transaction that didn't come from our exchange wallet was fraud i want the BTC back.'
Also - That's just like fraud with extra steps? Why even usee btc?
yeah - Some. crypto companies have that too now though. Most exchanges have haulted the ability to buy crypto with credit altogether.
But Crypto.com allows you to buy up to $30 worth of crypto with a credit card and cards online are pennies on the dollar online if bought in bulk.
An astute con artist would recongnise that the only real verifications credit cards have at their disposal is geolocation and shopping habits. So if one were to buy CC online, create a bot to enter the details onto the crypto.com exchange, route the traffic through a VPN using the CC address as a base, send the $30 worth of crypto you bought off exchange and into a wallet, using Tor and some clean Eth you bought in cash to pay the gas fees, Wrap the BTC in WBTC, throw it on uniswap, swap for some privacy coin, use that privacy coin to send to another wallet within that private ecosystem so the headers on the node are lost and bam. You've got some clean crypto that you've fraudulently bought with a credit card but can never be claimed as fraud!
That's not what they said at all though. Have you never been traveling and had your CC declined and your bank immediately calls you to verify the purchase? Credit cards do have checks in place to immediately flag them as fraudulent. This is not related to bitcoins and they never said it was.
On top of that, if you use a stolen credit card to buy a steam game and the original owner files a chargeback, your entire steam account gets banned. So yes it's extremely relevant here.
If instead you buy BTC on an exchange and then spend those BTC on steam, it's less likely to be flagged as fraud (at the time) because the BTC is purchased from an American website. Then you spend the BTC on steam. Then once the credit card is reported as stolen and a chargeback filed, it's the crypto exchange who gets hit. The chargeback is never associated with Steam and you can buy Steam games from a lower-priced market without the CC company ever being aware.
How would Steam even learn about that? The person getting scammed in that situation is the person selling bitcoins for credit card payments, since those payments will be canceled by the card holders bank.
Does anyone actually sell bitcoin via credit card transactions?
There are some resources out there if you search for the stages of money laundering. Companies that have to fight money laundering have to know what it looks like and what they can do to catch it.
The stages are Placement, Layering, and Integration.
> This is an incredibly unrealistic money laundering scheme, entirely fabricated by mr_cyborg.
Using stolen money to buy gift cards, using those gift cards to buy real things and then selling those real objects or licenses or accounts after the fact is a well known process. Substituting "bitcoin" or any cryptocurrency for "gift card" is neither unreasonable nor unrealistic.
This only makes sense where “stolen money” is money that you don’t actually control, such as stolen credit cards where the transactions will inevitably be charged back. In that case it does make sense to buy and sell gift cards in order to “cash out” the money.
This does not make any sense in the context of bitcoin.
- Use BTC to buy Steam cosmetics that you already own and Steam converts that BTC to USD.
You now have effectively used a stolen credit card to convert its value to cold hard cash that is not traceable, or at least requires several hoops to jump through to figure out who stole the card.
You got it backwards. It is much easier to sell crypto "scams" than games and cosmetics. At any given time, there are a lot of people ready to buy your BTC. For games and cosmetics, not so many.
I doubt steam is doing blockchain analysis, tracing back where the coins came from, and seeing whether the exchange that sold them the coins were defrauded or not.
> First off, why not? Why would you doubt that when they're a massive storefront and deal with fraud of all kinds?
1. The anti-fraud tech used for credit card fraud (ie. stolen credit cards used for unauthorized transactions) don't really translate well to the fraud described here (ie. stolen cryptocurrency).
2. it makes sense for ecommerence merchants to do anti-fraud stuff, because they're on the hook for fraud. the same does not apply to cryptocurrency transactions.
>But also, wouldn't it be fairly easy and beneficial to have this information? Exchanges know what wallets are charged back and fraudulent.
1. I haven't heard of such blacklists being around, especially in 2017 (when steam stopped accepting payments)
2. such blacklists would likely be ineffective, because of mixers and lack of coordination (see previous point)
3. such blacklists threaten the fungibility of bitcoin, which would probably cause backlash from potential customers.
>Is it not in their interest to work with Steam?
1. it might be in their interest to work with steam, but not the other way around
2. even though steam might have huge sales volume, it's not going to be the primary route criminals cash out. if you stole tens of thousands of dollars in crypto, I doubt you'll spend a significant portion of that on games. You only have so much time, and games are relatively cheap. Meanwhile localbitcoin has people willing to give you literal cash for a few percentage points cut. There's a reason why all the anti-money laundering regulations target banks and other high cash volume businesses (eg. pawn shops), and not bestbuy or mcdonalds.
>Or even, is it not in the exchange's interest to do this analysis and demand the coin from Steam?
If [random exchange] messaged me and said that some coins I hold were 10% tainted from 10 transactions ago, and wanted me to return them, I'd tell them to fuck off.
They wouldn't be blacklists. You only learn after the fact so its more about the analytics.
>I'd tell them to fuck off.
