Most active commenters
  • jclarkcom(14)
  • KetoManx64(12)
  • (8)
  • chaps(7)
  • immibis(6)
  • fragmede(5)
  • anonym29(5)
  • 8organicbits(4)
  • nightpool(4)
  • Grimblewald(4)

I have recordings proving Coinbase knew about breach months before disclosure

(jonathanclark.com)
685 points jclarkcom | 232 comments | 16 Nov 25 20:18 UTC | HN request time: 3.356s | source | bottom
1. jclarkcom ◴[16 Nov 25 20:18 UTC] No.45948059[source]
In January 2025, I was targeted by scammers who knew my exact Bitcoin balance, SSN, DL, and other private Coinbase account details. I immediately reported this to Coinbase's Head of Trust & Safety with recordings and technical evidence. Despite repeated follow-ups asking how attackers had my data, Coinbase went silent for 4 months. They only disclosed the breach in May after attackers demanded $20M ransom. The breach involved overseas contractors at TaskUs being bribed for customer data. This article documents the timeline with emails, recordings, and evidence showing Coinbase was aware of the breach months before their official "discovery" date.
replies(3): >>45948243 #>>45948376 #>>45952887 #
2. jmclnx ◴[16 Nov 25 20:43 UTC] No.45948233[source]
Isn't there a new law from the Biden era that forces a company disclose breaches to their customers and the SEC within a few weeks ?

If so and if the US had a sane administration maybe, this would be acted upon, but these days, anything goes as long as you 'donate' to the ballroom.

replies(1): >>45948271 #
3. scottiebarnes ◴[16 Nov 25 20:45 UTC] No.45948243[source]
Are you going to be suing?
replies(1): >>45948296 #
4. divvvyy ◴[16 Nov 25 20:46 UTC] No.45948256[source]
Wild tale, but very annoying that he wrote it with an AI. It's horribly jarring to read.
replies(7): >>45948370 #>>45948402 #>>45948417 #>>45948447 #>>45948460 #>>45948476 #>>45950991 #
5. jclarkcom ◴[16 Nov 25 20:48 UTC] No.45948271[source]
Yes, I did briefly touch on that in the article. "SEC rules require timely reporting of material cybersecurity incidents."

Looking into this more now I see SEC Rule requiring disclosure within 4 business days of determining a cybersecurity incident is "material"

There is a big list of SEC violations as a result: 1. Late Disclosure (Item 1.05) If materiality was determinable in January → 4-day rule violated Penalty: Fines, enforcement actions

2. Misleading Statements/Omissions (Rule 10b-5) Any public statements about security between Jan-May could be problematic Omitting known material risks = securities fraud

3. Inadequate Internal Controls (SOX) Failure to properly investigate and escalate user reports Inadequate breach detection systems

4. Failure to Maintain Adequate Disclosure Controls My report should have triggered disclosure review Going silent suggests broken escalation process

6. jclarkcom ◴[16 Nov 25 20:52 UTC] No.45948296{3}[source]
I would consider it but I'm not sure what my options are on this.
replies(2): >>45948373 #>>45948390 #
7. AlexErrant ◴[16 Nov 25 20:54 UTC] No.45948315[source]
Here's a Reuters report from June 2, which includes a link to a May 14 SEC filing:

> Cryptocurrency exchange Coinbase knew as far back as January about a customer data leak at an outsourcing company connected to a larger breach estimated to cost up to $400 million, six people familiar with the matter told Reuters.

https://www.reuters.com/sustainability/boards-policy-regulat...

> On May 11, 2025, Coinbase, Inc., a subsidiary of Coinbase Global, Inc. (“Coinbase” or the “Company”), received an email communication from an unknown threat actor claiming to have obtained information about certain Coinbase customer accounts, as well as internal Coinbase documentation, including materials relating to customer-service and account-management systems.

https://www.sec.gov/Archives/edgar/data/1679788/000167978825...

replies(2): >>45948341 #>>45948492 #
8. jclarkcom ◴[16 Nov 25 20:58 UTC] No.45948341[source]
Very interesting... January 7th is when I reported it to them so that lines up. I suspect I wasn't the very first person, the person I spoke with on the phone had the confidence I wouldn't expect on the first try.
9. chaps ◴[16 Nov 25 20:59 UTC] No.45948347[source]
Once did some programming/networking work for a company that did the networking of a office sharing building that Coinbase was running out of. Early in my work there I noticed that the company had its admin passwords written on a whiteboard -- visible from the hallway because they had glass for walls. So I sent them an email to ask that they remove it (I billed them for it).

Their fix was to put a piece of paper over the passwords.

What a time.

replies(4): >>45948409 #>>45948413 #>>45950978 #>>45970370 #
10. Grimblewald ◴[16 Nov 25 21:02 UTC] No.45948370[source]
How do you know?

I'm not trying to be recalcitrant, rather I am genuinly curious. The reason I ask is that no one talks like a LLM, but LLMs do talk like someone. LLMs learned to mimic human speech patterns, and some unlucky soul(s) out there have had their voice stolen. Earlier versions of LLMs of LLMs that more closely followed the pattern and structure of a wikipedia entry were mimicking a style that that was based of someone elses style and given some wiki users had prolific levels of contributions, much of their naturally generated text would register as highly likely to be "AI" via those bullshit ai detector tools.

So, given what we know of LLMs (transformers at least) at this stage it seems more likely to me that current speech patterns again are mimicry of someones style rather than an organically grown/developed thing that is personal to the LLM.

replies(4): >>45948451 #>>45948470 #>>45948568 #>>45949584 #
11. tyre ◴[16 Nov 25 21:02 UTC] No.45948373{4}[source]
You’d need to prove harm, which is somewhat nebulous here.*

Matt Levine has a prescient and depressing quote about the only recourse for being being shareholder lawsuits:

> I find all of this so weird because of how it elevates finance. [Various cases] imply that we are not entitled to be protected from pollution as citizens, or as humans. [Another] implies that we are not entitled to be told the truth as citizens. (Which: is true!) Rather, in each case, we are only entitled to be protected from lies as shareholders. The great harm of pollution, or of political dishonesty, is that it might lower the share prices of the companies we own.

* To be clear, I don’t think it is nebulous, and you’re right to feel harmed. But, legally, I don’t know the harm in “they didn’t respond to my emails” after there’s no concrete damage.

12. nightpool ◴[16 Nov 25 21:02 UTC] No.45948376[source]
You mentioned that the DKIM headers "passed validation for coinbase.com". How could that have been possible, if the email was a phishing email? I'm not sure I understood that part, especially because you didn't provide any examples of the header data you received from the attacker.
replies(1): >>45948802 #
13. BrenBarn ◴[16 Nov 25 21:02 UTC] No.45948380[source]
[flagged]
replies(3): >>45948431 #>>45949402 #>>45950790 #
14. tchalla ◴[16 Nov 25 21:03 UTC] No.45948381[source]
Founder mode.
15. anonym29 ◴[16 Nov 25 21:04 UTC] No.45948387[source]
Has anyone demonstrated that agentic AI systems can be bribed with money, or is that vulnerability still strictly relegated to unrealiable, untrustworthy biological intelligence?
16. criddell ◴[16 Nov 25 21:05 UTC] No.45948390{4}[source]
Were you harmed?

I've never looked at the Coinbase agreement that's presented when you open an account, but chances are you would have to go through arbitration first. That's not necessarily a bad thing.

17. glitchc ◴[16 Nov 25 21:08 UTC] No.45948402[source]
Supporting evidence required.
replies(1): >>45949471 #
18. Aurornis ◴[16 Nov 25 21:08 UTC] No.45948409[source]
> So I sent them an email to ask that they remove it (I billed them for it)

Sending unsolicited bills for unrequested services is a great way to make sure nobody takes your email seriously

replies(2): >>45948454 #>>45948734 #
19. paulbjensen ◴[16 Nov 25 21:08 UTC] No.45948410[source]
I got rung in the UK I think a month ago from someone claiming to be from Coinbase. I told them I only had about £5 of Bitcoin cash in my account (which was true), and they immediately lost interest and said a forthcoming email would handle the matter.

They also asked if I had cold storage. I told them I had a fridge (also true).

replies(2): >>45948457 #>>45950876 #
20. 650REDHAIR ◴[16 Nov 25 21:08 UTC] No.45948413[source]
This doesn’t surprise me at all.

Bitcoin, and really fintech as a whole, are beyond reckless.

replies(5): >>45948422 #>>45948453 #>>45948644 #>>45952637 #>>45953031 #
21. monero-xmr ◴[16 Nov 25 21:10 UTC] No.45948422{3}[source]
Ah yes, I remember all the times they hacked bitcoin
replies(5): >>45948425 #>>45948428 #>>45948530 #>>45948750 #>>45948924 #
22. ◴[16 Nov 25 21:11 UTC] No.45948425{4}[source]
replies(1): >>45948473 #
23. jamespo ◴[16 Nov 25 21:12 UTC] No.45948428{4}[source]
lol monero in username
24. anonym29 ◴[16 Nov 25 21:13 UTC] No.45948431[source]
Your employer doesn't utilize low-cost overseas labor to pad margins?
replies(1): >>45949186 #
25. ◴[16 Nov 25 21:15 UTC] No.45948447[source]
26. gmzamz ◴[16 Nov 25 21:16 UTC] No.45948451{3}[source]
Looks like AI to me too. Em dashes (albeit nonstandard) and the ‘it’s not just x, it’s y’ ending phrases were everywhere. Harder to put into words but there’s a sense of grandiosity in the article too.

Not saying the article is bad, it seems pretty good. Just that there are indications

replies(1): >>45948699 #
27. KetoManx64 ◴[16 Nov 25 21:16 UTC] No.45948453{3}[source]
Bitcoin is a crypto-currency/blockchain. Coinbase is a corporation that allows users to buy/trade crypto-currencies.

