Ok, it's time for a long (& quite educational) tweetstorm about my experience with the #LNTrustChain2 (y'all know what that is: the 2nd edition of the very cool Lightning Network experiment launched some time ago by @hodlonaut). This is what happened to me.
...
I lost all the #sat I got. My judgment got clouded somehow and my payee is no longer active. So now not only are my sat intrinsically worthless; they have no market value either. I knew passing the torch was a bad idea, I just never realized it was this bad!😔
THE END (n=2)
Ok, ok, just kidding. Just having a good laugh at the expenses of our favorite "nocoiner", @PeterSchiff, who pulled some IRS-proof plausible-deniability move, pretending to lose everything to some shitty wallet installed by some #Segwit2X guy.😜
...
So, yesterday I was quickly checking Twitter behind the wheel, while waiting in line at the border between Switzerland and Italy (I was driving to the monthly Milan @SatoshiSpritz). I exchanged some jokes via PM with @MuunWallet, who had the torch in that very moment.
...
I jokingly mocked @MuunWallet about the road map, offering to use a "competitor" (the very UX-friendly @PhoenixWallet by @acinq_co) to receive the torch, since Muun, while a wallet I really use&like a lot, can't receive LN txs yet (it will be able soonish...2 weeks😉).
...
Since the first "applications" to receive the torch were not from the countries @MuunWallet was requesting (a very cool aspect of the torch experiment is the geographical path it takes), he resolved to send it to me for real. I gladly accepted.
...
When I pulled over the car, just across the border, in order to generate the invoice, I realized this torch was pretty huge already: 1.220.000 sats!!! The only way I could get that kind of money over LN was by using a private channel w/ Eclair wallet (still by @acinq).
...
The thing w/ private (not announced) channels&nodes is that your invoice must explicitly contain the final part of the path, thus getting quite long, much longer than the typical 230-ish torch-request (not sure if there's any quick way around this, not that I know of)!
...
I decided to give @MuunWallet a hard time by copy-pasting the invoice across 3 different comments😈. It worked as a charm, 1st attempt: over 100 bucks (sorry: still using USD shitcoin as UoA) from Argentina to the Swiss-Italian border, instantly.
...
In that very moment I committed my 1st sin! Toximalists always preach the Bitcoin-virtue of *low time preference*. Instead, I was in a rush: already late for the @SatoshiSpritz, eager to get back driving, w/ my smartphone battery almost out of juice. I got impatient.🤡
...
I resolved to quickly pass the torch to the very 1st fellow bitcoiner who would have presented an invoice (thus also avoiding dilemmas like: should I send it back to South America, bring it to @SatoshiSpritz, give it to @mir_btc, or tag @elonmusk?) & get back driving.
...
When the first request arrived, I committed my 2nd sin. Toximalists always preach the Bitcoin-virtue of *adversarial thinking*. Instead, I just gave a very quick look at the profile of the 1st guy applying for the torch, trusting my good old friend: confirmation bias.
...
The guy, @wizard_btc, was following me (already a sign of very good taste!), using the Magic Internet Money Wizard as avatar (sweet choice!), had a good Twitter seniority (2014: early adopter!) & some recent comments about Bitcoin stuff (all liked by @TheVladCostea!!).
...
So I sent it! Then I published my satisfied tweet, I started the engine & got back on my way to Milan. Proud torch-holder for the 2nd time: such a honor. Also, much efficiency, very speed, such convenience, so easy! Wow! So much for "vaporware"!
...
As soon as I stopped at the 1st traffic-light in Milan, I checked my notifications. The simple tweet above was enough to shake me. The color of traffic light was the same of the pill I was being served: red. I quickly reevaluated the situation.
...
After the red-pill, I had the same information than before (well, except a few bits more: the other recrnt "torch-thief" seemed connected w/ @wizard_btc, & if I had reviewed tweets, instead of comments, I would have found very few of them, w/ a huge hiatus in between).
...
But now taking my time to think & considering the quite obvious attack scenario, the conclusion was unmistakable: I had been an idiot. Pretty soon Twitter-humor ensued. Well deserved I must add. It also compromised ZUX exchange-rate worldwide!!!
...
Both in meatspace (quite some laughs at @SatoshiSpritz) & online, people started to consider an interesting theory: what if @wizard_btc was my own sockpuppet (which in turn, by transitive relation, would make it a gmax's sockpuppet in the end)?
...
Some humor was involuntary: my friends managing the @unconfiscatable account decided to use those very moments to promote my incoming workshop! Peak iromy: "Come learning Bitcoin security best practices from the idiot who just lost the torch!"😂
...