Well that's nice but if you get paid with stolen money, you don't just get to keep the money and tell them to fuck off. Steam would be liable to return the funds.
>They wouldn't be blacklists. You only learn after the fact so its more about the analytics.
I mean, that goes back to my original question, why would they do this? Does bestbuy run analytics on the cash they receive to see how much % of their cash purchases were "fraudulent"?
>Well that's nice but if you get paid with stolen money, you don't just get to keep the money and tell them to fuck off. Steam would be liable to return the funds.
IANAL, but I thought this only applied to stolen goods, not cash? I heard of authorities seizing cash when they raid a drug house, but not randomly seizing people's cash because they happened to carry a bill that was involved in a bank robbery.
Again, that's because credit card companies and/or merchants eat the cost of fraud. That's not the case with cash. The FBI isn't going to be raiding bestbuy's stores looking for stolen bills.
In this case, it's still private self interest in the exact same way. If a stolen credit card is used to buy Bitcoin, then Bitcoin is used in Steam, who eats the fraud and why would they not push against the others for restitution if it's all trackable?
> If a stolen credit card is used to buy Bitcoin, then Bitcoin is used in Steam, who eats the fraud
The credit card company and/or cryptocurrency exchange would eat the fraud.
>and why would they not push against the others for restitution if it's all trackable?
This is moving the goalposts. We're not discussing whether such a scheme would benefit banks/credit card companies/crypto exchanges, we're discussing whether valve implemented such a scheme for steam. I'm sure the aforementioned parties appreciate such a scheme, just as banks would appreciate a scheme where stores were checking the bills they accept were stolen or not. However, that says nothing about whether such a scheme exists, or whether steam was voluntarily doing so with no apparent benefit to itself. Nor does it change the fact that such a push was non-existent (or at least non-visible) in 2017.
You're right that its just conjecture of whats possible. It didn't have to exist in 2017 to know today what was fraud today. It also doesn't need to exist at scale, you could simple use a sample. To me it seems feasible and within the means, and incentives of the parties involved, but again, just conjecture.
No but the Secret Service absolutely will. The FBI doesn't deal with counterfeit currency. But it is actually the primary reason the Secret Service exists.
Sorry, I went to the article and it wasn't any more specific on what a fraudulent transaction means in this context, and I don't know what that would mean here (for the context of a purchase via Bitcoin on a user's Steam account).
All I can imagine is a case where the user claims they didn't make the purchase, "please refund", but that would be easy to disprove.
I assumed they meant spending stolen bitcoin on steam. It's common to call purchases made with a stolen credit card "fraudulent," even if there's nothing untoward about the purchase itself other than the payment instrument.
> even if there's nothing untoward about the purchase itself other than the payment instrument.
When you make a purchase with a credit card, you claim that you are an authorized user of the card, and that you will pay the bill in accordance with the account agreement.
If that's not true, it's fraud. You've knowingly made an untrue claim in order to receive something of value.
From the other comments on this thread, it seems like Steam was using a zero-confirmation payment validator of some kind. That makes bitcoin payments Steam accepted effectively a form of check, and if customers exploited this to double-spend bitcoin, then they paid steam with a hot check. Hence, fraud.
Should Steam used a different form of validation? Yeah, that would have let them reject some (most? all?) of these fraudulent transactions. But anyone exploiting that situation to double-spend coins was committing fraud just as much as if they had written a worthless check, used a stolen credit card, or tried to pass off a counterfeit $100 bill.
I thought it was always really big news whenever someone even attempted a double spend, regardless of success? So if that’s what he meant, we should have been seeing those cases in the news back then.
I remember a period somewhere in the 2010s where it wasn't uncommon to see a business experiment with accepting Bitcoin (as Steam did), before transaction fees made it impractical.
Given the way people talk about LN, and the (quite understandable!) desire to avoid credit card transaction fees, why don't we see more businesses accepting it?
(Asking this in good faith; I am admittedly ignorant about LN and have not tried making a transaction with it.)
I'm not the best person to answer, but lacking better ones, here's what I know:
* LN is technically complex, and hard for a normal person to run.
* LN requires making an on-chain transaction to open a channel. It's still vulnerable to high BTC fees and limited by the chain's low capacity.
* LN still runs on top of BTC, and has all the economic characteristics BTC has. So if it's stupid to buy pizza for $10K BTC because it appreciates, or stupid to sell a game for 0.0012 BTC because the price might fall tomorrow, then LN changes nothing about that and in some cases makes it worse. LN allows a non-cooperative party to delay things, which could be used maliciously during price swings.
* It's all still happening inside the crypto ecosystem, which is unpleasant to deal with. Think of say how people tried to buy their Tesla in BTC, then asked for their money back when the price rose. Why would a merchant want to deal with that kind of thing?
LN to me is a bit like putting lipstick on a pig -- it still leaves many significant problems in place, and adds some new ones on top in exchange for the benefits it provides.
yeah, a couple of companies in the space are experimenting with the concept of an omni-pool.