With Bitcoin you do not get government bailouts like what happened with the beyond reckless banks in 2008.

replies(4): >>45948733 #>>45948881 #>>45948941 #>>45950620 #
28. nightpool ◴[16 Nov 25 21:16 UTC] No.45948454{3}[source]
GP is saying that they were already one of Coinbase's vendors (they did the networking/IT setup for Coinbase's office). Whether you'd tolerate that kind of behavior from a vendor is one thing, but for an existing vendor relationship I think adding a few billable hours for "I found this issue in your network and documented and reported it for you" to an existing contract is not particularly unreasonable.
replies(4): >>45948735 #>>45948762 #>>45948885 #>>45950701 #
29. KetoManx64 ◴[16 Nov 25 21:17 UTC] No.45948457[source]
Hahaha, i'm using this next time I get a spam call
30. BobAliceInATree ◴[16 Nov 25 21:17 UTC] No.45948460[source]
I don't know if he wrote it via AI, but he repeats himself over and over again. It could have been 1/3 the length and still conveyed the same amount of information.
replies(1): >>45948894 #
31. drabbiticus ◴[16 Nov 25 21:18 UTC] No.45948470{3}[source]
Just chiming in here - any time I've written something online that considers things from multiple angles or presents more detailed analysis, the liklihood that someone will ask if I just used ChatGPT go way up. I worry that people have gotten really used to short, easily digestible replies, and conflate that with "human". Because of course it would be crazy for a human to expend "that much effort" on something /s.

EDIT: having said that, many of the other articles on the blog do look like what would come from AI assistance. Stuff like pervasive emojis, overuse of bulleted lists, excessive use of very small sections with headers, art that certainly appears similar in style to AI generated assets that I've seen, etc. If anything, if AI was used in this article, it's way less intrusive than in the other articles on the blog.

replies(3): >>45948625 #>>45949922 #>>45952484 #
32. KomoD ◴[16 Nov 25 21:18 UTC] No.45948472{3}[source]
Coherent? It's really annoying to read.

The post just repeats things over and over again, like the Brett Farmer thing, the "four months", telling us three times that they knew "my BTC balance and SSN" and repeatedly mentioning that it was a Google Voice number.

replies(1): >>45948514 #
33. ◴[16 Nov 25 21:18 UTC] No.45948473{5}[source]
34. alwa ◴[16 Nov 25 21:19 UTC] No.45948476[source]
I know I shouldn’t pile on with respect to the AI Slop Signature Style, but in the hopes of helping people rein in the AI-trash-filter excesses and avoid reactions like these…

The sentence-level stuff was somewhat improved compared to whatever “jaunty Linked-In Voice” prompt people have been using. You know, the one that calls for clipped repetitive phrases, needless rhetorical questions, dimestore mystery framing, faux-casual tone, and some out-of-proportion “moral of the story.” All of that’s better here.

But there’s a good ways left to go still. The endless bullet lists, the “red flags,” the weirdly toothless faux drama (“The Call That Changed Everything”, “Data Catastrophe: The 2025 Cyber Fallout”), and the Frankensteined purposes (“You can still protect yourself from falling victim to the scams that follow,” “The Timeline That Doesn't Make Sense,” etc.)…

The biggest thing that stands out to me here (besides the essay being five different-but-duplicative prompt/response sessions bolted together) are the assertions/conclusions that would mean something if real people drew them, but that don’t follow from the specifics. Consider:

“The Timeline That Doesn't Make Sense

Here's where the story gets interesting—and troubling:

[they made a report, heard back that it was being investigated, didn’t get individual responses to their follow-ups in the immediate days after, the result of the larger investigation was announced 4 months later]”

Disappointing, sure. And definitely frustrating. But like… “doesn’t make sense?” How not so? Is it really surprising or unreasonable that it takes a large organization time, for a major investigation into a foreign contractor, with law enforcement and regulatory implications, as well as 9-figure customer-facing damages? Doesn’t it make sense (even if it’s disappointing), when stuff that serious and complex happens, that they wait until they’re sure before they say something to an individual customer?

I’m not saying it’s good customer service (they could at least drop a reply with “the investigation is ongoing and we can’t comment til it’s done”). There’s lots of words we could use to capture the suckage besides “doesn’t make sense.” My issue is more that the AI presents it as “interesting—and troubling; doesn’t make sense” when those things don’t really follow directly from the bullet list of facts afterward.

Each big categorical that the AI introduced this way just… doesn’t quite match what it purports to describe. I’m not sure exactly how to pin it down, but it’s as if it’s making its judgments entirely without considering the broader context… which I guess is exactly what it’s doing.

35. j-bos ◴[16 Nov 25 21:20 UTC] No.45948492[source]
> an outsourcing company

From what I've seen, this is going to be a common subheading to a lot of these stories.

replies(1): >>45950970 #
36. anonym29 ◴[16 Nov 25 21:21 UTC] No.45948514{4}[source]
Almost sounds like the posts of people whining about LLMs.

Of course, unlike those people, LLMs are capable of expressing novel ideas that add meaningful value to diverse conversations beyond loudly and incessantly ensuring everyone in the thread is aware of their objection to new technology they dislike.

replies(1): >>45948559 #
37. 8organicbits ◴[16 Nov 25 21:24 UTC] No.45948530{4}[source]
There's a great index of hacks here https://www.web3isgoinggreat.com/?theme=hack

It's breathtaking how frequent these are.

replies(1): >>45948614 #
38. lxgr ◴[16 Nov 25 21:27 UTC] No.45948559{5}[source]
LLMs are definitely capable of helping with writing, connecting the dots, and sometimes now of genuine insight. They're also still very capable of producing time-wasting slop.

It's the task of anybody presenting their output to third parties to read (at least without a disclaimer about a given text being unvetted LLM output) to make damn sure it's the former and not the latter.

replies(1): >>45948589 #
39. yuvadam ◴[16 Nov 25 21:29 UTC] No.45948568{3}[source]
This blog post isn't human speech, it's typical AI slop. (heh, sorry.)

Way too verbose to get the point across, excessive usage of un/ordered bullets, em dashes, "what i reported / what coinbase got wrong", it all reeks of slop.

Once you notice these micro-patterns, you can't unsee them.

Would you like me to create a cheat sheet for you with these tell tale signs so you have it for future reference?

replies(1): >>45953021 #
40. jrm4 ◴[16 Nov 25 21:29 UTC] No.45948569[source]
FWIW, this is why "not your keys, not your coins."

Coinbase is good for on-ramping, bad for storage. You know, the entire point of cryptocurrency.

replies(2): >>45948857 #>>45948925 #
41. anonym29 ◴[16 Nov 25 21:31 UTC] No.45948589{6}[source]
Thankfully, the 8 millionth post whining about LLMs with zero additional value added to the conversation is far less time-wasting than a detailed blog post about a real-world security incident in a major corporation that isn't being widely covered by other outlets.

The article isn't paywalled. Nobody was forced to read it. Nobody was prohibited from asking an LLM to summarize the article.

Whining about LLM written text is whining about one's own deliberate choice to read an article. There is no implied contract or duty between the author and the people who freely choose to read or not read the author's (free) publication.

It's like walking into a (free) soup kitchen, consuming an entire bowl of free soup, and then whining loudly to everyone else in the room about the soup being too salty.

replies(2): >>45948617 #>>45955586 #
42. mtlynch ◴[16 Nov 25 21:33 UTC] No.45948612[source]
This is an extremely clickbaity headline.

The "recordings" are of a phisher attempting to get information from the author. It proves nothing about what Coinbase knew.

The author turned the information over to Coinbase, but that doesn't prove Coinbase knew about their breach. The customer could have leaked their account details in some other way.

replies(3): >>45948791 #>>45949182 #>>45954989 #
43. happyopossum ◴[16 Nov 25 21:33 UTC] No.45948614{5}[source]
That’s like saying the $USD was hacked when a bank gets breached.
replies(4): >>45948752 #>>45948979 #>>45949277 #>>45950670 #
44. lxgr ◴[16 Nov 25 21:34 UTC] No.45948617{7}[source]
I think the feedback that LLMs were used not very successfully in the making of TFA is valid criticism and might even help other/future authors.

We're probably reading LLM-assisted or even generated texts many times per day at this point, and as long as I don't notice that my time is being wasted by bad writing or hallucinated falsehoods, I'm perfectly fine with it.

45. jclarkcom ◴[16 Nov 25 21:35 UTC] No.45948625{4}[source]
Author here - yes, this was written using guided AI. I consider this different than giving a vague prompt and telling it to write an article. My process was to provide all the information, for example I used AI to: 1. transcribe the phone call into text using whisper model 2. review all the email correspondence 3. research industry news about the breach 4. brainstorm different topics and blog structures to target based on the information, pick one 5. Review the style of my other blog articles 6. write the article and redact any personal info 7. review the article and suggest iterate on changes multiple times. To me this is more akin to having a writer on staff who can save you a lot of time. I can do all the above in less than 30mins, where it could take a full day to do it manually. I had a blog 20 years ago but since then I never had time to write content again (too time consuming and no ROI) - so the alternative would be nothing.

There are some still some signs you can tell content is AI written based on verbosity, use of bold, specific HTML styling, etc. I see no issues with the approach. I noticed some people have an allergic reaction to any hint of AI, and when the content produced is "fluff" with no real content I get annoyed too - however that isn't the case for all content.

replies(4): >>45948974 #>>45951470 #>>45951577 #>>45953543 #
46. what-the-grump ◴[16 Nov 25 21:35 UTC] No.45948628[source]
We use Coinbase as an org, we were targeted in early Feb 2025. Caught by person handling the accounts who is paranoid enough to reach out to the org contact on the other side.
47. fragmede ◴[16 Nov 25 21:37 UTC] No.45948638[source]
My Coinbase account got caught up in this and I'm so glad I used something like coinbase_jridi46@example.com as my email address with them because emails to that address can be treated as hostile in the wake of the breach. if I'd just used coinbase@example.com as my email address with them, I'd be fucked.
replies(1): >>45948953 #
48. danielhlockard ◴[16 Nov 25 21:38 UTC] No.45948644{3}[source]
You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited.
replies(6): >>45949539 #>>45950218 #>>45950272 #>>45950314 #>>45950489 #>>45952371 #
49. happyopossum ◴[16 Nov 25 21:39 UTC] No.45948654[source]
Interesting timeline, but nothing here proves, or even strongly indicates, that Counbase “knew about the breach” from this one report.

