• g2devi@feddit.nl
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    1 year ago

    Something is seriously wrong. There’s a reason decentralisation is important. Anonymity or not, you never put all your eggs (digital or physical) in one basket for precisely this sort of reason. Once the wallet size reached a certain threshold (say 100 or 500 XMR), a new wallet should have been created for subsequent funds and the previous wallet should be in a hardware or paper wallet with a different trusted person ideally multisig. If funds were stolen via hack or the police forces the wallet holder to give up the keys, only a fifth (for a 500 XMR wallet) or a twenty fifth (for a 100 XMR wallet) of the amount would have been lost. If multisig is buggy, it need be ready for Seraphis. If it’s just a matter of UI, then it needs to made usable and widely adopted. Remember, one of the key advantages of Monero is that it make privacy easier. You can try use Bitcoin and go through a lot of hoops to get privacy and forever stay vigilant, or just use Monero. Multisig and managing multiple accounts should be at most as difficult as Bitcoin.

  • Saki@monero.town
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Is multisig such far from being practical yet? Does that also mean Bisq-like platform (Haveno) is still far from being practical?

    A Monero user tends to proudly think that Monero is good, rather philosophical, being actually used for good reasons, and community-based… but it’s been hacked… I guess people will laugh now. Everyone can draw a lesson from this, though…

    @UncleIroh@merovingian.club While “Windows 10” is obviously alarming, this doesn’t seem as simple like that, like pointed out in the linked thread. Maybe password-based (not key file) SSH was the problem? Btw that “someone” is hinto-janai, the person providing gupax among other things!

      • Saki@monero.town
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Thank you very much. You pointed out there: “Nobody really used it, so it ended up being unstable and full of problems” and there was a reply, saying you “can’t really force anybody to use something”.

        I’d like to add another point of view. With reliably working multisig, we can have our own Bisq-esque DEX (at least in principle), and many people would love to use it, once it’s really available, right? For example, one might be able to sell and buy XMR in a safe and reliable way. Or eventually, though this might sound like a pipe dream but at least in theory, we might have a P2P proxy-store, where basically anyone can offer doing any shopping they can do for you. Just like on Bisq, both send securities first to discourage any cheats. When the seller ships whatever you’re buying, they “confirm” (or sign). When you receives it and everything is fine, you confirm too. Then, and only then, your security will be back and the seller will receive the locked xmr you initially deposit, and everyone will be happy. Multisig seems necessary (if not sufficient) for this to work.

        we had become complacent because everything had “worked just fine” for so long.

        This comment of fluffyponyza is also understandable. Generally, a programmer doesn’t want to change things when it’s working fine. “If it ain’t broke, don’t fix it.” In this case, something was (easy to) broken, though. Hindsight is 20/20.

        Given that multisig is already available (just not yet well-tested), let’s stop joking like “We should keep our Monero in some other coin,” and try to think a bit more positively. At the very least it has been clearly demonstrated that Monero is so private that even core developers can’t trace it…

        Troddit version links (a Tor-friendly instance) https://troddit.esmailelbob.xyz/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/k7mj2he - Onion -> http://troddit.esmail5pdn24shtvieloeedh7ehz3nrwcdivnfhfcedl7gf4kwddhkqd.onion/r/Monero/comments/17m6w9e/psa_ccs_wallet_incident/k7mj2he

  • ride@monero.town
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    A hard blow.

    I’m thinking of Pegasus-like outliers that are out-of-scope or potentially rather governments.

    Air gap may not be sufficiently safe in extreme cases.

  • tusker@monero.town
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    It may make sense to store CSS funds in another coin that is more multisig/offline singing friendly until we have an easy to use mutisig in monero. Then convert to XMR for payouts.

    If crypto experts cannot keep funds safe then the average user has no hope.

    • admin@monero.townM
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      DAI multisig on Ethereum, would also solve the volatility problem. Additionally it would show just how much we believe in our own coin ._.

      • tusker@monero.town
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Well, they were not using multisig on a team controlled wallet with 2.6k XMR, that tells you all you need to know about the multisig implementation.