Essentially, since arbitrage bots are a constant you don't need an outside oracle to ensure there's very little slippage between assets. Addititionnally, since you are swapping inside the pool it does not incur a trade fee as you aren't trading some outside entity with a confirmation time.
Obviously it gets deep in math, but what you get it the ability to pay for anything with anything with no trading fees and a % APR for keeping your assets in the omni pool.
Solona and dot already beat visa in transaction speed, latency and confirmation time. DOT at technology maturity is looking to be able to process around 10X the transaction volumes of visa.
Low Trade Fees, cross-colatorilization, instantanious and algorithmic liquidation.
imagine i wanted to buy Tesla. I have no money but i do have GM Stock. This allows mee to trade GM directly for Tesla stock with no actual trade fee, because the trade never occurs until i pull all my money out out of the pool.
So i am exposed to the asset without having to do the centralized exchange way of selling the asset (Incurring trade fee) buying usd. selling USD for the next asset (Incurring a trade fee) then eventually selling it back to USD when i want to utilize that asset.(Incurring a trade fee).
So, like i explained before it is a much more efficient mechanism of trading any asset. Since trading is literally the bedrock of civilization and effective capital allocation through trading is what drives prosperity, creating a more efficient trading algorithmn in crypto is one of the finest achievement of our generation even though most haven't undeerstood it's significance yet.
The soverign individual was a good book for me to recognize the need for crypto in the world.
Strictu sensu, it is "decentralized". In practice, it has all the disadvantages of blockchains and none of the advantages of the traditional banking networks.
I think it’s just a matter of businesses perceiving the potential revenue increase not worth the overhead, combined with the resulting slow growth and development of ecosystem of service providers.
Running an independent node does take some management above that of a normal bitcoin node and merchant tooling and open source integrations are still coming together (though there are some good and dependable options). A merchant will need to keep an eye on their incoming liquidity, or use a service provider that does.
That being said, once you’re actually using it it’s a great experience, and for the individual enthusiast running a node can be great fun.
One service provider is Bitrefill, where you can buy Steam credits (and much else) over Lightning with a throwaway email faster than it takes for me to dig and type out a credit card out of my wallet or go through the SMS2FA BS of whatever virtual credit card-supporting bank I can find in the country I happen to be living in. Just copy and paste an invoice or scan a QR, depending on your wallet interface.
I do hope we see Lightning support in Coinbase Commerce et al soon. Unfortunately BitPay, one of the oldest and I think the most widely used payment service provider for Bitcoin, has become pretty much unusable as of lately and even if they did add lightning support it wouldn’t be interesting.
There are just too few users on the LN. Of the whole world population, there is probably fewer than 1 in a million who could just scan a qr code and make a lightning payment.
> * did someone try to send something other then bitcoin to a ₿ address?
That would not even register right? Different coins are completely separate and it wouldn't even have registered anywhere and show up in the statistic. As far as I know the addresses are also distinct between coins (so it's not even physically possible) but there are so many now and I've been out of that world for a few years now so that might have changed.
> * did a client claim he payed and did the payment seem to fail on his end?
You mean like opening a support case, claiming they have paid?
> * did a client not realise that you as payee also pay for the network fee?
That sounds possible. In this case, Steam's bitcoin client would indeed detect the transaction but it would never be mined and thus never really spent.
My first thought was a double spend, though, or perhaps that the source money was illegitimately obtained (e.g. later determined to be laundered money or so).
Bitcoin's protocol doesn't prevent a double-spend for a 'short' amount of time after payment, it just guarantees that, eventually*, exactly one of those spends would be seen and counted as valid by all compliant nodes (as long as at least 51% of the network is compliant nodes).
But nothing prevents a minority attacker from branching the chain with their own alternate history at any point, although if they did it to a 'historical' block - one deep behind in the chain - then they're doomed from the start, they could never build an alternate chain longer with the main network racing them. Their only hope is waiting for a spend to become in a valid block then immediately start another branch with a double spend, hoping they could convince enough of the network to accept their version of the blockchain where the second double spend is actually the legit one. This gets harder and harder the more blocks build on the main branch, if 5 or 6 blocks build on a block, it's pretty much impossible for all intents and purposes to invalidate that block. (Unless, again, the attacker cares enough to secure computing firepower greater than or equal to 51% of the overall network)
*: "Eventually" is a probalistic statment, theoritically an alien super computer with unimaginable power could rewrite the whole blockchain from 2009 till now in the time it takes one of ours to boot, the blockchain protocol constantly adjusts a parameter that makes mining a valid block always takes, on average, 10 minutes. Assuming no sudden computing advances, this will always compensates for increases in gradual computing power such that you always need the majority's support for dictating what's the longest branch.
The game and item are real. Hell, they may be legit games. The transactions are real. Everything is real.
But the source of the money used to buy the games is illegitimate.
Let's say, I stole $100,000. Now, I can't use this money until I find a way to explain how I have it.