Screenscraping malware is fairly common, and it’s not unreasonable for an analyst to look at a report like this and assume that the customer got popped instead of them.

Customers get popped all the time, and have a tendency to blame the proximate corporation…

replies(1): >>45948809 #
50. anxman ◴[16 Nov 25 21:45 UTC] No.45948693[source]
Not sure if the op is reading, but I also detected the same Coinbase hack around the same timeline. From what I can tell, literally everything was compromised because even their Discord channel's api keys were compromised and were finally reset around April or May. This means their central secrets manager was likely compromised too.
51. lynndotpy ◴[16 Nov 25 21:46 UTC] No.45948699{4}[source]
It's also strange to suggest readers use ChatGPT or Claude to analyze email headers.

Might as well say "You can tell by the way it is".

replies(1): >>45949320 #
52. arcanemachiner ◴[16 Nov 25 21:50 UTC] No.45948733{4}[source]
> With Bitcoin you do not get government bailouts like what happened during the beyond reckless banks in 2008

It is not beyond imagination that the most popular Bitcoin blockchain (and thus, the label of being the "real" Bitcoin) could change at some point in the future.

"Bitcoin" is not immune from the implications of political fuckery.

replies(2): >>45948755 #>>45948906 #
53. bongodongobob ◴[16 Nov 25 21:50 UTC] No.45948734{3}[source]
They are lucky they just got a bill and not a terminated contract. Consulting companies I have worked for would have dropped them immediately because we don't want clients with that kind of risk. Massive red flag that signals management is non-existent, incompetent, or checked out. That is egregious negligence.
replies(2): >>45948741 #>>45948864 #
54. ◴[16 Nov 25 21:50 UTC] No.45948735{4}[source]
55. ◴[16 Nov 25 21:51 UTC] No.45948741{4}[source]
56. arcanemachiner ◴[16 Nov 25 21:52 UTC] No.45948750{4}[source]
It's been a while, but it has happened:

https://nvd.nist.gov/vuln/detail/CVE-2010-5139

57. braingravy ◴[16 Nov 25 21:52 UTC] No.45948752{6}[source]
Are banks breached at the same rate as bitcoin brokers? I think that was op’s point.
58. adastra22 ◴[16 Nov 25 21:52 UTC] No.45948755{5}[source]
By what mechanism? The whole point of bitcoin is that you can’t force a consensus change. This is enforced by the algorithm and the laws of thermodynamics.
replies(2): >>45949090 #>>45956278 #
59. aorloff ◴[16 Nov 25 21:53 UTC] No.45948762{4}[source]
More likely, this is a spectacular version of CYA. By billing the hours, there is a paper trail so that when the inevitable breach occurs, you can point to having done the appropriate thing.
60. jclarkcom ◴[16 Nov 25 21:56 UTC] No.45948791[source]
I sent the phone recording and emails to coinbase, and they acknowledged them saying "This report is super robust and gives us a lot to look into. We are investigating this scammer now."
replies(2): >>45949567 #>>45949714 #
61. Cantinflas ◴[16 Nov 25 21:58 UTC] No.45948802{3}[source]
Yeah this is very confusing for me too, how could the attackers create a valid DKIM signature for coinbase.com? Either there is a huge misconfiguration or it's not possible. Am I missing something?
62. 8organicbits ◴[16 Nov 25 21:59 UTC] No.45948808[source]
This doesn't seem like proof to me.

The author got a phishing call and reported it. Coinbase likely has a deluge of phishing complaints, as criminals know their customers are vulnerable and target their customers regularly. The caller knowing account details is likely not unique in those complaints; customers accidentally leak those all the time. Some of the details the attacker knew could have been sourced from other data breaches. At the time of complaint, the company probably interpreted the report as yet another customer handling their own data poorly.

Phishing is so pervasive that I wouldn't be surprised if the author was hit by a different attack.

replies(2): >>45949110 #>>45957591 #
63. jclarkcom ◴[16 Nov 25 21:59 UTC] No.45948809[source]
That's true, but in this case I got a response from the head of trust and safety after I sent the phone recording, email + email headers, saying "This report is super robust and gives us a lot to look into. We are investigating this scammer now."
replies(1): >>45950300 #
64. wmf ◴[16 Nov 25 22:06 UTC] No.45948857[source]
People doing self-custody also get hacked and phished all the time.
replies(1): >>45950356 #
65. dahinds ◴[16 Nov 25 22:09 UTC] No.45948881{4}[source]
"With Bitcoin you do not get government bailouts" -- yeah maybe not yet? Is it beyond belief that a government with leadership deeply invested in crypto currencies might take action if something super disruptive happens?
replies(1): >>45948937 #
66. Vvector ◴[16 Nov 25 22:09 UTC] No.45948885{4}[source]
s/cloudflare/coinbase/
replies(2): >>45949635 #>>45955118 #
67. d1sxeyes ◴[16 Nov 25 22:10 UTC] No.45948894{3}[source]
'I don't know if he wrote it via AI, but he repeats himself'.
replies(1): >>45952871 #
68. KetoManx64 ◴[16 Nov 25 22:11 UTC] No.45948906{5}[source]
Bitcoin has forked a few times it's creation: https://en.wikipedia.org/wiki/List_of_bitcoin_forks The determining factor for which fork is successfully is bases on the Bitcoin node runners and miners choosing which fork they devote their resources to.

Governments around the world are 100% attempting different plans to destabilize or destroy Bitcoin because it harms their interests and ability to print money from thin air. But at the end of the day it's a distributed ledger, so even if they do find a way to manipulate or damage or takeover the network the Bitcoin users can just fork it from before they did their damage and continue from there. That is the ultimate power of a decentralized blockchain, nobody has ultimate power and everyone votes with their resources.

replies(2): >>45949022 #>>45950663 #
69. jclarkcom ◴[16 Nov 25 22:13 UTC] No.45948925[source]
True - but be very careful. Roughly 10–18% of all BTC are believed gone forever due to lost keys/wallets. That is more than all hacks and exchange blowups combined. If you take your wallet offline it can be hard not to lose your keys over a long period of time, including across death to your next of kin.
70. KetoManx64 ◴[16 Nov 25 22:15 UTC] No.45948937{5}[source]
Possible. But Bitcoin is hard capped at 21 million coins. The government can peint more paper money to bail a company out if it makes stupid decisions, but they cannot print more Bitcoin. This will devalue the paper currency even more and also increase the value of Bitcoin. Bitcoin is called a hedge against inflation for a reason.
replies(4): >>45949012 #>>45949015 #>>45950718 #>>45951419 #
71. immibis ◴[16 Nov 25 22:15 UTC] No.45948941{4}[source]
There was a government* bailout in Ethereum, however. https://en.wikipedia.org/wiki/The_DAO

The government of Ethereum is not the US government.

replies(1): >>45948971 #
72. immibis ◴[16 Nov 25 22:17 UTC] No.45948953[source]
Why couldn't you treat coinbase@example.com as hostile?
replies(1): >>45955504 #
73. KetoManx64 ◴[16 Nov 25 22:19 UTC] No.45948971{5}[source]
I don't see a reference to a government bailout in the article you listed. The chain was forked by the community to the state before the hack and most users switched over this supporting this fork and calling it Etherium going forward.
replies(1): >>45952189 #
74. shayway ◴[16 Nov 25 22:19 UTC] No.45948974{5}[source]
The issue is that the article is excessively verbose; the time you saved in writing end editing comes at the cost of wasting readers' time. There is nothing wrong with using AI to improve writing, but using it to insert fluff that came at no cost to you and no benefit to me feels like a violation of social contract.

Please, at least put a disclaimer on top so I can ask an AI to summarize the article and complete the cycle of entropy.

replies(1): >>45949227 #
75. 8organicbits ◴[16 Nov 25 22:20 UTC] No.45948979{6}[source]
That's a silly assumption to make. I'm clearly talking about the poor security offered by cryptocurrency, in practice, as evidenced by the frequent hacks impacting cryptocurrency companies.
76. robocat ◴[16 Nov 25 22:24 UTC] No.45949012{6}[source]
At present BTC is usually denominated in USD. Until I start to see BTC used as the cross-rate I'm sceptical. Presuming it occurs, it would occur relatively quickly?
replies(1): >>45949420 #
77. kibwen ◴[16 Nov 25 22:25 UTC] No.45949015{6}[source]
> But Bitcoin is hard capped at 21 million coins

Bitcoin is not an immutable law of nature. If the coin minting cap is reached, all that needs to happen is for miners to start running a fork with a higher cap. Tada, more coins conjured out of the ether, just like all the previous ones. If you want enforced scarcity, you need to be tied to something physically scarce.

replies(3): >>45949357 #>>45949359 #>>45949382 #
78. nradov ◴[16 Nov 25 22:26 UTC] No.45949022{6}[source]
Power comes from the barrel of a gun.
replies(1): >>45949387 #
79. arcanemachiner ◴[16 Nov 25 22:34 UTC] No.45949090{6}[source]
If, for whatever reason, all the mining power switches to the other chain, it will become the de facto "Bitcoin".

I don't know what the specific mechanism would be, but I would bet that it relates to the billions of dollars backing the current ecosystem, and the interests of the people behind them. If the right event or crisis comes along, then people could be compelled to switch over to something else.

I'm sure there's someone out there still mining blocks on that chain with the exploit from 2010, but that's not where the mining power is. If the right series of events occurs, the miners will switch.

replies(2): >>45949771 #>>45952254 #
80. jclarkcom ◴[16 Nov 25 22:37 UTC] No.45949110[source]
My first thought was someone they tied a blockchain transaction to my name and then traced it backwards. But they also knew my ETH and BTC balances, and date the account was opened. You might be able to figure out the open date by looking at the blockchain but I could never determine how they would know balances for two unrelated cryptos without some kind of coinbase compromise.
replies(1): >>45949245 #
81. rs186 ◴[16 Nov 25 22:50 UTC] No.45949182[source]
You apparently did not read the article. What you are looking for is right there.
82. rs186 ◴[16 Nov 25 22:51 UTC] No.45949186{3}[source]
Not parent but mine doesn't let them handle client social security numbers.
83. coolThingsFirst ◴[16 Nov 25 22:55 UTC] No.45949211[source]
The entire web3 scene is a clusterfuck filled with scammers. Recently i got hacked by web3 interview which is a common vector nowadays.