The guy had to acquire a relatively old handle, use it for the (trivial but effective, at least for morons like me) social engineering, then set a LN node w/ huge incoming capacity, finally make sure to be the 1st to ask for the torch. Not bad!
...
On another note, somebody criticized the torch experiment itself, like @peterktodd here. I don't find it very fair: as I answered him, LN is a way to pay someone w/o trusted intermediaries, but the payee itself is ~always trusted, torch or not.
...
Peter's criticism actually spawned a deeper point about the intrinsic need for trust in the payer side (except for some niche cases like atomic swaps, or payments occurring after the delivery, quite common in face2face but not really online).
...
I actually think that a fairer criticism would actually be another 1: the fact that it incentives public invoice-sharing! In typical LN payments, invoices are just shared w/ the payer, not published on Twitter! The latter can actually represent quite a privacy problem!
...
Privacy issues in Bitcoin aren't the same at all across different layers! Within L1, the main issue is chain analysis (ie: I could start monitoring the address of the torch-thief, albeit that would probably fail, since tracking heuristics are not as sound as they say).
...
Within L2, on-chain footprint is about 0: there isn't that much to monitor! But unlike L1 (where tx broadcasting triangulation isn't very reliable), L2 is actually all about network analysis! The published invoice, indeed, includes network information of the receiver!
...
That information is present in the invoice @wizard_btc sent me. That he deletes the tweet or not, doesn't make much difference at this point: many people took screenshots & videos of it already. It may not be a "blockchain", but Twitter publication is quite effective!
...
But wait, there's more! We also have all the other invoices that he published before, in his quest for a torch-holder as silly as yours truly. Furthermore, we have the invoices from the previous "torch-thief", which already looks like somehow Twitter-connected w/ him.
...
So, what information could we get from:
lnbc12300u1p0zncrqpp52lwpw5h72eh75wh2f7rvhm3sypwjceexq460fg93fmwl5u7mnvzsdqu2askcmr9wssx7e3q2dshgmmndp5scqzpgxqrrssp69ptf589juw6xd0u83tnw9zfhgq3hn4gvmp6wdd95xysvx0m8r4ccx350kjemhftnyvanw9sfrx436zex63t97kwpapgzqcfncx6pspj5e8lc
?
...
Other than maintaining some good inbound liquidity & being fast & good at social engineering (well, relatively to my admittedly very low standards, that is), did the guy (or guys?) always use TOR? It not, can we really gather IP information? If yes, was it the same IP?
...
Now for the ugly disappoinment after the nice cliffhanger: I don't really know yet😂. SCAM!!! I didn't really check. Mostly because I'm lazy & I know somebody will do it before I'm at a PC😂! But also because I'm traveling ✈️! But no, yeah: mostly because I am lazy🤡!
...
Here are all the original tweets w/ the other invoices (I copied them, in case he/they deleted the tweets).
...(list continuing)
Anyway, after almost 24 hours (just in case the PM I sent @wizard_btc moved him enough), it's time for the torch to get back burning high & strong!🧨
...
I'll "heroically" absorb the loss myself (well...duh!). It could actually turn out as an even better plausible deniability strategy than good old "boating accident" anyway, @PeterSchiff-style! Take this, tax authority! Ha! I'm sending the torch to @ElkimXOC, right now!
...
Many nice people asked! Why him? Because he was the 2nd sending an invoice. Because he's ACTUALLY legit. Because he has "LNP/BP" in the usrname (only very cool people do that). Because I hate decisions (famous vs underdog, local vs abroad, etc).
...
What should you do, if you really wanted to play Jerome Powell & bail this idiot out via LN? This is a nice question about current LN UX & tools! I know there are some nice FLOSS self-hosted solutions out there. Possibly an overkill for such an extemporaneous use case?
...
Sure, you could just send some sat to my tippin.me link (bio). But it's a centralized & custodian service, which means it could just have to close down soon just as @bottlepay
did, in order to avoid some criminal, violent retribution from the EU mafia! :(
...
I'm not sure I have a good answer as of now! But I've heard/read some devs discussing about "invoiceless payments" (I think some stuff is already out now, but I never tried it yet; some other stuff will come later, along w/ future evolution of the LNP & of it's tools).
...
It would be quite ironic if people did bail me out & I turned out to be the exit-scammer behind @wizard_btc (& gmax would be behind me, of course)😂! So, maybe just don't! Which I guess is the ultimate lesson here. Don't trust, verify. Just as this guy said!
The End (n=42)