If I wanted to wash it with Steam, I could go to the store, buy Steam cards or gift cards with the cash. Set up several Steam accounts, then use those cards to buy my game.
Now I'll lose some money to taxes, Steam's cut, and paying people to buy cards and games, but now I have $50,000 dollars I can use and no one is going to question where I got it.
You may be wondering why I can use the money to buy gift cards but not just deposit it in my bank, but no one is asking why someone has $100. That money is not traceable to anyone.
It isn't as widespread as it probably would be with crypto (start selling shit game, buy game with crypto, get fiat), but Steam already has problems with people doing this, it is usually just more creative as it is hard to buy stuff with stolen credit cards, but we know from a ton of news that it is very common on grey market selling sites.
Fraudulent also includes tricking people into purchasing without understanding what they are buying or how much it would cost.
In the case of crypto, there is no actual bank or payment provider through which to make a claim or facilitate a reimbursement.
In the case of the EU, the law imposes guaranteed minimal protection for online purchases. For example, any online purchase is fully reversible (including network fees) within the first 14 days following the transaction.
I don't think there are reasonable ways to meet this level of consumer service with crypto.
Another possibility is that people were using it for money laundering.
One method is to create lower-than-shovelware games, buy them with shadily acquired cryptocurrency, stolen credit cards or scammed gift cards and take real money payment from Valve. Egregious example: https://mmofallout.com/valve-bans-yet-another-laundering-gam...
There seems to be a basic misunderstanding on the part of the pro-btc ppl here all saying "how is that fraud?" or "how is that steams problem?"
If you run a business that can be used in a money laundering scheme, even if you are not a victim, you have a legal responsibility to try to limit/prevent that actually.
The crypto crowd may not like that, but it's not up to them.
I honestly don't know how to read that. Do you mean they think US law on money laundering is up to them? Or that a company like valve could reasonably get away with ignoring it?
I'd like to know what Gabe meant by fraudulent too. The whole idea of crypto is that if you send it and it's confirmed you can't get it back, which makes fraud (on the payers side) nearly impossible.
You brought up the point about zero confirmations. Zero-conf itself is fairly reliable, it certainly doesn't account for 50% transactions being fraudulent. Bitcoin introduced replace by fee in 2016. In 2017, bitcoin transition fees were high, and there was large increase in the bitcoin mempool, which led to a backlog of stuck low-fee transactions.
Replace by fee adds a major loophole to zeroconf, low-fee, stuck transactions could be rebroadcast with a higher fee and sent somewhere else even after they were "received" but not yet "confirmed" by Steam. Users could sign up, pay with Bitcoin, steam sees the payment but doesn't want the user to wait 3 days for confirmation, so steam completes the signup. After that the user rebroadcasts the transaction back to themselves with a higher fee and quicker confirmation. The original transaction doesn't go through.
Here's and discussion on how reliable zero-conf is when RBF is not part of the protocol and instead bigger blocks are mined.
As this video makes clear it is possible to relatively safely accept unconfirmed non-rbf transactions, but that requires you to take extra measures like waiting for a few seconds.
Yes, if you were going to send me $100 of non RBF-enabled crypto, I'd have no issue with waiting 3 seconds to feel reasonably sure the transaction would confirm.
Couldn't steam use longevity to decide whether to accept crypto transactions and cancel entire accounts for fraudulent activity?
Don't let bob create a new account with zero games and double spend his way to a free game because he has nothing to lose.
If Sam who has 100 games in his account with 10 year longevity cheats you insist he make good on his transaction or ban his account and don't ever let him create a new one with the same name and billing address. Sam is highly unlikely to value playing a singular game more than his account.
This seems absolutely trivial to avoid problems with.
> The whole idea of crypto is that if you send it and it's confirmed you can't get it back, which makes fraud (on the payers side) nearly impossible.
I consider "obtained somebody's credentials or private key through illegal means and then used that to purchase a good with stolen BTC" to be fraud. That the network considers this to be a normal transaction is not relevant.
I wonder, is there any legal precedent for that? Analogy with other transactions could support either interpretation. (Spending stolen cash is not fraud, but using a stolen credit card is.)
It’s really not, the idea of laundering cryptocurrency through Steam is ludicrous.
It works the other way around, people launder funds from steam into cryptocurrency. Either by buying items with stolen credit cards or by stealing steam accounts.
I don't see how that's ludicrous. There's a lot of dirty money on both sides. One could easily imagine a scheme where items or accounts loaded with games bought with dirty BTC are sold for now cleaner fiat or crypto.
This is the worst way imaginable to cash out dirty bitcoins. You can clean your cryptocurrency without paying Valve outrageous amounts for dirty fiat currency that you’ll just have to launder again.
First, it destroys the traceability of notes (because they go into the FOBT machine with one set of serial numbers and the machine is going to pay out other notes and coins in different denominations). And any cash that investigators are going to track through seizures targeting an organisation gets slowly distributed through a community via its gamblers.