They send github repo and as soon as you run it they send rejection after stealing tokens and installing keylogger. Pretty sophisticated and the frontend of the codebase looked polished as well.

84. jclarkcom ◴[16 Nov 25 22:57 UTC] No.45949227{6}[source]
I have attempted to condense it based on your feedback, and added some more info about email headers.
85. 8organicbits ◴[16 Nov 25 23:01 UTC] No.45949245{3}[source]
> but I could never determine how they would know balances for two unrelated cryptos

There's tons of options. Malware, evil maid, shoulder surfing, email compromise, improper disposal of printouts, prior phishing attack, accidental disclosure.

replies(1): >>45949305 #
86. CPLX ◴[16 Nov 25 23:06 UTC] No.45949277{6}[source]
No. It's like saying that cash is risky when a bunch of cash gets stolen or lost.
replies(1): >>45952823 #
87. jclarkcom ◴[16 Nov 25 23:11 UTC] No.45949305{4}[source]
true, I can’t rule those out entirely. I access via iPhone to limit attack surface area, the info was never printed, present in emails, or disclosed to 3rd parties
replies(1): >>45953906 #
88. jclarkcom ◴[16 Nov 25 23:14 UTC] No.45949320{5}[source]
I don’t understand this comment. I’ve found AI a great tool for identifying red flags in scam emails and wanted to share that.
replies(4): >>45949799 #>>45952459 #>>45967928 #>>45973410 #
89. rcxdude ◴[16 Nov 25 23:19 UTC] No.45949357{7}[source]
It would require the market to move as well to consider those new coins worth anything, though. Miners do not have enough control of the chain to make such changes on their own.
90. KetoManx64 ◴[16 Nov 25 23:20 UTC] No.45949359{7}[source]
The miners can totally start mining a fork, in fact they can start doing so today, but it doesn't matter because nobody will use their fork and then they will have lost out on their hundreds of millions of dollars of investments into mining equipment.

The node operators play just as critical of a role in Bitcoin as the miners.

replies(3): >>45949378 #>>45950527 #>>45950653 #
91. rcxdude ◴[16 Nov 25 23:22 UTC] No.45949378{8}[source]
It's not the node operators either, it's the people who transact on the chain that determine the value of the coins. The miners can disrupt the ability of the chain to transact to some degree, but they can't make people think their fork is worthwhile (why anyone still thinks BTC has much long-term value is beyond me, but...).
replies(1): >>45949394 #
92. Sargos ◴[16 Nov 25 23:23 UTC] No.45949382{7}[source]
all that needs to happen is for countries to destroy their nuclear weapons

all that needs to happen is for governments to stop burning fossil fuels

all that needs to happen is for researchers to publish boring papers replicating others results

all that needs to happen is for fishermen to stop overfishing

Coordination problems seem easy but never really are. The chance of all the miners just suddenly agreeing to do something all at once is pretty low to impossible.

replies(1): >>45953140 #
93. KetoManx64 ◴[16 Nov 25 23:23 UTC] No.45949387{7}[source]
Yes. That is why the Second Amendment is so important. It reminds those in the government not to overstep their bounds.
replies(2): >>45949705 #>>45950727 #
94. KetoManx64 ◴[16 Nov 25 23:24 UTC] No.45949394{9}[source]
Yes! Thank for that correction.
95. sfblah ◴[16 Nov 25 23:26 UTC] No.45949402[source]
I've read that blockchain can be used to eliminate the risk of crypto companies doing shady things. /s
96. KetoManx64 ◴[16 Nov 25 23:28 UTC] No.45949420{7}[source]
Square just pushed out the ability to pay in Bitcoin to millions of retailers this last week: https://www.forbes.com/sites/digital-assets/2025/11/11/bitco...

We're right on the corner of that very day that you're talking about.

replies(1): >>45951273 #
97. gnabgib ◴[16 Nov 25 23:34 UTC] No.45949471{3}[source]
https://news.ycombinator.com/item?id=45948625
98. mmooss ◴[16 Nov 25 23:43 UTC] No.45949539{4}[source]
Wall Street is heavily regulated and audited, and still is 'beyond reckless', causing global financial calamities multiple times.
99. BergAndCo ◴[16 Nov 25 23:44 UTC] No.45949545[source]
Coinbase froze everyone's accounts (to prevent a selloff) while cashing in on insider knowledge that they were going to start supporting Bitcoin Cash. Then as soon as they sold off and the market dipped, they unfroze everyone's account. But instead of being in jail, they just keep getting away with it.
replies(2): >>45950073 #>>45953952 #
100. mmooss ◴[16 Nov 25 23:46 UTC] No.45949567{3}[source]
It seems like you did a great job collecting info and reporting it. Still, how do you know that the info was obtained via Coinbase? Certainly they are a likely vector but you are too, and maybe there are others.

Edit: Nevermind; I see you addressed that here:

https://news.ycombinator.com/item?id=45948808

101. stefan_ ◴[16 Nov 25 23:48 UTC] No.45949584{3}[source]
Sorry but I think you just don't know a lot about LLMs. Why did they start spamming code with emojis? It's not because that is what people actually do, something that is in the training data. It's because someone reinforcement learned the LLM to do it by asking clueless people if they prefer code with emojis.

And so at this point the excessive bullet points and similar filler trash is also just an expression of whatever stupid people think they prefer.

Maybe I'm being too harsh and it's not the raters are stupid in this constellation, rather it's the ones thinking you could improve the LLM by asking them to make a few very thin judgements.

replies(1): >>45952474 #
102. ◴[16 Nov 25 23:50 UTC] No.45949599[source]
103. sheepscreek ◴[16 Nov 25 23:55 UTC] No.45949635{5}[source]
One day while driving, I received a call from a technical recruiter at Stripe. I told them about how much I admired their developer first approach, the Atlas program for startups, etc. Later that day, I looked up the recruiter on LinkedIn and realized they worked at Square, not Stripe!
replies(1): >>45950209 #
104. onraglanroad ◴[17 Nov 25 00:07 UTC] No.45949705{8}[source]
[flagged]
replies(1): >>45950121 #
105. mtlynch ◴[17 Nov 25 00:08 UTC] No.45949714{3}[source]
The recordings don't prove anything about what Coinbase knew.

I stand by my statement that the title is clickbait, as it's misleading on two fronts:

- It's the email, not the call recording that proves what Coinbase knew, but "recordings prove" sounds more sensational

- The email proves that Coinbase was aware of a sophisticated attack against a single user. You didn't have enough information to prove that there was a large scale leak of Coinbase customer data. There are sophisticated attacks against individual Coinbase users all the time due to the value of the accounts there.

106. wat10000 ◴[17 Nov 25 00:20 UTC] No.45949771{7}[source]
If literally 100% of miners switched, leaving zero on the original chain, then people will have no choice since it won’t do any more transactions.

But if, say, a mere 99% of miners switch, it’s far from a given that people would follow. Having more mining capacity makes the chain more secure, but it’s not that big of a deal.

replies(1): >>45958256 #
107. fn-mote ◴[17 Nov 25 00:24 UTC] No.45949799{6}[source]
1. They are all scam emails.

2. AI detecting a scam, sure - it’s a scam. AI saying the email is ok… then what? I’d never trust it.

108. amarant ◴[17 Nov 25 00:49 UTC] No.45949922{4}[source]
You're getting downvoted for being right. Attempt being nuanced and people will call you a robot.

Well if that's how we identify humans I for one prefer our new LLM overlords.

A lot of people who say stuff like "boo AI!" are not only setting the bar for humanity very low, they're also discouraging intellectualism and intelligent discourse online. Honestly, if a LLM wrote a good think piece, I prefer that over "human slop".

I just wish people would critique a text on its own merits instead of inventing strawman arguments about how it was written.

Oh and, for the provocative effect — I'll end my comment with an em dash.

109. WatchDog ◴[17 Nov 25 01:19 UTC] No.45950058[source]
So the emails had proper DKIM signatures.

Did the support agents have the ability to send arbitrary emails from commerce@coinbase.com? If not, how did the scammers send a properly signed email?

replies(1): >>45950593 #
110. SilverElfin ◴[17 Nov 25 01:21 UTC] No.45950068[source]
A related issue: often when there’s a security issue, the wrong people are blamed. In reality it is almost always the CEO’s fault for setting budgets or goals that are unrealistic and force everyone else to cut corners. Even other executives are a victim of this and are ultimately powerless.
111. SilverElfin ◴[17 Nov 25 01:23 UTC] No.45950073[source]
This type of behavior is what the SEC was made to solve. But to be honest insider trading is behind MOST hedge funds and other firms with unusually gains. And politicians with big gains. It’s a huge problem that won’t get solved. Maybe taxing them is the only way.
112. scubbo ◴[17 Nov 25 01:39 UTC] No.45950137{10}[source]
https://www.youtube.com/watch?v=XkCBhKs4faI
replies(1): >>45950161 #
113. KetoManx64 ◴[17 Nov 25 01:44 UTC] No.45950161{11}[source]
> This video contains content from BBC Studio, who has blocked it in your country due to copyright.

Hahahaha

replies(1): >>45950500 #
114. aantix ◴[17 Nov 25 01:48 UTC] No.45950181[source]
Offshoring support for financial data should be illegal.

Even if they find the inside individuals, how could anyone ever present a legal case?

115. pests ◴[17 Nov 25 01:52 UTC] No.45950209{6}[source]
I do this all the time with Shopify / Spotify. The number of times non-tech friends have had to ask what Shopify is when discussing music and I slip up :/
replies(1): >>45954901 #
116. protocolture ◴[17 Nov 25 01:55 UTC] No.45950218{4}[source]
>You say that but I work in fintech (granted, one of the larger more corporate ones, after an acquisition) and we are heavily regulated, and audited.

