Decentralization has never been an end-state. In hindsight, it has always been a vessel for achieving a concession from a centralized body it is protesting.

Every decentralization play has followed a simple pattern: protest a market inefficiency, win that protest via a major concession, and then disappear back to fringes of society.

You can see this throughout history.

MUSIC [1999–2008]

If you want to legitimately pay for downloadable music you need to access dozens of Web sites using a variety of different programs that may or may not be compatible with your hardware. …


The Lightning Network is a Layer 2 solution that allows you to create micropayment channels with other Bitcoiners. It allows instant and trustless peer-to-peer transacting while limiting the amount of data needed on-chain. You can read more about how it works in our post here.

Any two individuals on the Lightning Network can transact without needing a direct payment channel open with one-another. The sender does not directly pay the intended recipient; instead, they pay a user with whom they do have a channel open. …


Attackers have well-defined tactics for targeting your online accounts. Following these simple steps will improve your security posture.

#1: Disable SMS Account Recovery

Your email provider likely allows you to set a Recovery Phone Number. That is, if you click Forgot Password? on the sign-in page, your email provider will text the phone number associated with your account a one-time code that, when entered, allows you to reset the password and log in to that account.

If you don’t know if you have this enabled, there’s a good chance you do, and having it enabled is a bad idea. Attackers can get control of your…


Image Credit: Eltoo Whitepaper

The Lightning Network is a Layer 2 solution that allows you to create micropayment channels with other Bitcoiners. It allows instant and trustless peer-to-peer transacting while limiting the amount of data needed on-chain.

In this post, I break down exactly how it works, as well as a newly proposed update protocol within it called eltoo (named after L2).

Unidirectional Channels

Unidirectional payment channels are the simplest to implement in the Lightning Network because money only flows in one direction. The most common use case is streaming money; for example, a micropayment for each minute of a video you watch.

Say you want…


These are the 7 ways I can attack you if you use any form of two-factor authentication other than Universal Two-Factor (U2F).

If you use SMS instead of U2F…

SMS 2FA is arguably the weakest kind possible. Instead of the second-factor being tied to your physical device, it’s tied to your phone number.

Attack #1: Retrieving codes by attacking voicemail systems

Many services like Gmail and LinkedIn allow SMS-based account recovery. If you forget your password, you can receive a text to your phone with a code that allows you to log in.

Some services let you receive that code via phone call as well. …


Trezor’s firmware is open-source. Its crypto library is used widely by companies like TrustWallet for generating wallets in Bitcoin and Ethereum. Let’s examine how the Trezor crypto library generates mnemonic seed phrases for Bitcoin and Ethereum.

An example mnemonic seed phrase.

If you’re not already aware, mnemonic seed phrases pull from a well-defined wordlist containing 2048 words. Secure mnemonic phrase generation is a function of how you index into that wordlist to select words from it. Since there are 2048 words, you need 11 bits to reach every possible word.

The first function the Trezor firmware calls to generate a mnemonic seed phrase is mnemonic_generate()


Unlike other cryptocurrencies, Grin does not use addresses. To send or receive Grin, the sender and recipient must send information back-and-forth between one-another.

One way to do this is through a file. This file can be shared over a period of seconds, days, years, or anything else.

Let’s examine the contents of this Grin transaction file as it gets passed around.

Before reading this post, I recommend reading “Grin Transactions Explained, Step-by-Step” to understand some of these fields.

Exploring Grin Transaction Files

Say you want to send 10.25 Grin to Bob, and you two want to exchange the necessary information for this transaction…


Grin is an exciting new cryptocurrency leveraging the MimbleWimble protocol. But tutorials on Grin are notoriously nondescript.

This post aims to share exactly how Grin transactions work.

An output in Grin is a Pedersen Commitment. Any output will take the following form:

A Grin output, which is a Pedersen Commitment.

A Pedersen Commitment is a clever way to hide information. If this is your first time hearing about commitments, think “shielded value” any time you see that word.

The following, taken from the Grin wiki, is an excellent primer as to what’s happening here:

If we pick a very large number k as a private key, k*H is…


TL;DR:

Do you notice anything about these two ideas?

  1. Creating a government that can never become too powerful.
  2. Creating a currency that can never be corrupted or seized.

They’re identical. And the word motivating both?

Tyranny.

Context

The Founding Fathers declared independence against the British because of what they deemed tyranny.

When they won, they wrote a Constitution to create a form of government that could never be too centrally powerful.

The U.S. Government is Bitcoin is practice. Let’s look at how.

Yes, It’s Trustless

Because the U.S. Constitution is not technically enforced like Bitcoin, the government “promising” to behave a certain way…


Scams in the cryptocurrency world run rampant. Reported scams on tracking site EtherscamDB total more than 38,179 ETH (~$23 million) which have been taken from users. And this is only what we can trace!

  • Fake MyEtherWallets/MyCryptos: $7.57 million
  • Fake ICOs: $4.5 million
  • The word “give”: $1.48 million
  • Punycode lookalike domains: $507,000
  • Fake exchanges: $502,000
  • The word “gift”: $459,000
  • Elon Musk scams: $32,000
  • TOTAL: $23 million

This data can be queried on dirtyeth.com, an engine I made to calculate how much scams have stolen.

Scams today are so effective that even when someone like Vitalik Buterin adds “Not giving away ETH”…

Brandon Arvanaghi

@Layer1. Bitcoin, security, energy, and economics. Former early @Gemini.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store