Secondly and more importantly, it provides provenance to the money. The gambling money mules (inveterate gamblers who are often addicts, lower ranking gang members, or the dealers themselves) can now move very large amounts of cash around on the street, because if they are stopped by police with large amounts of cash, they have a receipt to show it is what the machine paid out! The money they are carrying is the proceeds of legal gambling, not the proceeds of drugs. It's cleaned.
You seem to have a basic misunderstanding of what was happening here. It had nothing to do with money laundering. Steam was accepting transactions before they were confirmed by the bitcoin blockchain. Its like accepting a check and handing over the merchandise before the check clears. It is also why most places don't take checks anymore.
This article I think contains the original interview with Gabe. It at least mentions the nature of the fraud [1]. He actually says "the vast majority" which sounds like more than 50% to me.
> Another thing was that the vast majority of those transactions, for whatever reason, were fraudulent, where people were repudiating transactions or using illegal sources of funds and things like that. And that's just out of control, right? You want that number, realistically, in a couple of percent, not half of all transactions turning out to be fraudulent transactions. Similarly, with the actors that are currently in this NFT space, they're just not people you really are wanting to be doing business with. That doesn't say anything about the underlying technology, it's just a reflection of the people right now who are viewing it as an opportunity to rip customers off, or engage in money laundering, or other things like that.
That's the thing if you talk to people from any political party or ideology, there are some really general ideas that may not be shocking. What matters is the reality of the actions of those people and those they believe in.
The enthusiasts are excited and altering the network towards what it should be, even if that’s simply use and being an addition to the collective conscious
Many saw something that wasn’t done and go contribute
Others saw something as static
Others saw something as stagnant and went to contribute to another network that experiences the same path towards its ideals
Completely incoherent article. What does “fraudulent” even mean? Fraudulent credit card transactions for gift cards are common, because the gift card provides a way to cash out a stolen credit card number. But if a criminal has access to someone else’s Bitcoin, it’s already “cashed out”.
I feel like your comment is unjustified and incoherent. It is obvious to many of us what "fraudulent" mean here, it could be an array of:
- previously flagged wallets moving through mixers
- purchases and refunds to facilitate money laundering
- converting to and from steam wallet to crypto etc.
It is NOT at all ambiguous which is what you are insinuating as the basis for not reading past the headline and discouraging others from doing so.
Bitcoin is a public ledger where all transactions are PERMANENTLY recorded. The law enforcement agencies have much better deobfuscation tools than 10 years ago and the tools will just continue to improve as they have INFINITE resources.
> But if a criminal has access to someone else’s Bitcoin, it’s already “cashed out”.
You are describing one type of crime that has existed far long before crypto as basis to discredit Gabe's claims and its an unconvincing argument/poorly baked logic that they tell in maximalist echo chambers.
Rather I ask, what is it that you fear so much whenever criticisms are raised? Did you transfer your savings to purchase jpegs and other insane APY that seasoned hedge fund managers can't produce?
There's the old anecdote about 20% of dollar bills having been used to snort cocaine at some point in the past. Who knows if it's true, but it seems plausible. Would it make sense for a merchant to say "we tested bills and found that 20% of dollar transactions were drug-related"?
>It is obvious to many of us what "fraudulent" mean here, it could be an array of:
>- previously flagged wallets moving through mixers
So if someone robbed a bank, used that money to buy drugs, that money ended up in my hands somehow (eg. I bought from the same drug dealer), and I used that to buy a big mac, my big mac purchase is "fraudulent" as well?
>- purchases and refunds to facilitate money laundering
How does that even work? You can only refund to the same person. It's not like you can buy a game, gift it to someone, and have that person "refund" the game to cash out
>- converting to and from steam wallet to crypto etc.
There isn't an official way to convert steam wallet to crypto
>It is NOT at all ambiguous which is what you are insinuating as the basis for not reading past the headline and discouraging others from doing so.
1. You say it's "NOT at all ambiguous" but you yourself listed 3 very different possible reasons. That sounds pretty ambiguous to me.
2. I skimmed the article and there isn't really much in the body either.
The big thing here is that blockchain is a solution in search of a problem and none of the applications that have been mooted have made sense. I have no doubt that it's going to collapse, but I wouldn't dare to put a date on it. I was pointing out the absurdity of it 10 years ago and it's still sucking people in. Then again, people still get suckered into Ponzi schemes 100 years later so ?
>The big thing here is that blockchain is a solution in search of a problem and none of the applications that have been mooted have made sense.
People and countries who are prevented from accessing the banking system or making money transfers would beg to differ.
>I have no doubt that it's going to collapse, but I wouldn't dare to put a date on it. I was pointing out the absurdity of it 10 years ago and it's still sucking people in.
The same can be said about every fiat currency. Which will collapse first? Or, more importantly, which will collapse faster?
They are irreversible and if the Bitcoin is stolen that's not the merchant's problem.