I have seen some toe curling shit in fintech.

replies(1): >>45952322 #
117. 650REDHAIR ◴[17 Nov 25 02:08 UTC] No.45950272{4}[source]
How big was it when you joined?
118. bpt3 ◴[17 Nov 25 02:15 UTC] No.45950300{3}[source]
So they looked into it and eventually determined the root cause and then took action.

I don't know why you think acknowledgement of your report is concrete evidence that coinbase knew about their breach months before it was disclosed.

119. bdangubic ◴[17 Nov 25 02:18 UTC] No.45950314{4}[source]
funniest thing I read this year on HN - well played mate, well played!!!
replies(1): >>45953440 #
120. petesergeant ◴[17 Nov 25 02:27 UTC] No.45950356{3}[source]
https://imgflip.com/i/acbvxh
121. devin ◴[17 Nov 25 02:57 UTC] No.45950489{4}[source]
You're almost there. Think to yourself now: what was it that happened in the past that necessitated the need for a large regulatory apparatus, auditors, etc.?
122. scubbo ◴[17 Nov 25 02:58 UTC] No.45950500{12}[source]
So you are not, in fact, in England?
123. mindcandy ◴[17 Nov 25 03:05 UTC] No.45950527{8}[source]
> in fact they can start doing so today

In fact they already have. There are 10s of thousands of forks of Bitcoin. Only a handful ever got significant attention. And, the original is still much larger than all of the forks combined.

replies(2): >>45951595 #>>45953040 #
124. dwohnitmok ◴[17 Nov 25 03:20 UTC] No.45950593[source]
Yeah what is going on here?

What does this mean?

> While both amazonses.com and coinbase.com DKIM checks passed, this is exactly how phishing works—attackers can configure Amazon SES to send "from" coinbase.com

How does Amazon SES let you sign an email from a domain you don't control? Unless this means that somehow the scammer had access to DNS records for coinbase.com which indicates some really crazy compromise somewhere either of Coinbase or the DNS chain.

I'm very confused.

replies(1): >>45951413 #
125. dclowd9901 ◴[17 Nov 25 03:26 UTC] No.45950620{4}[source]
I would be willing to bet the current administration would in fact do whatever they could to undermine the dollar's value, including propping up a digital currency when it should fail.
126. shadowgovt ◴[17 Nov 25 03:36 UTC] No.45950653{8}[source]
"I tell ya, everything will be perfect again if everyone would just migrate to BCv6."
127. shadowgovt ◴[17 Nov 25 03:39 UTC] No.45950663{6}[source]
If anything, the real risk of BTC isn't governments destroying it.

It's that everything you do on the blockchain is there forever, so if a government needs you in jail for using it, they can show you were involved in a financial crime and the blockchain proves it... And if you are unwilling to give up your public wallet they can keep you in jail indefinitely until you do.

Bitcoin is pseudonymous, not anonymous. Every activity on the network is encoded into a perpetual auditable dataset, by design.

replies(1): >>45952812 #
128. shadowgovt ◴[17 Nov 25 03:41 UTC] No.45950670{6}[source]
When a bank gets breached, there are mechanisms to make the victims whole, up to and including "Just print money; it's a fiat currency."

No such mechanisms in Bitcoin, so hacks have longer-term impact.

129. Aurornis ◴[17 Nov 25 03:50 UTC] No.45950701{4}[source]
> but for an existing vendor relationship I think adding a few billable hours for "I found this issue in your network and documented and reported it for you" to an existing contract is not particularly unreasonable.

Billing for random things outside of the agreed upon scope of work is actually unreasonable. It’s something covered in every contracting agreement I’ve ever been a part of.

Maybe they could point to some contract that maybe would have covered it, but when your contractors start billing you for sending quick emails about unrelated things you didn’t ask them to look into, it’s not a good sign. When contractors bill for quick emails they don’t bill for the 3.7 minutes it took to write, they round up to some bigger number like an hour.

Anecdotally, every time I’ve encountered contractors who started billing per individual communication that they initiated (not something requested) or started finding new things to bill us for that we didn’t ask, it was a sign that we were a target being milked for billable hours. Some contractors have a lightbulb moment when they think nobody is scrutinizing their billing and think they discovered an almost infinite money glitch by initiating new things that they can bill for. None of the good contractors I’ve worked with over the years would even think to bill for an individual short email.

replies(2): >>45950843 #>>45954087 #
130. majormajor ◴[17 Nov 25 03:52 UTC] No.45950718{6}[source]
You say "devalue the paper currency even more" but if bitcoin holders need to be bailed in any given country aren't we talking about a scenario where bitcoin is the thing that's lost a bunch of value? Some sort of "it turns out shady bitcoin holders or companies were artificially pumping up the value in a sneaky way and then someone connected the dots" situation?

First thing that comes to mind off the top of my head as a US-Govt option here would be something like: bail out US people/companies of bitcoin holdings in USD in conjunction with banning bitcoin in the US going forward. So that would be quite the string of events at that point for non-US bitcoin holders: first a crash that caused all these US bitcoin holders to go screaming to the government for help. Then the overnight removal of a huge chunk of the bitcoin market, coupled with either a firesale to comply with the ban or US gov seizure of a bunch of the coins, which will push the price lower for anyone who hasn't sold yet since their buyer pool is now much lower.

replies(1): >>45950864 #
131. majormajor ◴[17 Nov 25 03:55 UTC] No.45950727{8}[source]
Got some specific recent oversteps that were prevented by armed citizens in mind? Or are you just talking about ancient history or on-paper theory?

The government in the US has far bigger guns than the citizenry these days.

The only thing that will ever prevent a government from abusing its populace is the willingness of actors of the state - police and soldiers - to say no to abusive orders. Independent thinking coupled with believing in the people more than the executive is the only thing that will ever keep us safe. Guns are not defensive tools. The state can shoot you before you shoot them if they decide they don't like what you're doing.

Put guns in the hands of the people you're policing and you just make it that much easier for the police/soldiers/govt sympathizers to make it us-against-them and side with the totalitarians.

replies(1): >>45953030 #
132. tomhow ◴[17 Nov 25 04:10 UTC] No.45950790[source]
> shocked, shocked

Please omit internet tropes and avoid posting shallow dismissals on HN. Substantive critique is always fine.

https://news.ycombinator.com/newsguidelines.html

133. Tostino ◴[17 Nov 25 04:26 UTC] No.45950843{5}[source]
I hope some people post up outside your office. You probably have some secrets just laying around with that attitude. Could be quite profitable.

"Let's defend Coinbase, that small little startup!"

Maybe just stop being a boot licker? It seems pathetic from the outside.

134. KetoManx64 ◴[17 Nov 25 04:32 UTC] No.45950864{7}[source]
I wouldn't be surprised if the US government doesn't attempt something just like this in the next 3-5 years. There are a lot of people fleeing the very inflationary US dollar for BTC. I think at this point it would be too late though. There are too many countries, individuals and corporations around the world that own BTC for it to be successful. There was a long term holder that dumped 24,000BTC onto the market in August and the price dropped down about 5% for maybe half a day before recovering, and it's not going to be long until other countries follow El Salvador's lead and invite Bitcoin owners to live there tax free. If the USA bans Bitcoin there will be a massive brain drain of very intelligent people who will just move to those countries.
replies(1): >>45951655 #
135. naruhodo ◴[17 Nov 25 04:34 UTC] No.45950876[source]
An elderly friend of mine has been receiving Coinbase security alerts. Needless to say, she has never used the site and has no crypto.
136. johnebgd ◴[17 Nov 25 05:06 UTC] No.45950970{3}[source]
Business process outsourcing firm most likely (BPO). They get contracts for every kind of company you’ve ever heard of, lie about their cybersecurity practices, and then rebrand if they get caught.
replies(1): >>45953303 #
137. bhawks ◴[17 Nov 25 05:08 UTC] No.45950978[source]
That is a great ancedote.

Not saying it is untrue, but it is definitely true that Coinbase has never lost customer funds while operating in an environment with 0 safety nets and being one of the most lucrative targets.

This leak over customer data suggests that they should treat that with as much obsession as they do with their private keys.

replies(2): >>45951247 #>>45954021 #
138. gblargg ◴[17 Nov 25 05:11 UTC] No.45950991[source]
The page background slowly fades in and out with a blue color. At first I thought my eyes were playing tricks on me.
139. arcticbull ◴[17 Nov 25 06:21 UTC] No.45951247{3}[source]
That's not actually true, back in the day Coinbase used Bitfinex. They were using them when Bitfinex got all that BTC stolen. Technically everyone, including Coinbase, lost assets in that hack. They were large and scary enough at the time to force Bitfinex to keep them whole instead of applying the 36% haircut, but I'd argue that amounts to recovery rather than failure to lose in the first place. [1, 2]

[1] https://www.kalzumeus.com/2019/10/28/tether-and-bitfinex

[2] https://x.com/nathanielpopper/status/933130228175552513

replies(1): >>45951757 #
140. arcticbull ◴[17 Nov 25 06:28 UTC] No.45951273{8}[source]
That's yet another example of denominated in USD, and converted to BTC at the last second. Obviously, because of the insane volatility.
141. fmbb ◴[17 Nov 25 07:04 UTC] No.45951419{6}[source]
The government can bail Bitcoin owners out by buying a lot of Bitcoin and holding it, or even burning the wallets.
142. poly2it ◴[17 Nov 25 07:15 UTC] No.45951470{5}[source]
Sure, the problem here isn't a lack of veracity in regard to your source material. Many readers are also concerned with the stilicisms and prose of the articles they read. I don't care particularly that the complete article wasn't written by a human. The generic LLM style is however utterly unbearable to me. It is overly sensational and verbose, while lacking normal sized paragraphs of natural text. It's reminiscent of a poor comic except extrapolated to half the stuff which gets posted to HN.
143. 3rodents ◴[17 Nov 25 07:36 UTC] No.45951577{5}[source]
> [...] I can do all the above in less than 30mins, where it could take a full day to do it manually [...]

