My Authors
Read all threads
1/n THREAD👇👇👇

Ok, it's time for a long (& quite educational) tweetstorm about my experience with the #LNTrustChain2 (y'all know what that is: the 2nd edition of the very cool Lightning Network experiment launched some time ago by @hodlonaut). This is what happened to me.

...
2/n

I lost all the #sat I got. My judgment got clouded somehow and my payee is no longer active. So now not only are my sat intrinsically worthless; they have no market value either. I knew passing the torch was a bad idea, I just never realized it was this bad!😔

THE END (n=2)
3/n

Ok, ok, just kidding. Just having a good laugh at the expenses of our favorite "nocoiner", @PeterSchiff, who pulled some IRS-proof plausible-deniability move, pretending to lose everything to some shitty wallet installed by some #Segwit2X guy.😜


...
4/n

So, yesterday I was quickly checking Twitter behind the wheel, while waiting in line at the border between Switzerland and Italy (I was driving to the monthly Milan @SatoshiSpritz). I exchanged some jokes via PM with @MuunWallet, who had the torch in that very moment.

...
5/n

I jokingly mocked @MuunWallet about the road map, offering to use a "competitor" (the very UX-friendly @PhoenixWallet by @acinq_co) to receive the torch, since Muun, while a wallet I really use&like a lot, can't receive LN txs yet (it will be able soonish...2 weeks😉).

...
6/n

Since the first "applications" to receive the torch were not from the countries @MuunWallet was requesting (a very cool aspect of the torch experiment is the geographical path it takes), he resolved to send it to me for real. I gladly accepted.


...
7/n

When I pulled over the car, just across the border, in order to generate the invoice, I realized this torch was pretty huge already: 1.220.000 sats!!! The only way I could get that kind of money over LN was by using a private channel w/ Eclair wallet (still by @acinq).

...
8/n

The thing w/ private (not announced) channels&nodes is that your invoice must explicitly contain the final part of the path, thus getting quite long, much longer than the typical 230-ish torch-request (not sure if there's any quick way around this, not that I know of)!

...
9/n

I decided to give @MuunWallet a hard time by copy-pasting the invoice across 3 different comments😈. It worked as a charm, 1st attempt: over 100 bucks (sorry: still using USD shitcoin as UoA) from Argentina to the Swiss-Italian border, instantly.


...
10/n

In that very moment I committed my 1st sin! Toximalists always preach the Bitcoin-virtue of *low time preference*. Instead, I was in a rush: already late for the @SatoshiSpritz, eager to get back driving, w/ my smartphone battery almost out of juice. I got impatient.🤡

...
11/n

I resolved to quickly pass the torch to the very 1st fellow bitcoiner who would have presented an invoice (thus also avoiding dilemmas like: should I send it back to South America, bring it to @SatoshiSpritz, give it to @mir_btc, or tag @elonmusk?) & get back driving.

...
12/n

When the first request arrived, I committed my 2nd sin. Toximalists always preach the Bitcoin-virtue of *adversarial thinking*. Instead, I just gave a very quick look at the profile of the 1st guy applying for the torch, trusting my good old friend: confirmation bias.

...
13/n

The guy, @wizard_btc, was following me (already a sign of very good taste!), using the Magic Internet Money Wizard as avatar (sweet choice!), had a good Twitter seniority (2014: early adopter!) & some recent comments about Bitcoin stuff (all liked by @TheVladCostea!!).

...
14/n

Well..sure...he had very, very, very few followers...but he was trying to get the torch since days, continuously. He also ironically commented about the previous torch-thief. A guy like that must be legit, right? Moreover: he had "don't trust verify" in the bio! C'mon!

...
15/n

So I sent it! Then I published my satisfied tweet, I started the engine & got back on my way to Milan. Proud torch-holder for the 2nd time: such a honor. Also, much efficiency, very speed, such convenience, so easy! Wow! So much for "vaporware"!


...
16/n

As soon as I stopped at the 1st traffic-light in Milan, I checked my notifications. The simple tweet above was enough to shake me. The color of traffic light was the same of the pill I was being served: red. I quickly reevaluated the situation.

...
17/n

After the red-pill, I had the same information than before (well, except a few bits more: the other recrnt "torch-thief" seemed connected w/ @wizard_btc, & if I had reviewed tweets, instead of comments, I would have found very few of them, w/ a huge hiatus in between).

...
18/n

But now taking my time to think & considering the quite obvious attack scenario, the conclusion was unmistakable: I had been an idiot. Pretty soon Twitter-humor ensued. Well deserved I must add. It also compromised ZUX exchange-rate worldwide!!!


...
19/n

Both in meatspace (quite some laughs at @SatoshiSpritz) & online, people started to consider an interesting theory: what if @wizard_btc was my own sockpuppet (which in turn, by transitive relation, would make it a gmax's sockpuppet in the end)?


...
20/n

Some humor was involuntary: my friends managing the @unconfiscatable account decided to use those very moments to promote my incoming workshop! Peak iromy: "Come learning Bitcoin security best practices from the idiot who just lost the torch!"😂


...
21/n

Speaking of education: what other lessons can we learn from this fuckup (except those about the aforementioned Bitcoin-virtues, low time preference & adversarial thinking)? Well, a few. But you'll have to wait, since my flight for Madrid is taking off!