The whole point of Bitcoin is to eliminate the possibility of chargebacks and thus the need for merchant to care about whether the buyer is in good faith and whether the money is stolen.
> They are irreversible and if the Bitcoin is stolen that's not the merchant's problem.
This seems consistent with the bitcoin ethos but incompatible how the economy and legal system work. If someone buys a physical item from your physical store with a hot check, a stolen credit card, or marked bills that were just stolen from a bank, you don't get to keep the money, even if police aren't able to recover the item you sold. This is normally referred to as being defrauded.
I do believe that you get to keep cash. I don't think I've ever heard of an instance of "dirty cash" getting seized back from a merchant. Do you have an example of that?
No, but I don't really have an example of a specific credit card chargeback, either. At least in the US, the police can seize the cash as evidence, and their duty is to return it to the rightful owner, not whoever happened to have it at the time of seizure.
There is plenty of evidence that credit card charge backs are a thing, I don't think anyone would challenge their existence.
> At least in the US, the police can seize the cash as evidence, and their duty is to return it to the rightful owner, not whoever happened to have it at the time of seizure.
They do this with cash found in possession of criminals or suspects but do they do this with third parties not involved in crime? If someone unknowingly sells a car or a house to a criminal, can the cash they received for it be seized? What about legal fees. If a lawyer was found to have been paid with "dirty" money, can the cash be seized? What about cash spent at supermarkets? At the hospital? Etc. I've never heard of such a thing which is why I was asking for an example.
The only concrete example I could find is https://www.nbcnews.com/id/wbna26959902 (though to be fair my research here consisted of checking the references on the Wikipedia page for "Marked Bills").
The important thing to remember here is that possession of stolen goods or cash is a crime (cf for example https://www.law.cornell.edu/uscode/text/18/2315), so if it becomes known to you that stolen cash is in your possession, you have a legal obligation to give it back. Given how fungible cash is, this probably won't be enforced if somebody uses stolen cash to pay their bill in a restaurant, but it probably would be if someone bought a car with cash that could be traced directly back to a bank robbery.
Since bitcoin is infinitely more traceable than cash, the argument of "but how do you know this particular dollar bill was stolen?" wouldn't really be applicable.
> The whole point of Bitcoin is to eliminate the possibility of chargebacks
This is obviously false. There is absolutely nothing that compels normal payments companies to honor chargebacks. Since you don't need Bitcoin to complete this goal, this goal cannot be Bitcoins purpose.
The reason that they do it is because being consumer friendly is more important than being merchant friendly. Even merchants would attest to this fact
The number of people in this site that can't accept that half of the transactions was fraudulent is astounding.
If you're in the space, going "well actually" in every article critical of blockchain based finance doesn't help your mission at all. Ultimately you're just making up excuses for the toxic parts of the system.
Have you tried lightning network its extremely fast and cheap and pretty reliable these days. Many great mobile wallets support it now, Blue wallet, Muun, Phoenix. Hell even Cash App supports outgoing lightning payments now. Scan a QR code few seconds later done, final, irreversible.
Malware on your PC can take control of your exchange account as much as it can a normal wallet. The drive dying is why you're supposed to backup your wallet or at least record the seed.
On an exchange you're vulnerable to compromise both from your end and on the exchange's end
Average transaction does not equal a normal human's transaction. Those include arbitrary data being embedded into the blockchain, smart contracts, paying to a lot of recipients (e.g. exchanges batching payments) etc.
Well, my friend in Russia just yesterday donated $10,000 in Bitcoin to Ukrainian defense fund. Had he done that using paypal, he'd already be in Gulag being raped with a broken bottle.
Now he wants to leave Russia, but Russia is being banned from the SWIFT network, so he can't get any of his savings out. Enter Bitcoin again.
Does it actually provide any damn value at all at a macro level?
It provides macro value to coinbros and wantrapreneurs who think that bragging on social media about fake money is the same thing as owning real money. I guess that's something.
Say you're a Ukrainian fleeing refuge and you want store your life's savings somewhere safe. Pretty damn useful there. If you don't want to deal with the price fluctuations of BTC or ETH, buy stablecoins instead.
> Say you're a Ukrainian fleeing refuge and you want store your life's savings somewhere safe.
Doesn’t make sense. Why would anyone wire your bank account money to a crypto exchange, convert it to crypto, transfer the crypto to a different bank in another country, then withdraw it when they could just wire the money directly to the other country’s bank?
If you can’t wire money out of your bank account to somewhere else, you probably can’t exchange it for crypto either.
i don't know about ukraine, but i live in venezuela and i can't do an international wire transfer here. so some people can't rely on banks, but i probably can rely on someone around here wanting to take my cash or car or house and give me bitcoin if i needed to go away. i use localbitcoins a lot of buy local currency in exchange for bitcoin... and i'm not a "crypto person", but it happened to be super useful for me here in that way
But which bank are you trusting in a time of war? We've seen countries have the power to subvert savings accounts, e.g. Greece limited bank withdrawls to £5000/month. Do you trust these banks more than a distributed ledger? This is a question that needs real thought and evaluation, and crypto might be a useful option. Diversification is important.