Generating thousands of words because it's easy is exactly the problem with AI generated content. The people generating AI content think about quantity not quality. If you have to type out the words yourself, if you have to invest the time and energy into writing the post, then you're showing respect for your readers by making the same investment you're asking them to make... and you are creating a natural constraint on the verbosity because you are spending your valuable time.

Just because you can generate 20 hours of output in 30 minutes, doesn't mean you should. I don't really care about whether or not you use AI on principle, if you can generate great content with AI, go for it, but your post is classic AI slop, it's a verbose nightmare, it's words for the sake of words, it's from the quantity over quality school of slop.

> I had a blog 20 years ago but since then I never had time to write content again (too time consuming and no ROI) - so the alternative would be nothing.

Posting nothing is better than posting slop, but you're presenting a false dichotomy. You could have spent the 30 minutes writing the post yourself and posted 30 minutes of output. Or, if you absolutely must use ChatGPT to generate blog posts, ask it to produce something that is a few hundred words at most. Remember the famous quote...

"If I had more time, I would have written a shorter letter."

If ChatGPT can do hundreds of hours of work for you then it should be able to produce the shortest possible blog post, it should be able to produce 100 words that say what you could in 3,000. Not the other way around!

144. ab5tract ◴[17 Nov 25 07:40 UTC] No.45951595{9}[source]
Right, but a counter point is the etherium fork. Only a handful of people stayed on the “classic” chain after that first DAO turned out to have a massive extraction bug in it.
145. CPLX ◴[17 Nov 25 07:55 UTC] No.45951655{8}[source]
> If the USA bans Bitcoin there will be a massive brain drain of very intelligent people who will just move to those countries.

Is that really possible? Can we do this today?

replies(1): >>45952454 #
146. bhawks ◴[17 Nov 25 08:19 UTC] No.45951757{4}[source]
That's a pretty big stretch of definitions. Whatever operations Coinbase had with Bitfinex were either to support market making activity or as a service for Coinbase's institutional customers to directly access bitfinex via their platform.

As I said, they have never lost customer funds in their custody.

replies(1): >>45951875 #
147. arcticbull ◴[17 Nov 25 08:42 UTC] No.45951875{5}[source]
> Whatever operations Coinbase had with Bitfinex were either to support market making activity or as a service for Coinbase's institutional customers to directly access bitfinex via their platform.

How do you know?

replies(1): >>45954620 #
148. nalekberov ◴[17 Nov 25 09:30 UTC] No.45952109[source]
In July, 2025 I asked Coinbase to delete my account permanently, for which i had a bit of back-and-forth with customer service representatives, in the end I got an email confirming the deletion, then I tried to log into my account, I was still successful - they lied about it.

Then I reached out to customer service several times - no answer. Then I contacted dedicated channel for privacy related questions with all proofs of mishandling - radio silence.

It’s sad to see these companies mishandle our very personal data and get away with this.

149. immibis ◴[17 Nov 25 09:47 UTC] No.45952189{6}[source]
The chain was forked, ultimately, by Vitalik Buterin - the president of Ethereum - and his cabinet. Calling a thing by different words doesn't make it a different thing.
replies(2): >>45952648 #>>45954108 #
150. csomar ◴[17 Nov 25 09:59 UTC] No.45952254{7}[source]
> If, for whatever reason, all the mining power switches to the other chain, it will become the de facto "Bitcoin".

The miners do not control the network. The people transacting on the network control the network and decides who is rich and who is not; and whether the miners get paid or not.

151. klaushougesen1 ◴[17 Nov 25 10:18 UTC] No.45952322{5}[source]
timetravelling the ledger anyone ? :)
replies(1): >>45952546 #
152. ItsBob ◴[17 Nov 25 10:28 UTC] No.45952371{4}[source]
FWIW, I work for a major financial organization in the UK as a software architect and I've brought it up more than once over the years in various roles: not a single bank in the UK supports Yubikeys or custom Authenticator apps.

Not one (I last checked about a month ago!)

Security, while pretty good, is still lacking imo!

replies(1): >>45952865 #
153. pavlov ◴[17 Nov 25 10:47 UTC] No.45952454{9}[source]
It sounds rather wonderful, all the very intelligent crypto people voluntarily deporting themselves to El Salvador.

Everybody who ever created a meme coin should also be put on the same plane, voluntary or not.

replies(1): >>45953137 #
154. Grimblewald ◴[17 Nov 25 10:48 UTC] No.45952459{6}[source]
I agree with this, my experience is that a small light weight LLM is a fantastic spam filter.
155. Grimblewald ◴[17 Nov 25 10:50 UTC] No.45952474{4}[source]
I know the style that most LLM's are mimicking quite well, and I also know people who wrote like that prior to the LLM deluge that is washing over us. The reason people are choosing to make LLMs mimic those behaviours is because it used to be associated with high effort content. The irony is now it si associated with the lowest effort content. The irony is I have stopped proof reading my comments etc. and put zero effort into styling or flow, because right now the only human thing left to do is make low effort content of the like only a human can.
156. Grimblewald ◴[17 Nov 25 10:53 UTC] No.45952484{4}[source]
I get you, It grinds my gears. I've been told that I "Talk" like an LLM because I go into detail and give thorough explanations on topics. I'm not easily insulted but that was a first for me. I used to get 'human wikipedia' before, and before that 'walking dicitonary' which I always thought was reductive but it didn't quite irk me as much as being told my entire way of communicating is reminiscent of a bot. So perhaps I take random accusations of LLM use to heart, even if it does seem overwhelmingly likely to be true.
157. withinboredom ◴[17 Nov 25 11:04 UTC] No.45952546{6}[source]
I once had a banking app that reported the wrong transaction amounts (downloading the statements resulted in a different balance than what was shown in my account -- this isn't the US, so it should show the correct amount). When I reported the bug, they changed the values on my statements instead of fixing the app -- so now, it didn't reflect my receipts.

It was a fun time. They eventually fixed it in the app to show my true balance and fixed my statements back to what it was. But holy shit, the fact that an engineer would think that would be the proper fix is wild... this is pre-llms, otherwise, I'd think they'd been vibe-coding.

replies(1): >>45952790 #
158. ◴[17 Nov 25 11:10 UTC] No.45952585[source]
159. spacecadet ◴[17 Nov 25 11:19 UTC] No.45952637{3}[source]
Its sad they call it cryptocurrency when its just dumb ass finance but with play money that idiots ascribe real value to and the old saying holds true... the rich get richer and the poor are born without assholes. I'll die happy having never participated.
160. hvb2 ◴[17 Nov 25 11:21 UTC] No.45952648{7}[source]
Your dictionary would disagree?

By that logic every company is a government?

replies(1): >>45959358 #
161. johnisgood ◴[17 Nov 25 11:46 UTC] No.45952790{7}[source]
Pre-LLM or vibe-coding, it is the same shit ultimately I'd say: shitty developers doing software development. :D
replies(1): >>45953359 #
162. johnisgood ◴[17 Nov 25 11:51 UTC] No.45952812{7}[source]
That sucks, because what if that wallet is completely destroyed? :S
163. johnisgood ◴[17 Nov 25 11:52 UTC] No.45952823{7}[source]
Which it does. :D
164. cjrp ◴[17 Nov 25 12:01 UTC] No.45952865{5}[source]
Ironically until fairly recently Nationwide required the little keypad authenticator thing, and everyone hated it!
replies(2): >>45952927 #>>45953557 #
165. FinnKuhn ◴[17 Nov 25 12:03 UTC] No.45952871{4}[source]
Some people just aren't good writers.
replies(1): >>45952949 #
166. garlic-man ◴[17 Nov 25 12:04 UTC] No.45952881[source]
That wouldn't surprise me — A few years ago I reported a vulnerability through their bug bounty program that allowed "mandatory" 2FA for crypto withdrawals to be bypassed.

They paid a pittance and permanently buried the report even though its release wouldn't have posed a risk anymore.

167. s5ma6n ◴[17 Nov 25 12:05 UTC] No.45952887[source]
Thanks for sharing it, however I have an unrelated comment.

Maybe I am in minority here but just wanted to provide this feedback: The background animation of the blog page is really distracting and making it difficult to focus on the actual content.

168. ItsBob ◴[17 Nov 25 12:13 UTC] No.45952927{6}[source]
I had one of those umpteen years ago with RBS. I hated it at the time too :)

However, I use a Yubikey as often as I can nowadays and authenticator apps too where possible.

I'd like the option to use one but I can't :(

replies(1): >>45953104 #
169. garbagewoman ◴[17 Nov 25 12:13 UTC] No.45952929[source]
You do realize that chatgpt has a very recognizable and irritating style, right?
replies(1): >>45953010 #
170. garbagewoman ◴[17 Nov 25 12:16 UTC] No.45952949{5}[source]
Its AI, he said it himself
replies(1): >>45953017 #
171. rdos ◴[17 Nov 25 12:27 UTC] No.45953010[source]
Hello, I am interested in this topic. What would you say were the tale tale signs of AI generated text for you? Apart from:

- excessive em-dashes

- useless words, verbosity

172. FinnKuhn ◴[17 Nov 25 12:29 UTC] No.45953017{6}[source]
That still doesn't mean that something is AI just because a text is repetitive.
173. rdos ◴[17 Nov 25 12:29 UTC] No.45953021{4}[source]
Hello, would you add something to this list? I think it's pretty good

> Over‑polished prose – flawless grammar, overly formal tone, and excessive wordiness.

> Repetitive buzzwords – phrases like “delve into,” “navigate,” “vibrant,” “comprehensive,” etc.

> Lack of perspective shifts – AI usually sticks to a single narrative voice; humans naturally mix first, second, and third person.

> Excessive em‑dashes – AI tends to over‑use them, breaking flow.

> Anodyne, neutral stance – AI avoids strong opinions, trying to please every reader.

> Human writing often contains minor errors, idiosyncratic punctuation, and a more nuanced, opinionated voice.

> It's not just x, it's y

replies(1): >>45953698 #
174. stinkbeetle ◴[17 Nov 25 12:32 UTC] No.45953030{9}[source]
> Got some specific recent oversteps that were prevented by armed citizens in mind?