...(~3h of suspense)
(This is not an exit scam, I'll send the torch again from Madrid, after I finish the storm. I repeat: this is not an exit scam! Spain has pretty strict extradition laws anyway! See you in a while.)
22/n

Ok, ok, I'm back. Landed in Madrid! See? I told you it wasn't an exit scam! FFS, guys: you should trust people more!

Ok, back to lessons learned. The 1st takeaway is that, as somebody noticed, this kind of specialization among thieves is actually a quite bullish sign!

...
23/n

The guy had to acquire a relatively old handle, use it for the (trivial but effective, at least for morons like me) social engineering, then set a LN node w/ huge incoming capacity, finally make sure to be the 1st to ask for the torch. Not bad!


...
24/n

On another note, somebody criticized the torch experiment itself, like @peterktodd here. I don't find it very fair: as I answered him, LN is a way to pay someone w/o trusted intermediaries, but the payee itself is ~always trusted, torch or not.


...
25/n

Peter's criticism actually spawned a deeper point about the intrinsic need for trust in the payer side (except for some niche cases like atomic swaps, or payments occurring after the delivery, quite common in face2face but not really online).


...
26/n

I actually think that a fairer criticism would actually be another 1: the fact that it incentives public invoice-sharing! In typical LN payments, invoices are just shared w/ the payer, not published on Twitter! The latter can actually represent quite a privacy problem!

...
27/n

Privacy issues in Bitcoin aren't the same at all across different layers! Within L1, the main issue is chain analysis (ie: I could start monitoring the address of the torch-thief, albeit that would probably fail, since tracking heuristics are not as sound as they say).

...
28/n

Within L2, on-chain footprint is about 0: there isn't that much to monitor! But unlike L1 (where tx broadcasting triangulation isn't very reliable), L2 is actually all about network analysis! The published invoice, indeed, includes network information of the receiver!

...
29/n

That information is present in the invoice @wizard_btc sent me. That he deletes the tweet or not, doesn't make much difference at this point: many people took screenshots & videos of it already. It may not be a "blockchain", but Twitter publication is quite effective!

...
30/n

But wait, there's more! We also have all the other invoices that he published before, in his quest for a torch-holder as silly as yours truly. Furthermore, we have the invoices from the previous "torch-thief", which already looks like somehow Twitter-connected w/ him.

...
31/n

So, what information could we get from:
lnbc12300u1p0zncrqpp52lwpw5h72eh75wh2f7rvhm3sypwjceexq460fg93fmwl5u7mnvzsdqu2askcmr9wssx7e3q2dshgmmndp5scqzpgxqrrssp69ptf589juw6xd0u83tnw9zfhgq3hn4gvmp6wdd95xysvx0m8r4ccx350kjemhftnyvanw9sfrx436zex63t97kwpapgzqcfncx6pspj5e8lc

?

...
32/n

Other than maintaining some good inbound liquidity & being fast & good at social engineering (well, relatively to my admittedly very low standards, that is), did the guy (or guys?) always use TOR? It not, can we really gather IP information? If yes, was it the same IP?

...
33/n

Now for the ugly disappoinment after the nice cliffhanger: I don't really know yet😂. SCAM!!! I didn't really check. Mostly because I'm lazy & I know somebody will do it before I'm at a PC😂! But also because I'm traveling ✈️! But no, yeah: mostly because I am lazy🤡!

...
36/n

I'll "heroically" absorb the loss myself (well...duh!). It could actually turn out as an even better plausible deniability strategy than good old "boating accident" anyway, @PeterSchiff-style! Take this, tax authority! Ha! I'm sending the torch to @ElkimXOC, right now!

...
37/n

Many nice people asked! Why him? Because he was the 2nd sending an invoice. Because he's ACTUALLY legit. Because he has "LNP/BP" in the usrname (only very cool people do that). Because I hate decisions (famous vs underdog, local vs abroad, etc).


...
38/n

So, I'll guess I'll just learn by suffering. That is: unless someone want prevents me from learning😂! A few sweet bitcoiners on telegram offered to bail me out (partially), thus increasing my moral hazard forever😍! Which bring us to another educational question: how?

...
39/n

What should you do, if you really wanted to play Jerome Powell & bail this idiot out via LN? This is a nice question about current LN UX & tools! I know there are some nice FLOSS self-hosted solutions out there. Possibly an overkill for such an extemporaneous use case?

...
40/n

Sure, you could just send some sat to my tippin.me link (bio). But it's a centralized & custodian service, which means it could just have to close down soon just as @bottlepay
did, in order to avoid some criminal, violent retribution from the EU mafia! :(

...
41/n

I'm not sure I have a good answer as of now! But I've heard/read some devs discussing about "invoiceless payments" (I think some stuff is already out now, but I never tried it yet; some other stuff will come later, along w/ future evolution of the LNP & of it's tools).

...
42/n

It would be quite ironic if people did bail me out & I turned out to be the exit-scammer behind @wizard_btc (& gmax would be behind me, of course)😂! So, maybe just don't! Which I guess is the ultimate lesson here. Don't trust, verify. Just as this guy said!

The End (n=42)
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Giacomo Zucco [I identify as a torch-reanimator]

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!