This sounds eerily similar to various debates regarding adult content, that some companies (clearly not all becuause OnlyFans) have decided that customer segment is not worth pursuing. Not because there is no money in it, but just because it is not worth the trouble...
I am specifically thinking of the drama between payment processors and porn sites. I don't really think that Visa's position is "porn = bad" or that they would deliberately sever a profitable relationship with customers unless they were experiencing or anticipating something bad for business.
Valve seems to be thinking in the same vein here, where it is just not even worth trying to play the crypto game (pun intended...).
This article is incoherent. Say what you like about Bitcoin but fraudulent payments are not possible. And yes Gabe is right that people in crypto are criminals running scam projects
Fraudulent payments are very much possible in the "buying stuff with a stolen credit card" kind of way. This is a much more common type of fraud than the "double spend" attacks Bitcoin protects against.
Bitcoin is only resilient to fraud only if you define fraud as "violating the rules of the blockchain". Any definition of fraud that involves meatspace is possible.
Stolen credit cards are a problem for the merchant because the charges could be reversed by the bank and merchant will incur the loss.
I don't see how that is even remotely possible with Crypto. How did Steam lose money ? My guess is they might be accepting it through some payment provider (so not a true crypto) who has in their T&C to be able to reverse transactions (which must be happening in Cash on the Steam facing side).
It might not necessarily be that they lost money, it is possible it happened through the way you are suggesting, but opening up for crypto does mean Steam becomes a money laundering platform.
Criminal creates a shit game and then uses the crypto to buy that game (with alt accounts) and since *very* few developers would be happy with getting paid in crypto, Valve has to convert it into fiat(?) currency.
That could be a problem but then that would be money laundering not fraud (and Steam won't be on hook for it - just like Amazon isn't for its gift cards).
The purchases are fraudulent. A single party buys the game from themselves many times, desiring to look like a diverse crowd making legitimate purchases.
Yes they were using the BitPay provider when they were accepting Bitcoin, I assume they were made aware of that it was possible to track the transactions back to fraudulent credit card transactions, which I guess in some way could still make them liable for it.
> Another thing was that the vast majority of those transactions, for whatever reason, were fraudulent, where people were repudiating transactions or using illegal sources of funds and things like that.
Seems like it was multiple things and "fraud" is just a catch-all term and Gabe didn't bother to list everything that they considered to be fraud.
> Stolen credit cards are a problem for the merchant because
Because they don't want to process illegal transactions with illegally acquired money, because they don't want to abide or facilitate criminal conduct, wherever possible. Life and business is not merely nor always about the potential to lose money through legal ramifications.
Yes there are a ton of pitfalls and shams and bad things happening in the crypocurrency world, but this "article" is the media equivalent to the garbage projects in the crypto world. It is designed not to provide something useful, but rather to make money with questionable promises.
In my estimation, most of the activity done with people's inventory on Steam, especially skins in major games, involve one illicit scheme or another. I guess you can't or shouldn't stop people from using their skins on gambling sites. However, it doesn't seem like many of the metafeatures that the company started to build around Steam actually serve regular gamers just looking to enjoy themselves.
"People didn't figure out why we need distributed ledger"
Means rather Gabe didn't figure it out, the team didn't understand how it works, and for burned. The reasons for distributed ledger are actually quite obvious.
What exactly does it mean "fraudulent transaction" in the context of bitcoin? It's not like you can use someone else's account number to purchase stuff.
The people who buy the game then resell the key on other websites for less than you find it on steam. They can buy many licenses when the game is on sale, so even if there is no chargeback, the devs can lose money through these methods. Otherwise it is still a money laundering tactic.
Here’s a blog post where they talk about this eco system.
I'm failing to understand why is this considered fraudulent. Buy low sell high, this is how all trade works. People buying multiple keys for resale is just an unintended consequence of underpricing the product.
i suspect that steam was using a payment processor which identified that the coins were on a blacklist of sorts, and was not legitimately acquired (e.g., either stolen, or purchased with stolen money etc).
Cash is completely fungible because there is no clear trace of money from one person to the next.
If someone steals 100k of cash, there is a very low probability that the serial number of those bills were recorded somewhere. And even if they were, you couldn't easily trace the money though complex systems.
Bitcoin on the other hand is a complete and open ledger. When these large heists that constantly happen, it is trivial to identify the transactions that happen afterwards.
Cash is actually anonymous and Bitcoin is only pseudo-anonymous.
Which iirc was the basis for "cleanly mined" btc with little to no transaction history on-chain and tumbler/mixer services that attempted to obfuscate it.
The fact that it’s difficult or expensive to track does not mean it cannot be. Technically it’s possible to force every cash handling business to scan (just like you scan an UPC) each bill.