I guess arresting ten thousand people a year for grevious hurting of the feefees with assault tweets is a recently prevented overstep that the citizens of some other countries have not been able to prevent.

175. meindnoch ◴[17 Nov 25 12:32 UTC] No.45953031{3}[source]
In traditional fintech, you can at least sue your money back.
176. windward ◴[17 Nov 25 12:35 UTC] No.45953040{9}[source]
The original died in 2010. It was replaced with a very significant, large fork.
177. I_am_tiberius ◴[17 Nov 25 12:43 UTC] No.45953081[source]
I remember Brian Armstrong saying something like "... and other data" when he communicated the data that was collected and then stolen. That tells a lot about him.
178. cjrp ◴[17 Nov 25 12:46 UTC] No.45953104{7}[source]
I wonder if the higher-end banks, e.g. Coutts, let you use one.
179. mjhay ◴[17 Nov 25 12:52 UTC] No.45953137{10}[source]
Oh no, not the “very intelligent” crypto people!
180. mapt ◴[17 Nov 25 12:52 UTC] No.45953140{8}[source]
A million times this.

The point of a hypothetical suggestion is to direct a specific course of action. I am simultaneously amazed at how complex the 'hypothetical' construct is, and also how many people aren't able to reason around them... since this is basically what our big brains are for.

If you assume everybody involved just stops responding to their current incentives, you can solve any coordination problem, in a manner of speaking. But it's useless as a battle plan. Operationalizing a change demands that you pick a party you're talking to, and with full view of their capabilities and limitations, modify their current course of action in the smallest possible way that accomplishes a change.

181. LatteLazy ◴[17 Nov 25 12:53 UTC] No.45953145[source]
I have a tradfi background but work in crypto with trading software.

The whole industry (except deribit) is a shit show of barely working apis that aren’t reliable or accurate in any way. It’s completely routine to not be able to get an order status for minutes at a time. Or to get fills after an order has been rejected. Or a week after a cancel confirmation message.

Coinbase is actually one of the worst offenders for this. Coinbase Prime, their supposed institutional grade offering especially so.

So it doesn’t surprise me at all that the same issues are happening more widely.

To be clear: deribit have always been efficient, accurate, reliable and generally excellent. If you must trade crypto, do it there so you’re Ops and Support people don’t have to suffer.

182. ChrisMarshallNY ◴[17 Nov 25 13:19 UTC] No.45953303{4}[source]
Sound like rich targets for hacking.
replies(1): >>45960730 #
183. ChrisMarshallNY ◴[17 Nov 25 13:26 UTC] No.45953359{8}[source]
I tend to avoid auto-cashiers. It's mostly because I find they don't save any time, and just exist to fire cashiers.

One place that they basically force you to use it, is my local drug store (big chain, that I won't call out by name).

Their auto-cashier absolutely sucks. It's almost impossible to avoid having an issue that requires you waiting around for the poor schulb to come over and fix.

They recently set up touchscreens, at the prescription counter.

I have not once had success with the touchscreen. It can never find me, or my wife. They always have to just take my information manually.

I suspect that the backend (the algorithm and main engine) is good. I think almost all the problems are with shoddy frontend stuff. For example, I think the touchscreen issue is capitalization, and the old system cut off our surnames, so I actually have to type in about half my name, in all caps, to have it find my prescription.

I feel personally offended, when I encounter stuff like that.

replies(2): >>45953963 #>>45960279 #
184. aiisjustanif ◴[17 Nov 25 13:38 UTC] No.45953440{5}[source]
They could work for the Plaid or Stripe which are pretty known for taking proactive security very serious.

https://security.plaid.com/

https://docs.stripe.com/security

replies(1): >>45953529 #
185. bdangubic ◴[17 Nov 25 13:51 UTC] No.45953529{6}[source]
I am 1,000,000% sure that many fintech companies are taking security very, very seriously (I am Stripe customer myself). But I don't think that has anything to do with statement "we are heavily regulated, and audited" - that is too funny.
replies(1): >>45955243 #
186. fwip ◴[17 Nov 25 13:52 UTC] No.45953543{5}[source]
If you can't be bothered to spend even an hour writing something up, especially allegations of this magnitude, then chances are you know it's actually not an article with any content worth reading.
187. Ntrails ◴[17 Nov 25 13:54 UTC] No.45953557{6}[source]
I thought they still did for website flow at least. Bizarrely we seem to think that phone apps are infinitely secure and don't need the extra step because biometrics?
replies(1): >>45953812 #
188. abanana ◴[17 Nov 25 14:11 UTC] No.45953698{5}[source]
Overuse of bold markup, particularly to begin each bullet point.

Overuse of "Here's..." to introduce or further every concept or idea.

A few parts of this article particularly jump out, such as the 2 lists following the "The SMS Flooding Attack" section (which incidentally begins "Here's where..."). A human wouldn't write them as lists (the first list in particular), they'd be normal paragraphs. Short bulleted lists are a good way to get across simple bite-sized pieces of information quickly, but that's in cases where people aren't going to read a large block of text, e.g. in ads. Overusing them in the wrong medium, breaking up a piece of prose like this, just hurts its flow and readability.

189. victorbjorklund ◴[17 Nov 25 14:24 UTC] No.45953812{7}[source]
Isn’t it because the assumption is that a mobile device is personal in 99,99999% of cases while it’s common (less now than 15 years ago) with shared computers in libraries, schools, etc.
190. smeej ◴[17 Nov 25 14:33 UTC] No.45953906{5}[source]
Plus, even though YOU obviously know better than to post a screenshot of your Coinbase balances on social media, (tens of?) thousands of their customers do not.

With the analysis you provided of the email, your report definitely deserved to be taken seriously, but Coinbase could easily get dozens of emails reporting "compromise" of the personal details you provided that were obtained by good ol' fashioned OSINT and poor personal privacy practices.

191. smeej ◴[17 Nov 25 14:37 UTC] No.45953952[source]
You (and everyone else ostensibly affected) have had like 7 years to sue over this if you could prove it.
192. johnisgood ◴[17 Nov 25 14:39 UTC] No.45953963{9}[source]
I have never used these auto-cashiers or whatever they are called. It might be due to anxiety, which is weird because social encounters should be more anxiety-inducing. I just feel like I would mess something up.

Oh, and here real cashiers usually scam you by scanning the items twice and so forth (not sure if intentionally or not), it happened a couple of times to my parents (not considered elderly yet) in the past few months I would say.

In any case, I feel your pain.

193. chaps ◴[17 Nov 25 14:45 UTC] No.45954021{3}[source]
Your post reads like something a lawyer would write to convey something that while (maybe) technically true, misses the point by a hundred miles.
replies(1): >>45954693 #
194. chaps ◴[17 Nov 25 14:51 UTC] No.45954087{5}[source]
They initially hired me to do "network security" work. Another similar email-then-bill situation is me responding to them telling them why I won't, under any circumstances, figure out who wrote a Glassdoor review.

A lot of it is about setting boundaries with the client. If I have a conversation with you a handful of times to remove password from a whiteboard and you don't do it, that's a big deal and would professionally impact me if something bad happened. Cause like, your client's clients includes Coinbase. Like another person commented -- I really should have just dropped them as a client because the professional risk was too high.

replies(1): >>45954274 #
195. KetoManx64 ◴[17 Nov 25 14:54 UTC] No.45954108{7}[source]
One goverment you have to pay taxes to in order to stay out of jail and don't get to make any real choices about how much money it prints out of thin air..

The other is an organization body that you freely choose to associate with, eg: using Etherium.

I don't understand how you can conflate the two.

Vitalik did not print billions of dollars out of thin air and then force every citizen of the US to bear that cost through the inflation of the US dollar eating away at their savings and investments.

replies(1): >>45954938 #
196. sourgrapes42 ◴[17 Nov 25 14:57 UTC] No.45954136[source]
Did they ever email customers that there was a data breach? I started getting scam messages about my Coinbase account in the beginning of the year and only realized they had a breach because I happened to see their post twitter. I dont remember getting notified about it though.
197. Aurornis ◴[17 Nov 25 15:12 UTC] No.45954274{6}[source]
> Another similar email-then-bill situation is me responding to them

That’s not what I’m talking about.

Responding to a company is responding to a request they made for your time.

That said, most contractors I’ve worked with would not bill for a short email saying they’re unable or unwilling to do some work as a professional courtesy. The contractors who literally bill and round up for every email are usually going out of their way to maximize billing, which is eventually accounted for in the rates we’re willing to pay for them. We learn quickly that certain contractors will bill and round up for everything, so the most we’re willing to entertain as an hourly rate for them is lower as we know they’re going to send arbitrarily higher amounts of hours over.

replies(1): >>45954391 #
198. chaps ◴[17 Nov 25 15:26 UTC] No.45954391{7}[source]
Sorry, that's not me. They were more than welcome to fire me as a client.

I've been oncall for long enough in my career to know that a "quick email" is not, really, a "quick" email. It can completely derail everything you do for the day. If on-request work takes five minutes to write an email, then that time includes reading the email, thinking about the email, responding to the email, the cost of derailment of other contract work, the cost of getting back into that other contract work, the research needed to tell them "no". Again, it's about setting boundaries with the client.

199. bhawks ◴[17 Nov 25 15:47 UTC] No.45954620{6}[source]
Coinbase didn't halt trading or withdrawals during the Bitfinex hack.

Somehow I think Nathaniel Popper would have been able to put that fact directly in his NYT article instead of a throw away tweet if there was a material impact. Heck he wasted a paragraph quoting one of Coinbase's board of directors on the risks of unregulated exchanges like bitfinex versus Coinbase.

200. bhawks ◴[17 Nov 25 15:54 UTC] No.45954693{4}[source]
Yeah you're right, Coinbase is definitely insecure as evidenced by this.

The fact that lax security has never caused them to loose billions of dollars of customer funds is just luck and paper covering passwords on a whiteboard.

replies(1): >>45954896 #
201. chaps ◴[17 Nov 25 16:11 UTC] No.45954896{5}[source]
Yeah. Lots of stuff exposed stuff out there can stay exposed for quite a long time without being targeted or noticed. I've found quite a bunch and usually all it takes is... looking. Just one of those weird things about the modern world.
202. DonHopkins ◴[17 Nov 25 16:11 UTC] No.45954901{7}[source]
I have the same problem with Oracle / Lawnmower.
replies(1): >>45961797 #
203. immibis ◴[17 Nov 25 16:14 UTC] No.45954938{8}[source]
I don't make any choices about how much money Ethereum prints out of thin air, who it prints it to, or how much the transaction fees are.
204. csomar ◴[17 Nov 25 16:17 UTC] No.45954989[source]
The article seems to be written by AI and goes into lots of details none of which is about how Coinbase knew about this.
205. nightpool ◴[17 Nov 25 16:28 UTC] No.45955118{5}[source]
Gah! Sorry, complete slip of the fingers. No offense to Cloudflare intended!
replies(1): >>45956142 #
206. fragmede ◴[17 Nov 25 16:38 UTC] No.45955243{7}[source]
In the wake of every scandal in finance is a wave of regulations. Finance is one of the most heavily regulated industries the is. That smart people keep finding new areas that haven't yet been regulated doesn't mean that the existing areas agent heavily regulated and audited.

If you give me $5, and then I pass it on to Bob for you, how many licenses and how much paper work do you think I should need to do that if I did that as a business? If you give me some money and I am a business, how much paperwork should that incur?

replies(2): >>45955849 #>>45957347 #
207. fragmede ◴[17 Nov 25 17:01 UTC] No.45955504{3}[source]
because it's guessable. If I sign up with Coinbase@example.com, real Coinbase will send me legitimate emails to that address, as well as scammers, so I have to dig into the headers to make sure the email is or isn't forged.
replies(1): >>45959351 #
208. fwip ◴[17 Nov 25 17:09 UTC] No.45955586{7}[source]
Sure, there's no guy with a gun forcing you to read it.

But we're on a site about sharing content for intellectual discussion, right? So when people keep posting the same garbage without labeling it, and you figure it halfway though the article, it's frustrating to find out you wasted your time.

To use your soup analogy: imagine this was a website to share restaurants. You see a cool new Korean place upvoted, so you stop by there for lunch sometime. You sit down, you order, and then ten minutes later, Al comes out with his trademark thin, watery soup again.

In that scenario, it's entirely reasonable to leave a comment, "Ugh, don't bother with this place, it's just Al and his shitty soup again."

replies(1): >>45957685 #
209. chaps ◴[17 Nov 25 17:34 UTC] No.45955849{8}[source]
The big problem is that the exchanges are largely self-regulated. Or at least when I was in the field. A company I worked at sued a counterparty to our trade because we had proof of market manipulation. I won't say any of the details of who, etc, but the trades of the counterparty were so... plainly obvious of market manipulation in violation of the exchange's rules. At one point in that lawsuit the exchange's lawyers accidentally CC'd my bosses, showing that the exchange was colluding with the counterparty.

From what I was told, the issue for the exchange was that if they were found out to not enforce their self regulation then it'd be the precipitous event to the hammer coming down on them from regulatory bodies.

So yeah. Regulation's kinda shite here.

210. dang ◴[17 Nov 25 18:03 UTC] No.45956142{6}[source]
Fixed now!
replies(1): >>45956237 #
211. nightpool ◴[17 Nov 25 18:13 UTC] No.45956237{7}[source]
Thank you dang!
212. SpicyLemonZest ◴[17 Nov 25 18:18 UTC] No.45956278{6}[source]
What you can do, and what has been done in the past, is get a critical mass of large cryptocurrency actors to agree that a protocol change should be applied and that the results of that protocol change are called "Bitcoin". As the Bitcoin Cash folks quickly realized, it's not tenable to try and maintain a disagreement with Coinbase and large miners about about what the Bitcoin protocol is; if you don't want to accept the upgrade, your only practical option is to make a fork and call it something else.
213. bdangubic ◴[17 Nov 25 19:40 UTC] No.45957347{8}[source]
give me some examples of this “regulation” actually doing serious “regulating”? on paper, there may be 1,000’s of statutes and whatnots doing all sorts of regulations - in practice though… not to mention this industry is probably the most “self-regulated” when you actually dig in than most others…
replies(1): >>45977773 #
214. xboxnolifes ◴[17 Nov 25 20:01 UTC] No.45957591[source]
I don't know if ive gotten calls (I frequently dont answer if I dont have the contact saved), but ive gotten coinbase phasing emails for years. Its certainly not a new thing. The attacker might just be tracking the transactions on chain.
215. anonym29 ◴[17 Nov 25 20:09 UTC] No.45957685{8}[source]
Unlike the Korean place, this soup kitchen isn't charging you.

You're whining about someone else performing an act of charity. If you want better soup, go to a restaurant, not a soup kitchen. The soup kitchen doesn't care about your complaints. The target audience obviously isn't food critics, it's people who meaningfully benefit from free soup.

For a food critic to walk into the soup kitchen and complain is an egocentric act by the food critic that mistakenly assumes the whole world revolves around them. The complaint itself is bizarrely egotistical, entitled, and offputting.

replies(1): >>45971627 #
216. andirk ◴[17 Nov 25 21:02 UTC] No.45958256{8}[source]
And anyone can become a miner. It's not reasonable on small rigs because there are so many miners now, but if most of them leave, then the common man can get back in to mining.
replies(1): >>45961211 #
217. immibis ◴[17 Nov 25 22:53 UTC] No.45959351{4}[source]
Once the Coinbase database is leaked, that's going to be the case no matter what your address was.
replies(1): >>45977786 #
218. immibis ◴[17 Nov 25 22:54 UTC] No.45959358{8}[source]
Yes, actually, and the bigger the company is, the bigger the government it is. Apple is more powerful than many small- to medium-size countries.
219. protocolture ◴[18 Nov 25 01:08 UTC] No.45960279{9}[source]
We have 2 near identical supermarket chains in aus.

I use the one with the better self service checkout, that doesnt reliably make me wait for the schlub.

220. Hobadee ◴[18 Nov 25 02:27 UTC] No.45960730{5}[source]
Why go through the time and effort of hacking them when you can apparently just slip them some money and get what you want?
221. wat10000 ◴[18 Nov 25 03:55 UTC] No.45961211{9}[source]
There is an interesting failure mode, though. Bitcoin is supposed to adjust mining difficult every two weeks to maintain the pace of roughly one block every 10 minutes. But that interval is based on block count, not time. Adjustment happens every 2016 blocks.

If miners suddenly fled en masse, it’s possible for the chain to be left stranded where the small number of miners remaining couldn’t realistically get to the next 2016-block interval to adjust the difficulty down to match the drastically decreased mining capacity. If mining capacity dropped by a factor of 1000 and it happened right after an adjustment, then bitcoin would be producing about one block every week, and it would take about 40 years (if mining capacity stayed constant) to reach the next adjustment.

replies(1): >>45961348 #
222. adastra22 ◴[18 Nov 25 04:20 UTC] No.45961348{10}[source]
This is well known and studied. I’ve produced and field tested an alternative, close to optimal adjustment algorithm and the code for a soft-fork transition. This could enable a set of miners to get “pre-agreement” on transaction ordering in an out of band forward block chain while they work to fight down the difficulty of the old chain.

https://freico.in/forward-blocks-scalingbitcoin-paper.pdf

223. pests ◴[18 Nov 25 05:50 UTC] No.45961797{8}[source]
That's odd
224. lynndotpy ◴[18 Nov 25 15:55 UTC] No.45967928{6}[source]
The content ChatGPT returns is non-deterministic (you will get different responses on the same day for the same email), and these models change over time. Even if you're an expert in your field and you can assess that the chatbot returned correct information for one entry, that's not guaranteed to be repeated.

You're staking personal reputation in the output of something you can expect to be wrong. When someone gets a suspicious email, they follow your advice, and ChatGPT incorrectly assures them that it's fine, then the scammed person would be correct in thinking you're a person with bad advice.

And if you don't believe my arguments, maybe just ask ChatGPT to generate a persuasive argument against using ChatGPT to identify scam emails.

replies(1): >>46015662 #
225. eckesicle ◴[18 Nov 25 18:52 UTC] No.45970370[source]
I very much doubt the veracity of this claim. I worked at Coinbase for many years and this runs completely afoul of the culture there.

Even leaving your laptop unlocked for seconds in the office would have someone /pwn it in slack and get flagged by security.

If there’s one thing they took extremely seriously it was data security.

replies(1): >>45993691 #
226. fwip ◴[18 Nov 25 20:31 UTC] No.45971627{9}[source]
Okay, you clearly don't comprehend your own analogy and have resorted to having an LLM argue for you.
227. ◴[18 Nov 25 22:56 UTC] No.45973410{6}[source]
228. fragmede ◴[19 Nov 25 10:03 UTC] No.45977773{9}[source]
Here's the DEA with a specific money laundering case: https://www.dea.gov/press-releases/2025/05/29/two-money-cour... but there are many more of your search for money laundering.
229. fragmede ◴[19 Nov 25 10:06 UTC] No.45977786{5}[source]
yes but I can be sure that coinbase_xyz@ is from evil while coinbase_abc@ (the new address that I changed it to, post-leak) is probably not from the hackers unless there was a second breach.
230. chaps ◴[20 Nov 25 15:34 UTC] No.45993691{3}[source]
You're misreading my post with Coinbase-tinted glasses. My post is about the building that Coinbase operated out of. Not Coinbase itself.
231. jclarkcom ◴[22 Nov 25 15:56 UTC] No.46015662{7}[source]
It's a good point and I should make a distinction on what models are appropriate. I think of chatGPT 4 like a college student and chatGPT 5.1 5 Pro (deep thinking model) more like a seasoned professional. I wouldn't trust non-frontier, non-thinking models with a result for this kind of question. But the determinism of the result does not scare me, the out output may vary but not directionally. The same thing would happen if you asked the foremost security expert in the world, you'd get slightly different answers on different days. One time as a I test I ran a very complex legal analysis through chat GPT pro 10 times to see how the results would vary and it was pretty consistent with ~10% variation in numbers it suggested.