"This note is legal tender for all debts, public and private."
If I buy you lunch today, you can pay me back next week. We're not "cash handling business[es]", so we wouldn't have to scan.
Second, I don't think it's technically possible. For companies that do business across state lines, sure, but within a state's border, interstate commerce laws don't apply. Each state would have to enact a similar law. And best of luck with that.
Walmart (like all large retailers) spends a ton of effort trying to address e.g. laundering efforts with gift cards, actually. Google around for all the press releases about how they partner with the FBI, etc... They absolutely recognize that they're part of the laundering chain (and that this makes them liable to punishments under AML statutes, of course).
Walmart (like all large retailers) spends a ton of effort trying to address e.g. laundering efforts with gift cards, actually
For example, you can't buy a gift card in an Apple Store without signing a statement promising that you're not buying the gift card because a stranger online told you to.
Sounds ineffective on the surface, especially to jaded tech-types, but it's enough to give real people in the process of being scammed an opportunity to think about what they're doing.
bitcoin should be seen in the mainstream as a universal payment network. I believe its best use case for the average(non-cypherpunk libertarian) person/company is to accept it by using a service that automatic exchanges it for dollars on their end.
For example, someone in africa could pay .001 BTC($40 currently) for a game and all steam would see on their end is a debit transaction for $40(cash not bitcoin) in their account. It allows for bitcoin to be held by those who don't mind the volatile nature of its market value, AND allows for those wanting to accept without holding it in the short term. Win Win for both parties :)
> For example, someone in africa could pay .001 BTC($40 currently) for a game and all steam would see on their end is a debit transaction for $40(cash not bitcoin) in their account.
Transaction fees and exchange fees will diminish that received value and force the customer to pay a fee to pay for something.
The net cost of Bitcoin transaction fees and exchange fees is higher than just using a random, common credit card processing company. It’s also slower for users.
Let’s be real: Gamers don’t really want to pay extra transaction fees for the privilege of sending Bitcoin and waiting as much as an hour or more for the transaction (my latest Bitcoin payment took longer than an hour) before they can play their game. Not when they can type in a credit number and get it done right away for 0 fees (or negative fees with reward cards)
You're forgetting the tax implications here. Steam is still on the hook for sales(and other) taxes. The problem was never just picking an exchange currency. It was the legal hurdles that made this complicated. Those hurdles are still there. They apply to everyone but especially in Valve's case as they are not under the radar.
i can pay for anything in the economy right now with BTC. It's called a crypto debit card... look it up.
I don't understand this sentiment. A) 50% of btc transaction were fraudulent makes zero sense. The technology behind BTC ensures it can't be fraudulent. So unless someone wants to explain to me how the hackers broke BTC's consensus to buy... videogames? it makes noe sense.
I'm in the U.S., too. You must not go very many interesting places, or find yourself in very many interesting situations.
I guess maybe a crypto debit card is good for people who lead plain lives. Like hanging around town and going to the movies and the candy store. But I require both cash and a real credit card for my life. Debit cards have failed me too often.
Okay - but now we are really picking at semantics here, aren't we? If i changed my answer to everywhere who accepts a debit card can accept crypto, does it really change the sentiment of what i'm trying to convey?
Because at that point i can go on a tangent and say well, the USD is actually accepted at less places than BTC because i can use my debit card in mexico but you can't use USD.
So now we're talking about Mexico? You specifically stated that you were in the U.S. and talking about the U.S. in your original comments. I'm starting to believe that you are in neither, or have only a tourist's experience in either.
in mexico but you can't use USD
This is completely the opposite of my experience in Mexico, which is mostly in Chihuahua and TJ. I've never had any problems using USD in Mexico, and some people actually preferred it. And while plastic was widely accepted, cash was absolutely king.
I haven't been to Mexico since just before the pandemic started, but I don't believe the situation has changed all that much in that short a time.
Steam back in the day used to accept 0 confirmation bitcoin spends. This means that the transaction has been gossiped on the bitcoin p2p network but had not yet been mined into a block and thus had minimal finality guarantees. Steam could see that they were going to receive a bitcoin payment (when the transaction was mined into a block) and would credit the users account instantly for a better purchase UX.
Turns out anyone with some deeper understanding of bitcoin could construct another transaction spending the same bitcoin back to themselves before their original transaction was ever put in a block. The bitcoin community moved away from accepting '0 conf' transactions pretty much everywhere because of this reason.
In fact the high fee era (2016-2018) saw many wallets incorporating this "double spend" feature into their wallets. This is known as RBF, "replace by fee" and is really useful when you need to bump your transaction up the queue. You replace your old transaction, that is waiting to be mined, with a new one that offers a higher fee to incentivize miners to add it to a new block.
I think its rather unfortunate that 0 conf transactions were written off so quickly. There are many context where a 0conf tx makes sense, mostly IRL. But, if you are running a business online and you don't trust you customers you should wait 3-6 blocks after the transaction has been mined before delivering your goods.